yum install epel-release -y
yum install doxygen -y
git clone https://github.com/BYVoid/OpenCC.git
cd OpenCC
make
sudo make install
git clone https://github.com/nauxliu/opencc4php
cd opencc4php
phpize
./configure
make && sudo make install
echo extension=opencc.so >> /opt/php7/etc/php.d/1-opencc.ini
composer载入php-opencc
composer require overtrue/php-opencc -vvv
swapoff /dev/vda2;
mkswap /dev/vda2;
swapon /dev/vda2;
resize2fs /dev/vda1;
yum -y update;systemctl disable guestfs-firstboot;
rebootp1. kvm运行Centos9/almalinux-9 出现kernel panic , 改qemu的cpu模式为 host-model 解决 (前两年其实就踩过了没记录给忘记了)
2.系统模版封装
下载转换qcow2为raw
qemu-img convert centos9-stream.qcow2 centos9-stream.raw
#挂载修改文件
kpartx -av centos9-stream.raw
mount /dev/mapper/loop0p2 /mnt
umount /mnt
#### 咔咔咔一顿更改设置
#这里直接先安装一个现有的操作系统, 然后dd写入分区文件,(主要是懒不想去自己封装系统,拿现成的)
kpartx /dev/mapper/vg0-kvmXXXX_img
dd_rescue /dev/mapper/loop0p2 /dev/mapper/vg0-kvmXXXX_img1
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub2-install /dev/sdXXXXX #重写引导信息
exit
rm -r /mnt/root/.bash_history #删除操作记录
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt/
kpartx -dv /dev/mapper/vg0-kvmXXXX_img
/scripts/kvmtemplate --generation=2 --mode=package --vmid=kvmXXXX #重新打包模版
cloudinit 转solusvm 模版偷梁换柱完事
solusvm官方没更新模版了, 这次给遗留的机器加上最新系统的模版
由于给files.gallery开了全部权限, 防止文件泄露针对location /进行了限制访问.
server {
server_name gallery.XX.net;
index index.php;
root /home/gallery/web;
location =/ {}
location / { deny all;}
location /.well-known/acme-challenge/ { return 200; }
location ~ \.php(?:$|/) {
try_files $uri = 404;
fastcgi_pass unix:/dev/shm/php8-fpm.sock;
}
}设定ssl证书
dnf install epel-release -y
dnf install certbot python3-certbot-nginx -y
certbot --nginx -d XXX.net --agree-tos -m [email protected]
echo "0 3 * * 6 /usr/bin/certbot renew --quiet"> /etc/cron.d/certbot主要两个地方注意一下, cloudflare会传送一个CF-Connecting-IP的header参数为访客的真实ip,所以 read_ip读取它.
然后设定REMOTE_ADDR读取IP, 可以从FORWARDED也可以用CF-Connecting-IP参数
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;
proxy_set_header REMOTE_ADDR $HTTP_X_FORWARDED_FOR;yum install snmp -y
cat>/etc/snmp/snmpd.conf<<EOF
sysLocation Sitting on the Dock of the Bay
sysContact Me <[email protected]>
sysServices 72
master agentx
view systemview included .1.3.6.1.2.1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.2.2.1.1
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemview included .1.3.6.1.2.1.2.2.1
rocommunity public1611 default
rocommunity6 public1611 default -V systemonly
createUser snmpname SHA "123pwd" AES "123pwd"
rouser snmpname
usmSecurityLevel authPriv
usmUser snmpname - SHA "123pwd" AES "123pwd"
com2sec readonly default public1611
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
rocommunity public1611
agentaddress udp:127.0.0.1:16100
EOF
Import Color Scheme into iTerm2:
iTerm2 -> Preferences -> Profiles.Colors tab, you will see a Color Presets dropdown. Open it.Import...https://raw.githubusercontent.com/mbadolato/iTerm2-Color-Schemes/master/schemes/Solarized%20Dark%20Higher%20Contrast.itermcolorswget $(curl -s https://api.github.com/repos/ehang-io/nps/releases/latest | grep -oP '"browser_download_url": "\Khttps://[^"]+')把ehang-io/nps换成你要的github ID和项目地址.
git clone https://github.com/swoole/swoole-src.git && cd swoole-src
/usr/bin/phpize8.1
./configure --enable-sockets --enable-mysqlnd --enable-openssl --enable-swoole-dev --with-php-config=/usr/bin/php-config8.1
make && make install
echo extension=swoole.so >/etc/php/8.1/cli/conf.d/20-swoole.iniapi.exchangerate.host 的API不能白嫖了, 找了个新的汇率接口api.vatcomply.com
原有代码
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.exchangerate.host/latest?symbols=' . $to . '&base=' . $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}更新后
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.vatcomply.com/rates?base='. $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}Segmentation fault
E: Sub-process /usr/bin/apt-listchanges --apt || test $? -lt 10 returned an error code (1)
E: Failure running script /usr/bin/apt-listchanges --apt || test $? -lt 10
修改/etc/apt/apt.conf.d/20listchanges文件,注释掉第一行.
#DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -lt 10"; };先准备一个U盘格式化为FAT32格式
将bin pkg license等文件复制到设备上
enable
cd usb0:
dir
copy usb0:/XXXXX.SPA.bin bootflash:
copy usb0:/XXXXX.SPA.pkg bootflash:
copy usb0:/license.txt flash:
license smart reservation install file flash:license.txt
>conf t
#upgrade rom-monitor filename bootflash:XXXXX.SPA.pkg all
#no boot system flash bootflash:OLD_XXXXX.SPA.bin
#boot system flash bootflash:XXXXX.SPA.bin
#platform hardware throughput level 3500000
#do wr
#do show bootvar
#reload智能许可: 16.9到最新的17.X所有版本
传统许可: 16.9和更低的版本
新版本用的是license smart , 以前的授权文件无法再使用, 所以要写入新签发的授权数据.
弃用10进制显示原文的community参数, 这玩意太容易忘记了.
ip bgp-community new-format转换密钥格式
fold -b -w 72 ~/.ssh/id_rsa.pub准备提取复制ssh-rsa到最后comment的中间一段密钥
开始配置设备
hostname Router-R1
crypto key generate rsa modulus 2048
ip ssh version 2
!
line vty 0 4
transport input ssh
login local
!
no ip ssh server authenticate user password
no ip ssh server authenticate user keyboard
!导入密钥步骤
Router-R1(config)#ip ssh pubkey-chain
Router-R1(conf-ssh-pubkey)#username 用户名
Router-R1(conf-ssh-pubkey-user)#key-string
Router-R1(conf-ssh-pubkey-data)#粘贴密钥
Router-R1(conf-ssh-pubkey-data)#exit
Router-R1(conf-ssh-pubkey-user)#exit
Router-R1(conf-ssh-pubkey)#exit
Router-R1(config)# do wr查看配置内容
Router-R1#show running-config | begin pubkey
ip ssh pubkey-chain
username 用户名
key-hash ssh-rsa 8FB4F858DD7E5AFB372780EC653DB371
quit这些配置除了上新设备不常用容易忘记, 仅做备忘.
对端口进行白名单限制登录设置
ip access-list extended ssh-permit
permit ip 10.11.80.0 0.0.1.255 any
!
line vty 0 4
access-class ssh-permit in配置Telnet
line vty 5 15
access-class ssh-permit in
login local
transport input telnet
原文出处:https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios
cat>>.ssh/config<<EOF
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
EOF-o StrictHostKeyChecking=no 选项告诉SSH客户端不要检查known_hosts文件中的主机密钥。-o UserKnownHostsFile=/dev/null 选项告诉SSH客户端不要将主机密钥保存到任何文件中。yum install nodejs git -y
npm install forever -g
npm install yarn -g
yarn global add pm2
mkdir /app/
cd /app/
git clone https://github.com/umami-software/umami.git
cd umami
yarn install
cat>.env<<EOF
DATABASE_URL=mysql://root:password@localhost:3306/umami
BASE_PATH = /analytics
EOF
yarn build
yarn start
pm2 start yarn --name umami -- start
pm2 startup
pm2 save
cd /app/umami
#拉取仓库
git pull
#安装
yarn install
#构建项目
yarn build
#更新数据库
yarn update-db
pm2 restart umami location /analytics {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}