分类: Linux

VPS配置不可描述服务

准备工作

  • 一台域外VPS
  • 一个域名
  • 将域名解析到VPS的IP上。

1. 开启bbr优化

wget -N --no-check-certificate "https://github.000060000.xyz/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

""

先输入11,启用bbr+fq加速,然后输入22,应用优化方案,之后需要重启VPS。

2. 安装xray

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

3. 安装acme脚本

curl https://get.acme.sh | bash

4. 创建Geo脚本

vi /usr/local/bin/xray-geo

#!/bin/bash
rm -fr /usr/local/share/xray/geo*.dat
wget -O /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
wget -O /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
echo 'Geo Files have been updated'

systemctl restart xray
echo 'Xray service restarted'

给予可执行权限

chmod +x /usr/local/bin/xray-geo

5. 申请SSL证书及安装证书

申请证书

/root/.acme.sh/acme.sh --issue -d www.example.com --standalone

安装证书

/root/.acme.sh/acme.sh --install-cert -d www.example.com --fullchain-file /usr/local/etc/xray/example.cer --key-file /usr/local/etc/xray/example.key

chown nobody.root /usr/local/etc/xray/example.*

为了便于未来自动更新证书,可以创建如下脚本,放入crontab自动执行。

vi /usr/local/bin/xray-renew

文件内容:

#!/bin/bash
/root/.acme.sh/acme.sh --install-cert -d www.exmaple.com --fullchain-file /usr/local/etc/xray/example.cer --key-file /usr/local/etc/xray/example.key
echo "Xray Certificates Renewed"

chown nobody.root /usr/local/etc/xray/example.*

echo "User&Group Changed for Xray"

systemctl restart xray
echo "Xray Restarted"

授予可执行权限

chmod +x /usr/local/bin/xray-renew

增加计划任务

crontab -e

在文件中增加如下内容,意思是每个星期五的凌晨2点执行一次 xray-renew 脚本。

0 2 * * 5 bash /usr/local/bin/xray-renew

可看下图

""

6. 生成UUID,修改配置文件

在命令提示符下输入下面的命令,就会返回一个新生成的UUID,将这个UUID保存一下。

root@nerd:~# xray uuid
f47cdd50-7468-4758-afb8-1fd3a4887a49

在下面的xray配置文件中,修改所有的uuid为上面生成的UUID。

{
    // 1_日志设置
    "log": {
        "loglevel": "warning",
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log"
    },
    // 2_路由设置(白名单)
    "routing": {
        "rules": [
            {
              "type": "field",
              "outboundTag": "Reject",
              "domain": [
                "geosite:category-ads-all"
              ]
            },
            {
              "type": "field",
              "outboundTag": "Direct",
              "domain": [
                "geosite:private",
                "geosite:apple-cn",
                "geosite:google-cn",
                "geosite:tld-cn",
                "geosite:category-games@cn"
              ]
            },
            {
              "type": "field",
              "outboundTag": "Proxy",
              "domain": [
                "geosite:geolocation-!cn"
              ]
            },
            {
              "type": "field",
              "outboundTag": "Direct",
              "domain": [
                "geosite:cn"
              ]
            },
            {
             "type": "field",
             "outboundTag": "Proxy",
             "network": "tcp,udp"
            }
        ]
    },
    // 3_DNS设置
    "dns": {
        "hosts": {
          "dns.google": "8.8.4.4",
          "doh.pub": "119.29.29.29"
        },
        "servers": [
          "https://dns.google/dns-query",
        {
          "address": "https+local://223.5.5.5/dns-query",
          "domains": [
            "geosite:cn",
            "geosite:icloud",
            "geosite:category-games@cn"
          ],
          "expectIPs": [
            "geoip:cn"
          ]
        },
        {
          "address": "https://1.1.1.1/dns-query",
          "domains": [
            "geosite:geolocation-!cn"
          ]
        }
      ]
    },
    // 4_入站设置
    "inbounds": [
        {
            "port": 8443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "flow": "xtls-rprx-direct",
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 1310, // 默认回落到 Xray 的 Trojan 协议
                        "xver": 1
                    },
                    {
                        "path": "/ws1169", // 必须换成自定义的 PATH
                        "dest": 1234,
                        "xver": 1
                    },
                    {
                        "path": "/vst1170", // 必须换成自定义的 PATH
                        "dest": 2345,
                        "xver": 1
                    },
                    {
                        "path": "/vmw1171", // 必须换成自定义的 PATH
                        "dest": 3456,
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/usr/local/etc/xray/example.cer", //SSL证书
                            "keyFile": "/usr/local/etc/xray/example.key" //ssl密钥
                        }
                    ]
                }
            }
        },
        {
            "port": 1310,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "mima", // 填写你的密码
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 80 // 或者回落到其它也防探测的代理
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        },
        {
            "port": 1234,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/ws1169" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        },
        {
            "port": 2345,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true,
                    "header": {
                        "type": "http",
                        "request": {
                            "path": [
                                "/vst1170" // 必须换成自定义的 PATH,需要和分流的一致
                            ]
                        }
                    }
                }
            }
        },
        {
            "port": 3456,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/vmw1171" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        }
    ],
    // 5_出站设置
    "outbounds": [
        // 5.1 第一个出站是默认规则,freedom就是对外直连(vps已经是外网,所以直连)
        {
            "tag": "direct",
            "protocol": "freedom"
        },
        // 5.2 屏蔽规则,blackhole协议就是把流量导入到黑洞里(屏蔽)
        {
            "tag": "block",
            "protocol": "blackhole"
        }
    ]
}

建议copy出来,粘贴到notepad等文本编辑器中修改,修改好后,复制全文,粘贴到xray的/usr/local/etc/xray/config.json文件中,或者,另存为config.json并上传到/usr/local/etc/xray目录中。

7. 更新资源文件并重启

xray-geo

8. 检查服务是否在监听中

ss -lptun

查看监听端口

""

great! 服务已经启动了。现在可以在你本地的openwrt或者客户端中配置并使用了,客户端的配置我就不赘述了。

《全文完》

部署WordPress+PostgreSQL

想起来PostgreSQL这么优秀的开源数据库,难道Wordpress不支持吗?于是乎一番搜索,发现Wordpress原生是不支持PostgreSQL的,只能通过插件的形式更换数据库,这个插件名叫PG4WP

准备工作

首先,备份数据库,并且,导出XML文件,XML文件是用来在新安装的wordpress中导入的,因为mysql导出的SQL,无法直接用到PostgreSQL的。

导出完成后,reinstall操作系统吧,装好后,可以使用oneinstack之类的脚本,或者,自己安装PostgreSQL,php,nginx这些,还比脚本之类的快一点,效率为上,直接手工apt安装即可。

域名提前做好解析。

1. 安装必需的库

apt install curl wget gnupg2 ca-certificates lsb-release socat git

2. 安装PostgreSQL

# 引入postgreSQL官方源
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

# 导入密钥签名:
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -

# 更新软件包库:
apt-get update

# 安装PostgreSQL.
# 如果要安装特定版本,那就用'postgresql-12' 或者 'postgresql':
apt-get -y install postgresql

3. 修改PostgreSQL本地认证

vi /etc/postgresql/12/main/pg_hba.conf

//对于local的认证修改为md5

local   all             all                                     md5

4. 启动数据库

systemctl enable postgresql
systemctl start postgresql

5.安装php

apt install php7.3 php7.3-curl php7.3-fpm php7.3-gd php7.3-json php7.3-mbstring 
php7.3-mysql php7.3-opcache php7.3-pgsql php7.3-xml php7.3-xmlrpc php7.3-zip

6. 安装nginx

# 添加nginx官方源
echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" 
    | tee /etc/apt/sources.list.d/nginx.list

# 导入源签名密钥
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -

# 更新软件仓库
apt update

# 安装nginx
apt install nginx

7. 安装acme.sh

curl  https://get.acme.sh | sh

8. 生成dhparam文件

mkdir /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

9. 创建普通用户

useradd -m -d /web www
mkdir /web/{wwwroot,wwwlogs}
chown -R www.www /web

10. 修改配置文件

nginx配置文件

user  www www
worker_processes autoworker_cpu_affinity auto
error_log  /var/log/nginx/nginx_error.log  crit
pid        /var/run/nginx.pid
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200
events
    {
        use epoll        worker_connections 51200        multi_accept off        accept_mutex off    }

http
    {
        include       mime.types        default_type  application/octet-stream
        server_names_hash_bucket_size 128        client_header_buffer_size 32k        large_client_header_buffers 4 32k        client_max_body_size 50m
        sendfile on        sendfile_max_chunk 512k        tcp_nopush on
        keepalive_timeout 60
        tcp_nodelay on
        fastcgi_connect_timeout 300        fastcgi_send_timeout 300        fastcgi_read_timeout 300        fastcgi_buffer_size 64k        fastcgi_buffers 4 64k        fastcgi_busy_buffers_size 128k        fastcgi_temp_file_write_size 256k
        gzip on        gzip_min_length  1k        gzip_buffers     4 16k        gzip_http_version 1.1        gzip_comp_level 2        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss        gzip_vary on        gzip_proxied   expired no-cache no-store private auth        gzip_disable   "MSIE [1-6]."
        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off        access_log off
	include /etc/nginx/conf.d/*.conf}

php.conf

vi /etc/nginx/php.conf

location ~ [^/].php(/|$)
        {
            fastcgi_pass  unix:/run/php/php7.3-fpm.sock
            fastcgi_index index.php
            include fastcgi_params
            fastcgi_split_path_info ^(.+?.php)(/.*)$
            set $path_info $fastcgi_path_info
            fastcgi_param PATH_INFO       $path_info
            try_files $fastcgi_script_name =404
        }

/etc/nginx/fastcgi_params文件

新增一行在最后一行

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name

php-fpm

编辑/etc/php/7.3/fpm/pool.d/www.conf文件,使用如下配置即可

[www]
listen = /run/php/php7.3-fpm.sock
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = www
listen.group = www
listen.mode = 0666
user = www
group = www
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
pm.max_requests = 1024
pm.process_idle_timeout = 10s
request_terminate_timeout = 100
request_slowlog_timeout = 0
slowlog = /var/log/slow.log

8. 启动nginx,php-fpm

systemctl enable php7.3-fpm
systemctl enable nginx
systemctl restart php7.3-fpm
systemctl restart nginx

9. 签发ssl证书

source .bashrc
acme.sh --issue -d www.mydomain.com --standalone

如无意外,应该会看到签发的证书的具体位置,例如/root/.acme.sh/www.mydomain.com/fullchain.cer/root/.acme.sh/www.mydomain.com/www.mydomain.com.key。但是我们还需要将证书安装到nginx的ssl目录,而不是直接使用上面目录的证书,会有权限问题,再者目录会发生变化。

acme.sh --install-cert -d www.example.com 
--key-file       /etc/nginx/ssl/www.mydomain.com.key 
--fullchain-file /etc/nginx/ssl/fullchain.cer 
--reloadcmd     "service nginx force-reload"

10. 给nginx增加虚拟主机

新建配置文件 vi /etc/nginx/conf.d/mydomain.conf

server
        {
        listen          80
        server_name www.mydomain.com mydomain.com
        return 301 https://www.mydomain.com$request_uri
}

server
        {
        listen 443 ssl http2
        #listen [::]:443 ssl http2;
        server_name     www.mydomain.com mydomain.com
        index index.html index.htm index.php default.html default.htm default.php
        root  /web/wwwroot/www.mydomain.com

    location / {
        try_files $uri $uri/ /index.php?$args
        index  index.php
    }

        ssl_certificate /etc/nginx/ssl/fullchain.cer
        ssl_certificate_key /etc/nginx/ssl/www.mydomain.com.key
        ssl_session_timeout 5m
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
        ssl_prefer_server_ciphers on
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"
        ssl_session_cache builtin:1000 shared:SSL:10m
        ssl_dhparam /etc/nginx/ssl/dhparam.pem

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        location ~ /(wp-content|uploads|wp-includes|images)/.*.php$ { deny all }

        include php.conf

        location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d
        }

        location ~ .*.(js|css)?$
        {
            expires      12h
        }

        location ~ /.well-known {
            allow all
        }

        location ~ /.
        {
            deny all
        }

        access_log  /web/wwwlogs/mydomain.log
}

11. 测试虚拟主机是否工作正常

新建一个phpinfo测试脚本vi /web/wwwroot/www.mydomain.com/t.php

<?php3
    phpinfo
?>

用浏览器打开 http://www.mydomain.com/t.php 验证

  • 是否如我们期待跳转到https
  • 是否能解析php脚本

如无意外,你应该能看到地址栏的小锁子了,并且PHP成功解析。

"file"

12. 为Wordpress创建数据库

su - postgres
psql
postgres=# create database your_database;
postgres=# create user your_user with password ‘your_password’;
postgres=# grant all privileges on database your_database to your_user;
postgres=# q

OK. 至此数据已经成功创建了。现在你就可以试试登录数据库。

psql -U your_user -W
Password:
psql (12.4 (Debian 12.4-1.pgdg100+1))
Type "help" for help.

your_database=>
your_database=> q

13. 下载最新的wordpress版本

cd /web/wwwroot/www.mydomain.com
wget https://wordpress.org/latest.tar.gz -O - | tar -zvx
mv wordpress/* ./
rm -fr wordpress

14. 安装pg4wg插件

cd /web/wwwroot/www.mydomain.com/wp-content
git clone https://github.com/gmercey/PG4WP.git
cp PG4WP/db.php ./db.php

15. 调整目录和文件的权限

因为nginx和php-fpm都是以www用户权限跑的,所以需要将web目录下的文件和目录,调整权限,否则无法安装,更新插件,主题等。

chown -R www.www /web

16.配置wordpress数据库信息

默认会有一份wp-config-sample.php的文件,cp一份作为我们配置的起点。

vi wp-config-sample.php wp-config.php

修改如下内容:

/** The name of the database for WordPress */
define('DB_NAME', 'your PostgreSQL database name will go here'
/** MySQL database username */
define('DB_USER', 'your PostgreSQL database username will go here'
/** MySQL database password */
define('DB_PASSWORD', 'your PostgreSQL database password will go here'
/** MySQL hostname */
define('DB_HOST', 'localhost'

17. 安装wordpress

用浏览器打开https://www.mydomain.com/wp-admin/install.php启动wordpress安装程序。

需要注意一下,一定要安装php-mysql 这个扩展,如果不装,wordpress安装开始就报错了。

18. 导入xml

安装完成后,就开始导入吧!

全文结束

CentOS 7 配置 OpenVPN

使用环境:

  • openvpn服务端安装在centos7系统平台上;
  • openvpn客户端安装在windows平台上;

先决条件

安装软件

# yum install openvpn easy-rsa

准备相关目录和配置文件

复制easy-rsa的文件:easyrsaopenssl-easyrsa.cnfx509-types/etc/openvpn/easy-rsa

# mkdir -p /etc/openvpn/easy-rsa
# cp /usr/share/doc/easy-rsa-3.0.6/vars.example /etc/openvpn/easy-rsa/vars
# cp -r /usr/share/easy-rsa/3.0.6/* /etc/openvpn/easy-rsa/

复制服务端配置文件到/etc/openvpn目录

# cp /usr/share/doc/openvpn-2.4.5/sample/sample-config-files/server.conf /etc/openvpn/

编辑vars文件:

set_var EASYRSA_REQ_COUNTRY "CN"
set_var EASYRSA_REQ_PROVINCE "Beijing"
set_var EASYRSA_REQ_CITY "Beijing"
set_var EASYRSA_REQ_ORG "OpenVPN CA"
set_var EASYRSA_REQ_EMAIL "mail@example.com"
set_var EASYRSA_REQ_OU  "example VPN"

创建服务器端证书和key

目录初始化

# cd /etc/openvpn/easy-rsa/
# ./easyrsa init-pki

创建CA根证书

# ./easyrsa build-ca
Enter PEM pass phrase: //输入2次pem密码,并记住(输入的pem密码是openvpn,后面会用到)
........
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: //输入CA名称

回车后显示:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/easy-rsa/pki/ca.crt

创建服务器端证书

# ./easyrsa gen-req server nopass
Common Name (eg: your user, host, or server name) [server]: //输入服务器名,这里输入node2

输入回车后显示:

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/pki/reqs/server.req
key: /etc/openvpn/easy-rsa/pki/private/server.key

签署服务器端证书:

# ./easyrsa sign server server

回车后

Confirm request details: (输入yes)
Enter pass phrase for /etc/openvpn/easy-rsa/pki/private/ca.key: (输入之前CA根证书的pem密码是openvpn)

回车后显示:

Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'node2'
Certificate is to be certified until Apr 4 16:04:29 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /etc/openvpn/easy-rsa/pki/issued/server.crt

创建Diffie-Hellman

# ./easyrsa gen-dh

回车后,等的时间稍微长一点,最后显示:

DH parameters of size 2048 created at /etc/openvpn/easy-rsa/pki/dh.pem

生成ta密钥文件

# openvpn --genkey --secret /etc/openvpn/easy-rsa/ta.key

若没有ta.key文件,会报如下错误信息:

Sat Apr 7 12:53:37 2018 WARNING: cannot stat file 'ta.key': No such file or directory (errno=2)
Options error: --tls-auth fails with 'ta.key': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.

创建客户端证书及key :

生成客户端证书

# ./easyrsa gen-req client

回车后显示

Enter PEM pass phrase: //输入密码,密码是之后客户端连接服务器要用的(输入的是vpnclient)
Common Name (eg: your user, host, or server name) [client]: //输入的是client,后面会用到

回车后显示:

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/pki/reqs/client.req
key: /etc/openvpn/easy-rsa/pki/private/client.key

签署客户端证书

# ./easyrsa sign client client

回车后,输入yes

Enter pass phrase for /etc/openvpn/easy-rsa/pki/private/ca.key: (输入的是openvpn)

注意:
这里生成client所以第一个client位置必须为client,第二个参数client要与之前导入名字一致,导入的时候会要求输入密码,这个密码是第一次设置的根证书的密码,不要输错;因为openvpn是一个客户端对应一组证书密钥文件的;

回车后显示:

Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'client'
Certificate is to be certified until Apr 4 16:38:37 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /etc/openvpn/easy-rsa/pki/issued/client.crt

配置服务端

拷贝服务器端所需文件到各自位置:

# cp pki/ca.crt /etc/openvpn/
# cp pki/private/server.key /etc/openvpn/
# cp pki/issued/server.crt /etc/openvpn/
# cp pki/dh.pem /etc/openvpn/
# cp /etc/openvpn/easy-rsa/ta.key /etc/openvpn/

修改vpn配置文件:

# egrep -v "^$|^#|^;" /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

启动openvpn服务器:

# openvpn /etc/openvpn/server.conf &

启动成功后显示:

Sat Apr 7 13:00:23 2018 OpenVPN 2.4.5 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
Sat Apr 7 13:00:23 2018 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Sat Apr 7 13:00:23 2018 Diffie-Hellman initialized with 2048 bit key
Sat Apr 7 13:00:23 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 7 13:00:23 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 7 13:00:23 2018 ROUTE_GATEWAY 192.168.255.1/255.255.255.0 IFACE=eno16777736 HWADDR=00:0c:29:ef:e4:a7
Sat Apr 7 13:00:23 2018 TUN/TAP device tun0 opened
Sat Apr 7 13:00:23 2018 TUN/TAP TX queue length set to 100
Sat Apr 7 13:00:23 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Apr 7 13:00:23 2018 /sbin/ip link set dev tun0 up mtu 1500
Sat Apr 7 13:00:23 2018 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Apr 7 13:00:23 2018 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sat Apr 7 13:00:24 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Apr 7 13:00:24 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Apr 7 13:00:24 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Apr 7 13:00:24 2018 UDPv4 link remote: [AF_UNSPEC]
Sat Apr 7 13:00:24 2018 MULTI: multi_init called, r=256 v=256
Sat Apr 7 13:00:24 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Apr 7 13:00:24 2018 IFCONFIG POOL LIST
Sat Apr 7 13:00:24 2018 Initialization Sequence Completed

或使用systemctl启动:

systemctl -f enable openvpn@server.service
#设置启动文件
systemctl start openvpn@server.service

配置客户端

拷贝客户端所需文件到本地windows电脑

# cp pki/ca.crt /root/client/
# cp pki/issued/client.crt /root/client/
# cp /root/client/pki/private/client.key /root/client/
# cp /etc/openvpn/easy-rsa/ta.key /root/client/
# cp /usr/share/doc/openvpn-2.4.7/sample/sample-config-files/client.conf /root/client/client.ovpn

从centos7上把ca.crt、client.crt、client.key、ta.key、client.conf并改名为client.ovpn五个文件,放在安装目录下的config目录里即可

client.ovpn配置文件内容:

client
dev tun
proto tcp-client

remote 192.168.268.12 1194

resolv-retry infinite
nobind

;user nobody
;group nobody

;route 192.168.0.0 255.255.252.0

persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
auth-nocache
verb 4

openvpn客户端登录:
VPN连接过程中,会提示输入密码,输入前文生成客户端证书时,填写的密码,即vpnclient。

安装及配置OLAINDEX

OLAINDEX是一款 OneDrive 目录文件索引应用,基于优雅的 PHP 框架 Laravel5.8 搭建,并通过 Microsoft Graph 接口获取数据展示,支持多类型帐号登录,多种主题显示,简单而强大。

功能:

  • OneDrive 目录查看索引分页查看;
  • 支持代码、图片、文本文件即时预览、图片列表栏展示;
  • 支持音视频播放(兼容大部分格式),视频播放采用 Dplayer.js,音乐播放采用 Aplayer;
  • 支持自定义创建文件夹、文件夹加密、文件/文件夹删除、文件/文件夹的复制与移动;
  • 支持文件搜索、文件上传、文件直链分享与删除、文件直链一键下载;
  • 支持管理 readme/head 说明文件;
  • 支持图床;
  • 支持命令行操作;
  • 支持文件离线下载(个人版);
  • 后台基本显示管理,多主题管理,文件预览管理等等(清理缓存后及时生效);
  • 支持世纪互联;

  • 支持多种缓存系统(Redis、Memcached等);
    继续阅读安装及配置OLAINDEX

原生安卓解决感叹号

目前互联网上已经有了很多 Captive Portal Server ,如果你已经在使用一个稳定的,那么你是没有必要更改的。我们提供的这个地址只是希望能够让大家可以有多一种选择而已。

captive.v2ex.co

你可以使用 adb1 命令行工具这样设置:

adb shell "settings put global captive_portal_server captive.v2ex.co"

如果使用的是 OS X ,那么你可以通过 Homebrew 获取 adb :

brew install android-platform-tools

继续阅读原生安卓解决感叹号

Ubuntu/linuxmint远程桌面windows

Ubuntu/linuxmint远程桌面windows

办公室的电脑使用windows 10,有时候需要从家里的LinuxMint访问办公室的电脑,我百度了一下,发现很多人都是推荐rdesktop这个工具,但是这个工具是从命令行运行的,不是很喜欢,我想要带gui界面的,于是又搜索了一下Google,发现有人推荐Remmina

这个工具很不错,支持多种协议,只要有合适的插件,就能各种远程,例如VNC,SSH等等。
继续阅读Ubuntu/linuxmint远程桌面windows

安装 Google BBR 加速VPS网络

在使用Google BBR之前,我们首先要了解它是什么。了解计算机网络的人都知道,在TCP连接中,由于需要维持连接的可靠性,引入了拥塞控制和流量管理的方法。Google BBR就是谷歌公司提出的一个开源TCP拥塞控制的算法。

由于Google BBR非常新,任何低于4.9的linux内核版本都需要升级到4.9及以上才能使用,故若VPS本身内核版本较低的话,只有KVM架构的VPS才能使用本教程升级内核并使用,openvz的VPS用户若内核版本较低则无法使用!
继续阅读安装 Google BBR 加速VPS网络