1. kvm运行Centos9/almalinux-9 出现kernel panic , 改qemu的cpu模式为 host-model 解决 (前两年其实就踩过了没记录给忘记了)
2.系统模版封装
下载转换qcow2为raw
qemu-img convert centos9-stream.qcow2 centos9-stream.raw
#挂载修改文件
kpartx -av centos9-stream.raw
mount /dev/mapper/loop0p2 /mnt
umount /mnt
#### 咔咔咔一顿更改设置
#这里直接先安装一个现有的操作系统, 然后dd写入分区文件,(主要是懒不想去自己封装系统,拿现成的)
kpartx /dev/mapper/vg0-kvmXXXX_img
dd_rescue /dev/mapper/loop0p2 /dev/mapper/vg0-kvmXXXX_img1
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub2-install /dev/sdXXXXX #重写引导信息
exit
rm -r /mnt/root/.bash_history #删除操作记录
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt/
kpartx -dv /dev/mapper/vg0-kvmXXXX_img
/scripts/kvmtemplate --generation=2 --mode=package --vmid=kvmXXXX #重新打包模版
cloudinit 转solusvm 模版偷梁换柱完事
solusvm官方没更新模版了, 这次给遗留的机器加上最新系统的模版
由于给files.gallery开了全部权限, 防止文件泄露针对location /进行了限制访问.
server {
server_name gallery.XX.net;
index index.php;
root /home/gallery/web;
location =/ {}
location / { deny all;}
location /.well-known/acme-challenge/ { return 200; }
location ~ \.php(?:$|/) {
try_files $uri = 404;
fastcgi_pass unix:/dev/shm/php8-fpm.sock;
}
}
设定ssl证书
dnf install epel-release -y
dnf install certbot python3-certbot-nginx -y
certbot --nginx -d XXX.net --agree-tos -m [email protected]
echo "0 3 * * 6 /usr/bin/certbot renew --quiet"> /etc/cron.d/certbot
主要两个地方注意一下, cloudflare会传送一个CF-Connecting-IP的header参数为访客的真实ip,所以 read_ip读取它.
然后设定REMOTE_ADDR读取IP, 可以从FORWARDED也可以用CF-Connecting-IP参数
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;
proxy_set_header REMOTE_ADDR $HTTP_X_FORWARDED_FOR;
yum install snmp -y
cat>/etc/snmp/snmpd.conf<<EOF
sysLocation Sitting on the Dock of the Bay
sysContact Me <[email protected]>
sysServices 72
master agentx
view systemview included .1.3.6.1.2.1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.2.2.1.1
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemview included .1.3.6.1.2.1.2.2.1
rocommunity public1611 default
rocommunity6 public1611 default -V systemonly
createUser snmpname SHA "123pwd" AES "123pwd"
rouser snmpname
usmSecurityLevel authPriv
usmUser snmpname - SHA "123pwd" AES "123pwd"
com2sec readonly default public1611
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
rocommunity public1611
agentaddress udp:127.0.0.1:16100
EOF
Import Color Scheme into iTerm2:
- Open iTerm2.
- Go to
iTerm2 -> Preferences -> Profiles.
- In the
Colors tab, you will see a Color Presets dropdown. Open it.
- At the bottom of the dropdown, you'll find
Import...
https://raw.githubusercontent.com/mbadolato/iTerm2-Color-Schemes/master/schemes/Solarized%20Dark%20Higher%20Contrast.itermcolors
wget $(curl -s https://api.github.com/repos/ehang-io/nps/releases/latest | grep -oP '"browser_download_url": "\Khttps://[^"]+')
把ehang-io/nps换成你要的github ID和项目地址.
git clone https://github.com/swoole/swoole-src.git && cd swoole-src
/usr/bin/phpize8.1
./configure --enable-sockets --enable-mysqlnd --enable-openssl --enable-swoole-dev --with-php-config=/usr/bin/php-config8.1
make && make install
echo extension=swoole.so >/etc/php/8.1/cli/conf.d/20-swoole.ini
none
api.exchangerate.host 的API不能白嫖了, 找了个新的汇率接口api.vatcomply.com
原有代码
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.exchangerate.host/latest?symbols=' . $to . '&base=' . $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}
更新后
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.vatcomply.com/rates?base='. $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}
none
Segmentation fault
E: Sub-process /usr/bin/apt-listchanges --apt || test $? -lt 10 returned an error code (1)
E: Failure running script /usr/bin/apt-listchanges --apt || test $? -lt 10
修改/etc/apt/apt.conf.d/20listchanges文件,注释掉第一行.
#DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -lt 10"; };