这里没有采用官方的docker安装方式, 直接源码进行安装
yum install redis git epel-*
SETPATH=/home/convoy #设置安装目录
mkdir -p $SETPATH
cd $SETPATH
# 将php artisan horizon加入系统服务运行
cat>/etc/systemd/system/convoy.service<<EOF
[Unit]
Description=Convoy Panel Service
After=network.target nss-lookup.target
[Service]
Type = simple
ExecStart=/usr/bin/php $SETPATH/artisan horizon
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
#cron
echo " * * * * * php $SETPATH/artisan schedule:run --verbose --no-interaction >> /dev/null 2>&1 " > /etc/cron.d/convoy
chmod 644 /etc/cron.d/convoy
cd convoy
wget https://github.com/convoypanel/panel/releases/latest/download/panel.tar.gz -O - | tar xz
chmod -R o+w storage/* bootstrap/cache/
composer install --no-dev --optimize-autoloader
设置配置文件
cp .env.example .env
vim .env
这里主要是设置数据库和redis
完善配置(主要是配置登录账户)
php artisan key:generate --force #生成加盐
php artisan optimize
php artisan migrate --force #导入数据库
php artisan c:user:make #生成账户
启用守护进程
systemctl enable convoy --now
其他的php和web设置就不复述了, 官方主要是用 Docker所以写这篇文章记录一下.
整合NoVNC
登录PVE宿主节点运行
wget https://github.com/convoypanel/broker/releases/latest/download/broker.tar.gz -O - | tar xz -C /
安装Squid
yum -y install squid
mkdir -p /home/squid/logs /home/squid/coredump_dir /home/squid/cache_dir
chown squid.squid -R /home/squid/
systemctl enable squid
squid.conf配置内容
cat /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed 允许访问IP(只允许这个ip做代理请求)
acl allowip src 14.29.10.100
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# set out - ip 配置出口IP
acl ip118 myip 14.29.10.118
acl ip119 myip 14.29.10.119
acl ip120 myip 14.29.10.120
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow allowip
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
# 设置代理端口
http_port 3228
#set out-ip 多公网IP关键配置;下面的配置是指
#若使用代理IP14.29.10.118则走ip118的ip(14.29.10.118);
#若使用代理IP14.29.10.119则走ip119的ip(14.29.10.119);
#若使用代理IP14.29.10.120则走ip120的ip(14.29.10.120)
tcp_outgoing_address 14.29.10.118 ip118
tcp_outgoing_address 14.29.10.119 ip119
tcp_outgoing_address 14.29.10.120 ip120
# Squid set log path etc.
dns_nameservers 8.8.8.8
visible_hostname aliserver
#透明代理关键配置
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /home/squid/cache_dir 100 16 256
cache_access_log /home/squid/logs/access.log
cache_log /home/squid/logs/cache.log
cache_store_log /home/squid/logs/store.log
coredump_dir /home/squid/coredump_dir
pid_filename /home/squid/squid.pid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
验证代理
export https_proxy=http://127.0.0.1:3228 http_proxy=http://127.0.0.1:3228
curl icanhazip.com
curl curlmyip.com
curl ip.appspot.com
curl ipinfo.io/ip
curl ipecho.net/plain
curl www.trackip.net/i
#补充
curl ip.sb
curl ip.6655.com/ip.aspx
curl whatismyip.akamai.com
wget -qO - ifconfig.co
dig +short myip.opendns.com @resolver1.opendns.com
curl ident.me
curl v4.ident.me
curl v6.ident.me
curl inet-ip.info
#返回IP和地区
curl ip.6655.com/ip.aspx?area=1
curl 1111.ip138.com/ic.asp
curl ip.cn
curl cip.cc
stelnet 192.168.99.1 22 #登录其他设备ssh
display logbuffer #查看缓冲日志
display fib slot 3 #查看板卡FIB
display memory #查看内存
display ip routing-table vpn-instance vrf1 #查看vrf路由表
display ip routing-table #查看默认路由表
disply bgp peer #查看bgp peer
display bgp routing-table 1.0.0.0 #查看1.0.0.0 的路由信息
display bgp routing-table community #查看路由表的community
display bgp routing-table regular-expression 174 #正则匹配as的路由表
display bgp routing-table regular-expression ^174_ #正则匹配as174开头的路由表
display bgp routing-table regular-expression _174$ #正则匹配as174结尾的路由表
display bgp routing-table regular-expression _(4808|4837|9929|10099) #正则匹配联通as的路由表
display bgp routing-table regular-expression _(4134|4809_4134) #正则匹配电信as的路由表
display bgp routing-table peer X.X.X.X accepted-routes #查看bgp邻居收到的路由表
display bgp routing-table peer X.X.X.X advertised-routes #查看bgp邻居发出的路由表
display bgp ipv6 routing-table #查看路由表
display bgp ipv6 peer #查看ipv6 bgp session
display bgp ipv6 routing-table peer XX:XX:XX advertised-routes #查看IPv6 bgp邻居发出的路由表
display interface brief #查看端口状态
display interface GigabitEthernet0/3/0 #查看端口信息,例如spf光信号等
#设置vrf
#
ip vpn-instance vrf1
ipv4-family
route-distinguisher 999:2
apply-label per-route
ip direct-routing-table route-policy HE-IN
vpn-target 999:2 export-extcommunity
vpn-target 999:2 import-extcommunity
#
bgp 999
ipv4-family vpn-instance Local_SG
import-route direct
import-route static
import-route ospf 100
active-route-advertise
ext-community-change enable
import-rib public route-policy HE-IN
peer X.X.X.X as-number 888
peer X.X.X.X timer keepalive 10 hold 180
peer X.X.X.X password simple PASSWORD
peer X.X.X.X route-policy IX-IN import
peer X.X.X.Xroute-policy IX-ipv4-out export
#
ip route-static vpn-instance vrf1 <目的网络> <目的子网掩码> <下一跳地址> #设置ip段vrf出口
有时候跑一个长期运行的命令, 或者突然掉线重新连接后进程还在需要把进程调出来继续执行,
或者是将现有的进程丢进screen里面继续后台运行.
这时候reptyr就派上用场了
yum install reptyr -y
reptyr 进程PID
现在用snap商店安装软件越来越频繁了, 而且众多linux发行版都支持了.
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo systemctl start snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
export PATH="$PATH:/snap/bin"
echo 'export PATH="$PATH:/snap/bin"' >> $HOME/.bashrc
安装一个 flutter压压惊
sudo yum install epel-release -y
sudo yum install clang cmake ninja-build pkgconfig gtk3-devel xz-devel gtk3-devel -y
snap install flutter --classic
none
yum install epel-release -y
yum install doxygen -y
git clone https://github.com/BYVoid/OpenCC.git
cd OpenCC
make
sudo make install
git clone https://github.com/nauxliu/opencc4php
cd opencc4php
phpize
./configure
make && sudo make install
echo extension=opencc.so >> /opt/php7/etc/php.d/1-opencc.ini
composer载入php-opencc
composer require overtrue/php-opencc -vvv
swapoff /dev/vda2;
mkswap /dev/vda2;
swapon /dev/vda2;
resize2fs /dev/vda1;
yum -y update;systemctl disable guestfs-firstboot;
rebootp
none