搜索到
236
篇与
的结果
-
搭建家庭服务器1-ESXi7安装、ALMA9安装、1Panel面板安装 一、安装ESXi7我使用的是联想M710Q I3-6100T 8G 240Gssd的小主机使用Ventoy U盘启动ESXi7的安装镜像修改虚拟内存大小,ESXi7默认使用120G硬盘做虚拟内存,我们改小点,我改成2G引导倒计时按Shift+O出现 cdromBoot runweasel输入autoPartitionOSDataSize=5120代表5G安装系统安装完成将F12将服务器关机,插到家里的路由器上,通过IP连接即可登陆成功二、ALMA9安装下载最小化安装镜像上传到ESXi7中新建系统并安装通过ssh远程登陆更新系统,安装open-vm-tools三、安装1Panel面板安装docker,看我站内文章安装1Panel安装一个uptime完成本期教程先到这里 -
1Panel docker容器版-1分钟部署Stirling-PDF内网在线多功能PDF工具箱 一、介绍 这是一个强大的本地托管的基于 Web 的 PDF 操作工具,使用 docker,允许您对 PDF 文件执行各种操作,例如拆分、合并、转换、重组、添加图像、旋转、压缩等。这个本地托管的 Web 应用程序最初是 100% ChatGPT 制作的应用程序,现已发展到包含广泛的功能来满足您的所有 PDF 需求。Stirling PDF 不会为任何记录保存或跟踪进行呼出。所有文件和 PDF 要么仅存在于客户端,要么仅在任务执行期间驻留在服务器内存中,要么临时驻留在仅用于执行任务的文件中。届时,用户下载的任何文件都将从服务器中删除。二、部署 1、命令一键部署 docker run -d \ -p 8080:8080 \ -v /location/of/trainingData:/usr/share/tesseract-ocr/5/tessdata \ -v /location/of/extraConfigs:/configs \ -v /location/of/logs:/logs \ -e DOCKER_ENABLE_SECURITY=false \ --name stirling-pdf \ frooodle/s-pdf:latest2、1Panel面板部署暴露端口8080挂载卷pdfextraConfigs /configspdflogs /logspdftrainingData /usr/share/tesseract-ocr/5/tessdataCommand'java' '-Dfile.encoding=UTF-8' '-jar' '/app.jar'Entrypoint'/scripts/init.sh'重启规则 一直重启环境变量DOCKER_ENABLE_SECURITY=false PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOME=/home/stirlingpdfuser VERSION_TAG=0.20.1 JAVA_TOOL_OPTIONS= -XX:MaxRAMPercentage=75三、使用 访问容器映射的端口即可右上角选择语言,或着连接中增加语言,如:http://x.x.x.x:8080/?lang=zh_CN四、小结 狠狠的赋能!
-
1Panel docker容器版-1分钟部署wg-easy面板、wireguard可视化管理 一、介绍 1、两个客户端建立加密通道通过wireguard服务器对两个隔离的客户端建立加密通道2、建立VPN通道客户端连接服务端后,通过服务器连接外网3、其他用法二、部署 1、启动依赖的网络模块modprobe ip_tables && modprobe iptable-nat需要开机启动,需要将命令写入rc.local2、命令行启动容器docker run -d \ --name=wg-easy \ -e WG_HOST=YOUR_SERVER_IP \ -e PASSWORD=YOUR_ADMIN_PASSWOR \ -e WG_DEFAULT_ADDRESS=10.0.0.x \ -e WG_DEFAULT_DNS=114.114.114.114 \ -e WG_PERSISTENT_KEEPALIVE=30 \ -e WG_ALLOWED_IPS=10.0.0.0/24 \ -v ~/.wg-easy:/etc/wireguard \ -p 51820:51820/udp \ -p 51821:51821/tcp \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --sysctl="net.ipv4.ip_forward=1" \ --restart=always \ weejewel/wg-easy注释:name=容器名字WG_HOST=服务器IP,一般填写外网IPPASSWORD=wg-easy面板密码WG_DEFAULT_ADDRESS=10.0.0.x 客户端获取IP10.0.0.1-254WG_ALLOWED_IPS=10.0.0.0/24 通过WG访问的网段,如果要全部流量转发WG设置0.0.0.0/0,特定网段逗号间隔 192.168.0.0/24,192.168.1.0/24-v ~/.wg-easy:/etc/wireguard 持久化51820:51820/udp WG工作端口51821:51821/tcp wg-easy面板端口3、使用1Panel面板配置WG映射端口,挂载卷Command'/usr/bin/dumb-init' 'node' 'server.js'Entrypoint'docker-entrypoint.sh'环境变量WG_HOST=172.16.0.2 PASSWORD=passwd@123 WG_DEFAULT_ADDRESS=192.168.123.x WG_DEFAULT_DNS=114.114.114.114 WG_PERSISTENT_KEEPALIVE=30 WG_ALLOWED_IPS=192.168.1.0/24,192.168.2.0/24 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NODE_VERSION=14.18.1 YARN_VERSION=1.22.15 DEBUG=Server,WireGuard启动容器三、使用 1、登陆面板2、创建配置3、客户端导入配置4、连接后,查看IP为服务器IP四、小结 好好好
-
windows单域多站点部署、桥头服务器、DNS就近解析 一、系统架构 二、实验目的 总部在cn,在us成立分公司,部署内部专线,域数据实时同步浪费带宽,改为每15分钟同步一次,cn和us内部人员就近解析DNS。三、实验参数 windows2022系统域 90apt.comcn 172.16.13.0/24dc-cn-1 172.16.13.11 cn域控1 桥头服务器dc-cn-2 172.16.13.12 cn域控2cn-kehu DHCP获取IP cn客户机 自动获取IPus 172.16.14.0/24dc-us-1 172.16.14.11 us域控1 桥头服务器dc-us-2 172.16.14.12 us域控2us-kehu DHCP获取IP us客户机 自动获取IP四、部署过程 1、四台域控安装配置,加域90apt.com全部加域后,所有域控主机均在同一默认站点,互相复制2、创建两个新站点CN和US,将域控分别移动到对应的站点中3、新建子网,将对应子网分配给对应站点4、设置桥头服务器dc-cn-1和dc-us-15、设置跨站点复制时间默认180分钟6、调整复制对象如dc-cn-2为内部服务器,仅与dc-cn-1复制7、查看同步状态repadmin /replsummary五、验证 1、DNS解析顺序cn-kehu查看90apt的解析IPus-kehu查看90apt的解析IP2、AD复制验证1 同站点快速复制cn域控新建一个 "哈哈" 用户,新建用户或改密码等操作会快速复制,cn另一台域控查看用户同时建立2 跨站点定时复制立即在us域控查看,无此用户20分钟后再次刷新查看,"哈哈" 用户出现3 手动复制若要尽快进行跨站点同步,可以手动选择立即复制,注意,域控复制需要时间,数据越多越慢六、小结 好好好
-
-
ESP32-wifi MPython dth11 activeMQ MQTT温湿度采集 嵌入式开发 物联网 边缘计算 一、介绍 本项目采用ESP32开发板,每X秒采集一次DTH11温湿度传感器数据,通过ESP32自带WIFI,经MQTT协议传送给ActiveMQ中间件,便于后续开发和使用。二、材料介绍 ESP32 CP2102 带WIFI 22元DTH11 4元透明防水塑料壳 8元MicroUSB电源线 5元三、ActiveMQ服务器配置 我这里使用docker一键部署ActiveMQ,并将MQTT端口映射到1883端口四、硬件安装 将DTH11的正负连接ESP32的3.3V和GND针脚,数据连接至D13针脚五、代码开发 1、ESP32刷写为MPython开发环境2、新建main.py,此脚本ESP32上电即会自动运行main.py 主程序import random from machine import Pin, SPI import time,machine import dht11,network,mrequests from umqtt.simple import MQTTClient import ujson MQTT_CLIENT_ID = f'python-mqtt-{random.randint(0, 1000)}' MQTT_BROKER = "10.0.10.129" MQTT_USER = "" MQTT_PASSWORD = "" MQTT_TOPIC = "mqtt001" wlan = network.WLAN(network.STA_IF) wlan.active(True) dht = dht11.DHT11(Pin(13)) print("Connecting to MQTT server... ", end="") client = MQTTClient(MQTT_CLIENT_ID, MQTT_BROKER, user=MQTT_USER, password=MQTT_PASSWORD) print("Connected!") while True: if wlan.isconnected() == False: print("connect WiFi") try: wlan.connect('WiFissid','wifipassword') except: print("wifi false") #pass else: dht.measure() try: client.connect() message = ujson.dumps({ "temp": dht.temperature(), "humidity": dht.humidity(), }) #print("Reporting to MQTT topic {}: {}".format(MQTT_TOPIC, message)) client.publish(MQTT_TOPIC, message) print("mqtt push ok") client.disconnect() except: print("mqtt push not ok") #pass time.sleep(3)dth11.py DTH11传感器支持库 # DHT11/DHT22 driver for MicroPython on ESP8266 # MIT license; Copyright (c) 2016 Damien P. George try: from esp import dht_readinto except: from pyb import dht_readinto class DHTBase: def __init__(self, pin): self.pin = pin self.buf = bytearray(5) def measure(self): buf = self.buf dht_readinto(self.pin, buf) if (buf[0] + buf[1] + buf[2] + buf[3]) & 0xff != buf[4]: raise Exception("checksum error") class DHT11(DHTBase): def humidity(self): return self.buf[0] def temperature(self): return self.buf[2] class DHT22(DHTBase): def humidity(self): return (self.buf[0] << 8 | self.buf[1]) * 0.1 def temperature(self): t = ((self.buf[2] & 0x7f) << 8 | self.buf[3]) * 0.1 if self.buf[2] & 0x80: t = -t return t mrequests.py 一个比自带的requests更好用的网络库"""A HTTP client module for MicroPython with an API similar to requests.""" import sys try: import socket except ImportError: import usocket as socket MICROPY = sys.implementation.name == "micropython" MAX_READ_SIZE = 4 * 1024 def encode_basic_auth(user, password): from ubinascii import b2a_base64 auth_encoded = b2a_base64(b"%s:%s" % (user, password)).rstrip(b"\n") return {b"Authorization": b"Basic %s" % auth_encoded} def head(url, **kw): return request("HEAD", url, **kw) def get(url, **kw): return request("GET", url, **kw) def post(url, **kw): return request("POST", url, **kw) def put(url, **kw): return request("PUT", url, **kw) def patch(url, **kw): return request("PATCH", url, **kw) def delete(url, **kw): return request("DELETE", url, **kw) def parse_url(url): port = None host = None # str.partition() would be handy here, # but it's not supported on the esp8266 port delim = url.find("//") if delim >= 0: scheme, loc = url[:delim].rstrip(':'), url[delim+2:] else: loc = url scheme = "" psep = loc.find("/") if psep == -1: if scheme: host = loc path = "/" else: path = loc elif psep == 0: path = loc else: path = loc[psep:] host = loc[:psep] if host: hsep = host.rfind(":") if hsep > 0: port = int(host[hsep + 1 :]) host = host[:hsep] return scheme or None, host, port, path class RequestContext: def __init__(self, url, method=None): self.redirect = False self.method = method or "GET" self.scheme, self.host, self._port, self.path = parse_url(url) if not self.scheme or not self.host: raise ValueError("An absolute URL is required.") @property def port(self): return self._port if self._port is not None else 443 if self.scheme == "https" else 80 @property def url(self): return "%s://%s%s" % ( self.scheme, self.host if self._port is None else ("%s:%s" % (self.host, self.port)), self.path, ) def set_location(self, status, location): if status in (301, 302, 307, 308): self.redirect = True elif status == 303 and self.method != "GET": self.redirect = True if self.redirect: scheme, host, port, path = parse_url(location) if scheme and self.scheme == "https" and scheme != "https": self.redirect = False return if status not in (307, 308) and self.method != "HEAD": self.method = "GET" if scheme: self.scheme = scheme if host: self.host = host self._port = port if path.startswith("/"): self.path = path else: self.path = self.path.rsplit("/", 1)[0] + "/" + path class Response: def __init__(self, sock, sockfile, save_headers=False): self.sock = sock self.sf = sockfile self.encoding = "utf-8" self._cached = None self._chunk_size = 0 self._content_size = 0 self.chunked = False self.status_code = None self.reason = "" self.headers = [] if save_headers else None def read(self, size=MAX_READ_SIZE): if self.chunked: if self._chunk_size == 0: l = self.sf.readline() # print("Chunk line:", l) # ignore chunk extensions l = l.split(b";", 1)[0] self._chunk_size = int(l, 16) # print("Chunk size:", self._chunk_size) if self._chunk_size == 0: # End of message sep = sf.read(2) if sep != b"\r\n": raise ValueError("Expected final chunk separator, read %r instead." % sep) return b"" data = self.sf.read(min(size, self._chunk_size)) self._chunk_size -= len(data) if self._chunk_size == 0: sep = self.sf.read(2) if sep != b"\r\n": raise ValueError("Expected chunk separator, read %r instead." % sep) return data else: if size: return self.sf.read(size) else: return self.sf.read(self._content_size) def save(self, fn, chunk_size=1024): read = 0 with open(fn, "wb") as fp: while True: remain = self._content_size - read if remain <= 0: break chunk = self.read(min(chunk_size, remain)) read += len(chunk) if not chunk: break fp.write(chunk) self.close() def _parse_header(self, data): if data[:18].lower() == b"transfer-encoding:" and b"chunked" in data[18:]: self.chunked = True # print("Chunked response detected.") elif data[:15].lower() == b"content-length:": self._content_size = int(data.split(b":", 1)[1]) # print("Content length: %i" % self._content_size) # overwrite this method, if you want to process/store headers differently def add_header(self, data): self._parse_header(data) if self.headers is not None: self.headers.append(data) def close(self): if not MICROPY: self.sf.close() self.sf = None if self.sock: self.sock.close() self.sock = None self._cached = None @property def content(self): if self._cached is None: try: self._cached = self.read(size=None) finally: self.sock.close() self.sock = None return self._cached @property def text(self): return str(self.content, self.encoding) def json(self): import ujson return ujson.loads(self.content) def request( method, url, data=None, json=None, headers={}, auth=None, encoding=None, response_class=Response, save_headers=False, max_redirects=1, timeout=None, ): if auth: headers.update(auth if callable(auth) else encode_basic_auth(auth[0], auth[1])) if json is not None: assert data is None import ujson data = ujson.dumps(json) ctx = RequestContext(url, method) while True: if ctx.scheme not in ("http", "https"): raise ValueError("Protocol scheme %s not supported." % ctx.scheme) ctx.redirect = False # print("Resolving host address...") ai = socket.getaddrinfo(ctx.host, ctx.port, 0, socket.SOCK_STREAM) ai = ai[0] # print("Creating socket...") sock = socket.socket(ai[0], ai[1], ai[2]) sock.settimeout(timeout) try: # print("Connecting to %s:%i..." % (ctx.host, ctx.port)) sock.connect(ai[-1]) if ctx.scheme == "https": try: import ssl except ImportError: import ussl as ssl # print("Wrapping socket with SSL") create_ctx = getattr(ssl, 'create_default_context', None) if create_ctx: sock = create_ctx().wrap_socket(sock, server_hostname=ctx.host) else: sock = ssl.wrap_socket(sock, server_hostname=ctx.host) sf = sock if MICROPY else sock.makefile("rwb") sf.write(b"%s %s HTTP/1.1\r\n" % (ctx.method.encode("ascii"), ctx.path.encode("ascii"))) if not b"Host" in headers: sf.write(b"Host: %s\r\n" % ctx.host.encode()) for k, val in headers.items(): sf.write(k if isinstance(k, bytes) else k.encode('ascii')) sf.write(b": ") sf.write(val if isinstance(val, bytes) else val.encode('ascii')) sf.write(b"\r\n") if data and ctx.method not in ("GET", "HEAD"): if json is not None: sf.write(b"Content-Type: application/json") if encoding: sf.write(b"; charset=%s" % encoding.encode()) sf.write(b"\r\n") sf.write(b"Content-Length: %d\r\n" % len(data)) sf.write(b"Connection: close\r\n\r\n") if data and ctx.method not in ("GET", "HEAD"): sf.write(data if isinstance(data, bytes) else data.encode(encoding or "utf-8")) if not MICROPY: sf.flush() resp = response_class(sock, sf, save_headers=save_headers) l = b"" i = 0 while True: l += sf.read(1) i += 1 if l.endswith(b"\r\n") or i > MAX_READ_SIZE: break # print("Response: %s" % l.decode("ascii")) l = l.split(None, 2) resp.status_code = int(l[1]) if len(l) > 2: resp.reason = l[2].rstrip() while True: l = sf.readline() if not l or l == b"\r\n": break if l.startswith(b"Location:"): ctx.set_location(resp.status_code, l[9:].strip().decode("ascii")) # print("Header: %r" % l) resp.add_header(l) except OSError: sock.close() raise if ctx.redirect: # print("Redirect to: %s" % ctx.url) sock.close() max_redirects -= 1 if max_redirects < 0: raise ValueError("Maximum redirection count exceeded.") else: break return resp 六、运行程序 上电直接运行,注意,代码可以去掉终端输出的print,防止ESP32内存溢出七、监测程序 登录ActiveMQ查看mqttserver.py 在任意电脑上订阅数据# python3.6 import random import time from paho.mqtt import client as mqtt_client broker = '10.0.10.129' port = 1883 topic = "mqtt001" # generate client ID with pub prefix randomly client_id = f'python-mqtt-{random.randint(0, 100)}' def connect_mqtt() -> mqtt_client: def on_connect(client, userdata, flags, rc): if rc == 0: print("Connected to MQTT Broker!") else: print("Failed to connect, return code %d\n", rc) client = mqtt_client.Client(client_id) client.on_connect = on_connect client.connect(broker, port) return client def subscribe(client: mqtt_client): def on_message(client, userdata, msg): print(f"Received `{msg.payload.decode()}` from `{msg.topic}` topic "+time.asctime()) client.subscribe(topic) client.on_message = on_message def run(): client = connect_mqtt() subscribe(client) client.loop_forever() if __name__ == '__main__': run()八、小结 ESP32 MPython太强大了!
-
1Panel docker容器版-1分钟部署Self Service Password域账号自助服务台 过往安装版教程https://90apt.com/3907{lamp/}注意:1、docker版主要目的是快速部署连接域控实现域账号改密,太详细的配置请查看过往安装版。2、本教程使用1Panel安装更简单一、前提条件 按过往安装版教程为域控服务器开启AD域证书服务,但不需要导出证书,Self Service Password这边我们会配置忽略证书二、快速部署 1、新建存储卷self-service-password 存放Self Service Password配置文件self-service-password-ldap 存放openldap配置文件2、拉取镜像ltbproject/self-service-password:latest 3、创建容器名称、镜像暴露端口:我把主机的12345映射到容器的80端口网络:桥接网卡即可,1panel-network也是桥接网卡挂载卷:self-service-password 挂载容器 /var/www/conf/ 目录self-service-password-ldap 挂载容器 /etc/ldap/ 目录创建即可4、容器运行点击端口12345可跳转Self Service Password首页三、对接域控 修改挂载卷文件self-service-password卷 config.inc.php文件连接域控关键配置# LDAP $ldap_url = "ldaps://10.0.0.2:636"; //域IP地址,必须是LDAPS协议 $ldap_starttls = false; $ldap_binddn = "CN=admin,CN=Users,DC=test,DC=com"; //域控管理员账号 $ldap_bindpw = 'adminpaword'; //密码 // for GSSAPI authentication, comment out ldap_bind* and uncomment ldap_krb5ccname lines //$ldap_krb5ccname = "/path/to/krb5cc"; $ldap_base = "dc=test,dc=com"; $ldap_login_attribute = "sAMAccountName"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; //连接域控用这个 $ldap_use_exop_passwd = false; $ldap_use_ppolicy_control = false; $ad_mode = true; //域控模式 # Force account unlock when password is changed $ad_options['force_unlock'] = true; //打开 # Force user change password at next login $ad_options['force_pwd_change'] = false; # Allow user with expired password to change password $ad_options['change_expired_password'] = true; //打开 # Who changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "manager"; //管理员修改密码 # Encryption, decryption keyphrase, required if $use_tokens = true and $crypt_tokens = true, or $use_sms, or $crypt_answer # Please change it to anything long, random and complicated, you do not have to remember it # Changing it will also invalidate all previous tokens and SMS codes $keyphrase = "tntsec"; //这个随便改,不是默认就行self-service-password-ldap卷 ldap.conf文件此参数用来忽略windows域控的证书验证TLS_REQCERT allow四、改密测试 修改test11用户的密码修改成功五、小结 1Panel面板管理容器真的太方便了!
-
-
1Panel 新一代的 Linux 服务器运维、docker容器管理面板、快速演示,uptime、activemq 一、介绍 1Panel基于容器管理和部署应用,全中文,界面美观,操作简单。本文重点在于使用1Panel进行独立容器的安装管理当前版本v1.9.1官网https://www.1panel.cn/安装https://1panel.cn/docs/installation/online_installation/我使用的是ALMA Linux 9系统启用ssh root登录[root@admin ~]# echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config.d/01-permitrootlogin.conf [root@admin ~]# systemctl restart sshd.service安装dockeryum install -y yum-utils #官方源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #阿里云加速源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce docker-ce-cli containerd.io安装注意1、1Panel默认生成docker网卡IP为172.17.x.x,如果与你的网段冲突,请使用不冲突的终端连接、安装、登录web修改网卡信息。2、登陆面板后,在面板 容器-配置-基础配置中,配置镜像加速1Panel命令行工具Usage: 1pctl [COMMAND] [ARGS...] 1pctl --help Commands: status 查看 1Panel 服务运行状态 start 启动 1Panel 服务 stop 停止 1Panel 服务 restart 重启 1Panel 服务 uninstall 卸载 1Panel 服务 user-info 获取 1Panel 用户信息 listen-ip 切换 1Panel 监听 IP version 查看 1Panel 版本信息 update 修改 1Panel 系统信息 reset 重置 1Panel 系统信息 restore 恢复 1Panel 服务及数据二、主界面 内置应用商店安装应用界面网站和数据库容器管理面板计划任务主机管理功能文件 监控 终端 防火墙配置 进程管理 SSH管理等系统设置工具箱面板配置三、容器管理 1、应用商店部署容器 如uptime 配置端口、外网访问、CPU内存限额安装中安装完成1Panel自动完成持久化管理2、手动部署容器 如uptime 查询官网可知uptime的持久化目录为容器内/app/data,因此我们需要手动配置持久化卷新建存储卷名称 镜像 端口映射 网络 挂载卷 启动规则 CPU内存容器部署完成持久化测试1p-uptime新建任意内容重启1p-uptime重启后数据依旧存在,持久化正常进入容器终端管理持久化卷文件四、其他 如果你的docker网卡与网络冲突可在 容器-网络 删除1panel-network网卡并新建同名网卡五、部署容器 1、activeMQ拉取symptoma/activemq:latest镜像创建容器名称 镜像 映射端口重启规则 环境变量ACTIVEMQ_PASSWORD=myactivemquserpass ACTIVEMQ_USERNAME=myactivemquser ACTIVEMQ_WEBADMIN_PASSWORD=TestTest ACTIVEMQ_WEBADMIN_USERNAME=roos运行正常六、总结 可替代portainer docker容器面板,功能更全,好好好!
-
RHEL9/ALMA9 搭配portainer docker容器管理面板进行应用部署 当前更新时间2023.12.14持续更新中一、安装ALMA9ALMA官网,我是用miniISO镜像https://almalinux.org/zh-hans/get-almalinux/二、系统配置开启SSH登录见红帽官方帮助,默认不允许root SSH登录https://access.redhat.com/documentation/zh-cn/red_hat_ceph_storage/5/html/installation_guide/enabling-ssh-log-in-as-root-user-on-rhel-9_install[root@admin ~]# echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config.d/01-permitrootlogin.conf [root@admin ~]# systemctl restart sshd.service使用中未发现selinux影响docker,可酌情关闭。三、安装dockeryum install -y yum-utils #官方源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #阿里云加速源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce docker-ce-cli containerd.io四、配置docker网段和加速源镜像源/etc/docker/daemon.json { "bip": "192.168.120.1/24", "registry-mirrors": [ "https://pfti226w.mirror.aliyuncs.com", "https://hub-mirror.c.163.com", "https://docker.m.daocloud.io", "https://ghcr.io", "https://mirror.baidubce.com", "https://docker.nju.edu.cn" ] }运行dockersystemctl enable --now docker五、安装portainer面板创建存储卷docker volume create portainer_data一键部署运行portainer,8000为portainer对接端口,9443为https管理面板docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest六、面板使用运行后,登录https://IP:9443创建第一个管理员用户登录local即可开始使用主界面容器管理持久化卷管理镜像源配置1、创建容器新建容器容器名称、端口映射等参数高级选项持久化卷 变量 重启策略容器重启会丢失全部运行中产生的数据,所以需要进行容器数据持久化设置,例如nginx容器的/etc/nginx目录配置文件,/usr/share/nginx网页目录某些容器部署时需要配置变量,如mysql8.2需要MySQL_ROOT_PASSWORD变量,否则启动失败重启策略通常配置为always总是 ,以实现开机自启动2、重新创建容器高危操作若容器异常,可重新创建容器,除持久化数据外,容器数据全部丢失此选项也可用于更新容器,适用于使用latest标签的容器3、编辑容器高危操作可修改容器参数,例如映射端口,持久化等,除持久化数据外,容器数据全部丢失4、容器开启、关闭、重启、暂停、恢复、删除5、镜像管理已下载的镜像6、持久化管理持久化卷七、部署应用1、mysql8.2必填变量 MySQL_ROOT_PASSWORD映射端口 3306自动持久化注意,由于mysql8.2修改了默认加密方式,使用客户端可能无法连接!root连接使用DBeaver,默认连接会报Public Key Retrieval is not allowed,需要将驱动属性中allowPublicKeyRetrieval配置为TRUE,即可使用root连接普通用户连接目前大部分应用还不支持mysql8.2的新加密方式,如果遇到mysql无法连接,可新建普通用户,将用户修改为旧密码加密方式。ALTER USER 'typecho'@'%' IDENTIFIED WITH mysql_native_password BY 'passwd';2、nginx映射端口 443 80映射目录 1)nginx配置目录,即nginx的/etc/nginx映射到nginx.conf卷2)nginx网页目录,即nginx的/usr/share/nginx映射到nginx-www卷修改配置或放置网页时,通过卷的挂载目录修改3、php-fpm映射端口 9000映射目录 映射目录为nginx网页目录,即nginx的/usr/share/nginx映射到nginx-www卷,php-fpm的/usr/share/nginx同样映射到nginx-www卷,使php-fpm可以读取nginx网页目录的文件4、librespeed映射端口 80自动持久化5、typecho映射端口 80自动持久化6、uptime-kuma映射端口3001自动持久化八、小结太强大了!
-
-
流影 Flow Shadow 轻量级网络安全感知与网络行为可视化综合分析平台 官网https://abyssalfish-os.github.io/项目安装,我这里使用一键包,系统要求Centos7.9https://abyssalfish-os.github.io/downloads/当前版本为ly-install-package-v1.1.0解压tar xvzf ly-install-package-1.1.0.tar.gz ll -rw-r--r-- 1 root root 242239180 Dec 4 15:19 ly-install-package-1.1.0.tar.gz drwxr-xr-x 2 root root 4096 Nov 29 15:24 ly-install-package-v1.1.0 进入目录,解压依赖包到root目录cd ly-install-package-v1.1.0/ ls agent_deploy_release.sh db.server.v1.1.231123.tar.gz protobuf-3.8.0-1.el7.x86_64.tar.gz Agent.v1.1.0.231124.tar.gz INSTALL.md server_deploy_release.sh all_env.sh localyumsource.tar.gz Server.v1.1.0.231124.tar.gz cgicc-lib-3.2.16-1.el7.x86_64.tar.gz lyprobe-release-v1.0.1.tar.gz tensorflow-2.0.4-1.el7.x86_64.tar.gz cppdb-lib-0.3.1-1.el7.x86_64.tar.gz pf_ring-lib-7.4.0-957.el7.x86_64.E5v2.tar.gz webui.v1.1.0.tar.gz tar zxf localyumsource.tar.gz -C /root安装依赖./all_env.sh安装探针和分析引擎/bin/bash ./agent_deploy_release.sh安装管理和交互页面,过程中会安装mariadb数据库,并提示你配置数据库密码/bin/bash ./server_deploy_release.sh修改默认监听网卡 `安装完毕后,安装部署程序已自动将探针与接收程序的启动命令写入 /etc/rc.local 文件中。 lyprobe为探针,通过-i参数指定所监听的网卡,默认写ens224,根据网卡信息自主更改此参数。`查看当前网卡ip add 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000修改启动脚本中的网卡 /etc/rc.local modprobe pf_ring lyprobe -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %DNS_REQ_DOMAIN %DNS_REQ_TYPE %HTTP_URL %HTTP_REQ_METHOD %HTTP_HOST %HTTP_MIME %HTTP_RET_CODE %SRV_TYPE %SRV_NAME %SRV_VERS %DEV_TYPE %DEV_NAME %DEV_VEND %DEV_VERS %OS_TYPE %OS_NAME %OS_VERS %MID_TYPE %MID_NAME %MID_VERS %THREAT_TYPE %THREAT_NAME %THREAT_VERS %ICMP_DATA %ICMP_SEQ_NUM %ICMP_PAYLOAD_LEN %SRV_TIME %DEV_TIME %OS_TIME %MID_TIME %THREAT_TIME" -i ens192 -n 127.0.0.1:9995 -G -e 0 -w 32768 -k 1 -K /data/cap/3 /Agent/bin/nfcapd -w -D -l /data/flow/3 -p 9995 如果使用vSphere平台,虚拟交换机和虚拟机网卡开启混杂模式空间清理/Agent/bin/cleanup.sh清理异常可将脚本中str_home目录改为/运行/bin/bash /etc/rc.local登录控制台访问地址:http://ip:18080/ui管理员账号:admin,密码LoginLY@2016安装完成,具体使用参考官网文档
