merlin系统安装vim后每次执行vim命令都会出现如下错误
E1187: Failed to source defaults.vim
Press ENTER or type command to continue
解决方法
opkg install vim-runtime
merlin中有两个版本的vim,vim是tiny版,vim-full是标准版
安装vim
“`opkg install vim vim-runtime“`
安装vim-full
“`opkg install vim-full vim-runtime“`
vim与vim-full只能安装一个
Views: 18
sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service
方法2:
sed -i_orig "s/data.status === 'Active'/true/g" /usr/share/pve-manager/js/pvemanagerlib.js
sed -i_orig "s/if (res === null || res === undefined || \!res || res/if(/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
sed -i_orig "s/.data.status.toLowerCase() !== 'active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
systemctl restart pveproxy
然手按Ctrl+F5强制刷新浏览器,重新登录
– 使用443端口连接
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
或者
nft add table inet nat
nft add chain inet nat prerouting { type nat hook prerouting priority dstnat\; policy accept\; }
nft add rule inet nat prerouting tcp dport 443 counter redirect to :8006
Views: 68
当局域网内的主机遭受NAT攻击时,主机的网络连接数可能会超过几十万个,从而会严重影响业务的正常运行或出现网络掉线现象。此时,可对指定主机的最大网络连接数进行限制,保证网络资源的有效利用。
nat session limit 2000 per-ip
另外可以考虑在nat中排除所有私有网段,避免内网无效或非法数据泄露到公网及消耗NAT资源。
限制每个IP的最大连接数为2000,同时需要用display nat session all找出攻击源进行隔离
nat攻击的症状表现录下:
– 在内网访问外网卡顿甚至掉线,包括tcp,udp,dns不能正常请求
– ping基本上是正常的
– vpn或其它长连接应用如果不断开的话仍然能正常连接
– 外网访问内网服务器(静态NAT)可能正常连接,但速度会变慢
– 更换路由器及外网线路不能解决问题
– 路由器本身上网正常,不经过NAT的路由转发也正常
– IPv6正常(理论上如此,现网中没有IPv6)
Views: 36
用手册上的原话
NAT Server和静态NAT的区别就是NAT Server对于内网主动访问外网的情况不做端口替换,仅作地址替换。
我的理解是
nat server在内网主机禁止联网或通过其它线路联网时可以提高nat的性能,毕竟nat server不用考虑端口号替换。但是一旦内网主机联网的话不替换端口号肯定是有问题的,端口号就会与别的nat表项(nat outbound)重复。
Views: 131
pipeline {
agent any
stages {
stage("test") {
steps {
script {
println("hello world4")
sh 'env'
}
}
}
}
post {
always {
emailext subject: "{currentBuild.currentResult}: Job -{env.JOB_NAME}#{env.BUILD_NUMBER}",
body: """<p>{currentBuild.currentResult}: {env.JOB_NAME}#{env.BUILD_NUMBER}</p><p>Check console output at
<a href='{env.BUILD_URL}'>{env.JOB_NAME}#${env.BUILD_NUMBER}</a>
</p>""",
recipientProviders: [developers(), requestor()]
}
}
}
Views: 33
我的邮件是ali的企业邮箱
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "git@hetao.me"
gitlab_rails['smtp_password'] = "password"
gitlab_rails['smtp_domain'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'tao@hetao.me'
Views: 46
timedatectl set-timezone Asia/Shanghai
sed 'aPermitRootLogin yes' /etc/ssh/sshd_config
sed 's/\/\/.*\//\/\/mirrors.hetao.me\//g' /etc/apt/sources.list
apt-get install vim curl language-pack-zh-han*
apt install(check-language-support)
cat >> /etc/environment << EOF
LANG="zh_CN.UTF-8"
LANGUAGE="zh_CN:zh"
LC_NUMERIC="zh_CN"
LC_TIME="zh_CN"
LC_MONETARY="zh_CN"
LC_PAPER="zh_CN"
LC_NAME="zh_CN"
LC_ADDRESS="zh_CN"
LC_TELEPHONE="zh_CN"
LC_MEASUREMENT="zh_CN"
LC_IDENTIFICATION="zh_CN"
LC_ALL="zh_CN.UTF-8"
JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8"
PYTHONIOENCODING="UTF8"
EOF
cat > /etc/default/locale << EOF
LANG="zh_CN.UTF-8"
LANGUAGE="zh_CN:zh"
LC_NUMERIC="zh_CN"
LC_TIME="zh_CN"
LC_MONETARY="zh_CN"
LC_PAPER="zh_CN"
LC_NAME="zh_CN"
LC_ADDRESS="zh_CN"
LC_TELEPHONE="zh_CN"
LC_MEASUREMENT="zh_CN"
LC_IDENTIFICATION="zh_CN"
LC_ALL="zh_CN.UTF-8"
EOF
systemctl restart sshd
Views: 58
其实这个错误就是路由指向了wireguard接口但是AllowedIPs中并没有配置对应的网段,AllowedIPs配置正确就好了
Views: 90
用我自己的仓库
pip config set global.index-url https://mirrors.hetao.me/pypi/simple
pip config set global.trusted-host mirrors.hetao.me
环境变量
export PIP_INDEX_URL=https://mirrors.hetao.me/pypi/simple
export PIP_TRUSTED_HOST=mirrors.hetao.me
pip环境变量参考:
https://pip.pypa.io/en/stable/topics/configuration/#environment-variables
Views: 14
#/bin/sh
export HTTPS_PROXY=172.29.0.24:3128
data_dir=/jffs/configs
python3 -m genpac --format=dnsmasq --user-rule-from={data_dir}/user-rule.txt -o{data_dir}/gfwlist.conf --dnsmasq-dns="172.29.0.1#5354"
export HTTPS_PROXY=
需要在172.29.0.1(镜外主机)上部署一个dns服务器,并且禁用ipv6解析(因为vpn设备ipv6比较麻烦)
– 部署dns服务器
编写/etc/coredns/Corefile文件
.:5354 {
errors
log
template IN AAAA .
forward . 127.0.0.1
}
启动dns
/usr/local/bin/coredns -conf=/etc/coredns/Corefile
– 配置dnsmasq
/jfss/configs/dnsmasq.conf.add中添加一行
“`conf-file=/jffs/configs/gfwlist.conf“`
service restart_dnsmasq
– 配置iptables
ipset create GFWLIST hash:ip
iptables -t mangle -A PREROUTING -m set –match-set GFWLIST dst -j MARK –set-mark 100
iptables -t mangle -A OUTPUT -m set –match-set GFWLIST dst -j MARK –set-mark 100
– 配置wireguard路由
在/jffs/scripts/wgclient-start中添加以下内容
#!/bin/sh
dev_name=wgc{1}
ip route add default devdev_name table 1
ip route add 10.12.0.1/32 dev dev_name
ip route add 172.29.0.0/24 devdev_name
ip rule add fwmark 100 table 1
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $i
done
fi
以上完。
关于wireguard部分后面有空再说
Views: 148