不切换到用户目录且用户不包含shell,runuser和sudo参数--为参数终止符,可通过alias调用。
1 2 3 | runuser -u nobody -- id -unsudo -u nobody -- id -unsu nobody -s /bin/bash -c 'id -un' |
参考:
https://www.cyberciti.biz/open-source/linux-run-command-as-different-user/
linux以普通用户执行程序
发布时间:December 28, 2021 // 分类: // No Comments
caddy为nginx网站提供http3 quic支持
发布时间:December 27, 2021 // 分类: // No Comments
由于nginx监听了443端口,caddy监听其它端口,通过iptables dnat到caddy端口也能使用,但是caddy head会返回alt-svc包含监听的端口,通过使用docker桥接方式启动caddy可解决。
docker build安装caddy镜像:
1 2 3 4 5 6 7 | FROM debian:bullseyeRUN apt update -yRUN apt install curl net-tools vim iputils-ping -yRUN curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | tee /etc/apt/trusted.gpg.d/caddy-stable.ascRUN curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.listRUN apt update -yRUN apt install caddy |
1 | docker build --tag debian-caddy:v1 - < Dockerfile |
启动:
1 | docker run -d --name caddy-http3 -p 443:443/udp --dns=172.17.0.1 --restart=always -v /etc/caddy:/etc/caddy -v /data/www.haiyun.me:/data/www.haiyun.me -v /acme/haiyun.me:/acme/haiyun.me debian-caddy:v1 caddy run -config /etc/caddy/Caddyfile |
caddy配置文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | { admin off auto_https off servers { protocol { experimental_http3 } }} tls /acme/haiyun.me/haiyun.me.cer /acme/haiyun.me/haiyun.me.key reverse_proxy https://www.haiyun.me { header_up X-Forwarded-For {remote_host} header_down -server }} |
nginx添加head:
1 | add_header Alt-Svc "h3=\":443\"; ma=86400,h3-29=\":443\"; ma=86400"; |
可通过编译curl支持http3测试。
编译curl http3 quic支持
发布时间:December 27, 2021 // 分类: // 2 Comments
方法一,使用openssl ngtcp2 nghttp3编译curl支持http3 quic:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | apt install build-essential autoconf libtool pkg-config git clone --depth 1 -b OpenSSL_1_1_1m+quic https://github.com/quictls/opensslcd openssl/./config enable-tls1_3 --prefix=/usr/local/openssl make && make installcd ../git clone https://github.com/ngtcp2/nghttp3cd nghttp3/autoreconf -fi./configure --prefix=/usr/local/nghttp3 --enable-lib-onlymake && make installcd ../git clone https://github.com/ngtcp2/ngtcp2cd ngtcp2/autoreconf -fi./configure PKG_CONFIG_PATH=/usr/local/openssl/lib/pkgconfig:/usr/local/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/usr/local/openssl/lib" --prefix=/usr/local/ngtcp2 --enable-lib-only make && make installcd ../wget https://github.com/curl/curl/releases/download/curl-7_80_0/curl-7.80.0.tar.gztar zxf curl-7.80.0.tar.gz cd curl-7.80.0/LDFLAGS="-Wl,-rpath,/usr/local/openssl/lib64" ./configure --with-openssl=/usr/local/openssl/ --with-nghttp3=/usr/local/nghttp3 --with-ngtcp2=/usr/local/ngtcp2 --prefix=/usr/local/curlmake && make installLD_LIBRARY_PATH="/usr/local/curl/lib/:/usr/local/openssl/lib/" /usr/local/curl/bin/curl -V |
方法二,通过quiche编译支持http3 quic:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | apt install build-essential cmake pkg-configcurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shsource $HOME/.cargo/envgit clone --recursive https://github.com/cloudflare/quichecd quiche/cargo build --package quiche --release --features ffi,pkg-config-meta,qlogmkdir quiche/deps/boringssl/src/libln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/cd ../wget https://github.com/curl/curl/releases/download/curl-7_80_0/curl-7.80.0.tar.gztar zxf curl-7.80.0.tar.gz cd curl-7.80.0/./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release --prefix=/usr/local/curlmake && make installcp ../quiche/target/release/libquiche.so /usr/local/curl/lib/LD_LIBRARY_PATH="/usr/local/curl/lib/" /usr/local/curl/bin/curl -V |
使用curl测试http3 quic:
1 | LD_LIBRARY_PATH="/usr/local/curl/lib/:/usr/local/openssl/lib/" /usr/local/curl/bin/curl --http3 https://www.haiyun.me -I |
使用中遇到的问题,quiche编译的curl下载一会后断流,openssl编译的curl下载速度很慢。
参考:
https://github.com/curl/curl/blob/master/docs/HTTP3.md
分类
- Apache (13)
- Nginx (45)
- PHP (86)
- IIS (8)
- Mail (17)
- DNS (16)
- Cacti (14)
- Squid (5)
- Nagios (4)
- Puppet (7)
- CentOS (13)
- Iptables (23)
- RADIUS (3)
- OpenWrt (41)
- DD-WRT (1)
- VMware (9)
- 网站程序 (2)
- 备份存储 (11)
- 常用软件 (20)
- 日记分析 (10)
- Linux基础 (18)
- 欧诺代理 (0)
- Linux服务 (18)
- 系统监控 (4)
- 流量监控 (7)
- 虚拟化 (28)
- 伪静态 (2)
- LVM (3)
- Shell (18)
- 高可用 (2)
- 数据库 (16)
- FreeBSD (3)
- 网络安全 (25)
- Windows (35)
- 网络工具 (22)
- 控制面板 (3)
- 系统调优 (10)
- Cisco (3)
- VPN (6)
- ROS (20)
- Vim (14)
- KMS (4)
- PXE (2)
- Mac (1)
- Git (1)
- PE (1)
- LNS (2)
- Xshell (7)
- Firefox (13)
- Cygwin (4)
- OpenSSL (9)
- Sandboxie (3)
- StrokesPlus (1)
- AutoHotKey (4)
- Total Commander (3)
- WordPress (3)
- iMacros (6)
- Typecho (2)
- Ollydbg (1)
- Photoshop (1)
- 正则 (3)
- Debian (3)
- Python (8)
- NoSQL (6)
- 消息队列 (4)
- JS (7)
- Tmux (3)
- GO (7)
- HHVM (2)
- 算法 (1)
- Docker (2)
- PT (15)
- N1 (16)
- K2P (6)
- LUKS (4)
最新文章
- TEWA-1100G光猫使用
- 烽火光猫HG5382A3使用
- 记联通更换移动XG-040G-MD光猫
- smokeping slave同步错误illegal attempt to update using time解决
- 使用valgrind定位解决smartdns内存泄露
- 此内容被密码保护
- debian12下initramfs-tools配置ip子网掩码255.255.255.255/32失败解决
- iPhone查看屏幕供应商
- 光猫拨号ImmortalWrt/OpenWRT路由获取ipv6遇到的问题
- php-fpm错误error_log日志配置
最近回复
- opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
- liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
- 海运: 不好意思,没有。
- zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
- 海运: 恩山有很多。
- swsend: 大佬可以分享一下固件吗,谢谢。
- Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
- 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
- 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
- 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
