7 anos atrás · b349e2ac38
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -73,6 +73,7 @@
 
				   - [CI工作流](experience/operation/workflow.md)
			
 
				   - [重启服务](experience/operation/restarter.md)
			
 
				   - [版本回退](experience/operation/rollback.md)
			
 
				+  - [CertBot证书](experience/operation/certbot.md)
			
 
				 - 进阶
			
 
				   - [元编程构造优雅解决方案](experience/advanced/meta.md)
			
 
				   - [Electron桌面应用](experience/advanced/desktop-app.md)
			
--- a/basic/resource/iterm.md
+++ b/basic/resource/iterm.md
@@ -12,6 +12,63 @@
 
				 sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
			
 
				 ```
			
 
				 
			
 
				+## 为所有用户安装 Oh My Zsh
			
 
				+
			
 
				+首先要确认 zsh 已经安装（Ubuntu）：
			
 
				+
			
 
				+```
			
 
				+sudo apt-get install zsh
			
 
				+```
			
 
				+
			
 
				+1.以`Root`用户安装
			
 
				+
			
 
				+```bash
			
 
				+sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
			
 
				+```
			
 
				+
			
 
				+2.修改`/etc/adduser.conf`
			
 
				+
			
 
				+```bash
			
 
				+DSHELL=/bin/bash #也可能是 sh
			
 
				+```
			
 
				+
			
 
				+为:
			
 
				+
			
 
				+```bash
			
 
				+DSHELL=/bin/zsh
			
 
				+```
			
 
				+
			
 
				+3.修改`/etc/default/useradd`
			
 
				+
			
 
				+```bash
			
 
				+SHELL=/bin/sh
			
 
				+```
			
 
				+
			
 
				+为:
			
 
				+
			
 
				+```bash
			
 
				+SHELL=/bin/zsh
			
 
				+```
			
 
				+
			
 
				+4.复制配置到新用户目录
			
 
				+
			
 
				+```
			
 
				+cp -r .oh-my-zsh /etc/skel/
			
 
				+cp .zshrc /etc/skel 
			
 
				+```
			
 
				+
			
 
				+5.新建用户后，修改用户目录下的 `/home/username/.zshrc`
			
 
				+
			
 
				+```
			
 
				+export ZSH=/root/.oh-my-zsh
			
 
				+```
			
 
				+
			
 
				+为:
			
 
				+
			
 
				+```
			
 
				+export ZSH=/home/username/.oh-my-zsh
			
 
				+```
			
 
				+
			
 
				 ## 配置iTerm主题
			
 
				 
			
 
				 推荐使用`Solarized`, 下载地址: <http://ethanschoonover.com/solarized/files/solarized.zip>
			
@@ -35,4 +92,3 @@ sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/i
 
				 搜索 `plugins=` 增改弃用的插件
			
 
				 
			
 
				 可用插件列表: <https://github.com/robbyrussell/oh-my-zsh/wiki/Plugins>
			
 
				-
			
--- a/experience/advanced/mixed-project.md
+++ b/experience/advanced/mixed-project.md
@@ -25,9 +25,10 @@
 
				 CREATE TABLE `data` (
			
 
				   `user` char(16) NOT NULL DEFAULT '' COMMENT '用户',
			
 
				   `active` int(3) unsigned NOT NULL COMMENT '活跃时间（秒）',
			
 
				-  `efficiency` decimal(3,2) NOT NULL COMMENT '效率（%）',
			
 
				+  `efficiency` decimal(5,2) NOT NULL COMMENT '效率（%）',
			
 
				   `date` int(10) unsigned NOT NULL COMMENT '数据时间（转时间戳）',
			
 
				-  KEY `whereorder` (`user`,`date`)
			
 
				+  KEY `whereorder` (`user`,`date`),
			
 
				+  KEY `date` (`date`)
			
 
				 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
			
 
				 ```
			
 
				 
			
--- a/experience/operation/certbot.md
+++ b/experience/operation/certbot.md
@@ -0,0 +1,87 @@
 
				+# CertBot 证书
			
 
				+
			
 
				+在阿里云 ECS 上安装的话，Python 版本是包含2、3两个的，所以需要升级 pip 到9.0之后版本。
			
 
				+
			
 
				+如果是`Ubuntu 16.04`版本，千万不要用`Root`安装。
			
 
				+
			
 
				+升级过程中提示：
			
 
				+
			
 
				+```
			
 
				+locale.Error: unsupported locale setting
			
 
				+```
			
 
				+
			
 
				+通过修改本地语言修复：
			
 
				+
			
 
				+```bash
			
 
				+export LC_ALL="en_US.UTF-8"
			
 
				+export LC_CTYPE="en_US.UTF-8"
			
 
				+sudo dpkg-reconfigure locales
			
 
				+```
			
 
				+
			
 
				+然后一路回车结束。
			
 
				+
			
 
				+```bash
			
 
				+pip install -U pip
			
 
				+
			
 
				+# 测试安装结果
			
 
				+pip -V
			
 
				+# pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)
			
 
				+```
			
 
				+
			
 
				+
			
 
				+安装`certbot-auto`
			
 
				+
			
 
				+```bash
			
 
				+wget https://dl.eff.org/certbot-auto
			
 
				+chmod +x certbot-auto
			
 
				+```
			
 
				+
			
 
				+检查 Nginx 是否已经配置该网站。
			
 
				+
			
 
				+```
			
 
				+server {
			
 
				+        listen 80;
			
 
				+        server_name example.com;
			
 
				+        add_header Strict-Transport-Security max-age=15768000;
			
 
				+        return 301 https://example.com$request_uri;
			
 
				+}
			
 
				+```
			
 
				+
			
 
				+颁发证书：
			
 
				+
			
 
				+```bash
			
 
				+./certbot-auto certonly --agree-tos --email mail@example.com --nginx -d example.com
			
 
				+```
			
 
				+
			
 
				+添加 HTTPS 配置：
			
 
				+
			
 
				+```conf
			
 
				+server {
			
 
				+        listen 443 ssl http2; # managed by Certbot
			
 
				+        server_name example.com;
			
 
				+        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
			
 
				+        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
			
 
				+        ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
			
 
				+        ssl_session_timeout 1440m; # managed by Certbot
			
 
				+
			
 
				+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
			
 
				+        ssl_prefer_server_ciphers on; # managed by Certbot
			
 
				+
			
 
				+        ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot
			
 
				+
			
 
				+        # add_header Alternate-Protocol  443:npn-spdy/3;
			
 
				+        add_header Strict-Transport-Security "max-age=31536000;";
			
 
				+        #add_header  X-Content-Type-Options "nosniff";
			
 
				+        #add_header X-Frame-Options DENY;
			
 
				+
			
 
				+        access_log off;
			
 
				+
			
 
				+        # 应用部分
			
 
				+}
			
 
				+```
			
 
				+
			
 
				+更新证书命令：
			
 
				+
			
 
				+```bash
			
 
				+./certbot-auto renew --dry-run
			
 
				+```