因為新浪部落即將停止服務 ,所以測試 Cyotek WebCopy 這個工具來將之前的文章做個備份
從安裝到備份網站,操作起來非常的直覺
helloworld
目前分類:系統管理 (418)
- Mar 14 Mon 2022 15:14
備份網站工具 Cyotek WebCopy
- Mar 08 Tue 2022 17:37
Google Chrome 截圖功能
如果不借用其他截圖軟體的話,以下是透過 chrome 擷取網頁截圖的方式
1. 下載螢幕截圖外掛 Screen Capture
https://chrome.google.com/webstore/detail/screen-capture/ghihpjhpgdepnohngpgfcmcijmkggpaf
2. 安裝
3. 圖檔預設儲存格式為 png 檔,可以調整成 jpg 格式
4. 點擊右上角 icon
5. 選擇範圍,存檔
- Feb 25 Fri 2022 15:55
CentOS yum / dnf 錯誤訊息 Failed to download metadata for repo 'AppStream'
今天想在 Linode 的一台 CentOS 8 虛擬機安裝套件
但出現以下的錯誤訊息
[root@helloworld yum.repos.d]# yum upgrade
CentOS-8 - AppStream 984 B/s | 280 B 00:00
Failed to download metadata for repo 'AppStream'
Error: Failed to download metadata for repo 'AppStream'
或是以下的錯誤訊息
[root@test yum.repos.d]# yum upgrade
CentOS Linux 8 - AppStream 533 B/s | 280 B 00:00
Errors during downloading metadata for repository 'appstream':
- Status code: 404 for http://mirrors.linode.com/centos/8/AppStream/x86_64/os/repodata/repomd.xml (IP: 2600:3c01:1::607e:6379)
Error: Failed to download metadata for repo 'appstream': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
發現因為 http://mirrors.linode.com/centos/8/ 下面的檔案都不見了
解決方式:
編輯 CentOS-AppStream.repo 及 CentOS-Base.repo
vi /etc/yum.repos.d/CentOS-AppStream.repo
#baseurl=http://mirrors.linode.com/$contentdir/$releasever/AppStream/$basearch/os/
baseurl=http://mirrors.linode.com/$contentdir/$releasever-stream/AppStream/$basearch/os/
vi /etc/yum.repos.d/CentOS-Base.repo
#baseurl=http://mirrors.linode.com/$contentdir/$releasever/BaseOS/$basearch/os/
baseurl=http://mirrors.linode.com/$contentdir/$releasever-stream/BaseOS/$basearch/os/
雖然不知道會不會爆炸
但只能先醬子了
更新: 重開機測試,果然爆炸了 XD
解決方式: 修改 grub2 kernel 預設開機順序
[root@helloworld ~]# grub2-set-default 1
[root@helloworld ~]# grub2-editenv list
saved_entry=1
kernelopts=root=/dev/sda ro console=ttyS0,19200n8 net.ifnames=0 crashkernel=auto rhgb
- Feb 21 Mon 2022 15:15
解決 firefox SSL_ERROR_UNSUPPORTED_VERSION 錯誤訊息
Firefox 輸入網址出現 SSL_ERROR_UNSUPPORTED_VERSION 錯誤訊息
安全連線失敗
連線到 192.168.254.252 時發生錯誤。對方使用不支援的安全通訊協定版本。
錯誤碼: SSL_ERROR_UNSUPPORTED_VERSION
因為無法驗證已接收資料的真實性,無法顯示您嘗試檢視的頁面。
請向網站擁有者回報此問題。
此網站可能不支援 TLS 1.2 版通訊協定,而 Firefox 最低僅支援 TLS 1.2 版。
更多資訊…
如果確定這個網址是可以信任,又無法升級的話
解決方式
1. 網址列輸入 about:config 進入偏好設定
2. 搜尋 "security.tls.version.min"
3. 假設要瀏覽的網站只支援到 TLS 1.1 則將數值修改為 2 並儲存
4. 重新瀏覽網站
以下是 security.tls.version.min 0~3 所支援的 ssl/tls 版本,請依照自己的需求調整
0: SSL 3.0 is the minimum required / maximum supported encryption protocol. (Default up to FF/TB 33.0 and SM 2.30 for minimum version.)
1: TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the minimum required version.)
2: TLS 1.1 is the minimum required / maximum supported encryption protocol.
3: TLS 1.2 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
- Jan 06 Thu 2022 17:12
ubuntu server + pppoe 撥號 + NAT 供內部網路上網
測試環境
Ubuntu 20.04.3 LTS
ens160: 內部網卡,連接內部網路
ens192: 外部網卡,連接ISP 設備
安裝 pppoe 設定程式
$ sudo apt-get install pppoeconf
執行 pppoeconf ,按照訊息依序填入ISP 提供的帳號密碼
以中華電信為例,帳號為 12345678@hinet.net
$ sudo pppoeconf
編輯 /etc/sysctl.conf
設定 net.ipv4.ip_forward=1
$ sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
設定 iptables ,讓內部網路可以透過 pppoe 的介面出去
$ sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables 存檔
$ sudo iptables-save > /etc/iptables/rules.v4
安裝 iptables-persistent,讓開機的時候自動載入 iptables
$ sudo apt-get install iptables-persistent
重開機
測試其他client 是否可以透過 ubuntu 連上 internet
- Nov 17 Wed 2021 17:03
apache 相同vhost 特定路徑讀取不同資料匣
假設 a.example.com 的 DocumentRoot 在 /var/www//html/a
但當使用者連線到
http://a.example.com/test/ 時
希望看到的是 /var/www/html/test 下的檔案
- Nov 15 Mon 2021 17:19
CentOS 升級 gcc 版本
- Nov 11 Thu 2021 13:38
cisco 3750g L3 switch 沒有支援 ip accounting ?
因為流量異常,想要看看主要是哪邊來源和目的
所以設定 ip accounting 看看狀態
無法在 interface 上面設定很合理
- Nov 09 Tue 2021 09:37
啟用/停止 gitlab 服務
啟用 gitlab 服務
root@example:/etc# gitlab-ctl start
ok: run: crond: (pid 710527) 1s
ok: run: gitaly: (pid 710535) 0s
ok: run: gitlab-workhorse: (pid 710554) 1s
ok: run: logrotate: (pid 710567) 0s
ok: run: nginx: (pid 710573) 0s
ok: run: postgresql: (pid 710585) 1s
ok: run: puma: (pid 710594) 0s
ok: run: redis: (pid 710599) 1s
ok: run: registry: (pid 710606) 0s
ok: run: sidekiq: (pid 710615) 1s
檢查 gitlab 服務
root@example:/etc# gitlab-ctl status
run: crond: (pid 710527) 15s; run: log: (pid 217758) 329321s
run: gitaly: (pid 710535) 14s; run: log: (pid 217383) 329446s
run: gitlab-workhorse: (pid 710554) 14s; run: log: (pid 217843) 329304s
run: logrotate: (pid 710567) 13s; run: log: (pid 217308) 329463s
run: nginx: (pid 710573) 13s; run: log: (pid 217859) 329299s
run: postgresql: (pid 710585) 13s; run: log: (pid 217550) 329434s
run: puma: (pid 710594) 12s; run: log: (pid 217772) 329316s
run: redis: (pid 710599) 12s; run: log: (pid 217348) 329455s
run: registry: (pid 710606) 11s; run: log: (pid 217933) 329278s
run: sidekiq: (pid 710615) 11s; run: log: (pid 217789) 329311s
停用 gitlab 服務
root@example:/etc# gitlab-ctl stop
ok: down: crond: 0s, normally up
ok: down: gitaly: 1s, normally up
ok: down: gitlab-workhorse: 0s, normally up
ok: down: logrotate: 0s, normally up
ok: down: nginx: 1s, normally up
ok: down: postgresql: 0s, normally up
ok: down: puma: 0s, normally up
ok: down: redis: 1s, normally up
ok: down: registry: 0s, normally up
ok: down: sidekiq: 0s, normally up
- Nov 02 Tue 2021 17:18
ubuntu 20.04 install nginx + php-fpm
系統更新
sudo apt update
sudo apt upgrade
安裝 nginx
sudo apt install nginx
啟動 nignx 檢查是否有錯誤
sudo systemctl start nginx
安裝 php 及相關 extention
sudo apt install php php-cli php-fpm php-json php-pdo php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath
正常狀況下,安裝完後會自動啟動
以下指令檢查是否正常啟動
systemctl status php7.4-fpm.service
ps aux | grep php
修改nginx 設定檔用來支援 php
sudo vi /etc/nginx/sites-available/default
找到 server 區段
新增 index.php 為index 頁
index index.php index.html index.htm index.nginx-debian.html;
如果副檔名為 php 則透過 fastcgi 執行
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
重新啟動 nginx
sudo systemctl restart nginx
建立一個測試檔案
cd /var/www/html/
vi test.php
<?php
echo "Hello World";
?>
最後打開瀏覽器,網址列輸入 http://ip/test.php
如果畫面顯示 Hello World ,表示安裝設定成功
- Nov 02 Tue 2021 10:30
使用tar 備份資料時,不備份完整路徑
假設用 linux crontab + tar 排程備份網站資料
# tar -zcpBf /home/backup/site1.tgz /var/www/html/site1/
備份出來的檔案會包含完整的路徑
var/www/html/site1/index.php
var/www/html/site1/robots.txt
var/www/html/site1/hello.jpg
但如果只想保留相對路徑,移除完整路徑
可改用以下參數
# tar -zcpBf /home/backup/site1.tgz -C /var/www/html/ site1/
site1/index.php
site1/robots.txt
site1/hello.jpg
tar -C 參數,先 cd 到該路徑,再執行備份指令
-C, --directory=DIR
Change to DIR before performing any operations. This option is order-sensitive, i.e. it affects all options that follow.
- Nov 01 Mon 2021 14:00
ubuntu 20.04 安裝 netstat 工具
新版 ubuntu 預設沒有 netstat 工具
取而代之的是 ss 指令
如果要使用 netstat 工具
請安裝 net-tools 套件
root@example:~# netstat -na
Command 'netstat' not found, but can be installed with:
apt install net-tools
root@example:~# apt install net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 196 kB of archives.
After this operation, 864 kB of additional disk space will be used.
Get:1 http://tw.archive.ubuntu.com/ubuntu focal/main amd64 net-tools amd64 1.60+git20180626.aebd88e-1ubuntu1 [196 kB]
Fetched 196 kB in 1s (262 kB/s)
Selecting previously unselected package net-tools.
(Reading database ... 115357 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb ...
Unpacking net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
Setting up net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
Processing triggers for man-db (2.9.1-1) ...
root@example:~#
- Oct 29 Fri 2021 15:26
find 配合 xargs 將特定檔案搬到指定目錄
假設要移動特定檔名的檔案到某個資料匣,但是因為檔案數量太多出現以下錯誤訊息
[root@example testdir]# mv test-*.log /tmp/workdir/
-bash: /usr/bin/mv: Argument list too long
可以考慮 find 配合 xargs 實現
參考語法:
[root@example testdir]# /usr/bin/find /testdir/ -type f -name 'test-*.log' | /usr/bin/xargs -I '{}' /usr/bin/mv '{}' /tmp/workdir/
- Oct 07 Thu 2021 10:57
解決 curl , wget 抓https 網站出現憑證錯誤訊息
以下狀況最近常發現在 FreeBSD 用戶端要讀取使用 Let's Encrypt. 憑證的網站
$ wget https://example.xx.xx/
Resolving example.xx.xx (example.xx.xx)... xx.xx.xx.xx
Connecting to example.xx.xx (example.xx.xx)|xx.xx.xx.xx|:443... connected.
ERROR: cannot verify example.xx.xx's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US':
Issued certificate has expired.
To connect to example.xx.xx insecurely, use `--no-check-certificate'.
$ curl https://example.xx.xx/
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
原因是 client 的 ca root 憑證過期
以freebsd 為例,可以查看 /usr/local/etc/ssl/cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
Validity
Not Before: Sep 30 21:12:19 2000 GMT
Not After : Sep 30 14:01:15 2021 GMT
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
略過錯誤的解決方式:
$ wget --no-check-certificate https://example.xx.xx/
$ curl -k https://example.xx.xx/
如果是使用 apache 的 proxypass
請在設定檔加入
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
- Sep 30 Thu 2021 14:33
ubuntu 20.04 安裝在 ESXi 上的錯誤訊息
發現系統出現以下錯誤訊息
Sep 30 14:12:57 s245 multipathd[601]: sda: add missing path
Sep 30 14:12:57 s245 multipathd[601]: sda: failed to get udev uid: Invalid argument
Sep 30 14:12:57 s245 multipathd[601]: sda: failed to get sysfs uid: Invalid argument
Sep 30 14:12:57 s245 multipathd[601]: sda: failed to get sgio uid: No such file or directory
Sep 30 14:13:02 s245 multipathd[601]: sda: add missing path
Sep 30 14:13:02 s245 multipathd[601]: sda: failed to get udev uid: Invalid argument
Sep 30 14:13:02 s245 multipathd[601]: sda: failed to get sysfs uid: Invalid argument
Sep 30 14:13:02 s245 multipathd[601]: sda: failed to get sgio uid: No such file or directory
解決方式
1. 將 guestos 先關機
2. 點擊 guestos 右鍵 -> 編輯設定
3. 切換至 選項 -> 一般
4. 點擊右邊組態參數
5. 新增組態名稱和值分別為 disk.EnableUUID 及 TRUE
6. 確定,重開vm guestos
參考資料: https://ubuntuforums.org/showthread.php?t=2441797
- Sep 29 Wed 2021 14:42
ubuntu 20.04 安裝 elastic search
執行 elastic search 需要有java 環境
請先確定系統環境是否已經安裝 java
$ java -version
如果沒有的話,以下步驟安裝
$ sudo apt install default-jre
設定環境變數
$ vi /etc/environment
JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64/"
$ source /etc/environment
安裝 elastic search 步驟
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ sudo apt-get install apt-transport-https
$ echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
$ sudo apt-get update && sudo apt-get install elasticsearch
- Sep 24 Fri 2021 15:00
cloudflare 的 development mode
如果你有使用 cloudflare 的cdn 功能
預設的cache 是啟用的
但是如果你目前需要頻繁更新網頁
想要看到即時的畫面,又不要不斷的清cache
cloudflare 提供了 development mode 的功能
啟用development mode 之後的三個小時內
cloudflare 會幫你bypass 所有的cache
直到你手動關閉或是三個小時後自動關閉
另外也提供api 可以不用登入管理介面操作
example:
取得目前 development mode 狀態
curl -X GET "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/settings/development_mode" \
-H "X-Auth-Email: user@example.com" \
-H "X-Auth-Key: YOUR-API-KEY" \
-H "Content-Type: application/json"
回傳
{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "development_mode",
"value": "off",
"editable": true,
"modified_on": "2014-01-01T05:20:00.12345Z",
"time_remaining": 3600
}
}
啟用 development mode
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/settings/development_mode" \
-H "X-Auth-Email: user@example.com" \
-H "X-Auth-Key: YOUR-API-KEY" \
-H "Content-Type: application/json" \
--data '{"value":"on"}'
{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "development_mode",
"value": "on",
"editable": true,
"modified_on": "2014-01-01T05:20:00.12345Z",
"time_remaining": 3600
}
}
關閉 development mode
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/settings/development_mode" \
-H "X-Auth-Email: user@example.com" \
-H "X-Auth-Key: YOUR-API-KEY" \
-H "Content-Type: application/json" \
--data '{"value":"off"}'
{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "development_mode",
"value": "off",
"editable": true,
"modified_on": "2014-01-01T05:20:00.12345Z",
"time_remaining": 3600
}
}
Zone ID 可以在 overview 的左下角取得
API Key 可以再點進 Get your API token 後取得
- Sep 17 Fri 2021 10:10
啟用 ubuntu 20.04 /etc/rc.local
ubuntu 20.04 預設重開機時無法啟用 /etc/rc.local
如果要重開機後執行的話,修改方式如下
1. 在檔案的最末端加入以下三行,存檔離開
sudo vi /lib/systemd/system/rc-local.service
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
2. 建立 rc.local
sudo vi /etc/rc.local
#!/bin/sh -e
echo `date` >> /tmp/reboot.log
exit 0
3. 加入可執行權限
sudo chmod u+x /etc/rc.local
4. 設定開機啟動,並手動啟用測試
sudo systemctl enable rc-local
sudo systemctl start rc-local
5. 檢視是否已啟用
sudo systemctl status rc-local
● rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/lib/systemd/system/rc-local.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/rc-local.service.d
└─debian.conf
Active: active (exited) since Fri 2021-09-17 01:53:56 UTC; 3s ago
Docs: man:systemd-rc-local-generator(8)
Process: 989234 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
Sep 17 01:53:56 example systemd[1]: Starting /etc/rc.local Compatibility...
Sep 17 01:53:56 example systemd[1]: Started /etc/rc.local Compatibility.
6. 建立連結
sudo ln -s /lib/systemd/system/rc-local.service /etc/sysstemd/system/rc-local.service
7. 重開機
sudo reboot
相關連結: 透過 crontab 實現重開機時自動執行 script
https://helloworld.pixnet.net/blog/post/48872828-%e9%80%8f%e9%81%8e-crontab-%e5%af%a6%e7%8f%be%e9%87%8d%e9%96%8b%e6%a9%9f%e6%99%82%e8%87%aa%e5%8b%95%e5%9f%b7%e8%a1%8c-script
- Sep 16 Thu 2021 14:40
Ubuntu server 20.04 安裝 GitLab EE
官網上提供詳細步驟
https://about.gitlab.com/install/#ubuntu
1. 安裝相關套件
sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
如果需要寄信的話,安裝MTA
sudo apt-get install -y postfix
2. 新增package repository 並安裝
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
EXTERNAL_URL 改成你的gitlab 網址,需要dns 查詢的到或室 /etc/hosts 有綁定ip 也可以
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ee
3. 透過瀏覽器登入
網址列填入 https://剛剛你設定的網址/
預設帳號: root
密碼: 系統會隨機產生並保留24小時,在 /etc/gitlab/initial_root_password 可以找到
- Sep 02 Thu 2021 16:34
變更 ubuntu 預設文字編輯器
在shell 輸入 update-alternatives --config editor
星號標示目前預設的文字編輯器
如果要改變預設的文字編輯器,僅需要在提示欄位輸入編號即可
因為我習慣vi 的操作方式,所以我選擇3 並按enter 確認
root@helloworld:~# update-alternatives --config editor
There are 4 choices for the alternative editor (providing /usr/bin/editor).
Selection Path Priority Status
------------------------------------------------------------
* 0 /bin/nano 40 auto mode
1 /bin/ed -100 manual mode
2 /bin/nano 40 manual mode
3 /usr/bin/vim.basic 30 manual mode
4 /usr/bin/vim.tiny 15 manual mode
Press <enter> to keep the current choice[*], or type selection number: 3
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in manual mode
測試預設的編輯器是否生效
root@helloworld:~# visudo