海运的博客

PHP CURL HTTPS内存泄露

发布时间:February 20, 2018 // 分类: // No Comments

用php curl写个程序采集Https网站长时间运行后内存占用很大,使用memory_get_usage()查看内存不变,用ps或top查看占用内存持续增长,经分析是php curl的问题,禁用php curl ssl校验即可:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

dnspod php api ddns

发布时间:February 18, 2018 // 分类: // No Comments

<?php
ini_set('date.timezone','Asia/Shanghai');
if (isset($_REQUEST['id']) && !empty($_REQUEST['id']) && isset($_REQUEST['ip']) && !empty($_REQUEST['ip'])) {
  $ip = trim($_REQUEST['ip']);
  $name =  trim($_REQUEST['id']);
  $token = "www.haiyun.me";
  if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
    $type = "A";
    echo 'ipv4'.PHP_EOL;
  } elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
    $type = "AAAA";
    echo 'ipv6'.PHP_EOL;
  } else {
    echo "invalid IP address $ip".PHP_EOL;
    exit;
  }
  if (($list = getlist($token))) {
    $key = $name.'-'.$type;
    if (isset($list[$key])) {
      if ($ip == $list[$key]['value']) {
        die("no update needed".PHP_EOL);
      } else {
        $list[$key]['value'] = $ip;
      }
    } else {
      $list[$key]['value'] = $ip;
      $list[$key]['record_type'] = $type;
      $list[$key]['sub_domain'] = $name;
    }
    modip($token, $list[$key]);
  }
  file_put_contents('ip/ip.log', date("Y-m-d-H:i:s").'--'.$name.'--'.$_SERVER['REMOTE_ADDR'].'--'.$ip."\n", FILE_APPEND);
}

function modip($token, $value) {
  if (isset($value['record_id'])) {
    $url = "https://dnsapi.cn/Record.Modify";
  } else {
    $url = "https://dnsapi.cn/Record.Create";
  }
  $str = http_build_query($value);
  $post_data = "login_token={$token}&format=json&domain=haiyun.me&record_line_id=0&".$str;;
  $data = post($url, $post_data);
  $data = json_decode($data, 1);
  if (!$data) {
    return '';
  }
  if ($data['status']['code'] == 1) {
    echo "successful".PHP_EOL;
  } else {
    echo $data['status']['message'].PHP_EOL;
  }
}

function getlist($token) {
  $url = "https://dnsapi.cn/Record.List";
  $post_data = "login_token={$token}&format=json&domain=haiyun.me";
  $data = post($url, $post_data);    
  $data = json_decode($data, 1);  
  if ($data['status']['code'] == 1) {
    foreach ($data["records"] as $value) {
      $list[$value['name'].'-'.$value['type']] = array('sub_domain' => $value['name'], 'record_id' => $value['id'], 'record_type' => $value['type'], 'value' => $value['value']);
    }
    return $list;
  }
  return "";
}

function post($url, $post_data) {
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
  curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0');
  curl_setopt($ch,CURLOPT_POST, 1);
  curl_setopt($ch,CURLOPT_POSTFIELDS, $post_data);
  $data = curl_exec($ch);
  curl_close($ch);
  return $data;
}
?>

shell版本:
https://www.haiyun.me/archives/1305.html

设置windows安装软件或修改系统文件需输入密码

发布时间:February 10, 2018 // 分类: // No Comments

2018-02-10_203805.png

ROS DNAT

发布时间:February 10, 2018 // 分类: // No Comments

/ip firewall nat \
add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out1 \
    protocol=tcp to-addresses=192.168.1.1 to-ports=22
/ip firewall filter \
add action=accept chain=forward dst-address=192.168.1.1 dst-port=22 \
    in-interface=pppoe-out1 protocol=tcp

使用Let's Encrypt签发的免费https证书

发布时间:February 2, 2018 // 分类: // No Comments

安装ssl证书获取工具certbot,安装前先删除request及urllib包,不然可以会出现No module named 'requests.packages.urllib3' 的错误:

pip uninstall requests -y
pip uninstall urllib3 -y
yum remove python-urllib3 -y
yum remove python-requests -y
yum install python-urllib3 -y
yum install python-requests -y
yum install certbot -y

centos8直接下载certbot,运行时会自动安装依赖:

wget https://dl.eff.org/certbot-auto

获取证书,成功后证书文件在 /etc/letsencrypt/live/haiyun.me/目录下

certbot certonly --webroot --email sss@haiyun.me --agree-tos --no-eff-email -w /var/www/www.haiyun.me -d haiyun.me -d www.haiyun.me

配置nginx:

  listen       443 default ssl ;
  server_name www.haiyun.me haiyun.me;
  index index.html index.htm index.php; 
  root  /var/www/www.haiyun.me;
  ssl_certificate /etc/letsencrypt/live/haiyun.me/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/haiyun.me/privkey.pem;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

由于Let's Encrypt的免费证书有效期为3个月,60天可以更新,使用cron定时任务自动更新证书:

00 01 * * * certbot renew --renew-hook "nginx -s reload"

吊销证书:

certbot revoke --cert-path /etc/letsencrypt/live/haiyun.me/cert.pem --key-path /etc/letsencrypt/live/haiyun.me/privkey.pem

迁移服务器备份:

cd /etc/letsencrypt
tar zcf letsencrypt.tar.gz archive live renewal
  1. 1
  2. ...
  3. 49
  4. 50
  5. 51
  6. 52
  7. 53
  8. 54
  9. 55
  10. ...
  11. 195
分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
归档