由于给files.gallery开了全部权限, 防止文件泄露针对location /进行了限制访问.
server {
server_name gallery.XX.net;
index index.php;
root /home/gallery/web;
location =/ {}
location / { deny all;}
location /.well-known/acme-challenge/ { return 200; }
location ~ \.php(?:$|/) {
try_files $uri = 404;
fastcgi_pass unix:/dev/shm/php8-fpm.sock;
}
}
设定ssl证书
dnf install epel-release -y
dnf install certbot python3-certbot-nginx -y
certbot --nginx -d XXX.net --agree-tos -m [email protected]
echo "0 3 * * 6 /usr/bin/certbot renew --quiet"> /etc/cron.d/certbot
主要两个地方注意一下, cloudflare会传送一个CF-Connecting-IP的header参数为访客的真实ip,所以 read_ip读取它.
然后设定REMOTE_ADDR读取IP, 可以从FORWARDED也可以用CF-Connecting-IP参数
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;
proxy_set_header REMOTE_ADDR $HTTP_X_FORWARDED_FOR;
yum install snmp -y
cat>/etc/snmp/snmpd.conf<<EOF
sysLocation Sitting on the Dock of the Bay
sysContact Me <[email protected]>
sysServices 72
master agentx
view systemview included .1.3.6.1.2.1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.2.2.1.1
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemview included .1.3.6.1.2.1.2.2.1
rocommunity public1611 default
rocommunity6 public1611 default -V systemonly
createUser snmpname SHA "123pwd" AES "123pwd"
rouser snmpname
usmSecurityLevel authPriv
usmUser snmpname - SHA "123pwd" AES "123pwd"
com2sec readonly default public1611
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
rocommunity public1611
agentaddress udp:127.0.0.1:16100
EOF
Import Color Scheme into iTerm2:
- Open iTerm2.
- Go to
iTerm2 -> Preferences -> Profiles.
- In the
Colors tab, you will see a Color Presets dropdown. Open it.
- At the bottom of the dropdown, you'll find
Import...
https://raw.githubusercontent.com/mbadolato/iTerm2-Color-Schemes/master/schemes/Solarized%20Dark%20Higher%20Contrast.itermcolors
wget $(curl -s https://api.github.com/repos/ehang-io/nps/releases/latest | grep -oP '"browser_download_url": "\Khttps://[^"]+')
把ehang-io/nps换成你要的github ID和项目地址.
git clone https://github.com/swoole/swoole-src.git && cd swoole-src
/usr/bin/phpize8.1
./configure --enable-sockets --enable-mysqlnd --enable-openssl --enable-swoole-dev --with-php-config=/usr/bin/php-config8.1
make && make install
echo extension=swoole.so >/etc/php/8.1/cli/conf.d/20-swoole.ini
api.exchangerate.host 的API不能白嫖了, 找了个新的汇率接口api.vatcomply.com
原有代码
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.exchangerate.host/latest?symbols=' . $to . '&base=' . $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}
更新后
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.vatcomply.com/rates?base='. $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}
Segmentation fault
E: Sub-process /usr/bin/apt-listchanges --apt || test $? -lt 10 returned an error code (1)
E: Failure running script /usr/bin/apt-listchanges --apt || test $? -lt 10
修改/etc/apt/apt.conf.d/20listchanges文件,注释掉第一行.
#DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -lt 10"; };
先准备一个U盘格式化为FAT32格式
将bin pkg license等文件复制到设备上
enable
cd usb0:
dir
copy usb0:/XXXXX.SPA.bin bootflash:
copy usb0:/XXXXX.SPA.pkg bootflash:
copy usb0:/license.txt flash:
license smart reservation install file flash:license.txt
>conf t
#upgrade rom-monitor filename bootflash:XXXXX.SPA.pkg all
#no boot system flash bootflash:OLD_XXXXX.SPA.bin
#boot system flash bootflash:XXXXX.SPA.bin
#platform hardware throughput level 3500000
#do wr
#do show bootvar
#reload
智能许可: 16.9到最新的17.X所有版本
传统许可: 16.9和更低的版本
新版本用的是license smart , 以前的授权文件无法再使用, 所以要写入新签发的授权数据.
弃用10进制显示原文的community参数, 这玩意太容易忘记了.
ip bgp-community new-format
配置ssh免密码登录
转换密钥格式
fold -b -w 72 ~/.ssh/id_rsa.pub
准备提取复制ssh-rsa到最后comment的中间一段密钥
开始配置设备
hostname Router-R1
crypto key generate rsa modulus 2048
ip ssh version 2
!
line vty 0 4
transport input ssh
login local
!
no ip ssh server authenticate user password
no ip ssh server authenticate user keyboard
!
导入密钥步骤
Router-R1(config)#ip ssh pubkey-chain
Router-R1(conf-ssh-pubkey)#username 用户名
Router-R1(conf-ssh-pubkey-user)#key-string
Router-R1(conf-ssh-pubkey-data)#粘贴密钥
Router-R1(conf-ssh-pubkey-data)#exit
Router-R1(conf-ssh-pubkey-user)#exit
Router-R1(conf-ssh-pubkey)#exit
Router-R1(config)# do wr
查看配置内容
Router-R1#show running-config | begin pubkey
ip ssh pubkey-chain
username 用户名
key-hash ssh-rsa 8FB4F858DD7E5AFB372780EC653DB371
quit
这些配置除了上新设备不常用容易忘记, 仅做备忘.
对端口进行白名单限制登录设置
ip access-list extended ssh-permit
permit ip 10.11.80.0 0.0.1.255 any
!
line vty 0 4
access-class ssh-permit in
配置Telnet
line vty 5 15
access-class ssh-permit in
login local
transport input telnet
原文出处:https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios
cat>>.ssh/config<<EOF
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
EOF
-o StrictHostKeyChecking=no 选项告诉SSH客户端不要检查known_hosts文件中的主机密钥。-o UserKnownHostsFile=/dev/null 选项告诉SSH客户端不要将主机密钥保存到任何文件中。
安装
yum install nodejs git -y
npm install forever -g
npm install yarn -g
yarn global add pm2
mkdir /app/
cd /app/
git clone https://github.com/umami-software/umami.git
cd umami
yarn install
cat>.env<<EOF
DATABASE_URL=mysql://root:password@localhost:3306/umami
BASE_PATH = /analytics
EOF
yarn build
yarn start
pm2 start yarn --name umami -- start
pm2 startup
pm2 save
升级
cd /app/umami
#拉取仓库
git pull
#安装
yarn install
#构建项目
yarn build
#更新数据库
yarn update-db
pm2 restart umami
nginx反向代理配置
location /analytics {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
yum install nvme-cli mdadm -y
先用nvme tool清理一遍磁盘
nvme list #查看所有nvme磁盘
nvme format -s1 /dev/nvme{0..11}n1 --force
wipefs清理一遍,然后mdadm建立阵列
wipefs -a /dev/nvme{0..11}n1
for i in {0..11};do
parted -s -a optimal /dev/nvme${i}n1 mklabel gpt
parted -s -a optimal /dev/nvme${i}n1 mkpart primary 0% 100%
parted -s -a optimal /dev/nvme${i}n1 set 1 raid on
parted -s -a optimal /dev/nvme${i}n1 name 1 raid_part
done
mdadm --create /dev/md10 --run --level=10 --raid-devices=12 /dev/nvme{0..11}n1p1
cat /proc/mdstat #查看阵列状态
mdadm --detail /dev/md10 #查看阵列信息
检测下硬盘是否有阵列信息
mdadm --examine /dev/nvme{0..11}n1
#保存阵列信息
mdadm --detail --scan --verbose >> /etc/mdadm.conf
跑下DD测试
dd if=/dev/zero of=test bs=64k count=4k oflag=dsync
dd if=/dev/zero of=test bs=8k count=256k conv=fdatasync
跑下fio测试
fio --filename=/dev/md10 --direct=1 --rw=randread --bs=4k --ioengine=libaio --iodepth=256 --runtime=120 --numjobs=4 --time_based --group_reporting --name=iops-test-job --eta-newline=1 --readonly
顺道创建个lvm玩玩
yum install lvm2 -y
pvcreate /dev/md10
vgcreate vg0 /dev/md10
lvcreate -n test -L 20G vg0
mkfs.ext4 /dev/vg0/test
mount /dev/vg0/test /mnt
Global Switch/ Equinix DRT/Telin 为大多数人托管机柜比较多
本地运营商M1net的机房价格比较便宜, 但一般只有3kva电每个柜子,
singtel的机房本人了解不多.
Local Loop业务 SG.GS做的很全.
M1 MiWorld
M1
9 International Business Park, 609915, Singapore
Racks Central
Racks Central Pte Ltd
23 Tai Seng Drive Singapore 535224
535224 Singapore
Equinix SG3
26A Ayer Rajah Crescent, Singapore
Equnix SG2
15 Pioneer Walk, #04-01, Singapore, SG, 627753
Equinix SG1
20 Ayer Rajah Crescent, Singapore
阅读剩余部分...
最近入手了FriendlyElec NanoPi R5S
金属壳子和树莓派亚克力壳子一样大小.
m2 2208的 4T的ssd插进去只能识别用到2T容量
- «
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- ...
- 63
- »
