海运的博客

光猫提供/60，二级路由有足够的子网分配，当光猫pppoe重新拨号后openwrt wan ipv6更新正常，但是ipv6前缀不能正常更新，需重启odhcp6才正常。
也有人遇到同样问题：https://github.com/openwrt/odhcp6c/issues/61

退而使用nat6，但是同样遇到问题，每次光猫pppoe重新拨号后wan ipv6过段时间会中断几分钟。

禁用wan6接口不使用odhcp6管理ipv6，使用linux内核管理ipv6才算正常。

uci set network.wan6.disabled="1"
uci commit network
sysctl -w net.ipv6.conf.eth1.accept_ra=2
sysctl -w net.ipv6.conf.default.accept_ra=2
sysctl -w net.ipv6.conf.all.accept_ra=2

配置文件/etc/php/8.2/fpm/php.ini

#配置是否记录脚本错误日志
log_errors = On
#phpf-pm用户可写，如无配置此项或不可写会nginx error log记录错误信息
error_log = /var/log/php/php_errors.log
#是否在web界面显示错误信息
display_errors = Off

配置文件/etc/php/8.2/fpm/php-fpm.conf：

#只记录php-fpm进程运行日志
error_log = /var/log/php8.2-fpm.log
#同时也保存php脚本错误日志，同上
catch_workers_output = yes

配置文件/etc/php/8.2/fpm/pool.d/www.conf，不同的服务配置不同的日志文件，优先级高于php.ini。

#同php.ini内参数
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/php/www_error.log
php_admin_flag[log_errors] = off

有的程序内部错误php error_log不显示，如typecho插件有问题500 server error，需开启debug查看原因：

define('__TYPECHO_DEBUG__', true);

参考：
https://www.hawu.me/operation/2196

debian-12自带的mariadb10.11不太好用，通过下载debian-10的mariadb deb安装包可直接安装，没发现兼容性问题。

wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server_10.3.39-0+deb10u2_all.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-common_10.3.39-0+deb10u2_all.deb
wget http://http.us.debian.org/debian/pool/main/r/readline5/libreadline5_5.2+dfsg-3+b13_amd64.deb

apt install ./libreadline*.deb ./mariadb-*.deb
apt-mark hold libreadline5 mariadb-client-10.3 mariadb-client-core-10.3 mariadb-server-10.3 mariadb-server-core-10.3 mariadb-server mariadb-common

如需安装mysql 5.x也可直接下载deb安装：

wget https://downloads.mysql.com/archives/get/p/23/file/mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar
tar xf mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar 
apt install ./mysql-common_5.6.51-1debian9_amd64.deb ./libmysqlclient18_5.6.51-1debian9_amd64.deb ./mysql-community-client_5.6.51-1debian9_amd64.deb ./mysql-client_5.6.51-1debian9_amd64.deb ./mysql-community-server_5.6.51-1debian9_amd64.deb ./mysql-server_5.6.51-1debian9_amd64.deb
apt-mark hold mysql-common mysql-community-client mysql-client mysql-community-server mysql-server

https://packages.debian.org/buster/mariadb-server
https://blog.iks.moe/archives/Debian-10-Buster-Package-Install-MySQL-56.html
https://downloads.mysql.com/archives/community/
https://archive.mariadb.org/

slave配置：

echo passwd > /usr/local/smokeping/etc/smokeping_secrets
chown smokeping: /usr/local/smokeping/etc/smokeping_secrets
chmod 600 /usr/local/smokeping/etc/smokeping_secrets
mkdir /usr/local/smokeping/cache
chown smokeping: -R /usr/local/smokeping/cache/

service:

[Unit]
Description=Smokeping Service, Network Latency Graphical Viewer
After=network.service

[Service]
Type=forking
Environment=MASTER=https://www.haiyun.me/
Environment=CACHEDIR=/usr/local/smokeping/cache
Environment=SECRET=/usr/local/smokeping/etc/smokeping_secrets
Environment=NAME=bj
#Environment=DEBUG=--debug-daemon
RuntimeDirectory=smokeping
RuntimeDirectoryMode=0775
PIDFile=/run/smokeping/smokeping.pid
User=smokeping
Group=smokeping
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/bin/sh -c "/usr/local/smokeping/bin/smokeping --master-url=${MASTER} --cache-dir=${CACHEDIR} --slave-name=${NAME} --shared-secret=${SECRET} --pid-dir=/run/smokeping/ ${DEBUG-DAEMON}"
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=default.target

master配置：

cat /etc/smokeping/config.d/Slaves 
*** Slaves ***
secrets=/etc/smokeping/smokeping_secrets

+ bj # slave的名字
display_name=bj # slave的别名
#location=beijing
color=0000ff # slave收集的数据在图像中显示的颜色

cat /etc/smokeping/smokeping_secrets
bj:passwd

cat /etc/smokeping/config.d/Targets
+ Ping
menu = Ping
title = Ping

++ TEST
menu = test
title = test
host = www.haiyun.me
slaves = bj

chown www-data: /etc/smokeping/smokeping_secrets
chmod 600 /etc/smokeping/smokeping_secrets
mkdir /data/d/smokeping/data/__cgi/Ping
chown www-data: /data/d/smokeping/data/__cgi/Ping  
chgrp www-data /data/d/smokeping/data/Ping/ -R
chmod g+w /data/d/smokeping/data/Ping/ -R
chown smokeping: /data/smokeping/data/__sortercache/ -R

master service可添加：

PermissionsStartOnly=true
ExecReload=/bin/sleep 3
ExecReload=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecReload=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R
ExecStartPost=/bin/sleep 3
ExecStartPost=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecStartPost=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R

遇到的问题：
1.ERROR: the shared secret file (/usr/local/smokeping/etc/smokeping_secrets) is world-readable or writable
解决：修改权限/usr/local/smokeping/etc/smokeping_secrets
2.WARNING: Opening secrets file /etc/smokeping/smokeping_secrets: Permission denied
解决：启动时添加--debug发现是master的错误，修改web server可读此文件
3.WARNING: Data from was signed with which does not match our expectation
解决：slave配置smokeping_secrets只添加密码
4.slave发送数据到master ok，但是无图表数据
解决：修改/data/d/smokeping/data/Ping/对应的rrd web可写
5.还是不行，查看nginx日志Could not lock /data/d/smokeping/data/__cgi//Ping/*.bj.slave_cache (No such file or directory).
解决：创建相应目录并给予web server可写权限
6.当master停机一段时间后slave积累大量数据提交WARNING Master said 413 Request Entity Too Large：
解决：nginx配置修改client_max_body_size 100m;

iptables log当数据量较大的时候严重占用cpu资源，可以使用iptables nflog扩展配合ulogd收集日志，不占用cpu资源并且支持多种存储后端。
openwrt需安装以下：

opkg install iptables-mod-nflog ulogd ulogd-mod-extra ulogd-mod-nflog

ulogd配置文件，/etc/ulogd.conf

[global]
logfile="/var/log/ulogd.log"

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

[log1]
group=1

[emu1]
logfile="/var/log/nflog1.log"
sync=1

iptables规则：

iptables -I OUTPUT -p tcp --dport 80 -j NFLOG --nflog-group 1 

也可以使用tcpdump监测，查看tcpdump是否支持nflog或nfqueue：

tcpdump -D
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]

tcpdump -i nflog:1