convoypanel面板部署备忘录

这里没有采用官方的docker安装方式, 直接源码进行安装

yum install redis git epel-*

SETPATH=/home/pve/  #设置安装目录
mkdir -p $SETPATH
cd $SETPATH

# 将php artisan horizon:work加入系统服务运行
cat>/etc/systemd/system/pve.service<<EOF
[Unit]
Description=Convoy Service
After=network.target nss-lookup.target

[Service]
Type = simple
ExecStart=/usr/bin/php $SETPATH/artisan horizon:work
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

wget https://github.com/convoypanel/panel/releases/latest/download/panel.tar.gz -O - | tar xz
chmod -R o+w storage/* bootstrap/cache/
composer install --no-dev --optimize-autoloader

设置配置文件

cp .env.example .env
vim .env

这里主要是设置数据库和redis

完善配置(主要是配置登录账户)

php artisan key:generate --force  #生成加盐
php artisan optimize
php artisan migrate --force   #导入数据库
php artisan c:user:make   #生成账户

启用守护进程

systemctl enable pve --now

其他的php和web设置就不复述了, 官方文档主少提了要守护进程运行php artisan horizon:work所以写这篇文章记录一下.

整合NoVNC

登录PVE宿主节点运行

wget https://github.com/convoypanel/broker/releases/latest/download/broker.tar.gz -O - | tar xz -C /

Squid透明代理-多公网IP指定出口IP

安装Squid

yum -y install squid
mkdir -p /home/squid/logs  /home/squid/coredump_dir /home/squid/cache_dir
chown squid.squid -R  /home/squid/
systemctl enable squid

squid.conf配置内容

cat /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed 允许访问IP(只允许这个ip做代理请求)
acl allowip src 14.29.10.100

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# set out - ip 配置出口IP
acl ip118 myip 14.29.10.118
acl ip119 myip 14.29.10.119
acl ip120 myip 14.29.10.120

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow allowip

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
# 设置代理端口
http_port 3228

#set out-ip 多公网IP关键配置;下面的配置是指
#若使用代理IP14.29.10.118则走ip118的ip(14.29.10.118);
#若使用代理IP14.29.10.119则走ip119的ip(14.29.10.119);
#若使用代理IP14.29.10.120则走ip120的ip(14.29.10.120)
tcp_outgoing_address 14.29.10.118 ip118
tcp_outgoing_address 14.29.10.119 ip119
tcp_outgoing_address 14.29.10.120 ip120

# Squid set log path etc.
dns_nameservers 8.8.8.8
visible_hostname aliserver

#透明代理关键配置
request_header_access Via deny all
request_header_access X-Forwarded-For deny all


cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95

cache_dir ufs /home/squid/cache_dir 100 16 256
cache_access_log /home/squid/logs/access.log
cache_log /home/squid/logs/cache.log
cache_store_log /home/squid/logs/store.log

coredump_dir /home/squid/coredump_dir

pid_filename /home/squid/squid.pid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

验证代理

export https_proxy=http://127.0.0.1:3228 http_proxy=http://127.0.0.1:3228

curl icanhazip.com
curl curlmyip.com
curl ip.appspot.com
curl ipinfo.io/ip
curl ipecho.net/plain
curl www.trackip.net/i

#补充
curl ip.sb
curl ip.6655.com/ip.aspx
curl whatismyip.akamai.com
wget -qO - ifconfig.co
dig +short myip.opendns.com @resolver1.opendns.com
curl ident.me
curl v4.ident.me
curl v6.ident.me
curl inet-ip.info

#返回IP和地区
curl ip.6655.com/ip.aspx?area=1
curl 1111.ip138.com/ic.asp
curl ip.cn
curl cip.cc

华为路由常用命令备忘录

stelnet 192.168.99.1 22    #登录其他设备ssh
display logbuffer  #查看缓冲日志
display fib slot 3   #查看板卡FIB
display memory   #查看内存
display ip routing-table vpn-instance vrf1    #查看vrf路由表
display ip routing-table   #查看默认路由表
disply bgp peer  #查看bgp peer
display bgp routing-table 1.0.0.0    #查看1.0.0.0 的路由信息
display bgp routing-table   community #查看路由表的community
display bgp routing-table  regular-expression 174    #正则匹配as的路由表
display bgp routing-table  regular-expression  ^174_ #正则匹配as174开头的路由表
display bgp routing-table  regular-expression  _174$ #正则匹配as174结尾的路由表
display bgp routing-table  regular-expression _(4808|4837|9929|10099)    #正则匹配联通as的路由表
display bgp routing-table  regular-expression  _(4134|4809_4134)        #正则匹配电信as的路由表
display bgp routing-table  peer X.X.X.X  accepted-routes   #查看bgp邻居收到的路由表
display bgp routing-table  peer X.X.X.X    advertised-routes     #查看bgp邻居发出的路由表

display bgp ipv6 routing-table   #查看路由表
display bgp ipv6  peer  #查看ipv6 bgp session
display bgp ipv6 routing-table  peer   XX:XX:XX  advertised-routes  #查看IPv6 bgp邻居发出的路由表

display interface brief  #查看端口状态
display interface  GigabitEthernet0/3/0  #查看端口信息,例如spf光信号等

#设置vrf
#
ip vpn-instance vrf1
 ipv4-family
  route-distinguisher 999:2
  apply-label per-route
  ip direct-routing-table route-policy HE-IN
  vpn-target 999:2 export-extcommunity
  vpn-target 999:2 import-extcommunity
#
bgp 999
 ipv4-family vpn-instance Local_SG
  import-route direct
  import-route static
  import-route ospf 100
  active-route-advertise
  ext-community-change enable
  import-rib public route-policy HE-IN
  peer X.X.X.X as-number 888
  peer X.X.X.X timer keepalive 10 hold 180
  peer X.X.X.X password simple PASSWORD
  peer  X.X.X.X route-policy IX-IN import
  peer  X.X.X.Xroute-policy IX-ipv4-out export
#
ip route-static vpn-instance vrf1 <目的网络> <目的子网掩码> <下一跳地址>   #设置ip段vrf出口

Linux转移执行中的进程

有时候跑一个长期运行的命令, 或者突然掉线重新连接后进程还在需要把进程调出来继续执行,

或者是将现有的进程丢进screen里面继续后台运行.

 这时候reptyr就派上用场了

yum install reptyr -y
reptyr 进程PID

在centos上使用snapd进行安装app

现在用snap商店安装软件越来越频繁了, 而且众多linux发行版都支持了.

sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo systemctl start snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
export PATH="$PATH:/snap/bin"
 echo 'export PATH="$PATH:/snap/bin"' >> $HOME/.bashrc

安装一个 flutter压压惊

sudo yum install epel-release -y
sudo yum install clang cmake ninja-build pkgconfig gtk3-devel xz-devel gtk3-devel -y
snap install flutter --classic

php简繁转换安装部署

yum install epel-release -y
yum install  doxygen -y
git clone https://github.com/BYVoid/OpenCC.git
cd OpenCC
make
sudo make install

git clone https://github.com/nauxliu/opencc4php
cd opencc4php
phpize
./configure
 make && sudo make install
echo  extension=opencc.so >> /opt/php7/etc/php.d/1-opencc.ini

 composer载入php-opencc

 composer require overtrue/php-opencc -vvv

solusvm vps初始化swap和划分容量到根分区

swapoff /dev/vda2;
mkswap /dev/vda2;
swapon /dev/vda2;
resize2fs /dev/vda1;
yum -y update;systemctl disable guestfs-firstboot;
rebootp