觅回首

• ngrok下载
• 生成网站证书

  1 2 3 4 5

  openssl genrsa -out rootCA.key 4096 openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=kebyn.cc" -days 36500 -out rootCA.pem openssl genrsa -out device.key 4096 openssl req -new -key device.key -subj "/CN=kebyn.cc" -out device.csr openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 36500

• 替换 ngrok 默认证书

  1 2 3

  cp rootCA.pem ../assets/client/tls/ngrokroot.crt cp device.crt ../assets/server/tls/snakeoil.crt cp device.key ../assets/server/tls/snakeoil.key

• 非 root 用户

  1

  sudo GOOS=darwin GOARCH=386 make release-all && sudo GOOS=darwin GOARCH=amd64 make release-all &&sudo GOOS=linux GOARCH=386 make release-all && sudo GOOS=linux GOARCH=amd64 make release-all &&sudo GOOS=linux GOARCH=arm make release-all && sudo GOOS=linux GOARCH=arm64 make release-all &&sudo GOOS=windows GOARCH=386 make release-all && sudo GOOS=windows GOARCH=amd64 make release-all

• root 用户

  1

  GOOS=darwin GOARCH=386 make release-all && GOOS=darwin GOARCH=amd64 make release-all && GOOS=linux GOARCH=386 make release-all && GOOS=linux GOARCH=amd64 make release-all && GOOS=linux GOARCH=arm make release-all && GOOS=linux GOARCH=arm64 make release-all && GOOS=windows GOARCH=386 make release-all && GOOS=windows GOARCH=amd64 make release-all

• 在一般 Linux 當機的狀況下，若要重新啟動系統，可以按住 Alt + SysRq 兩個鍵，然後依序按下以下幾個指令鍵：

  1	r e i s u b

  阅读全文 »

Linux下调试串口服务器的命令

1
2
3
4
5
6
7
8
9
10
11

minicom -D /dev/ttyUSB0 -H -w -o

  - -D 指定串口设备

  - -H 使用16进制输出

  - -w 滚屏输出

  - -o 不对设备进行初始化

  - -c on/off 输出开启颜色

Windows 下调试串口服务器的软件

• common

1. Unpack it.

   1 2	tar –xvzf Ocsinventory-Agent-2.0.x.tar.gz cd Ocsinventory-Agent-2.0.x

2. Check perl configuration with the script Makefile.PL. Its looks at the configuration of Perl, machine, libraries … and it generates the Makefile. During this step, we will create a temporary environment variable to install agent non-interactively.

   1	env PERL_AUTOINSTALL=1 perl Makefile.PL

   Exemple :
   Please install Crypt::SSLeay if you want to use SSL.
   Please install nmap or ipdiscover if you want to use the network discover feature.
   Please install Proc::Daemon and Proc::PID::File if you want to use the daemon monde.
3. Compilation

   1 2	make make install

引用

1
2

$ ssh-add ~/.ssh/id_rsa.pub
Could not open a connection to your authentication agent.

You might need to start ssh-agent before you run the ssh-add command:

1
2

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa

1
2

ssh -T [email protected]
ssh -Tv [email protected]

github-testing-your-ssh-connection

1
2
3
4

openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt

https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

$ cat cert.pem
-----BEGIN CERTIFICATE-----
MIIDJDCCAgwCCQDIHbBXyn2dyDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJD
TjERMA8GA1UEBwwIc2hhbmdoYWkxEDAOBgNVBAoMB3F6c3RlY2gxHzAdBgNVBAMM
FmdpdGxhYi5pbmMucXpzdGVjaC5uZXQwIBcNMTcwODAxMDk1OTA0WhgPMjExNzA3
MDgwOTU5MDRaMFMxCzAJBgNVBAYTAkNOMREwDwYDVQQHDAhzaGFuZ2hhaTEQMA4G
A1UECgwHcXpzdGVjaDEfMB0GA1UEAwwWZ2l0bGFiLmluYy5xenN0ZWNoLm5ldDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaAZnlgevlhWR3djmFxZgcX
Pwy2PiWpgr4kXQGAbCMTS2ouiTYvSW6rr9ofRv39G7yxSc7Rah6N1f9y6y9/itR7
C2vMSM/GHMX8zvLt49PFNjhIYv1Nd38VBoXSxz72yp+iagCKooYC9Zn+mEQlmAbJ
/zv9T8UiYTeV9FMHYO3HoTlet/tYeBmWr5ukEncBt5fxfM3yGuipR721qUCD0Hub
mXx3r/YJ5LerSjS6SBug2i8lusSkF6mRJUNyF58ouNAqnj4RFGgmwdwuRZn0TVF7
SWL9kDIB9dxi/pu1AFPBpxq/T7fgxuR6EdCO5Gu/QTZdGDpWoKqN5UgfWQwvzcEC
AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKivEQXuW3KfxeucuCE2ovCuHgzd5RP6k
RRUTDpufPmD8JH3b1vn0r4lq+u2WppwkFhlx99O89zygzuT19UtefUQ5Fgll0dbQ
vfgICiRvQFoYw427QWUS29Z4wNZM384TkCkWPoh7zzsIz8EBzAbv8a/OcTIcsYYu
QCrozqhqMnetHqhz7D9ShWAxP7rKGgf3lTC0ehpax8b6P24Q1Yuk3BsB6ErrAMCD
FXoIW/a9jy9lgm1oIeBvGSWZCaoVE+4x3JYhtozpx1WlapdRxEYvNxzpcF7o35MS
Ff9AHyLdYUqN4Q4IdwYOmpQnfN/dZhx5aAGjvcs/iQms/Ed92CKs4g==
-----END CERTIFICATE-----

1
2

$ git config --local http.sslCAInfo /path/cert.pem
$ git config --local --unset http.sslCAInfo

1
2

$ git config --local http.sslVerify false #NO NEED TO USE THIS
$ git config --local --unset http.sslverify

• Copy CA cert to /usr/local/share/ca-certificates.

  1 2	sudo update-ca-certificates sudo service docker restart

1. opevpn 服务器开启

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

   port 1194 proto udp dev tun ca ca.crt cert xxx.crt dh dh2048.pem server 10.8.0.0 255.255.255.0 //openvpnIP段 ifconfig-pool-persist ipp.txt //分配的地址记录在ipp.txt client-config-dir ccd //个人单独配置文件 client-to-client //客户端可以互相连接 keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status /tmp/openvpn-status.log log /tmp/openvpn.log verb 4 mode server //运行模式 tls-server //tls加密 topology subnet //使用服务端子网 push "topology subnet" //通知客户端使用子网 auth-user-pass-verify /etc/openvpn/checkpsw.js via-env //密码认证 client-cert-not-required //不认证证书 username-as-common-name //使用用户名区别不同用户 script-security 3 route 192.168.2.0 255.255.255.0 10.8.0.2 //使用这个子网 push "route 192.168.2.0 255.255.255.0 10.8.0.2" //通知客户端使用子网 route 10.8.0.0 255.255.255.0 10.8.0.1 //使用这个子网 push "route 10.8.0.0 255.255.255.0" //通知客户端使用子网 route 192.168.3.0 255.255.255.0 10.8.0.2 //使用这个子网 push "route 192.168.3.0 255.255.255.0 10.8.0.2" //通知客户端使用子网

2. 连接到openvpn服务器

• 开启路由转发

  1 2 3

  echo 1 > /proc/sys/net/ipv4/ip_forward sudo iptables -A FORWARD -i eth0 -j ACCEPT sudo iptables -A FORWARD -i eth1 -j ACCEPT

3. 配置路由
   • 可以在路由器上配置全局路由
   • 下面是需要连接 openvpn 的单独配置
     • Windows 需要cmd 管理员窗口执行:
       route add 10.8.0.0 mask 255.255.255.0 10.0.0.1
     • Linux 需要sudo 权限执行:
       ip route add 10.8.0.0/24 via 10.0.0.1

可以在各个网络出入口使用 tcpdump 抓包判断网络情况

1. ##403

There are no projects with trackers for which you can create an issue!

1. Issue statuses问题状态
   - 设置问题状态

2. Trackers跟踪标签
   - 设置跟踪标签,跟踪标签中需要设置问题状态

3. Roles and permissions角色和权限
   - 设置跟踪标签的权限，给予new issue权限

   阅读全文 »

1. docker engine安装

• docker install
• debian install
• centos install
• windows install

2. docker官方文档

• docker administrator guide
• docker user guide
• docker proxy
  

  1 2 3 4 5 6 7

  $ cat /etc/systemd/system/docker.service.d/http-proxy.conf Environment="HTTP_PROXY=http://proxy.example.com:80/" HTTPS_PROXY=http://proxy.example.com:80/ Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com" $ systemctl daemon-reload $ systemctl show --property Environment docker Environment=HTTP_PROXY=http://proxy.example.com:80/ $ systemctl restart docker

1. ssh转发

• ssh -N -f -L 5000:localhost:3306 [email protected]

  -N 不启动shell

  -f 后台执行

  -T不分配TTY

  -D动态转发、 -L本地转发 、 -R 远程转发

  SSH 端口转发自然需要 SSH 连接，而 SSH 连接是有方向的，从 SSH Client 到 SSH Server 。而我们的应用也是有方向的，比如需要连接 Server 时 ，Server 自然就是 Server 端，我们应用连接的方向也是从应用的 Client 端连接到应用的 Server 端。如果这两个连接的方向一致，那我们就说它是本地转发。而如果两个方向不一致，我们就说它是远程转发。本地转发与远程转发

2. autossh官方

• README

  1	autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -L 5000:localhost:3306 [email protected]

  参考文档

  阅读全文 »