Update

Author: bianjp

base/centos.md

@@ -86,18 +86,18 @@ firewall-cmd --get-active-zones
 firewall-cmd --set-default-zone=dmz
 
 # 允许对外开放的服务。执行 ls /usr/lib/firewalld/services/ 以查看支持的服务列表
-firewall-cmd --permanent --zone=dmz --add-service=http
-firewall-cmd --permanent --zone=dmz --add-service=https
-firewall-cmd --permanent --zone=dmz --add-service=ssh
+firewall-cmd --permanent --add-service=http
+firewall-cmd --permanent --add-service=https
+firewall-cmd --permanent --add-service=ssh
 
 # 允许对外开放的端口
-# firewall-cmd --permanent --zone=dmz --add-port=3306/tcp
+# firewall-cmd --permanent --add-port=3306/tcp
 
 # 重载配置以生效
 firewall-cmd --reload
 
 # 查看配置
-firewall-cmd --zone=dmz --list-all
+firewall-cmd --list-all
 ```
 
 __注意：__
@@ -202,7 +202,7 @@ swapon -s
 free -m
 
 # 创建交换空间文件
-dd if=/dev/zero of=/swapfile bs=1M count=2048
+dd if=/dev/zero of=/swapfile bs=1M count=2048 status=progress
 chmod 600 /swapfile
 mkswap /swapfile
 

base/nginx.md

@@ -18,7 +18,7 @@ enabled=1
 EOF
 
 sudo yum makecache
-sudo yum install nginx
+sudo yum install -y nginx
 
 sudo systemctl enable nginx
 sudo systemctl start nginx
@@ -108,13 +108,11 @@ minsize 300M
 ```
 # 默认是 1024 位，不够安全
 sudo openssl dhparam -out /etc/ssl/dhparam.pem 2048
-```
-
-添加以下配置文件
 
-`/etc/nginx/includes/https.conf`:
+sudo mkdir -p /etc/nginx/includes
 
-```
+# 添加配置文件
+sudo tee /etc/nginx/includes/https.conf <<-'EOF'
 # certs
 #ssl_certificate /path/to/fullchain.pem;
 #ssl_certificate_key /path/to/private_key;
@@ -127,9 +125,9 @@ ssl_session_tickets off;
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
 ssl_dhparam /etc/ssl/dhparam.pem;
 
-# intermediate configuration. tweak to your needs.
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+# modern configuration. tweak to your needs.
+ssl_protocols TLSv1.2;
+ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 ssl_prefer_server_ciphers on;
 
 # OCSP Stapling ---
@@ -141,19 +139,18 @@ ssl_stapling_verify on;
 # 国内使用 DNSPod Public DNS, 阿里 DNS
 resolver 119.29.29.29 182.254.116.116 223.5.5.5 223.6.6.6;
 # resolver 8.8.8.8 8.8.4.4;
-```
-
-`/etc/nginx/includes/https-hsts.conf`:
+EOF
 
-```
+sudo tee /etc/nginx/includes/https-hsts.conf <<-'EOF'
 include /etc/nginx/includes/https.conf;
 
 # HSTS
 # 15768000 seconds = 6 months
 add_header Strict-Transport-Security max-age=15768000;
+EOF
 ```
 
-网站配置：
+网站配置示例：
 
 ```
 server {
@@ -185,5 +182,5 @@ server {
 
 ## 参考资料
 
-* http://nginx.org/en/linux_packages.html
-* https://mozilla.github.io/server-side-tls/ssl-config-generator/
+* [Nginx Linux packages](http://nginx.org/en/linux_packages.html)
+* [Mozilla SSL Configuration Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/)

base/postgresql.md

@@ -0,0 +1,44 @@
+# PostgreSQL
+
+The world's most advanced open source database.
+
+## 安装
+
+官方源中版本过旧，使用 PostgreSQL 官方源
+
+```
+sudo yum install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-1.noarch.rpm
+sudo yum install postgresql10 postgresql10-server
+
+# Initialize the database
+sudo /usr/pgsql-10/bin/postgresql-10-setup initdb
+
+sudo systemctl enable postgresql-10
+sudo systemctl start postgresql-10
+```
+
+## 创建用户
+
+默认只有一个 `postgres` 用户，为方便使用，可添加一个与系统用户同名的新用户
+
+```
+sudo -u postgres -i
+createuser --interactive
+```
+
+## 配置
+
+默认的验证方式是 ident，为方便本地应用连接，可考虑改为 trust
+
+修改 `/var/lib/pgsql/10/data/pg_hba.conf`:
+
+```
+host    all             all             127.0.0.1/32            trust
+host    all             all             ::1/128                 trust
+```
+
+## 参考资料
+
+* [官网](https://www.postgresql.org/)
+* [Install PostgreSQL](https://www.postgresql.org/download/linux/redhat/)
+* [PostgreSQL Authentication Methods](https://www.postgresql.org/docs/current/static/auth-methods.html)

languages/nodejs.md

@@ -11,19 +11,31 @@ sudo yum install nodejs
 若仍想使用更新版本，可使用 [NodeSource 源](https://github.com/nodesource/distributions)：
 
 ```
-curl -sL https://rpm.nodesource.com/setup_7.x | sudo bash -
+curl -sL https://rpm.nodesource.com/setup_9.x | sudo bash -
 # 使用 TUNA 源
-sudo sed -i 's#https://rpm.nodesource.com/pub_6.x/#https://mirror.tuna.tsinghua.edu.cn/nodesource/rpm_6.x/#g' /etc/yum.repos.d/nodesource-el.repo
+sudo sed -i 's#https://rpm.nodesource.com/pub_9.x/#https://mirror.tuna.tsinghua.edu.cn/nodesource/rpm_9.x/#g' /etc/yum.repos.d/nodesource-el.repo
 
 sudo yum install nodejs
 ```
 
+## 安装 Yarn
+
+```
+sudo wget https://dl.yarnpkg.com/rpm/yarn.repo -O /etc/yum.repos.d/yarn.repo
+sudo yum install yarn
+```
+
 ## 配置
 
-Npm 官方源速度较慢且不稳定，使用[淘宝源](http://npm.taobao.org/)：
+若 npm 官方源速度较慢且不稳定，可改用[淘宝源](http://npm.taobao.org/)：
 
 ```
 cat <<EOF > ~/.npmrc
 registry=https://registry.npm.taobao.org
 EOF
 ```
+
+## 参考资料
+
+* [NodeSource](https://nodesource.com/)
+* [Yarn Installation](https://yarnpkg.com/en/docs/install)

languages/python.md

@@ -2,7 +2,7 @@
 
 ## Python 3
 
-官方源中不包含 Python 3，可使用 EPEL 源中的 Python 3.4，或 [IUS 源](https://ius.io/) 中的 Python 3.5
+官方源中不包含 Python 3，可使用 EPEL 源中的 Python 3.4，或 [IUS 源](https://ius.io/) 中的 python 3.6
 
 EPEL:
 
@@ -18,15 +18,15 @@ IUS:
 ```
 sudo rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm
 sudo yum update
-sudo yum install python35u python35u-devel
-sudo yum install python35u-setuptools python35u-pip
+sudo yum install python36u python36u-devel
+sudo yum install python36u-setuptools python36u-pip
 ```
 
-IUS 源安装的 `python35u` 不会自动创建 `/usr/bin/python3`，为方便使用，手动创建符号链接：
+IUS 源安装的 `python36u` 不会自动创建 `/usr/bin/python3`，为方便使用，手动创建符号链接：
 
 ```
-sudo ln -s /usr/bin/python3.5 /usr/bin/python3
-sudo ln -s /usr/bin/pip3.5 /usr/bin/pip3
+sudo ln -s /usr/bin/python3.6 /usr/bin/python3
+sudo ln -s /usr/bin/pip3.6 /usr/bin/pip3
 ```
 
 ## PyPI 国内镜像
@@ -67,7 +67,7 @@ trusted-host=mirrors.aliyuncs.com
 
 ```
 # 系统监控工具
-sudo pip3.5 install glances
+sudo pip3 install glances
 # For Python 2
 sudo pip2 install glances
 ```