CADLAB 舊電腦的處理

2016 年暑假從 CADLAB 汰換下來的舊電腦, CPU 型號為 Intel E5200, 因為並不支援 Intel 虛擬化技術, 因此建議直接安裝 Ubuntu 16.04.1 + ubuntu-desktop, 當作實體的 Server 使用.

安裝 LTS Server 與 ubuntu-desktop

處理的步驟為:

  1. 移除 PCI 插槽上的還原卡與主機版上的電池, 以便清除 BIOS 上原有的保護設定.
  2. 裝回電池後, 將記憶體從原先的 4GB 增為 8GB, 硬碟從原先 500 GB, 加掛至兩個 500 GB (RAM 與硬碟可以從其他舊電腦取用, 每兩台舊電腦拼成一台伺服器使用).
  3. 啟動時按下 del 鍵, 進入 BIOS 設定, 移除機殼開啟警示設定, 並確定斷電回復後電腦會主動開機.
  4. 利用其他電腦下載 Ubuntu 16.04.1 Server 程式, 燒錄成啟動光碟.
  5. 安裝過程無需上網, 安裝完成後依照參考說明IPV6 網址分配網路導引設定 IPv6 網路, 並且安裝 ubuntu-desktop 套件.

/etc/network/interfaces 參考設定:

1
2
3
4
5
6
7
8
9
10
auto lo
iface lo inet loopback
 
auto eth0
 
iface eth0 inet6 static
address 2001:288:6004:17::XX
netmask 64
gateway 2001:288:6004:17::254
dns-nameservers 2001:288:6004:1::2 2001:b000:168::1

安裝 squid 代理主機伺服程式

查驗電腦的記憶體, 確定至少有 8GB.

grep MemTotal /proc/meminfo to check Ram size

接著安裝設定 squid:

sudo apt install squid

sudo gedit /etc/squid/squid.conf

sudo service squid restart

squid.conf 參考設定:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
acl cad_lab src 140.130.17.0/24
acl cad_lab src 2001:288:6004:17::/64
 
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 88
 
#acl Safe_ports port 21 # ftp
acl SSL_ports port 8443
acl Safe_ports port 8443
 
acl SSL_ports port 9443
acl Safe_ports port 9443
 
acl SSL_ports port 22
acl Safe_ports port 22
 
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
 
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
 
http_access allow cad_lab
http_access deny all
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
 
#http_access allow localnet
http_access allow localhost
 
# And finally deny all other access to this proxy
http_access deny all
 
# Squid normally listens to port 3128
http_port 3128
 
#cache_dir ufs /var/spool/squid 100 16 256
icp_port 3130
icp_access allow all
 
cache_dir ufs /var/spool/squid 2000 16 256
cache_peer 140.130.17.2 sibling 3128 3130
 
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320

配置 nginx 與 uwsgi 伺服環境

接下來就可以安裝並配置 Python3 的網際程式伺服環境.

sudo apt install python3-pip

sudo pip3 install Flask

sudo apt install build-essential python3-dev

sudo pip3 install uwsgi

sudo apt install nginx uwsgi-plugin-python3

/etc/nginx/sites-availables/default 設定檔:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
server {
    listen 80 default_server;
    #listen [::]:80 default_server ipv6only=on;
 
    listen 443 ssl;
    #listen [::]:443 ssl ipv6only=on;
 
    location /static {
        alias /home/cadlab/cmsimfly/static/;
    }
 
    location / {
        include uwsgi_params;
        uwsgi_pass  127.0.0.1:8080;
    }
 
    server_name localhost;
    #ssl on;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
    try_files $uri $uri/ =404;
}
 
server {
    listen 88 default_server;
    #listen [::]:88 default_server ipv6only=on;
 
    listen 8443 ssl;
    #listen [::]:8443 ssl ipv6only=on;
 
    location /static {
        alias /home/cadlab/cmsimfly2/static/;
    }
 
    location / {
        include uwsgi_params;
        uwsgi_pass  127.0.0.1:8081;
    }
 
    server_name localhost;
    #ssl on;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
    try_files $uri $uri/ =404;
}

利用 /etc/rc.local 開機時啟動所有 uwsgi 程式:

exec uwsgi_python35 --uid cadlab --gid cadlab --emperor /home/cadlab/uwsgi_ini

/home/cadlab/uwsgi_ini/uwsgi.ini 設定檔案內容:

1
2
3
4
5
6
7
8
[uwsgi]
socket = 127.0.0.1:8080
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
processes = 4
threads = 2
chdir = /home/cadlab/cmsimfly
wsgi-file = /home/cadlab/cmsimfly/wsgi.py

/home/cadlab/uwsgi_ini/uwsgi2.ini 設定檔案內容:

1
2
3
4
5
6
7
8
[uwsgi]
socket = 127.0.0.1:8081
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
processes = 4
threads = 2
chdir = /home/cadlab/cmsimfly2
wsgi-file = /home/cadlab/cmsimfly2/wsgi.py

Comments