• ngrok下载
  • 生成网站证书
    1
    2
    3
    4
    5
    openssl genrsa -out rootCA.key 4096
    openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=kebyn.cc" -days 36500 -out rootCA.pem
    openssl genrsa -out device.key 4096
    openssl req -new -key device.key -subj "/CN=kebyn.cc" -out device.csr
    openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 36500
  • 替换 ngrok 默认证书
    1
    2
    3
    cp rootCA.pem ../assets/client/tls/ngrokroot.crt
    cp device.crt ../assets/server/tls/snakeoil.crt
    cp device.key ../assets/server/tls/snakeoil.key
  • 非 root 用户
    1
    sudo GOOS=darwin GOARCH=386 make release-all && sudo GOOS=darwin GOARCH=amd64 make release-all &&sudo GOOS=linux GOARCH=386 make release-all && sudo GOOS=linux GOARCH=amd64 make release-all &&sudo GOOS=linux GOARCH=arm make release-all && sudo GOOS=linux GOARCH=arm64 make release-all &&sudo GOOS=windows GOARCH=386 make release-all && sudo GOOS=windows GOARCH=amd64 make release-all
  • root 用户
    1
    GOOS=darwin GOARCH=386 make release-all && GOOS=darwin GOARCH=amd64 make release-all && GOOS=linux GOARCH=386 make release-all && GOOS=linux GOARCH=amd64 make release-all && GOOS=linux GOARCH=arm make release-all && GOOS=linux GOARCH=arm64 make release-all && GOOS=windows GOARCH=386 make release-all && GOOS=windows GOARCH=amd64 make release-all

  • 在一般 Linux 當機的狀況下,若要重新啟動系統,可以按住 Alt + SysRq 兩個鍵,然後依序按下以下幾個指令鍵:

    1
    r e i s u b
    阅读全文 »

Linux下调试串口服务器的命令

1
2
3
4
5
6
7
8
9
10
11
minicom -D /dev/ttyUSB0 -H -w -o

- -D 指定串口设备

- -H 使用16进制输出

- -w 滚屏输出

- -o 不对设备进行初始化

- -c on/off 输出开启颜色

Windows 下调试串口服务器的软件

  1. Unpack it.
    1
    2
    tar –xvzf Ocsinventory-Agent-2.0.x.tar.gz
    cd Ocsinventory-Agent-2.0.x
  2. Check perl configuration with the script Makefile.PL. Its looks at the configuration of Perl, machine, libraries … and it generates the Makefile. During this step, we will create a temporary environment variable to install agent non-interactively.
    1
    env PERL_AUTOINSTALL=1 perl Makefile.PL
    Exemple :
    Please install Crypt::SSLeay if you want to use SSL.
    Please install nmap or ipdiscover if you want to use the network discover feature.
    Please install Proc::Daemon and Proc::PID::File if you want to use the daemon monde.
  3. Compilation
    1
    2
    make
    make install

引用

1
2
3
4
openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt

https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$ cat cert.pem
-----BEGIN CERTIFICATE-----
MIIDJDCCAgwCCQDIHbBXyn2dyDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJD
TjERMA8GA1UEBwwIc2hhbmdoYWkxEDAOBgNVBAoMB3F6c3RlY2gxHzAdBgNVBAMM
FmdpdGxhYi5pbmMucXpzdGVjaC5uZXQwIBcNMTcwODAxMDk1OTA0WhgPMjExNzA3
MDgwOTU5MDRaMFMxCzAJBgNVBAYTAkNOMREwDwYDVQQHDAhzaGFuZ2hhaTEQMA4G
A1UECgwHcXpzdGVjaDEfMB0GA1UEAwwWZ2l0bGFiLmluYy5xenN0ZWNoLm5ldDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaAZnlgevlhWR3djmFxZgcX
Pwy2PiWpgr4kXQGAbCMTS2ouiTYvSW6rr9ofRv39G7yxSc7Rah6N1f9y6y9/itR7
C2vMSM/GHMX8zvLt49PFNjhIYv1Nd38VBoXSxz72yp+iagCKooYC9Zn+mEQlmAbJ
/zv9T8UiYTeV9FMHYO3HoTlet/tYeBmWr5ukEncBt5fxfM3yGuipR721qUCD0Hub
mXx3r/YJ5LerSjS6SBug2i8lusSkF6mRJUNyF58ouNAqnj4RFGgmwdwuRZn0TVF7
SWL9kDIB9dxi/pu1AFPBpxq/T7fgxuR6EdCO5Gu/QTZdGDpWoKqN5UgfWQwvzcEC
AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKivEQXuW3KfxeucuCE2ovCuHgzd5RP6k
RRUTDpufPmD8JH3b1vn0r4lq+u2WppwkFhlx99O89zygzuT19UtefUQ5Fgll0dbQ
vfgICiRvQFoYw427QWUS29Z4wNZM384TkCkWPoh7zzsIz8EBzAbv8a/OcTIcsYYu
QCrozqhqMnetHqhz7D9ShWAxP7rKGgf3lTC0ehpax8b6P24Q1Yuk3BsB6ErrAMCD
FXoIW/a9jy9lgm1oIeBvGSWZCaoVE+4x3JYhtozpx1WlapdRxEYvNxzpcF7o35MS
Ff9AHyLdYUqN4Q4IdwYOmpQnfN/dZhx5aAGjvcs/iQms/Ed92CKs4g==
-----END CERTIFICATE-----
1
2
$ git config --local http.sslCAInfo /path/cert.pem
$ git config --local --unset http.sslCAInfo
1
2
$ git config --local http.sslVerify false #NO NEED TO USE THIS
$ git config --local --unset http.sslverify
  • Copy CA cert to /usr/local/share/ca-certificates.
    1
    2
    sudo update-ca-certificates
    sudo service docker restart

  1. opevpn 服务器开启
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert xxx.crt
    dh dh2048.pem
    server 10.8.0.0 255.255.255.0 //openvpnIP段
    ifconfig-pool-persist ipp.txt //分配的地址记录在ipp.txt
    client-config-dir ccd //个人单独配置文件

    client-to-client //客户端可以互相连接
    keepalive 10 120
    comp-lzo

    user nobody
    group nogroup
    persist-key
    persist-tun
    status /tmp/openvpn-status.log
    log /tmp/openvpn.log
    verb 4

    mode server //运行模式
    tls-server //tls加密
    topology subnet //使用服务端子网
    push "topology subnet" //通知客户端使用子网

    auth-user-pass-verify /etc/openvpn/checkpsw.js via-env //密码认证
    client-cert-not-required //不认证证书
    username-as-common-name //使用用户名区别不同用户
    script-security 3

    route 192.168.2.0 255.255.255.0 10.8.0.2 //使用这个子网
    push "route 192.168.2.0 255.255.255.0 10.8.0.2" //通知客户端使用子网
    route 10.8.0.0 255.255.255.0 10.8.0.1 //使用这个子网
    push "route 10.8.0.0 255.255.255.0" //通知客户端使用子网
    route 192.168.3.0 255.255.255.0 10.8.0.2 //使用这个子网
    push "route 192.168.3.0 255.255.255.0 10.8.0.2" //通知客户端使用子网
  2. 连接到openvpn服务器
  • 开启路由转发
    1
    2
    3
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sudo iptables -A FORWARD -i eth0 -j ACCEPT
    sudo iptables -A FORWARD -i eth1 -j ACCEPT
  1. 配置路由
    • 可以在路由器上配置全局路由
    • 下面是需要连接 openvpn 的单独配置
      • Windows 需要cmd 管理员窗口执行:
        route add 10.8.0.0 mask 255.255.255.0 10.0.0.1
      • Linux 需要sudo 权限执行:
        ip route add 10.8.0.0/24 via 10.0.0.1

可以在各个网络出入口使用 tcpdump 抓包判断网络情况

  1. ##403

There are no projects with trackers for which you can create an issue!

  1. Issue statuses问题状态
    - 设置问题状态

  2. Trackers跟踪标签
    - 设置跟踪标签,跟踪标签中需要设置问题状态

  3. Roles and permissions角色和权限
    - 设置跟踪标签的权限,给予new issue权限

    阅读全文 »

  1. docker engine安装
  1. docker官方文档
  • docker administrator guide
  • docker user guide
  • docker proxy
    1
    2
    3
    4
    5
    6
    7
    $ cat /etc/systemd/system/docker.service.d/http-proxy.conf
    Environment="HTTP_PROXY=http://proxy.example.com:80/" HTTPS_PROXY=http://proxy.example.com:80/
    Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com"
    $ systemctl daemon-reload
    $ systemctl show --property Environment docker
    Environment=HTTP_PROXY=http://proxy.example.com:80/
    $ systemctl restart docker
阅读全文 »

  1. ssh转发
  • ssh -N -f -L 5000:localhost:3306 [email protected]

    -N 不启动shell

    -f 后台执行

    -T不分配TTY

    -D动态转发、 -L本地转发 、 -R 远程转发

    SSH 端口转发自然需要 SSH 连接,而 SSH 连接是有方向的,从 SSH Client 到 SSH Server 。而我们的应用也是有方向的,比如需要连接 Server 时 ,Server 自然就是 Server 端,我们应用连接的方向也是从应用的 Client 端连接到应用的 Server 端。如果这两个连接的方向一致,那我们就说它是本地转发。而如果两个方向不一致,我们就说它是远程转发。本地转发与远程转发

  1. autossh官方
0%