含有virtio驱动, 服务器上也能用, 本来一直想搞,有现成的就不折腾了.
wget -O- "DD download URL" | xzcat | dd of=/dev/sda
远程桌面的默认用户名和密码
用户名: administrator
密码: Teddysun.com
下载链接(DD download URL)
BIOS + MBR 镜像链接地址:
https://dl.lamp.sh/vhd/zh-cn_windows11_22h2.xz
https://dl.lamp.sh/vhd/en-us_windows11_22h2.xz
https://dl.lamp.sh/vhd/ja-jp_windows11_22h2.xz
UEFI + GPT 镜像链接地址:
https://dl.lamp.sh/vhd/zh-cn_windows11_22h2_uefi.xz
https://dl.lamp.sh/vhd/en-us_windows11_22h2_uefi.xz
https://dl.lamp.sh/vhd/ja-jp_windows11_22h2_uefi.xz
浏览目录:
https://dl.lamp.sh/vhd
先去cloudflare上申请IP https://dash.cloudflare.com/profile/api-tokens
在Edit zone DNS的模版下授权可以修改DNS的域名
写入API配置
echo " dns_cloudflare_api_token = XXXXXXXXXXXXXXXXXXXXXx" >/root/cloudflare.ini
安装和签发ssl
dnf install -y epel-release
dnf install -y certbot certbot-dns-cloudflare python*-certbot-dns-cloudflare
certbot certonly --agree-tos --email [email protected] --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini -d kvm.la
function可以丢header.tpl里面
{php}
function getProducts($gid) {
// 定义要发送的请求数据
$postData = array('gid' => $gid);
// 发送请求并获取结果
$results = localAPI('GetProducts', $postData, 'admin');
// 初始化一个数组,用于存储产品信息
$products = array();
// 遍历结果,提取所需信息并存储到数组中
foreach ($results['products']['product'] as $product) {
$description = $product['description'];
$products[] = array(
'stockcontrol' => $product['stockcontrol'],
'stocklevel' => $product['stocklevel'],
'name' => $product['name'],
'url' => $product['product_url'],
'pid' => $product['pid'],
'desc' => $description,
'prefix' => $product['pricing']['USD']['prefix'],
'price' => $product['pricing']['USD']['monthly'],
'yprice' => $product['pricing']['USD']['annually'],
);
}
// 返回产品信息数组
return $products;
}
// 调用函数获取产品信息,并传递变量gid作为参数
$getProducts= getProducts("1");
$_smarty_tpl->assign('getProducts', $getProducts);
{/php}
{foreach $Getproduct as $value }
<tr>
{$value.desc}
<td><span class="price">{$value.prefix}{$value.price}<span>/MRC</span></span> </td>
<td>
{if isset($value.stocklevel) && $value.stocklevel < 1 }
<button type="button" class="btn btn-warning">Sold Out</button>
{else}
<a href="/cart.php?a=add&pid={$value.pid}" class="btn btn-success">Order</a>
{/if}
</td>
</tr>
{/foreach}
官方网站已经有半年处于维护状态了
且发邮件也了音信.
X4C用来做机房外带管理, 直接穿透外网访问串口服务器等等.
-----解锁SSH-----
http://10.168.1.1/cgi-bin/oraybox?_api=ssh_set&enabled=1
或者备份数据用7zip打开下载的文件找到etc/config/system修改ssh选项为1 再导入备份重启就可以连接ssh了
5.5.0以上版本密码为oray@12#$%^78
5.5.0以下是admin
wget https://github.com/kuoruan/openwrt-frp/releases/download/v0.37.1-1/frpc_0.37.1-1_mipsel_24kc.ipk --no-check-certificate
opkg install frpc_*.ipk
这里备注一下需要mipsel_24kc版本,折腾了大半天走了不少弯路,执行opkg update才发现这个版本能安装.
0.37.1以上版本报错
"Error relocating /usr/bin/frpc: __nanosleep_time64: symbol not found"
frpc.ini配置文件
cat>/etc/frpc.ini<<EOF
[common]
server_addr = frps.server
server_port = 7000
token = password
log_level = debug
log_max_days = 3
use_compression = true
login_fail_exit = false
[rand-ssh]
type = tcp
local_ip = 0.0.0.0
local_port = 22
remote_port = 0
EOF
启动文件
cat>/etc/init.d/frpc<<EOF
#!/bin/sh /etc/rc.common
START=99
start() {
sleep 20; nohup /usr/bin/frpc -c /etc/frpc.ini >/root/nohup.out 2>&1 &
}
stop() {
kill -9 `ps | grep '/usr/bin/frpc' | grep -v 'grep' | awk '{print $1}'`
}
EOF
chmod 755 /etc/init.d/frpc
/etc/init.d/frpc enable && echo on
/etc/init.d/frpc start
启动文件有点简单粗暴
#获取网卡模式状态
ipmitool raw 0x30 0x70 0x0c 0.
#设置独立网卡模式
ipmitool raw 0x30 0x70 0x0c 1 0.
#设置公网IP共享模式
ipmitool raw 0x30 0x70 0x0c 1 1.
#设置成failover模式
ipmitool raw 0x30 0x70 0x0c 1 2.
windows版本ipmitool https://kvm.la/ipmitool-for-windows.html
官方使用的docker部署, 这里折腾了下改为系统直接安装了
安装好后丢caddy或者nginx反向代理一下就好了, 我这直接用cloudflare的隧道进行代理了.
安装
mkdir /home/coterm/public -p
cd /home/coterm/public
git clone https://github.com/novnc/noVNC
cd /tmp
git clone "https://github.com/ConvoyPanel/coterm.git"
cd coterm
npm install
npm run build
cp -rf ./build/* /home/coterm/public/
#编译coterm主程序
cd ./src-rust
cargo run
cargo build --release
install target/release/coterm /home/coterm/
环境变量配置
cat>/home/coterm/.env<<EOF
CONVOY_URL=https://XXX.XXXX. XX #面板地址
COTERM_TOKEN="XXXXX"
BACKEND_PORT=2600
DANGEROUS_DISABLE_TLS_VERIFICATION=false
RUST_BACKTRACE="full"
EOF
系统服务
cat>/etc/systemd/system/coterm.service<<EOF
[Unit]
Description=Coterm Service
After=network.target nss-lookup.target
[Service]
Type = simple
EnvironmentFile=/home/coterm/.env
ExecStart=/home/coterm/coterm
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
这里没有采用官方的docker安装方式, 直接源码进行安装
yum install redis git epel-*
SETPATH=/home/convoy #设置安装目录
mkdir -p $SETPATH
cd $SETPATH
# 将php artisan horizon加入系统服务运行
cat>/etc/systemd/system/convoy.service<<EOF
[Unit]
Description=Convoy Panel Service
After=network.target nss-lookup.target
[Service]
Type = simple
ExecStart=/usr/bin/php $SETPATH/artisan horizon
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
#cron
echo " * * * * * php $SETPATH/artisan schedule:run --verbose --no-interaction >> /dev/null 2>&1 " > /etc/cron.d/convoy
chmod 644 /etc/cron.d/convoy
cd convoy
wget https://github.com/convoypanel/panel/releases/latest/download/panel.tar.gz -O - | tar xz
chmod -R o+w storage/* bootstrap/cache/
composer install --no-dev --optimize-autoloader
设置配置文件
cp .env.example .env
vim .env
这里主要是设置数据库和redis
完善配置(主要是配置登录账户)
php artisan key:generate --force #生成加盐
php artisan optimize
php artisan migrate --force #导入数据库
php artisan c:user:make #生成账户
启用守护进程
systemctl enable convoy --now
其他的php和web设置就不复述了, 官方主要是用 Docker所以写这篇文章记录一下.
整合NoVNC
登录PVE宿主节点运行
wget https://github.com/convoypanel/broker/releases/latest/download/broker.tar.gz -O - | tar xz -C /
安装Squid
yum -y install squid
mkdir -p /home/squid/logs /home/squid/coredump_dir /home/squid/cache_dir
chown squid.squid -R /home/squid/
systemctl enable squid
squid.conf配置内容
cat /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed 允许访问IP(只允许这个ip做代理请求)
acl allowip src 14.29.10.100
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# set out - ip 配置出口IP
acl ip118 myip 14.29.10.118
acl ip119 myip 14.29.10.119
acl ip120 myip 14.29.10.120
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow allowip
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
# 设置代理端口
http_port 3228
#set out-ip 多公网IP关键配置;下面的配置是指
#若使用代理IP14.29.10.118则走ip118的ip(14.29.10.118);
#若使用代理IP14.29.10.119则走ip119的ip(14.29.10.119);
#若使用代理IP14.29.10.120则走ip120的ip(14.29.10.120)
tcp_outgoing_address 14.29.10.118 ip118
tcp_outgoing_address 14.29.10.119 ip119
tcp_outgoing_address 14.29.10.120 ip120
# Squid set log path etc.
dns_nameservers 8.8.8.8
visible_hostname aliserver
#透明代理关键配置
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /home/squid/cache_dir 100 16 256
cache_access_log /home/squid/logs/access.log
cache_log /home/squid/logs/cache.log
cache_store_log /home/squid/logs/store.log
coredump_dir /home/squid/coredump_dir
pid_filename /home/squid/squid.pid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
验证代理
export https_proxy=http://127.0.0.1:3228 http_proxy=http://127.0.0.1:3228
curl icanhazip.com
curl curlmyip.com
curl ip.appspot.com
curl ipinfo.io/ip
curl ipecho.net/plain
curl www.trackip.net/i
#补充
curl ip.sb
curl ip.6655.com/ip.aspx
curl whatismyip.akamai.com
wget -qO - ifconfig.co
dig +short myip.opendns.com @resolver1.opendns.com
curl ident.me
curl v4.ident.me
curl v6.ident.me
curl inet-ip.info
#返回IP和地区
curl ip.6655.com/ip.aspx?area=1
curl 1111.ip138.com/ic.asp
curl ip.cn
curl cip.cc
stelnet 192.168.99.1 22 #登录其他设备ssh
display logbuffer #查看缓冲日志
display fib slot 3 #查看板卡FIB
display memory #查看内存
display ip routing-table vpn-instance vrf1 #查看vrf路由表
display ip routing-table #查看默认路由表
disply bgp peer #查看bgp peer
display bgp routing-table 1.0.0.0 #查看1.0.0.0 的路由信息
display bgp routing-table community #查看路由表的community
display bgp routing-table regular-expression 174 #正则匹配as的路由表
display bgp routing-table regular-expression ^174_ #正则匹配as174开头的路由表
display bgp routing-table regular-expression _174$ #正则匹配as174结尾的路由表
display bgp routing-table regular-expression _(4808|4837|9929|10099) #正则匹配联通as的路由表
display bgp routing-table regular-expression _(4134|4809_4134) #正则匹配电信as的路由表
display bgp routing-table peer X.X.X.X accepted-routes #查看bgp邻居收到的路由表
display bgp routing-table peer X.X.X.X advertised-routes #查看bgp邻居发出的路由表
display bgp ipv6 routing-table #查看路由表
display bgp ipv6 peer #查看ipv6 bgp session
display bgp ipv6 routing-table peer XX:XX:XX advertised-routes #查看IPv6 bgp邻居发出的路由表
display interface brief #查看端口状态
display interface GigabitEthernet0/3/0 #查看端口信息,例如spf光信号等
#设置vrf
#
ip vpn-instance vrf1
ipv4-family
route-distinguisher 999:2
apply-label per-route
ip direct-routing-table route-policy HE-IN
vpn-target 999:2 export-extcommunity
vpn-target 999:2 import-extcommunity
#
bgp 999
ipv4-family vpn-instance Local_SG
import-route direct
import-route static
import-route ospf 100
active-route-advertise
ext-community-change enable
import-rib public route-policy HE-IN
peer X.X.X.X as-number 888
peer X.X.X.X timer keepalive 10 hold 180
peer X.X.X.X password simple PASSWORD
peer X.X.X.X route-policy IX-IN import
peer X.X.X.Xroute-policy IX-ipv4-out export
#
ip route-static vpn-instance vrf1 <目的网络> <目的子网掩码> <下一跳地址> #设置ip段vrf出口
有时候跑一个长期运行的命令, 或者突然掉线重新连接后进程还在需要把进程调出来继续执行,
或者是将现有的进程丢进screen里面继续后台运行.
这时候reptyr就派上用场了
yum install reptyr -y
reptyr 进程PID
现在用snap商店安装软件越来越频繁了, 而且众多linux发行版都支持了.
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo systemctl start snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
export PATH="$PATH:/snap/bin"
echo 'export PATH="$PATH:/snap/bin"' >> $HOME/.bashrc
安装一个 flutter压压惊
sudo yum install epel-release -y
sudo yum install clang cmake ninja-build pkgconfig gtk3-devel xz-devel gtk3-devel -y
snap install flutter --classic
yum install epel-release -y
yum install doxygen -y
git clone https://github.com/BYVoid/OpenCC.git
cd OpenCC
make
sudo make install
git clone https://github.com/nauxliu/opencc4php
cd opencc4php
phpize
./configure
make && sudo make install
echo extension=opencc.so >> /opt/php7/etc/php.d/1-opencc.ini
composer载入php-opencc
composer require overtrue/php-opencc -vvv
swapoff /dev/vda2;
mkswap /dev/vda2;
swapon /dev/vda2;
resize2fs /dev/vda1;
yum -y update;systemctl disable guestfs-firstboot;
rebootp
1. kvm运行Centos9/almalinux-9 出现kernel panic , 改qemu的cpu模式为 host-model 解决 (前两年其实就踩过了没记录给忘记了)
2.系统模版封装
下载转换qcow2为raw
qemu-img convert centos9-stream.qcow2 centos9-stream.raw
#挂载修改文件
kpartx -av centos9-stream.raw
mount /dev/mapper/loop0p2 /mnt
umount /mnt
#### 咔咔咔一顿更改设置
#这里直接先安装一个现有的操作系统, 然后dd写入分区文件,(主要是懒不想去自己封装系统,拿现成的)
kpartx /dev/mapper/vg0-kvmXXXX_img
dd_rescue /dev/mapper/loop0p2 /dev/mapper/vg0-kvmXXXX_img1
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub2-install /dev/sdXXXXX #重写引导信息
exit
rm -r /mnt/root/.bash_history #删除操作记录
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt/
kpartx -dv /dev/mapper/vg0-kvmXXXX_img
/scripts/kvmtemplate --generation=2 --mode=package --vmid=kvmXXXX #重新打包模版
cloudinit 转solusvm 模版偷梁换柱完事
solusvm官方没更新模版了, 这次给遗留的机器加上最新系统的模版
- «
- 1
- 2
- 3
- 4
- 5
- 6
- ...
- 63
- »
