海运的博客

使用frp映射本地3389远程桌面到远程服务器

发布时间:February 22, 2020 // 分类: // No Comments

go build:

1
2
3
4
5
6
7
git clone https://github.com/fatedier/frp.git
#windows客户端
frp/cmd/frpc
GOARCH=amd64 GOOS=windows CGO_ENABLED=0 go build -ldflags "-s -w"
#linux服务端
frp/cmd/frps
go build -ldflags "-s -w"

服务端配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[common]
bind_addr = 0.0.0.0
bind_port = 7000
 
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
 
log_file = /run/log/frp/frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false
 
token = password
pool_count = 5
tcp_mux = false
allow_ports = 2000-3000,3001,3003,4000-50000
max_ports_per_client = 0

客户端配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[common]
server_addr = www.haiyun.me
server_port = 7000
 
log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false
 
login_fail_exit = false
token = password
pool_count = 5
protocol = tcp
tcp_mux = false
tls_enable = false
dns_server = 114.114.114.114
 
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
 
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389
use_encryption = true
use_compression = false

windows下使用winsw将frpc安装为系统服务开机自动启动,将winsw放到frp目录,并新建winsw.xml配置文件:

1
2
3
4
5
6
7
8
9
10
<service>
    <id>frp</id>
    <name>frp client</name>
    <description>frp client</description>
    <executable>C:\test\frpc.exe</executable>
    <arguments>-c frpc.ini</arguments>
    <onfailure action="restart" delay="60 sec"/>
    <logmode>append</logmode>
    <logpath>logs</logpath>
</service>

以管理员启动cmd进入frp目录,安装frp为系统服务并启动:

1
2
3
cd C:\test\
winsw install
winsw start frp

ubuntu下使用7zip aes-256加密压缩zip文件

发布时间:February 20, 2020 // 分类: // No Comments

安装7zip:

1
apt install p7zip-full

加密压缩为7zip格式:

1
2
3
7z a -t7z -p123456 -mhe -spf file.7z file/
#-mhe加密文件名
#-spf被压缩目录包含完整的路径

加密压缩为zip格式:

1
2
7z a -tzip -p123456 -mem=AES256 -spf file.zip file/
#-mem使用aes256加密

查看加密压缩文件信息:

1
2
7z l -slt file.zip
7z l -slt file.7z

解压文件:

1
2
7z x -p123456 file.zip
7z x -p123456 file.7z

解压到指定目录:

1
7z x prowinx64legacy.exe -owindows7-x64

https://sevenzip.osdn.jp/chm/cmdline/switches/index.htm

此内容被密码保护

发布时间:February 19, 2020 // 分类: // No Comments

请输入密码访问

go get/build和git clone使用socks5

发布时间:February 19, 2020 // 分类: // No Comments

go:

1
2
export http_proxy=socks5://127.0.0.1:7070
go get ...

git:

1
git config --global http.proxy socks5://127.0.0.1:7070

https://blog.csdn.net/idwtwt/article/details/84842361

ubuntu编译安装bitwarden_rs和web-vault

发布时间:February 17, 2020 // 分类: // 7 Comments

安装rust环境:

1
2
3
apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

编译安装bitwarden_rs:

1
2
3
4
5
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/

交叉编译arm64/aarch64版本bitwarden_rs:

1
2
3
4
5
6
7
8
9
10
11
12
#tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
#export PATH=$PATH:`pwd`/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
apt install gcc-aarch64-linux-gnu
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
mkdir .cargo
rustup target install aarch64-unknown-linux-gnu
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"

编译安装web-vault,内存需4G以上,不然可能会出错。已编译版本:https://github.com/dani-garcia/bw_web_builds/releases

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.18.2
#2.18版本先执行再patch
npm run sub:init
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.18.1.patch
git apply v2.18.1.patch
npm install
npm run dist
#新版本
npm run dist:oss:selfhost
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

也可使用docker build:

1
2
3
4
5
apt install docker.io
cd bw_web_builds/
git checkout v2022.10.2
make docker-extract

如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:

1
sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动:

1
2
3
export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

systemd:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[Unit]
Description=Bitwarden Server (Rust Edition)
After=network.target
 
[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null
 
[Install]
WantedBy=multi-user.target

添加运行用户:

1
useradd -r bitwarden  -s /usr/sbin/nologin

/etc/bitwarden/config.env文件:

1
2
3
4
5
6
7
8
9
10
11
12
WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"

nginx配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
server {
  listen       0.0.0.0:443 ssl http2;
  server_name www.haiyun.me;
 
  ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
  ssl_protocols      TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
  ssl_prefer_server_ciphers   off;
 
  ssl_early_data on;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;
 
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;
 
  root   /var/www/html;
  index  index.html index.htm;
 
  location / {
    proxy_redirect off;
    #proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  access_log /run/log/nginx/www.haiyun.me.log ssl;
  error_log  /run/log/nginx/www.haiyun.me_error.log;
}

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...