понедельник, 27 ноября 2017 г.

Определить размер таблиц файловой базы 1С:Предприятие 8.3

Tools for Enterprise8 users
Enterprise 8 tools
1. Скачать файл
2. Разархивировать
3. Запустить Tool_1CD.exe
4. Открыть базу (в папке с копией базы)

 Открыть файл базы 1С
Перейти на закладку утилиты
 Пример таблица занимает 48 % от максимального.




суббота, 25 ноября 2017 г.

Настройка postgresql.conf


Настройка postgresql.conf для виртуальной машины RAM = 32 GB по методике
Настройки PostgreSQL для работы с 1С:Предприятием. Часть 2
Память для PostgreSQL выделяем 16 GB

sudo cp /etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf.bak
sudo nano /etc/postgresql/9.6/main/postgresql.conf 
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
#   name = value
#
# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
# "#" anywhere on a line.  The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal.  If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, or use "pg_ctl reload".  Some
# parameters, which are marked below, require a server shutdown and restart to
# take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on".  Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
#                MB = megabytes                     s   = seconds
#                GB = gigabytes                     min = minutes
#                TB = terabytes                     h   = hours
#                                                   d   = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.

data_directory = '/var/lib/postgresql/9.6/main'        # use data in another directory
                    # (change requires restart)
hba_file = '/etc/postgresql/9.6/main/pg_hba.conf'    # host-based authentication file
                    # (change requires restart)
ident_file = '/etc/postgresql/9.6/main/pg_ident.conf'    # ident configuration file
                    # (change requires restart)

# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/var/run/postgresql/9.6-main.pid'            # write an extra PID file
                    # (change requires restart)
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*'        # what IP address(es) to listen on;
                    # comma-separated list of addresses;
                    # defaults to 'localhost'; use '*' for all
                    # (change requires restart)
port = 5432                # (change requires restart)
max_connections = 1000            # (change requires restart)
#superuser_reserved_connections = 3    # (change requires restart)
unix_socket_directories = '/var/run/postgresql'    # comma-separated list of directories
                    # (change requires restart)
#unix_socket_group = ''            # (change requires restart)
#unix_socket_permissions = 0777        # begin with 0 to use octal notation
                    # (change requires restart)
#bonjour = off                # advertise server via Bonjour
                    # (change requires restart)
#bonjour_name = ''            # defaults to the computer name
                    # (change requires restart)
# - Security and Authentication -
#authentication_timeout = 1min        # 1s-600s
ssl = false                # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
                    # (change requires restart)
#ssl_prefer_server_ciphers = on        # (change requires restart)
#ssl_ecdh_curve = 'prime256v1'        # (change requires restart)
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'        # (change requires restart)
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'        # (change requires restart)
#ssl_ca_file = ''            # (change requires restart)
#ssl_crl_file = ''            # (change requires restart)
#password_encryption = on
#db_user_namespace = off
row_security = off

# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off

# - TCP Keepalives -
# see "man 7 tcp" for details

#tcp_keepalives_idle = 0        # TCP_KEEPIDLE, in seconds;
                    # 0 selects the system default
#tcp_keepalives_interval = 0        # TCP_KEEPINTVL, in seconds;
                    # 0 selects the system default
#tcp_keepalives_count = 0        # TCP_KEEPCNT;
                    # 0 selects the system default


#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------

# - Memory -

shared_buffers = 4GB            # min 128kB
                    # (change requires restart)
#huge_pages = try            # on, off, or try
                    # (change requires restart)
temp_buffers = 256MB            # min 800kB
#max_prepared_transactions = 0        # zero disables the feature
                    # (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
work_mem = 128MB            # min 64kB
#maintenance_work_mem = 64MB        # min 1MB
#replacement_sort_tuples = 150000    # limits use of replacement selection sort
#autovacuum_work_mem = -1        # min 1MB, or -1 to use maintenance_work_mem
#max_stack_depth = 2MB            # min 100kB
dynamic_shared_memory_type = posix    # the default is the first option
                    # supported by the operating system:
                    #   posix
                    #   sysv
                    #   windows
                    #   mmap
                    # use none to disable dynamic shared memory
                    # (change requires restart)

# - Disk -

#temp_file_limit = -1            # limits per-process temp file space
                    # in kB, or -1 for no limit

# - Kernel Resource Usage -

max_files_per_process = 1000        # min 25
                    # (change requires restart)
shared_preload_libraries = 'online_analyze, plantuner'    # (change requires restart)

# - Cost-Based Vacuum Delay -

#vacuum_cost_delay = 0            # 0-100 milliseconds
#vacuum_cost_page_hit = 1        # 0-10000 credits
#vacuum_cost_page_miss = 10        # 0-10000 credits
#vacuum_cost_page_dirty = 20        # 0-10000 credits
#vacuum_cost_limit = 200        # 1-10000 credits

# - Background Writer -

bgwriter_delay = 20ms            # 10-10000ms between rounds
bgwriter_lru_maxpages = 400        # 0-1000 max buffers written/round
bgwriter_lru_multiplier = 4.0        # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 512kB        # measured in pages, 0 disables

# - Asynchronous Behavior -

effective_io_concurrency = 2        # 1-1000; 0 disables prefetching
#max_worker_processes = 8        # (change requires restart)
#max_parallel_workers_per_gather = 0    # taken from max_worker_processes
#old_snapshot_threshold = -1        # 1min-60d; -1 disables; 0 is immediate
                    # (change requires restart)
#backend_flush_after = 0        # measured in pages, 0 disables


#------------------------------------------------------------------------------
# WRITE AHEAD LOG
#------------------------------------------------------------------------------

# - Settings -

#wal_level = minimal            # minimal, replica, or logical
                    # (change requires restart)
fsync = on                # flush data to disk for crash safety
                        # (turning this off can cause
                        # unrecoverable data corruption)
synchronous_commit = off        # synchronization level;
                    # off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync        # the default is the first option
                    # supported by the operating system:
                    #   open_datasync
                    #   fdatasync (default on Linux)
                    #   fsync
                    #   fsync_writethrough
                    #   open_sync
#full_page_writes = on            # recover from partial page writes
#wal_compression = off            # enable compression of full-page writes
#wal_log_hints = off            # also do full page writes of non-critical updates
                    # (change requires restart)
#wal_buffers = -1            # min 32kB, -1 sets based on shared_buffers
                    # (change requires restart)
#wal_writer_delay = 200ms        # 1-10000 milliseconds
#wal_writer_flush_after = 1MB        # measured in pages, 0 disables

commit_delay = 1000            # range 0-100000, in microseconds
commit_siblings = 5            # range 1-1000

# - Checkpoints -

#checkpoint_timeout = 5min        # range 30s-1d
max_wal_size = 8GB
min_wal_size = 4GB
checkpoint_completion_target = 0.5    # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 256kB        # measured in pages, 0 disables
#checkpoint_warning = 30s        # 0 disables

# - Archiving -

#archive_mode = off        # enables archiving; off, on, or always
                # (change requires restart)
#archive_command = ''        # command to use to archive a logfile segment
                # placeholders: %p = path of file to archive
                #               %f = file name only
                # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0        # force a logfile segment switch after this
                # number of seconds; 0 disables


#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------

# - Sending Server(s) -

# Set these on the master and on any standby that will send replication data.

#max_wal_senders = 0        # max number of walsender processes
                # (change requires restart)
#wal_keep_segments = 0        # in logfile segments, 16MB each; 0 disables
#wal_sender_timeout = 60s    # in milliseconds; 0 disables

#max_replication_slots = 0    # max number of replication slots
                # (change requires restart)
#track_commit_timestamp = off    # collect timestamp of transaction commit
                # (change requires restart)

# - Master Server -

# These settings are ignored on a standby server.

#synchronous_standby_names = ''    # standby servers that provide sync rep
                # number of sync standbys and comma-separated list of application_name
                # from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0    # number of xacts by which cleanup is delayed

# - Standby Servers -

# These settings are ignored on a master server.

#hot_standby = off            # "on" allows queries during recovery
                    # (change requires restart)
#max_standby_archive_delay = 30s    # max delay before canceling queries
                    # when reading WAL from archive;
                    # -1 allows indefinite delay
#max_standby_streaming_delay = 30s    # max delay before canceling queries
                    # when reading streaming WAL;
                    # -1 allows indefinite delay
#wal_receiver_status_interval = 10s    # send replies at least this often
                    # 0 disables
#hot_standby_feedback = off        # send info from standby to prevent
                    # query conflicts
#wal_receiver_timeout = 60s        # time that receiver waits for
                    # communication from master
                    # in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s    # time to wait before retrying to
                    # retrieve WAL after a failed attempt


#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------

# - Planner Method Configuration -

#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on

# - Planner Cost Constants -

#seq_page_cost = 1.0            # measured on an arbitrary scale
random_page_cost = 2.0            # same scale as above
#cpu_tuple_cost = 0.01            # same scale as above
#cpu_index_tuple_cost = 0.005        # same scale as above
#cpu_operator_cost = 0.0025        # same scale as above
#parallel_tuple_cost = 0.1        # same scale as above
#parallel_setup_cost = 1000.0    # same scale as above
#min_parallel_relation_size = 8MB
effective_cache_size = 12GB

# - Genetic Query Optimizer -

#geqo = on
#geqo_threshold = 12
#geqo_effort = 5            # range 1-10
#geqo_pool_size = 0            # selects default based on effort
#geqo_generations = 0            # selects default based on effort
#geqo_selection_bias = 2.0        # range 1.5-2.0
#geqo_seed = 0.0            # range 0.0-1.0

# - Other Planner Options -

#default_statistics_target = 100    # range 1-10000
#constraint_exclusion = partition    # on, off, or partition
#cursor_tuple_fraction = 0.1        # range 0.0-1.0
#from_collapse_limit = 8
#join_collapse_limit = 8        # 1 disables collapsing of explicit
                    # JOIN clauses
#force_parallel_mode = off


#------------------------------------------------------------------------------
# ERROR REPORTING AND LOGGING
#------------------------------------------------------------------------------

# - Where to Log -

log_destination = 'stderr'        # Valid values are combinations of
                    # stderr, csvlog, syslog, and eventlog,
                    # depending on platform.  csvlog
                    # requires logging_collector to be on.

# This is used when logging to stderr:
logging_collector = on        # Enable capturing of stderr and csvlog
                    # into log files. Required to be on for
                    # csvlogs.
                    # (change requires restart)

# These are only used if logging_collector is on:
log_directory = 'pg_log'        # directory where log files are written,
                    # can be absolute or relative to PGDATA
log_filename = 'postgresql-%a.log'    # log file name pattern,
                    # can include strftime() escapes
#log_file_mode = 0600            # creation mode for log files,
                    # begin with 0 to use octal notation
log_truncate_on_rotation = on        # If on, an existing log file with the
                    # same name as the new log file will be
                    # truncated rather than appended to.
                    # But such truncation only occurs on
                    # time-driven rotation, not on restarts
                    # or size-driven rotation.  Default is
                    # off, meaning append to existing files
                    # in all cases.
log_rotation_age = 1d            # Automatic rotation of logfiles will
                    # happen after that time.  0 disables.
log_rotation_size = 0        # Automatic rotation of logfiles will
                    # happen after that much log output.
                    # 0 disables.

# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on

# This is only relevant when logging to eventlog (win32):
# (change requires restart)
#event_source = 'PostgreSQL'

# - When to Log -

#client_min_messages = notice        # values in order of decreasing detail:
                    #   debug5
                    #   debug4
                    #   debug3
                    #   debug2
                    #   debug1
                    #   log
                    #   notice
                    #   warning
                    #   error

#log_min_messages = warning        # values in order of decreasing detail:
                    #   debug5
                    #   debug4
                    #   debug3
                    #   debug2
                    #   debug1
                    #   info
                    #   notice
                    #   warning
                    #   error
                    #   log
                    #   fatal
                    #   panic

#log_min_error_statement = error    # values in order of decreasing detail:
                    #   debug5
                    #   debug4
                    #   debug3
                    #   debug2
                    #   debug1
                    #   info
                    #   notice
                    #   warning
                    #   error
                    #   log
                    #   fatal
                    #   panic (effectively off)

#log_min_duration_statement = -1    # -1 is disabled, 0 logs all statements
                    # and their durations, > 0 logs only
                    # statements running at least this number
                    # of milliseconds


# - What to Log -

#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default        # terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '%t [%p-%l] %q%u@%d '            # special values:
                    #   %a = application name
                    #   %u = user name
                    #   %d = database name
                    #   %r = remote host and port
                    #   %h = remote host
                    #   %p = process ID
                    #   %t = timestamp without milliseconds
                    #   %m = timestamp with milliseconds
                    #   %n = timestamp with milliseconds (as a Unix epoch)
                    #   %i = command tag
                    #   %e = SQL state
                    #   %c = session ID
                    #   %l = session line number
                    #   %s = session start timestamp
                    #   %v = virtual transaction ID
                    #   %x = transaction ID (0 if none)
                    #   %q = stop here in non-session
                    #        processes
                    #   %% = '%'
                    # e.g. '<%u%%%d> '
#log_lock_waits = off            # log lock waits >= deadlock_timeout
#log_statement = 'none'            # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1            # log temporary files equal or larger
                    # than the specified size in kilobytes;
                    # -1 disables, 0 logs all temp files
log_timezone = 'W-SU'


# - Process Title -

#cluster_name = ''            # added to process titles if nonempty
                    # (change requires restart)
#update_process_title = on


#------------------------------------------------------------------------------
# RUNTIME STATISTICS
#------------------------------------------------------------------------------

# - Query/Index Statistics Collector -

#track_activities = on
#track_counts = on
#track_io_timing = off
#track_functions = none            # none, pl, all
#track_activity_query_size = 1024    # (change requires restart)
stats_temp_directory = '/var/run/postgresql/9.6-main.pg_stat_tmp'


# - Statistics Monitoring -

#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off


#------------------------------------------------------------------------------
# AUTOVACUUM PARAMETERS
#------------------------------------------------------------------------------

autovacuum = on             # Enable autovacuum subprocess?  'on'
                    # requires track_counts to also be on.
#log_autovacuum_min_duration = -1    # -1 disables, 0 logs all actions and
                    # their durations, > 0 logs only
                    # actions running at least this number
                    # of milliseconds.
autovacuum_max_workers = 4        # max number of autovacuum subprocesses
                    # (change requires restart)
autovacuum_naptime = 20s        # time between autovacuum runs
#autovacuum_vacuum_threshold = 50    # min number of row updates before
                    # vacuum
#autovacuum_analyze_threshold = 50    # min number of row updates before
                    # analyze
#autovacuum_vacuum_scale_factor = 0.2    # fraction of table size before vacuum
#autovacuum_analyze_scale_factor = 0.1    # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000    # maximum XID age before forced vacuum
                    # (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000    # maximum multixact age
                    # before forced vacuum
                    # (change requires restart)
#autovacuum_vacuum_cost_delay = 20ms    # default vacuum cost delay for
                    # autovacuum, in milliseconds;
                    # -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1    # default vacuum cost limit for
                    # autovacuum, -1 means use
                    # vacuum_cost_limit


#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------

# - Statement Behavior -

#search_path = '"$user", public'    # schema names
#default_tablespace = ''        # a tablespace name, '' uses the default
#temp_tablespaces = ''            # a list of tablespace names, '' uses
                    # only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0            # in milliseconds, 0 is disabled
#lock_timeout = 0            # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0        # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_freeze_table_age = 150000000
#bytea_output = 'hex'            # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_fuzzy_search_limit = 0
#gin_pending_list_limit = 4MB

# - Locale and Formatting -

datestyle = 'iso, dmy'
#intervalstyle = 'postgres'
timezone = 'W-SU'
#timezone_abbreviations = 'Default'     # Select the set of available time zone
                    # abbreviations.  Currently, there are
                    #   Default
                    #   Australia (historical usage)
                    #   India
                    # You can create your own file in
                    # share/timezonesets/.
#extra_float_digits = 0            # min -15, max 3
#client_encoding = sql_ascii        # actually, defaults to database
                    # encoding

# These settings are initialized by initdb, but they can be changed.
lc_messages = 'ru_RU.UTF-8'            # locale for system error message
                    # strings
lc_monetary = 'ru_RU.UTF-8'            # locale for monetary formatting
lc_numeric = 'ru_RU.UTF-8'            # locale for number formatting
lc_time = 'ru_RU.UTF-8'                # locale for time formatting

# default configuration for text search
default_text_search_config = 'pg_catalog.russian'

# - Other Defaults -

#dynamic_library_path = '$libdir'
#local_preload_libraries = ''
#session_preload_libraries = ''


#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------

#deadlock_timeout = 1s
max_locks_per_transaction = 256    # min 10
                    # (change requires restart)
#max_pred_locks_per_transaction = 64    # min 10
                    # (change requires restart)


#------------------------------------------------------------------------------
# VERSION/PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------

# - Previous PostgreSQL Versions -

#array_nulls = on
#backslash_quote = safe_encoding    # on, off, or safe_encoding
#default_with_oids = off
escape_string_warning = off
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
#sql_inheritance = on
standard_conforming_strings = off
#synchronize_seqscans = on

# - Other Platforms and Clients -

#transform_null_equals = off


#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------

#exit_on_error = off            # terminate session on any error?
#restart_after_crash = on        # reinitialize after backend crash?


#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------

# These options allow settings to be loaded from files other than the
# default postgresql.conf.

#include_dir = 'conf.d'            # include files ending in '.conf' from
                    # directory 'conf.d'
#include_if_exists = 'exists.conf'    # include file only if it exists
#include = 'special.conf'        # include file


#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------

online_analyze.threshold = 50
online_analyze.scale_factor = 0.1
online_analyze.enable = on
online_analyze.verbose = off
online_analyze.local_tracking = on
online_analyze.min_interval = 10000
online_analyze.table_type = 'all'

1C + PostgreSQL: Изменение табличного пространства 

Установка 1С 8.3.10 СУБД PostgreSQL версия 9.6.5-4.1С ubuntu 16.04.3

В данной статье опишем установку сервера и клиента 1С 8.3.10.2650 с СУБД PostgreSQL версия 9.6.5-4.1С на ubuntu 16.04.3 на virtualbox.
Нам потребуется (все 64 бит):
1. ubuntu 16.04.3
2. 1С берем на сайте 8.3.10.2650 при наличии договора ИТС
3. PostgreSQL версия 9.6.5-4.1С дистрибутивдополнительные модули  при наличии договора ИТС 
4.  Фонты берем etersoft по кнопке получить (после бесплатной регистрации wine.local для ubuntu 16.04 64 бит)
5. Драйверы hasp берем etersoft

1. Устанавливаем ubuntu 16.04.3 desktop без swap файла, т.е. размечаем вручную весь диск ext4 root.
Настройки виртуальной машины - RAM (минимум 4GB)
Сеть - сетевой мост.

Проще всего пробросить в виртуальную машину лицензии 1С:Предприятия 8 посредством локального hasp.


Настройки ubuntu пользователь (привязка в скриптах) user пароль 12345, имя компьютера любое, позже мы его сменим скриптом, как и ip адрес.

После установки, Ctrl +Alt + T (окно терминала)
$ sudo apt update -y
$ sudo apt upgrade -y
$ sudo apt install mc ssh samba -y

Возможно sudo apt upgrade -y не пройдет из за блокировки, тогда sudo reboot и повторите с начала.

2. Настройка сети скриптом.

Откроем firefox (в ubuntu), откроем эту страничку  и скопируем в буфер скрипт настройки сети:

$ nano network.sh

Скопируем из буфера следующий скрипт, в котором Вам нужно исправить ip и адрес шлюза в соответствии со своей сетью:

#!/bin/bash
# настройка ip и hostname
#----------------------------------------------------------------------
_hostname="ud1604"
# real computer
#_iface="enp0s31f6"
# kvm iface
#_iface="ens3"
# virtualbox iface
_iface="enp0s3"
_address="192.168.0.3"
_gateway="192.168.0.1"
_netmask="255.255.255.0"
_nameserver="8.8.8.8"
#----------------------------------------------------------------------
#add a swap file to an Ubuntu 16.04
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.bak
sudo echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
# отключим сетевой менеджер
sudo systemctl stop NetworkManager.service
sudo systemctl disable NetworkManager.service
# настроим статический ip
sudo cat > /tmp/interfaces <<EOF
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#auto $_iface
#iface $_iface inet dhcp
iface $_iface inet static
address $_address
netmask $_netmask
gateway $_gateway
dns-nameservers $_nameserver
auto $_iface
EOF
sudo cp /tmp/interfaces /etc/network
#sudo rm /etc/resolv.conf
#sudo /bin/su -c "echo 'nameserver $_nameserver' > /etc/resolv.conf"
# изменим hostname и ip
sudo cat > /tmp/hosts <<EOF
127.0.0.1       localhost
$_address       $_hostname
EOF
sudo cp /tmp/hosts /etc
# изменим hostname
sudo hostname $_hostname
sudo /bin/su -c "echo $_hostname > /etc/hostname"
# отключим ip6
sudo /bin/su -c "echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'net.ipv6.conf.lo.disable_ipv6 = 1' >> /etc/sysctl.conf"
#sudo /bin/su -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'vm.swappiness=0' >> /etc/sysctl.conf"
#sudo /bin/su -c "echo 'vm.vfs_cache_pressure = 50' >> /etc/sysctl.conf"
sudo sysctl -p
# перезагрузим сеть
sudo systemctl start networking.service
sudo systemctl enable networking.service
# Настройка sudo journalctl -b sudo journalctl -b -1 sudo journalctl --list-boots
sudo sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf
# Отключение уведомлений службы Apport (/var/crash)
sudo sed -i 's/enabled=1/enabled=0/' /etc/default/apport
# Настройка ftp пользователь: test пароль: test
sudo apt install pure-ftpd -y
sudo groupadd ftpgroup
sudo usermod -aG ftpgroup user
sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure
sudo mkdir /home/user/test
sudo chown -R user:ftpgroup /home/user/test
#sudo pure-pw useradd test -u user -d /home/user/test
# Заведем пользователя ftp test с паролем test
sudo echo -e "test\ntest\n" | sudo pure-pw useradd test -u user -d /home/user/test
sudo pure-pw mkdb
sudo service pure-ftpd restart
# ubuntu
# Отключим службу ondemand
# (для разгона cpu)
# cat /proc/cpuinfo | grep MHz
# systemctl status ondemand
sudo systemctl stop ondemand
sudo systemctl disable ondemand
# shutdown -r now

Сохраним файл network.sh

Сделаем исполняем
$ chmod +x network.sh

Выполним:

$ ./network.sh

Перезагрузимся

$ sudo reboot

3. Установка СУБД PostgreSQL версия 9.6.5-4.1С и 1c скриптом:

После перезагрузки по сети можно подключиться любым ftp клиентом к ftp серверу на нашей виртуальной машине (по ip или или имени ud1604) пользователь test пароль test и загрузить файлы установки:

Файлы необходимые для установки (предварительно нужно скачать по указанным в начале статьи ссылкам):

postgresql_9.6.5_4.1C_amd64_addon_deb.tar.bz2
postgresql_9.6.5_4.1C_amd64_deb.tar.bz2
server.deb64.tar.gz
client.deb64.tar.gz
fonts-ttf-ms_1.0-eter4ubuntu_all.deb
haspd_7.60-eter1debian_amd64.deb
haspd-modules_7.60-eter1debian_amd64.deb

Откроем firefox (в ubuntu), откроем эту страничку  и скопируем в буфер скрипт установки СУБД PostgreSQL версия 9.6.5-4.1С и 1c:

$ nano install_post965_4.sh

Скопируем из буфера следующий скрипт:

#!/bin/sh
sudo apt-get install libicu55 postgresql-common -y
sudo cp /usr/share/hunspell/ru_RU.aff  /usr/share/hunspell/ru_RU.aff.copy
sudo sed -e '1s/^\xef\xbb\xbf//' /usr/share/hunspell/ru_RU.aff
mkdir -p /tmp/post
cp /home/user/test/postgresql_9.6.5_4.1C_amd64_deb.tar.bz2 /tmp/post/
cp /home/user/test/postgresql_9.6.5_4.1C_amd64_addon_deb.tar.bz2 /tmp/post/
cd /tmp/post
tar -xvf postgresql_9.6.5_4.1C_amd64_deb.tar.bz2
cd postgresql-9.6.5-4.1C_amd64_deb
sudo dpkg -i *.deb
cd /tmp/post/
tar -xvf postgresql_9.6.5_4.1C_amd64_addon_deb.tar.bz2
cd postgresql-9.6.5-4.1C_amd64_addon_deb
sudo dpkg -i *.deb
sudo -u postgres psql -U postgres -c "alter user postgres with password 'pass';"
sudo cp /etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf.bak
# установка 1с
mkdir -p /tmp/1ctmp
cd /tmp/1ctmp
sudo apt install -y unixodbc libgsf-1-114 libglib2.0
#ubuntu
#sudo apt install ttf-mscorefonts-installer -y
#debian
#wget  http://ftp.ru.debian.org/debian/pool/contrib/m/msttcorefonts/ttf-mscorefonts-installer_3.6_all.deb
sudo  apt install -y xfonts-utils cabextract
#sudo dpkg -i ttf-mscorefonts-installer_3.6_all.deb
# фонты от Etersoft
#ubuntu
cp /home/user/test/fonts-ttf-ms_1.0-eter4ubuntu_all.deb /tmp/1ctmp
sudo dpkg -i fonts-ttf-ms_1.0-eter4ubuntu_all.deb
sudo apt -f -y install
#debian
#cp /home/user/Загрузки/fonts-ttf-ms_1.0-eter4debian_all.deb /tmp/1ctmp
#sudo dpkg -i fonts-ttf-ms_1.0-eter4debian_all.deb
cp /home/user/test/server.deb64.tar.gz /tmp/1ctmp
cp /home/user/test/client.deb64.tar.gz /tmp/1ctmp
tar xvzf server.deb64.tar.gz
tar xvzf client.deb64.tar.gz
sudo dpkg -i 1c*.deb
sudo apt -f -y install
sudo chown -R usr1cv8:grp1cv8 /opt/1C
sudo echo -e "pass\npass\n" | sudo passwd usr1cv8
sudo service srv1cv83 start
#sudo service srv1cv83 status
sudo  apt install -y libc6-i386
mkdir /tmp/hasp
cd /tmp/hasp
cp /home/user/test/haspd_7.60-eter1debian_amd64.deb /tmp/hasp
cp /home/user/test/haspd-modules_7.60-eter1debian_amd64.deb /tmp/hasp
#cp /home/user/test/haspd_7.40-eter10ubuntu_amd64.deb /tmp/hasp
#cp /home/user/test/haspd-modules_7.40-eter10ubuntu_amd64.deb /tmp/hasp
#wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/Debian/8/haspd_7.60-eter1debian_amd64.deb
#wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/Ubuntu/16.04/haspd_7.40-eter10ubuntu_amd64.deb
#wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/Debian/8/haspd-modules_7.60-eter1debian_amd64.deb
#wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/Ubuntu/16.04/haspd-modules_7.40-eter10ubuntu_amd64.deb
sudo dpkg -i *.deb
sudo apt-get install -f -y
sudo service haspd start
#sudo service haspd status
#sudo shutdown -r now

Сохраним файл install_post965_4.sh

Сделаем исполняем
$ chmod +x  install_post965_4.sh

Выполним:

$ ./install_post965_4.sh

$ sudo poweroff

Здесь полезно сделать "консервы".
До подключения базы 1с легко менять ip адрес и название сервера.
Сделаем выгрузку post965.ova

Перезагрузимся, если не делали выгрузку или просто загрузим виртуалку.

$ sudo reboot

Можно подключать базу 1С.




Можно создать базу пользователь postgres пароль pass  

пятница, 17 ноября 2017 г.

Настройка Linux для высоконагруженных проектов и защиты от DDoS

Начальная настройка сервера OpenVPN c Ubuntu 16.04 хостера DO

Верифицировано 15.01.2018 г. !!!
Бывает необходимо подключить к вебсерверу на котором опубликованы информационные базы 1С клиентов через интернет. Для этого хорошо подходит DO.
Initial Server Setup with Ubuntu 16.04
Как настроить сервер OpenVPN в Ubuntu 16.04

1. Создать droplet пароль root придет на регистрационный email,  ip увидим при создании

На рабочей машине:
$ ssh root@ip
Сменим пароль root

# apt update -y
# apt upgrade -y
# apt install mc openvpn easy-rsa -y
# adduser user
# usermod -aG sudo user
Еще отключим ping :
# nano /etc/rc.local

Добавляем строки до exit 0

/bin/su -c "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Сохраняем
# reboot

На рабочей машине:
$ ssh user@ip

Откроем firefox (в ubuntu), откроем эту страничку  и скопируем в буфер скрипт настройки сети:

$ nano start.sh

Скопируем из буфера следующий скрипт, в котором Вам нужно исправить ip и адрес шлюза в соответствии со своей сетью:

#!/bin/bash
#Небольшой тюнинг:
sudo /bin/su -c "echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'net.ipv6.conf.lo.disable_ipv6 = 1' >> /etc/sysctl.conf"
sudo  /bin/su -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"
sudo /bin/su -c "echo 'vm.swappiness=0' >> /etc/sysctl.conf"
sudo sysctl -p
sudo  systemctl restart networking.service


# Настройка sudo journalctl -b sudo journalctl -b -1 sudo journalctl --list-boots
sudo sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf

#Добавим swap file to an Ubuntu 16.04:
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.bak
sudo echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

#Зададим ip для клиентов внутри vpn
sudo mkdir -p /etc/openvpn/ccd
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.2 255.255.255.0' >> /etc/openvpn/ccd/client1"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.3 255.255.255.0' >> /etc/openvpn/ccd/client2"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.4 255.255.255.0' >> /etc/openvpn/ccd/client3"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.5 255.255.255.0' >> /etc/openvpn/ccd/client4"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.6 255.255.255.0' >> /etc/openvpn/ccd/client5"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.7 255.255.255.0' >> /etc/openvpn/ccd/client6"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.8 255.255.255.0' >> /etc/openvpn/ccd/client7"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.9 255.255.255.0' >> /etc/openvpn/ccd/client8"
sudo /bin/su -c "echo 'ifconfig-push 10.8.0.10 255.255.255.0' >> /etc/openvpn/ccd/client9"

# Настройка ftp пользователь: test пароль: test
sudo apt install pure-ftpd -y
sudo groupadd ftpgroup
sudo usermod -aG ftpgroup user
sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure
sudo mkdir /home/user/test
sudo chown -R user:ftpgroup /home/user/test
#sudo pure-pw useradd test -u user -d /home/user/test
# Заведем пользователя ftp test с паролем test
sudo echo -e "test\ntest\n" | sudo pure-pw useradd test -u user -d /home/user/test
sudo pure-pw mkdb
sudo service pure-ftpd restart

Сохраним файл start.sh

Сделаем исполняем
$ chmod +x  start.sh

Выполним:

$ ./start.sh
$ sudo reboot

На рабочей машине:
$ ssh user@ip
$ sudo -i

Если sudo работает запретим входить root по ssh

Настройка sudo journalctl -b sudo journalctl -b -1 sudo journalctl --list-boots
$ sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
Можно посмотреть:
$ sudo nano /etc/ssh/sshd_config 

Генерация ключей

$ make-cadir ~/openvpn-ca
$ cd ~/openvpn-ca
$ source vars
$ ./clean-all
$ ./build-ca
$ ./build-key-server server
$ ./build-dh
$ openvpn --genkey --secret keys/ta.key

Генерация ключей для клиента
$ cd ~/openvpn-ca
$ source vars
$ ./build-key client1
...............................
$ ./build-key client20

Скопируем ключи:
$ cd ~/openvpn-ca/keys
$ sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn
$ sudo gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
$ sudo cp /etc/openvpn/server.conf /etc/openvpn/server.conf.bak

Настройка сервера:
$ sudo nano /etc/openvpn/server.conf

Скопируем настройки server.conf и вставим (заменим) в /etc/openvpn/server.conf:

#port 443
port 443 port-share 127.0.0.1 4443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
;ifconfig-pool-persist ipp.txt
client-config-dir ccd
# раскоментировать для маршрутизации интернета
push "redirect-gateway def1"
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
;cipher BF-CBC        # Blowfish (default)
cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
auth SHA256
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
;log-append  openvpn.log
verb 3
;mute 20

Сохранить.

Запуск:
$ sudo systemctl start openvpn@server
$ sudo systemctl enable openvpn@server
$ sudo systemctl status openvpn@server
   -------------------------------------------------------------------------------------------------------------------------
Упакуем сертификаты
$ mkdir -p ~/client-configs/files
$ chmod 700 ~/client-configs/files
$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
$ cp ~/client-configs/base.conf ~/client-configs/base.conf.bak

Настроим базовые настройки клиента, XXX.XXX.XXX.XXX ip адрес сервера:
$ nano ~/client-configs/base.conf
Заменить на: 
client
dev tun
proto tcp
;proto udp
remote XXX.XXX.XXX.XXX 443
;remote my-server-1 1194
;remote my-server-2 1194
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-128-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
;mute 20

Сохранить.

$ nano ~/client-configs/make_config.sh
Добавить:
#!/bin/bash
# First argument: Client identifier
KEY_DIR=~/openvpn-ca/keys
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf
cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn
Сохранить.
$ chmod 700 ~/client-configs/make_config.sh
$ cd ~/client-configs
$ ./make_config.sh client1
.........................................
$ ./make_config.sh client9

Подключиться по csp и скачать конфигурационные файлы для openvpn из  /home/user/client-configs/files
$ mkdir -p  /home/user/test/vu
Первый раз:
$ scp user@XXX.XXX.XXX.XXX:/home/user/client-configs/files/* /home/user/test
Затем по vpn
$ scp user@10.8.0.1:/home/user/client-configs/files/* /home/user/test

$ sudo openvpn --config /etc/openvpn/client1.ovpn


 -------------------------------------------------------------------------------------------------------------------------
Перед настройкой ufw, OpenVPN должен быть настроен и проверен!!!Доступ к серверу по ssh будет только через OpenVPN!!!
Можно будет зайти только через Access console панели управления!

Еще добавим nat (если нужна маршрутизация интернет-трафика) :
$ sudo nano /etc/rc.local

добавляем строки до exit 0

    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

сохраняем
 $ sudo reboot

$ sudo ufw  reset
---------------------------------------------------------------------------------------------------------------------------
Настройка ufwsudo ufw allow out on tun0
sudo ufw allow in on tun0
sudo  ufw allow 443/tcp
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw default allow forward
sudo ufw disable
sudo ufw enable
sudo reboot
---------------------------------------------------------------------------------------------------- 
Установить fail2ban
$ sudo apt install fail2ban
----------------------------------------------------------------------------------------------------  
Установить часовой пояс
$ sudo dpkg-reconfigure tzdata
----------------------------------------------------------------------------------------------------

Можно подключать 1С-ки.

----------------------------------------------------------------------------------------------------
$ apt list --all-versions openvpn
Listing... Done
openvpn/xenial-updates,xenial-security,now 2.3.10-1ubuntu2.1 amd64 [installed]

Клиента качаем отсюда, версия 2.3.18
OpenVPN 2.3.18 (old stable)
Безопасный OpenVPN на VPS за несколько минут 

среда, 15 ноября 2017 г.

Установка клиента OpenVPN под windows

Downloads

Для Ubuntu 16.04 и роутера Asus RT-18 нужна версия клиента OpenVPN 2.3.2
край 2.3.4 берем здесь они не безоопасны!


Далее не нажимайте сразу Finish, а скопируйте client1.ovpn в папку с конигурационными файлами: 

После установите флажок Start и нажмите Finish :


Кликните мышкой по серой иконке с замочком, в контекстном меню, выберите Подключиться :

Ip адрес назначен!





.

Установка вебсервера и публикация конфигурации (под windows)

.




Каталог можно создать внутри папки с конфигурацией, главное что бы в путях не было русских букв!!!




Обращаться можно http://localhost/DemoRetail/
http://192.168.0.3/DemoRetail/ (в локальной сети)
http://10.8.0.3/DemoRetail/ (в VPN сети)

Где  DemoRetail имя указнное при публикации базы