海运的博客

光猫拨号ImmortalWrt/OpenWRT路由获取ipv6遇到的问题

发布时间:August 25, 2024 // 分类: // 1 Comment

光猫提供/60,二级路由有足够的子网分配,当光猫pppoe重新拨号后openwrt wan ipv6更新正常,但是ipv6前缀不能正常更新,需重启odhcp6才正常。
也有人遇到同样问题:https://github.com/openwrt/odhcp6c/issues/61

退而使用nat6,但是同样遇到问题,每次光猫pppoe重新拨号后wan ipv6过段时间会中断几分钟。

禁用wan6接口不使用odhcp6管理ipv6,使用linux内核管理ipv6才算正常。

uci set network.wan6.disabled="1"
uci commit network
sysctl -w net.ipv6.conf.eth1.accept_ra=2
sysctl -w net.ipv6.conf.default.accept_ra=2
sysctl -w net.ipv6.conf.all.accept_ra=2

php-fpm错误error_log日志配置

发布时间:May 26, 2024 // 分类: // No Comments

配置文件/etc/php/8.2/fpm/php.ini

#配置是否记录脚本错误日志
log_errors = On
#phpf-pm用户可写,如无配置此项或不可写会nginx error log记录错误信息
error_log = /var/log/php/php_errors.log
#是否在web界面显示错误信息
display_errors = Off

配置文件/etc/php/8.2/fpm/php-fpm.conf:

#只记录php-fpm进程运行日志
error_log = /var/log/php8.2-fpm.log
#同时也保存php脚本错误日志,同上
catch_workers_output = yes

配置文件/etc/php/8.2/fpm/pool.d/www.conf,不同的服务配置不同的日志文件,优先级高于php.ini。

#同php.ini内参数
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/php/www_error.log
php_admin_flag[log_errors] = off

有的程序内部错误php error_log不显示,如typecho插件有问题500 server error,需开启debug查看原因:

define('__TYPECHO_DEBUG__', true);

参考:
https://www.hawu.me/operation/2196

debian-12/bookworm安装mariadb10.3和mysql5.6

发布时间:May 26, 2024 // 分类: // No Comments

debian-12自带的mariadb10.11不太好用,通过下载debian-10的mariadb deb安装包可直接安装,没发现兼容性问题。

wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server_10.3.39-0+deb10u2_all.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-common_10.3.39-0+deb10u2_all.deb
wget http://http.us.debian.org/debian/pool/main/r/readline5/libreadline5_5.2+dfsg-3+b13_amd64.deb

apt install ./libreadline*.deb ./mariadb-*.deb
apt-mark hold libreadline5 mariadb-client-10.3 mariadb-client-core-10.3 mariadb-server-10.3 mariadb-server-core-10.3 mariadb-server mariadb-common

如需安装mysql 5.x也可直接下载deb安装:

wget https://downloads.mysql.com/archives/get/p/23/file/mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar
tar xf mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar 
apt install ./mysql-common_5.6.51-1debian9_amd64.deb ./libmysqlclient18_5.6.51-1debian9_amd64.deb ./mysql-community-client_5.6.51-1debian9_amd64.deb ./mysql-client_5.6.51-1debian9_amd64.deb ./mysql-community-server_5.6.51-1debian9_amd64.deb ./mysql-server_5.6.51-1debian9_amd64.deb
apt-mark hold mysql-common mysql-community-client mysql-client mysql-community-server mysql-server

https://packages.debian.org/buster/mariadb-server
https://blog.iks.moe/archives/Debian-10-Buster-Package-Install-MySQL-56.html
https://downloads.mysql.com/archives/community/
https://archive.mariadb.org/

smokeping主从配置及遇到的问题

发布时间:May 18, 2024 // 分类: // No Comments

slave配置:

echo passwd > /usr/local/smokeping/etc/smokeping_secrets
chown smokeping: /usr/local/smokeping/etc/smokeping_secrets
chmod 600 /usr/local/smokeping/etc/smokeping_secrets
mkdir /usr/local/smokeping/cache
chown smokeping: -R /usr/local/smokeping/cache/

service:

[Unit]
Description=Smokeping Service, Network Latency Graphical Viewer
After=network.service

[Service]
Type=forking
Environment=MASTER=https://www.haiyun.me/
Environment=CACHEDIR=/usr/local/smokeping/cache
Environment=SECRET=/usr/local/smokeping/etc/smokeping_secrets
Environment=NAME=bj
#Environment=DEBUG=--debug-daemon
RuntimeDirectory=smokeping
RuntimeDirectoryMode=0775
PIDFile=/run/smokeping/smokeping.pid
User=smokeping
Group=smokeping
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/bin/sh -c "/usr/local/smokeping/bin/smokeping --master-url=${MASTER} --cache-dir=${CACHEDIR} --slave-name=${NAME} --shared-secret=${SECRET} --pid-dir=/run/smokeping/ ${DEBUG-DAEMON}"
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=default.target

master配置:

cat /etc/smokeping/config.d/Slaves 
*** Slaves ***
secrets=/etc/smokeping/smokeping_secrets

+ bj # slave的名字
display_name=bj # slave的别名
#location=beijing
color=0000ff # slave收集的数据在图像中显示的颜色
cat /etc/smokeping/smokeping_secrets
bj:passwd
cat /etc/smokeping/config.d/Targets
+ Ping
menu = Ping
title = Ping

++ TEST
menu = test
title = test
host = www.haiyun.me
slaves = bj
chown www-data: /etc/smokeping/smokeping_secrets
chmod 600 /etc/smokeping/smokeping_secrets
mkdir /data/d/smokeping/data/__cgi/Ping
chown www-data: /data/d/smokeping/data/__cgi/Ping  
chgrp www-data /data/d/smokeping/data/Ping/ -R
chmod g+w /data/d/smokeping/data/Ping/ -R
chown smokeping: /data/smokeping/data/__sortercache/ -R

master service可添加:

PermissionsStartOnly=true
ExecReload=/bin/sleep 3
ExecReload=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecReload=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R
ExecStartPost=/bin/sleep 3
ExecStartPost=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecStartPost=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R

遇到的问题:
1.ERROR: the shared secret file (/usr/local/smokeping/etc/smokeping_secrets) is world-readable or writable
解决:修改权限/usr/local/smokeping/etc/smokeping_secrets
2.WARNING: Opening secrets file /etc/smokeping/smokeping_secrets: Permission denied
解决:启动时添加--debug发现是master的错误,修改web server可读此文件
3.WARNING: Data from was signed with which does not match our expectation
解决:slave配置smokeping_secrets只添加密码
4.slave发送数据到master ok,但是无图表数据
解决:修改/data/d/smokeping/data/Ping/对应的rrd web可写
5.还是不行,查看nginx日志Could not lock /data/d/smokeping/data/__cgi//Ping/*.bj.slave_cache (No such file or directory).
解决:创建相应目录并给予web server可写权限
6.当master停机一段时间后slave积累大量数据提交WARNING Master said 413 Request Entity Too Large:
解决:nginx配置修改client_max_body_size 100m;

openwrt/linux使用tcpdump/nflog ulogd记录iptables日志

发布时间:February 28, 2024 // 分类: // No Comments

iptables log当数据量较大的时候严重占用cpu资源,可以使用iptables nflog扩展配合ulogd收集日志,不占用cpu资源并且支持多种存储后端。
openwrt需安装以下:

opkg install iptables-mod-nflog ulogd ulogd-mod-extra ulogd-mod-nflog

ulogd配置文件,/etc/ulogd.conf

[global]
logfile="/var/log/ulogd.log"

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

[log1]
group=1

[emu1]
logfile="/var/log/nflog1.log"
sync=1

iptables规则:

iptables -I OUTPUT -p tcp --dport 80 -j NFLOG --nflog-group 1 

也可以使用tcpdump监测,查看tcpdump是否支持nflog或nfqueue:

tcpdump -D
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
tcpdump -i nflog:1
分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
归档