海运的博客

此内容被密码保护

发布时间:February 19, 2020 // 分类: // No Comments

请输入密码访问

go get/build和git clone使用socks5

发布时间:February 19, 2020 // 分类: // No Comments

go:

export http_proxy=socks5://127.0.0.1:7070
go get ...

git:

git config --global http.proxy socks5://127.0.0.1:7070

https://blog.csdn.net/idwtwt/article/details/84842361

ubuntu编译安装bitwarden_rs和web-vault

发布时间:February 17, 2020 // 分类: // 7 Comments

安装rust环境:

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

编译安装bitwarden_rs:

git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/

交叉编译arm64/aarch64版本bitwarden_rs:

#wget https://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
#tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz 
#export PATH=$PATH:`pwd`/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
apt install gcc-aarch64-linux-gnu
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
mkdir .cargo
rustup target install aarch64-unknown-linux-gnu
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml 
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"

编译安装web-vault,内存需4G以上,不然可能会出错。已编译版本:https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.18.2
#2.18版本先执行再patch
npm run sub:init
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.18.1.patch
git apply v2.18.1.patch
npm install
npm run dist
#新版本
npm run dist:oss:selfhost
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

也可使用docker build:

apt install docker.io
git clone https://github.com/dani-garcia/bw_web_builds.git
cd bw_web_builds/
git checkout v2022.10.2
make docker-extract

如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动:

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

systemd:

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

添加运行用户:

useradd -r bitwarden  -s /usr/sbin/nologin

/etc/bitwarden/config.env文件:

WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
DOMAIN="https://www.haiyun.me"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"

nginx配置:

server {
  listen       0.0.0.0:443 ssl http2;
  server_name www.haiyun.me;

  ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
  ssl_protocols      TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
  ssl_prefer_server_ciphers   off; 

  ssl_early_data on;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;

  root   /var/www/html;
  index  index.html index.htm;

  location / {
    proxy_redirect off;
    #proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  access_log /run/log/nginx/www.haiyun.me.log ssl;
  error_log  /run/log/nginx/www.haiyun.me_error.log;
}

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

ubuntu linux vps通过ipxe网络引导alpine dd备份/恢复vps系统

发布时间:February 8, 2020 // 分类: // No Comments

alpine从硬盘grub引导到内存中运行,重启后会破坏原硬盘分区,使用alpine官方推荐的使用ipxe netboot。
生成ipxe grub引导脚本,ssh_key为后续ssh登录目标系统操作的机器ssh public key,grub引导的ipxe lkrn可自行编译

#!/bin/bash
#set -x
network=static
dns=8.8.8.8
ssh_key="ssh_key=https://www.haiyun.me/id_rsa.pub"
mirror="http://mirrors.aliyun.com/alpine/v3.11"
ipxe_file="https://www.haiyun.me/ipxe.lkrn"

valid_ip() {
  [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
  state=$?
  return $state 
}
cidr2mask() {
    value=$(( 0xffffffff ^ ((1 << (32 - $1)) - 1) ))
    echo "$(( ($value >> 24) & 0xff )).$(( ($value >> 16) & 0xff )).$(( ($value >> 8) & 0xff )).$(( $value & 0xff ))"
}
which wget &> /dev/null && which ip &> /dev/null || {
  echo '请先安装wget和ip'
  exit
}
alpine_addr="ip=dhcp"
if [ "$network" == 'static' ]; then
  address=$(ip -o -f inet addr show | awk '/scope global/ {print $4}' | head -n 1)
  addr=$(echo $address | awk -F'/' '{print $1}')
  cidr=$(echo $address | awk -F'/' '{print $2}')
  gw=$(ip rou | awk '/default via/ {print $3}')
  mask=$(cidr2mask $cidr)
  alpine_addr="ip=${addr}::${gw}:${mask}::::${dns}:"
  echo 'ip:' $addr
  echo 'route:' $gw
  echo 'netmask:' $mask
  valid_ip "$addr" && valid_ip "$mask" && valid_ip "$gw" || {
    echo '获取网络信息失败'
    exit
  }
  read -r -p "以上IP信息是否正确? [Y/n] " input
  if [[ $input != "y" && $input != "Y" ]]; then
    echo "abort"
    exit
  fi
fi

if [ -f "/etc/redhat-release" ]; then
  grubfile=/boot/grub2/grub.cfg
  grubcmd=grub2-mkconfig
else
  grubfile=/boot/grub/grub.cfg
  grubcmd=grub-mkconfig
fi
#root=`grep "set root" $grubfile|sed -e 's/^[ \t]*//'|head -n 1`
root=$(grep 'set root' $grubfile | sed -e 's/^[ \t]*//' | sort | uniq -c | head -n 1 | awk '{print $2,$3}')
if mount | grep -q /boot; then
  dir=/
else
  dir=/boot/
fi
vmlinuzfile=${dir}ipxe.lkrn
initrdfile=${dir}ipxe.initrd
wget -q $ipxe_file -O /boot/ipxe.lkrn
cat > /boot/ipxe.initrd << EOF
#!ipxe
imgfree
set net0/ip ${addr}
set net0/netmask ${mask}
set net0/gateway ${gw}
set dns ${dns}
ifopen net0

:boot
kernel ${mirror}/releases/x86_64/netboot/vmlinuz-virt ${alpine_addr} modules=loop,squashfs quiet nomodeset alpine_repo=${mirror}/main/ modloop=${mirror}/releases/x86_64/netboot/modloop-virt console=tty0 ${ssh_key} || goto boot
initrd ${mirror}/releases/x86_64/netboot/initramfs-virt || goto boot

boot || shell
EOF

[[ -f /boot/ipxe.lkrn ]] && [[ -f /boot/ipxe.initrd ]] || {
  echo '引导文件不存在'
  exit
}

cat > /etc/grub.d/40_custom << EOF
#!/bin/sh
exec tail -n +3 \$0
menuentry 'netinstall' {
$root
linux16 $vmlinuzfile
initrd16 $initrdfile
}
EOF
sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="netinstall"/' /etc/default/grub
$grubcmd -o $grubfile
cat /etc/grub.d/40_custom

ssh登录到alpine系统,dd备份的系统镜像保存到sshfs挂载远程服务器上,也可使用nfs。

apk add sshfs
modprobe fuse
sshfs -p 22 www.haiyun.me:/mnt/ /mnt/
dd if=/dev/vda | gzip > /mnt/pr.img
sync
umount /mnt/

恢复备份系统的grub引导:

mount -t ext4 /dev/vda1 /mnt/
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

将要dd的目标系统通过以上方法引导至alpine系统并挂载sshfs,然后将之前备份的img dd到目标系统:

gzip -dc /mnt/pr.img |dd of=/dev/vda

如果要dd的目标系统硬盘比备份的系统硬盘大,要进行linux系统分区扩容,如果要扩容的分区下面有swap分区,记住swap的扇区大小和要扩容的分区起始位置,根据总扇区大小计算要扩充的分区扇区大小,将swap分区和扩充的分区删除再新建。

apk add util-linux e2fsprogs-extra
#修改分区扇区大小及位置,方法见上面链接
fdisk /dev/vda
partprobe 
e2fsck -yf /dev/vda1
resize2fs /dev/vda1
#如果有删除并新建swap分区,后面还要修改fstab swap uuid
mkswap /dev/vda2

挂载恢复后硬盘镜像,修改目标系统的IP地址和启动项:

mount -t ext4 /dev/vda1 /mnt/
#如果有更改swap分区,修改fstab uuid
blkid
vim /mnt/etc/fstab 
vim /mnt/etc/network/interfaces
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

此内容被密码保护

发布时间:January 23, 2020 // 分类: // No Comments

请输入密码访问

  1. 1
  2. ...
  3. 22
  4. 23
  5. 24
  6. 25
  7. 26
  8. 27
  9. 28
  10. ...
  11. 195
分类
最新文章
最近回复
  • 海运: 可能版本问题
  • 海运: 如果运营商限制型号
  • 海运: 没有
  • Mruru: 烽火猫切换rootfs的方法有么大佬?
  • nono: 修改光猫型号是做啥子用的
  • 960: root账号默认密码hg2x0 不对哇
  • rer: 感谢分享!~
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
归档