发布时间:February 20, 2020 // 分类: // No Comments
安装7zip:
apt install p7zip-full加密压缩为7zip格式:
7z a -t7z -p123456 -mhe -spf file.7z file/
#-mhe加密文件名
#-spf被压缩目录包含完整的路径加密压缩为zip格式:
7z a -tzip -p123456 -mem=AES256 -spf file.zip file/
#-mem使用aes256加密查看加密压缩文件信息:
7z l -slt file.zip
7z l -slt file.7z解压文件:
7z x -p123456 file.zip
7z x -p123456 file.7z解压到指定目录:
7z x prowinx64legacy.exe -owindows7-x64发布时间:February 19, 2020 // 分类: // No Comments
go:
export http_proxy=socks5://127.0.0.1:7070
go get ...git:
git config --global http.proxy socks5://127.0.0.1:7070发布时间:February 17, 2020 // 分类: // 7 Comments
安装rust环境:
apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env编译安装bitwarden_rs:
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/ 交叉编译arm64/aarch64版本bitwarden_rs:
#wget https://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
#tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
#export PATH=$PATH:`pwd`/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
apt install gcc-aarch64-linux-gnu
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
mkdir .cargo
rustup target install aarch64-unknown-linux-gnu
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"编译安装web-vault,内存需4G以上,不然可能会出错。已编译版本:https://github.com/dani-garcia/bw_web_builds/releases
curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.18.2
#2.18版本先执行再patch
npm run sub:init
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.18.1.patch
git apply v2.18.1.patch
npm install
npm run dist
#新版本
npm run dist:oss:selfhost
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH也可使用docker build:
apt install docker.io
git clone https://github.com/dani-garcia/bw_web_builds.git
cd bw_web_builds/
git checkout v2022.10.2
make docker-extract如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:
sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts启动:
export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rssystemd:
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target
[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null
[Install]
WantedBy=multi-user.target添加运行用户:
useradd -r bitwarden -s /usr/sbin/nologin/etc/bitwarden/config.env文件:
WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
DOMAIN="https://www.haiyun.me"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"nginx配置:
server {
listen 0.0.0.0:443 ssl http2;
server_name www.haiyun.me;
ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
ssl_protocols TLSv1.2 TLSv1.3;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers off;
ssl_early_data on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;
root /var/www/html;
index index.html index.htm;
location / {
proxy_redirect off;
#proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /run/log/nginx/www.haiyun.me.log ssl;
error_log /run/log/nginx/www.haiyun.me_error.log;
}https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/
发布时间:February 8, 2020 // 分类: // No Comments
alpine从硬盘grub引导到内存中运行,重启后会破坏原硬盘分区,使用alpine官方推荐的使用ipxe netboot。
生成ipxe grub引导脚本,ssh_key为后续ssh登录目标系统操作的机器ssh public key,grub引导的ipxe lkrn可自行编译。
#!/bin/bash
#set -x
network=static
dns=8.8.8.8
ssh_key="ssh_key=https://www.haiyun.me/id_rsa.pub"
mirror="http://mirrors.aliyun.com/alpine/v3.11"
ipxe_file="https://www.haiyun.me/ipxe.lkrn"
valid_ip() {
[[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
state=$?
return $state
}
cidr2mask() {
value=$(( 0xffffffff ^ ((1 << (32 - $1)) - 1) ))
echo "$(( ($value >> 24) & 0xff )).$(( ($value >> 16) & 0xff )).$(( ($value >> 8) & 0xff )).$(( $value & 0xff ))"
}
which wget &> /dev/null && which ip &> /dev/null || {
echo '请先安装wget和ip'
exit
}
alpine_addr="ip=dhcp"
if [ "$network" == 'static' ]; then
address=$(ip -o -f inet addr show | awk '/scope global/ {print $4}' | head -n 1)
addr=$(echo $address | awk -F'/' '{print $1}')
cidr=$(echo $address | awk -F'/' '{print $2}')
gw=$(ip rou | awk '/default via/ {print $3}')
mask=$(cidr2mask $cidr)
alpine_addr="ip=${addr}::${gw}:${mask}::::${dns}:"
echo 'ip:' $addr
echo 'route:' $gw
echo 'netmask:' $mask
valid_ip "$addr" && valid_ip "$mask" && valid_ip "$gw" || {
echo '获取网络信息失败'
exit
}
read -r -p "以上IP信息是否正确? [Y/n] " input
if [[ $input != "y" && $input != "Y" ]]; then
echo "abort"
exit
fi
fi
if [ -f "/etc/redhat-release" ]; then
grubfile=/boot/grub2/grub.cfg
grubcmd=grub2-mkconfig
else
grubfile=/boot/grub/grub.cfg
grubcmd=grub-mkconfig
fi
#root=`grep "set root" $grubfile|sed -e 's/^[ \t]*//'|head -n 1`
root=$(grep 'set root' $grubfile | sed -e 's/^[ \t]*//' | sort | uniq -c | head -n 1 | awk '{print $2,$3}')
if mount | grep -q /boot; then
dir=/
else
dir=/boot/
fi
vmlinuzfile=${dir}ipxe.lkrn
initrdfile=${dir}ipxe.initrd
wget -q $ipxe_file -O /boot/ipxe.lkrn
cat > /boot/ipxe.initrd << EOF
#!ipxe
imgfree
set net0/ip ${addr}
set net0/netmask ${mask}
set net0/gateway ${gw}
set dns ${dns}
ifopen net0
:boot
kernel ${mirror}/releases/x86_64/netboot/vmlinuz-virt ${alpine_addr} modules=loop,squashfs quiet nomodeset alpine_repo=${mirror}/main/ modloop=${mirror}/releases/x86_64/netboot/modloop-virt console=tty0 ${ssh_key} || goto boot
initrd ${mirror}/releases/x86_64/netboot/initramfs-virt || goto boot
boot || shell
EOF
[[ -f /boot/ipxe.lkrn ]] && [[ -f /boot/ipxe.initrd ]] || {
echo '引导文件不存在'
exit
}
cat > /etc/grub.d/40_custom << EOF
#!/bin/sh
exec tail -n +3 \$0
menuentry 'netinstall' {
$root
linux16 $vmlinuzfile
initrd16 $initrdfile
}
EOF
sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="netinstall"/' /etc/default/grub
$grubcmd -o $grubfile
cat /etc/grub.d/40_customssh登录到alpine系统,dd备份的系统镜像保存到sshfs挂载远程服务器上,也可使用nfs。
apk add sshfs
modprobe fuse
sshfs -p 22 www.haiyun.me:/mnt/ /mnt/
dd if=/dev/vda | gzip > /mnt/pr.img
sync
umount /mnt/恢复备份系统的grub引导:
mount -t ext4 /dev/vda1 /mnt/
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/将要dd的目标系统通过以上方法引导至alpine系统并挂载sshfs,然后将之前备份的img dd到目标系统:
gzip -dc /mnt/pr.img |dd of=/dev/vda如果要dd的目标系统硬盘比备份的系统硬盘大,要进行linux系统分区扩容,如果要扩容的分区下面有swap分区,记住swap的扇区大小和要扩容的分区起始位置,根据总扇区大小计算要扩充的分区扇区大小,将swap分区和扩充的分区删除再新建。
apk add util-linux e2fsprogs-extra
#修改分区扇区大小及位置,方法见上面链接
fdisk /dev/vda
partprobe
e2fsck -yf /dev/vda1
resize2fs /dev/vda1
#如果有删除并新建swap分区,后面还要修改fstab swap uuid
mkswap /dev/vda2挂载恢复后硬盘镜像,修改目标系统的IP地址和启动项:
mount -t ext4 /dev/vda1 /mnt/
#如果有更改swap分区,修改fstab uuid
blkid
vim /mnt/etc/fstab
vim /mnt/etc/network/interfaces
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/