首页
统计信息
友情链接
壁纸
Search
1
【更新】CommentToMail typecho2017&v4.1& Mailer三版本,支持php5.6/7,插件详解
157,952 阅读
2
CentOS 7安装bbr教程
12,708 阅读
3
纯小白10分钟变身linux建站高手?宝塔linux面板全体验
12,321 阅读
4
深信服超融合架构测试介绍
11,418 阅读
5
优秀的个人博客系统,typecho从入门到精通
7,479 阅读
技术相关
ACG相关
胡言乱语
数码杂烩
登录
Search
标签搜索
进击的巨人
漫画
宝塔
php
typecho
diy
vps
折腾
动漫
优酷路由宝
ubuntu
路由器
QQ
KMS
王忘杰
累计撰写
265
篇文章
累计收到
179
条评论
首页
栏目
技术相关
ACG相关
胡言乱语
数码杂烩
页面
统计信息
友情链接
壁纸
搜索到
265
篇与
的结果
2024-07-11
思通舆情docker一键部署
在线体验环境地址:https://open-yuqing.stonedt.com/docker run -itd --name stonedt_yuqing -p 8085:8085 registry.cn-beijing.aliyuncs.com/stonedt_yuqing/stonedt_yuqing:1.0.7访问地址 http://ip:8085 用户名13900000000 密码stonedt完成
2024年07月11日
30 阅读
0 评论
0 点赞
2024-07-08
alma8 密钥更换 Import of key(s) didn't help, wrong key(s)?
https://almalinux.org/blog/2023-12-20-almalinux-8-key-update/去年年底,我们经历了一次系统故障,导致主密钥丢失,这将使我们能够延长用于签署 AlmaLinux 8 软件包的 GPG 密钥的寿命,它将于 2024 年 1 月到期。虽然我们已经确保这种情况不会再次发生,但某些用户将需要采取特定步骤来导入新的 GPG 密钥。如果您的设备在 AlmaLinux 8 的更新中运行得有点滞后,请阅读下面的详细信息以确定您需要采取的措施。为 AlmaLinux 8 GPG 密钥更改做好准备2024 年 1 月 12 日,我们将开始使用更新的 GPG 密钥对 AlmaLinux 8 的 RPM 包和 repodata 进行签名。在我们进行切换时,采取以下步骤将使您能够继续接收更新而不会出现问题。快速通道如果你想确保你的系统已经包含并信任新的 AlmaLinux 8 GPG 密钥,你可以直接导入它:rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
2024年07月08日
14 阅读
0 评论
0 点赞
2024-07-08
SRS Docker一键搭建直播平台
视频采集端rtmp协议-推送到SRS直播服务器-客户端拉取直播流官方说明https://ossrs.net/lts/zh-cn/docs/v4/doc/introductiondocker run -d -p 1935:1935 -p 1985:1985 -p 8080:8080 ossrs/srs:latest 1935端口为rtmp默认服务端口 1985 为SRS API端口 8080 为web控制台端口一、web控制台使用登录控制台可查看默认rtmp推流地址进入控制台内容为空,通过SRS连接服务连接服务器服务器状态二、快速使用默认推流地址 rtmp://IP/live/livestream默认观看地址 http://IP:8080/live/livestream.flv三、多人使用推流地址+N,如rtmp://IP/live/livestream1rtmp://IP/live/livestream2rtmp://IP/live/livestream3则观看地址为http://IP:8080/live/livestream1.flvhttp://IP:8080/live/livestream2.flvhttp://IP:8080/live/livestream3.flv四、小结部署快速,但缺少密码防护,可以用于临时快速使用
2024年07月08日
16 阅读
0 评论
1 点赞
2024-06-27
H3C华三交换机学习笔记
软件名称:HCL_Setup_V5.9.0发布日期:2023/7/13 9:29:22{anote icon="" href="https://www.h3c.com/cn/Service/Document_Software/Software_Download/Other_Product/H3C_Cloud_Lab/Catalog/HCL/" type="secondary" content="下载地址"/} 模拟器bug注意!注意!不要调整模拟器内设备的内存,极易造成设备出bug,比如路由器内存调小后,自己ping自己都不通!https://zhiliao.h3c.com/questions/dispcont/8085“配置没问题,端口也up了,也ping不通自己,是因为hcl路由器或交换机的内存不能人为的调小于520M,调成350M就容易出问题”{dotted startColor="#ff6c6c" endColor="#1989fa"/}基础命令:进入系统视图<H3C>system-view 路由追踪[H3C]tracert 更改主机名[H3C]hostname Switch1 显示详细路由追踪信息 [H3C]ip ttl-expires enable [H3C]ip unreachables enable 保存[H3C]save 重启<H3C>reboot 查看接口信息[H3C]display interface brief 查看详细配置文件[H3c]display current-cohnfiguration 查看OSPF信息[SwitchA]display ospf peer verbose 查看SN序列号display device manuinfo display counters inbound interface display counters outbound interface 查询所有接口包速率 开启NTP时间同步,同步需要几分钟 [H3C]dis clock 04:06:38.180 UTC Sat 01/05/2013 [H3C]sntp enable [H3C]sntp unicast-server 172.16.21.246 [H3C]display sntp sessions SNTP server Stratum Version Last receive time 11.22.33.44 4 4 Sat, Jan 5 2013 4:07:40.856 查看交换机时间 [H3C]dis clock 08:11:36.223 UTC Mon 04/25/2022 关闭LLDP PVID检查 lldp ignore-pvid-inconsistency 打开LLDP PVID检查 undo lldp ignore-pvid-inconsistency 通过IP和MAC地址查找所在交换机1、查看本机IP和MAC地址以太网适配器 以太网: 描述. . . . . . . . . . . . . . . : Realtek PCIe GbE Family Controller 物理地址. . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX IPv4 地址 . . . . . . . . . . . . : 172.XX.X.XXX(首选)2、登录VLAN网关,查看IP和MAC地址查看IP MAC对应关系dis arp | include 172.XX.X.XXX 172.XX.X.XXX xxxx-xxxx-xxxx 18 BAGG1 852 D查看MAC所在接口dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned BAGG1 Y3、查看接口下联交换机IP查看接口与端口绑定关系dis cu查看接口下lldp信息dis lldp n v4、依次登录下层交换机,最终确定接口所在交换机dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned GE1/0/43 Y 查看接口STP报文数量,其中G1/0/5口异常 <H3C>display stp tc -------------- STP slot 1 TC or TCN count ------------- MST ID Port Receive Send 0 Bridge-Aggregation1 1 34537 0 Bridge-Aggregation2 109 9708 0 GigabitEthernet1/0/1 10 458 0 GigabitEthernet1/0/2 29 1580 0 GigabitEthernet1/0/3 0 18213 0 GigabitEthernet1/0/4 0 18243 0 GigabitEthernet1/0/5 1496 8417 0 GigabitEthernet1/0/6 0 18225 0 GigabitEthernet1/0/7 423 17148 0 GigabitEthernet1/0/8 3 3856 0 GigabitEthernet1/0/9 36 18298 0 GigabitEthernet1/0/10 0 18277 0 GigabitEthernet1/0/17 185 34206 0 GigabitEthernet1/0/18 0 34535 0 GigabitEthernet1/0/20 0 206 0 GigabitEthernet1/0/21 0 34535 0 GigabitEthernet1/0/23 0 34536 0 GigabitEthernet1/0/24 0 3306 查看交换机日志 <H3C>dis logbuffer 查看邻居信息 <H3C>dis lldp neighbor-information list Chassis ID : * -- -- Nearest nontpmr bridge neighbor # -- -- Nearest customer bridge neighbor Default -- -- Nearest bridge neighbor System Name Local Interface Chassis ID Port ID XX GE1/0/1 70c6-ddb5-905e 70c6-ddb5-9087 XX GE1/0/2 6ce5-f71b-0754 GigabitEthernet1/0/28 XX GE1/0/3 9ce8-955a-b540 GigabitEthernet1/0/28 XX GE1/0/4 1cab-3479-2220 1cab-3479-2220 XX GE1/0/5 6ce5-f71b-904c GigabitEthernet1/0/28 H3C GE1/0/6 3c8c-4010-1f3e GigabitEthernet1/0/26 查看邻居详细信息 <S-151-04>dis lldp neighbor-information verbose LLDP neighbor-information of port 1[GigabitEthernet1/0/1]: LLDP agent nearest-bridge: LLDP neighbor index : 1 Update time : 46 days, 6 hours, 59 minutes, 31 seconds Chassis type : MAC address Chassis ID : 70c6-ddb5-905e Port ID type : MAC address Port ID : 70c6-ddb5-9087 Time to live : 121 Port description : GigabitEthernet1/0/28 Interface System name : S-178-01 System description : H3C Comware Platform Software, Software Version 7.1.070, Release 6328P03 H3C S5130S-28P-HPWR-EI Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. Al l rights reserved. System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 169.254.144.94 Management address interface type : IfIndex Management address interface ID : 635 Management address OID : 0 dis process cpu 查看进程对于CPU的使用率。 dis process memory 查看进程对于内存使用率 dis cpu-usage 查看CPU使用率。 dis memory 查询内存使用率。 display fan 查看风扇 display power 查看电源 dis device 查看板卡状态 display logbuffer 查看设备日志 display environment 查看温度 dis counter rate inbound interface 查看接口进方向的使用率 dis counter rate outbound interface 查看接口出方向的使用率 dis int | inc rate 查看接口历史使用率 dis int | inc sec 查看接口历史使用率及出入方向的字节 dis int gi 1/0/1 查看接口最近300秒使用率 子接口配置,一个VLAN配置多个IP interface Vlan-interface X ip address 172.16.1.1 255.255.252.0 ip address 172.16.2.1 255.255.252.0 sub ip address 172.16.3.1 255.255.252.0 sub 包转发利用率 1.查看接口进方向的使用率:dis counter rate inbound interface 2.查看接口出方向的使用率:dis counter rate outbound interface 3.查看接口历史使用率:dis int | inc rate 4.查看接口历史使用率及出入方向的字节:dis int | inc sec 5、查看接口最近300秒使用率:dis int gi 1/0/1 修改风扇旋转反向 fan prefer-direction slot 1 port-to-power 查看风扇状态 dis fan 查看MAC地址震荡、环路排查 dis mac-address mac-move 典型环路状态 dis mac-address mac-move MAC address VLAN Current port Source port Last time Times f6f6-0002-17d7 19 GE1/0/5 GE1/0/2 2024-01-02 17:00:33 922161 f6f6-0004-1d53 19 GE1/0/7 GE1/0/3 2024-01-02 17:00:39 941803 f6f6-0002-17d7 19 GE1/0/2 GE1/0/5 2024-01-02 17:00:34 922342 f6f6-0004-1d53 19 GE1/0/3 GE1/0/7 2024-01-02 17:00:38 941803 查看STP接口状态 dis stp brief 配置STP边缘节点,只适用于三层接口,稳定STP网络 interface GigabitEthernet1/0/5 port access vlan 19 stp edged-port 配置STP主根桥,减少网STP收敛络震荡 stp instance 0 root primary 配置端口速率 interface GigabitEthernet1/0/13 port access vlan 21 speed 100 清除配置,恢复出厂 <H3C>reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y #选择Y确认 <H3C>reboot Start to check configuration with next startup configuration file, please wait.........DONE! Current configuration may be lost after the reboot, save current configuration? [Y/N]:n #N选择不保存 This command will reboot the device. Continue? [Y/N]:y #Y确认重启 关闭日志 关闭终端上下线日志分为以下几种情况 (1)通过console的方式登录时 info-center source STAMGR console deny info-center source WLANAUD console deny (2)通过telnet的方式登录时 info-center source STAMGR monitor deny info-center source WLANAUD monitor deny 以上两种情况互不影响。这两种方式只是在总控制台不显示用户上下线的日志信息,但设备的logbuffer里还是记录的,如果想要在logbuffer也不记录日志,需采取以下两种命令关闭: info-center source STAMGR logbuffer deny info-center source WLANAUD logbuffer deny 如关闭DHCP日志 info-center source DHCPS logbuffer deny 配置日志服务器 info-center loghost 172.16.21.111 POE功率、功耗查询 <SW>dis poe pse PSE ID : 4 Slot No. : 1 SSlot No. : 0 PSE Model : LSPPSE24B PSE Status : Enabled PSE Fast Power Supply : Disabled Power Priority : Low Current Power : 36.2 W Average Power : 35.9 W Peak Power : 44.5 W Max Power : 370.0 W Max Allocable Power : 370.0 W Remaining Guaranteed Power : 370.0 W PSE CPLD Version : - PSE Software Version : 510 PSE Hardware Version : 57855 PSE Legacy PD Detection : Disabled Power Utilization Threshold : 80 PD Power Policy : Disabled PD Disconnect-Detection Mode : AC PD High Inrush : Disabled <SW>dis poe interface Interface PoE Priority CurPower Oper IEEE Detection (W) Class Status GE1/0/1 Enabled Low 2.2 On 0 Delivering Power GE1/0/2 Enabled Low 0.0 Off 0 Searching GE1/0/3 Enabled Low 2.9 On 0 Delivering Power GE1/0/4 Enabled Low 0.0 Off 0 Searching GE1/0/5 Enabled Low 2.6 On 0 Delivering Power GE1/0/6 Enabled Low 2.5 On 0 Delivering Power GE1/0/7 Enabled Low 2.3 On 0 Delivering Power GE1/0/8 Enabled Low 2.7 On 0 Delivering Power GE1/0/9 Enabled Low 2.5 On 0 Delivering Power GE1/0/10 Enabled Low 2.6 On 0 Delivering Power GE1/0/11 Enabled Low 2.6 On 0 Delivering Power GE1/0/12 Enabled Low 2.4 On 0 Delivering Power GE1/0/13 Enabled Low 2.5 On 0 Delivering Power GE1/0/14 Enabled Low 2.6 On 0 Delivering Power GE1/0/15 Enabled Low 2.8 On 0 Delivering Power GE1/0/16 Enabled Low 0.0 Off 0 Searching GE1/0/17 Enabled Low 2.4 On 0 Delivering Power GE1/0/18 Enabled Low 0.0 Off 0 Searching GE1/0/19 Enabled Low 0.0 Off 0 Searching GE1/0/20 Enabled Low 0.0 Off 0 Searching GE1/0/21 Enabled Low 0.0 Off 0 Searching GE1/0/22 Enabled Low 0.0 Off 0 Searching GE1/0/23 Enabled Low 0.0 Off 0 Searching GE1/0/24 Enabled Low 0.0 Off 0 Searching --- On State Ports: 14; Used: 35.6(W); Remaining: 334.4(W) --- {dotted startColor="#ff6c6c" endColor="#1989fa"/}环路检测排查 查看CPU使用率dis cpu查看MAC漂移dis mac-address mac-move查看STP接口状态dis stp brief查看lldp状态dis lldp neighbor-information list dis lldp neighbor-information verbose环路检测配置 https://www.h3c.com/cn/d_202308/1905729_30005_0.htm#_Ref470192304loopback-detection global enable vlan { vlan-id-list | all } 全局开启环路检测 interface interface-type interface-number 进入二层以太网接口/二层聚合接口视图 loopback-detection enable vlan { vlan-id-list | all } 在端口上开启环路检测功能 loopback-detection global action shutdown 全局配置环路检测的处理模式 interface interface-type interface-number 进入接口视图 loopback-detection action { block | no-learning | shutdown } 在端口上配置环路检测的处理模式 loopback-detection interval-time interval 配置检测间隔时间 display loopback-detection 显示环路检测的配置和运行情况查询AP上线离线掉线时间 网络-操作-无线配置-AP管理-详情基础配置-上线/离线/版本下载时间2023-07-15 13:23:29二层端口模式 参考链接:https://blog.51cto.com/shyln/2087240 a)access端口 发送(从交换机内部往外发送): 带有vlan tag:删除tag后,发送 不带vlan tag:不可能出现 接收: 带有vlan tag:若该tag等于该access端口的pvid,则可以接收,进入交换机内部 不带vlan tag:添加该access端口的pvid,进入交换机内部 b)trunk端口(允许发送native VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag:若tag等于该trunk端口的pvid,则删除tag后发送;否则保留tag直接发送 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该trunk端口的pvid,进入交换机内部 c)hybrid端口(允许发送多个VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag: 是否带tag进行发送,取决于用户配置(用户可以配置tagged list,untagged list) 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该hybrid端口的pvid,进入交换机内部{dotted startColor="#ff6c6c" endColor="#1989fa"/}模拟傻瓜交换机 思路,创建全部vlan,端口启用untag。vlan 2 to 4000 #批量创建vlan interface GigabitEthernet1/0/1 #进入接口 port link-type hybrid #接口类型hybrid port hybrid vlan 1 to 4000 untagged #撕掉vlan标签{dotted startColor="#ff6c6c" endColor="#1989fa"/}配置telnet参考链接https://jingyan.baidu.com/article/1876c852517425890b1376d2.html给VLAN1配置IP[H3C-Vlan-interface1]ip address 192.168.56.254 255.255.255.0 [H3C-Vlan-interface1]quit配置VTY(Virtual Teletype Terminal)虚拟终端接口的认证方式 [H3C]user-interface vty 0 4 [H3C-line-vty0-4]authentication-mode scheme //进行本地或远端用户名和口令认证。即AAA认证 //关于认证,一共有三种认证方式 //password 本地口令认证; //scheme 本地或远端用户名和口令认证; //none 不认证; [H3C-line-vty0-4]quit 本地用户的创建与配置 [H3C]local-user admin //设置创建本地认证的用户名 [H3C-luser-manage-admin]password simple 123456 //设置明文密码,使用命令查看当前配置时 //密码会以哈希加密后显示 图3 [H3C-luser-manage-admin]authorization-attribute user-role level-15 #开启最高权限或authorization-attribute user-role network-admin [H3C-luser-manage-admin]service-type telnet //用户作用于telnet服务 [H3C-luser-manage-admin]quit [H3C]telnet server enable //开启telnet 服务 [H3C]save //保存配置 {dotted startColor="#ff6c6c" endColor="#1989fa"/}静态路由[R1]int g0/0 #进入接口或者vlan [R1-GigabitEthernet0/0]ip add 192.168.1.1 24 #设置接口IP [R1]ip route-static 192.168.2.0 24 192.168.1.2 #为目标网段设置网关{dotted startColor="#ff6c6c" endColor="#1989fa"/}普通DHCP配置路由1<H3C>sys #系统视图 [H3C]int g0/0 #进入接口 [H3C-GigabitEthernet0/0]ip add 192.168.1.1 24 #配置IP [H3C-GigabitEthernet0/1]int g0/1 [H3C-GigabitEthernet0/1]ip add 192.168.2.1 24路由2<H3C>sys [H3C]int g0/0 [H3C-GigabitEthernet0/0]ip add 192.168.2.2 24路由1[route1]dhcp server ip-pool 1 #设置DHCP地址池 [route1-dhcp-pool-1]network 192.168.0.1 mask 255.255.255.0 #地址范围为192.168.0.0/24网段的ip地址 [route1-dhcp-pool-1]gateway-list 192.168.0.1 #网关地址为192.168.0.1 [route1-dhcp-pool-1]dns-list 192.168.0.1 #DNS服务器地址也为192.168.0.1 注意:这里设置的是一个网段的范围,在这个地址范围里可能这里面的某些地址不能够被分配出去。比如说网关的地址和一些指定的设备的ip地址。 [route1]dhcp server forbidden-ip 192.168.0.1 192.168.0.2 #不允许网关地址和DNS地址192.168.0.1分配被出去 [route1]dhcp enable #启动DHCP服务{dotted startColor="#ff6c6c" endColor="#1989fa"/}ospf配置:参考:https://blog.51cto.com/14219797/2402420配置接口IP:SwitchB<H3C>sys #进入系统视图 [H3C]hostname SwitchB #主机名重命名 [SwitchB]vlan 200 进入vlan200 [SwitchB-vlan100]port g 1/0/1 #指定vlan200端口 [SwitchB-vlan100]quit [SwitchB]vlan 300 进入vlan300 [SwitchB-vlan200]port g 1/0/2 #指定vlan300端口 [SwitchB-vlan200]quit [SwitchB]inter vlan 200 #进入vlan200 [SwitchB-Vlan-interface100]ip add 10.1.1.2 24 #设定IP [SwitchB-Vlan-interface100]quit [SwitchB]inter vlan 300 #进入vlan300 [SwitchB-Vlan-interface200]ip add 10.2.1.1 24 #设定IP [SwitchB-Vlan-interface200]quit配置OSPF协议:<SwitchB> system-view #进入系统视图 [SwitchB] router id 10.2.1.1 #设定唯一标识 [SwitchB] ospf #进入ospf设置 [SwitchB-ospf-1] area 0 #配置区域0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 #通告网络,子网掩码为反码 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 #配置区域 [SwitchB-ospf-1-area-0.0.0.2] network 10.2.1.0 0.0.0.255 #通告网络 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quitSwitchA 的 OSPF 邻居:[SwitchA]display ospf peer verbose OSPF Process 1 with Router ID 10.1.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface200)'s neighbors Router ID: 10.2.1.1 Address: 10.1.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 31 sec Neighbor is up for 00:37:39 Authentication sequence: [ 0 ] Neighbor state change count: 6 BFD status: Disabled Area 0.0.0.1 interface 10.3.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.2 Address: 10.3.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.3.1.1 BDR: 10.3.1.2 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 39 sec Neighbor is up for 00:36:50 Authentication sequence: [ 0 ] Neighbor state change count: 5 BFD status: DisabledSwitchA 的 OSPF 路由信息:[SwitchA]display ospf routing OSPF Process 1 with Router ID 10.1.1.1 Routing Table Topology base (MTID 0) Routing for network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 2 Inter 10.1.1.2 10.2.1.1 0.0.0.0 10.3.1.0/24 1 Transit 0.0.0.0 10.1.1.1 0.0.0.1 10.1.1.0/24 1 Transit 0.0.0.0 10.2.1.1 0.0.0.0 Total nets: 3 Intra area: 2 Inter area: 1 ASE: 0 NSSA: 0SwitchC到SwitchD进行测试连通性:[SwitchC]ping 10.2.1.2 Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.2.1.2: icmp_seq=0 ttl=253 time=1.651 ms 56 bytes from 10.2.1.2: icmp_seq=1 ttl=253 time=1.567 ms 56 bytes from 10.2.1.2: icmp_seq=2 ttl=253 time=1.465 ms 56 bytes from 10.2.1.2: icmp_seq=3 ttl=253 time=1.431 ms 56 bytes from 10.2.1.2: icmp_seq=4 ttl=253 time=2.635 msSwitchC到SwitchD进行路由追踪:[SwitchC]tracert 10.2.1.2 traceroute to 10.2.1.2 (10.2.1.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 10.3.1.1 (10.3.1.1) 1.438 ms 0.424 ms 0.418 ms 2 10.1.1.2 (10.1.1.2) 1.481 ms 1.221 ms 0.695 ms 3 10.2.1.2 (10.2.1.2) 1.073 ms 1.087 ms 0.923 ms{dotted startColor="#ff6c6c" endColor="#1989fa"/}VLAN隔离:参考链接:https://blog.51cto.com/14220513/2367688http://www.023wg.com/vlan/132.htmlhttp://www.h3c.com/cn/d_200809/615974_30005_0.htm配置SwitchA:<SwitchA> system-view #系统视图 [SwitchA] vlan 100 [SwitchA-vlan100] port ge1/0/2 #添加端口 [SwitchA-vlan100] quit [SwitchA] vlan 200 [SwitchA-vlan100] port ge1/0/3 #添加端口 [SwitchA-vlan100] quit [SwitchA] interface ge1/0/1 #进入端口 [SwitchA-GigabitEthernet1/0/1] port link-type trunk #设置trunk模式 [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 100 200 #允许VLAN100 200通过输入display vlan 100 和display vlan200 查看配置:[SwtichA]display vlan 100 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 [SwtichA]display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/3{dotted startColor="#ff6c6c" endColor="#1989fa"/}MSTP多生成树MSTP默认开启,可手动配置最佳路径参考链接:https://www.cnblogs.com/aqicheng/p/13824682.html每个交换机创建vlan10 vlan20[H3C]vlan 10 [H3C-vlan10]vlan 20 [H3C-vlan20]int g1/0/1 [H3C-GigabitEthernet1/0/1]port link-type trunk #所有接口设置trunk模式 [H3C-GigabitEthernet1/0/1]port trunk permit vlan all #允许所有vlan通过 [H3C-GigabitEthernet1/0/1]int g 1/0/2 [H3C-GigabitEthernet1/0/2]port link-type trunk [H3C-GigabitEthernet1/0/2]port trunk permit vlan all [H3C-GigabitEthernet1/0/2]quit [H3C]hostname sw3设置区域[sw3]stp region-configuration [sw3-mst-region]region-name h3c #区域命名 [sw3-mst-region]instance 1 vlan 10 #vlan10划入1组 [sw3-mst-region]instance 2 vlan 20 #vlan20划入2组 [sw3-mst-region]active region-configuration #激活配置 [sw3-mst-region]display this #查看以上配置 # stp region-configuration region-name h3c instance 1 vlan 10 instance 2 vlan 20 active region-configuration # return调整根桥[sw1]stp instance 1 root primary #sw1设置为组1的根桥 [sw2]stp instance 2 root primary #sw2设置为组2的根桥查看结果<sw1>display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 DESI FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/3 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 ROOT FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/3 DESI FORWARDING NONE [sw2]display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 DESI FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE{dotted startColor="#ff6c6c" endColor="#1989fa"/}VRRP虚拟路由冗余协议参考链接:https://www.cnblogs.com/hukey/p/13071447.html配置心跳线双线冗余[SW1]int Bridge-Aggregation 1 #创建接口聚合 [SW1]int g1/0/2 [SW1-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW1-GigabitEthernet1/0/2]int g1/0/3 [SW1-GigabitEthernet1/0/3]port link-aggregation group 1 [SW1]int Bridge-Aggregation 1 [SW1-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW1-Bridge-Aggregation1]port trunk permit vlan all [SW2]int Bridge-Aggregation 1 #创建链路聚合 [SW2]int g1/0/2 [SW2-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW2-GigabitEthernet1/0/2]int g1/0/3 [SW2-GigabitEthernet1/0/3]port link-aggregation group 1 [SW2]int Bridge-Aggregation 1 [SW2-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW2-Bridge-Aggregation1]port trunk permit vlan all查看绑定状态[sw1]dis int Bridge-Aggregation bri Brief information on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 UP 2G(a) F(a) T 1配置vlanSW3对应SW2和SW1的两个端口配置trunk,对应客户机的端口配置vlan [SW3]vlan 10 [SW3-vlan10]port g1/0/1 [SW3]int range g1/0/2 to g1/0/3 [SW3-if-range]port link-type trunk [SW3-if-range]port trunk permit vlan 10 20 [SW1]vlan 10 #创建vlan [SW1-vlan10]vlan 20 #创建vlan [SW1-vlan0]int g1/0/1 [SW1-GigabitEthernet1/0/1]port link-type trunk [SW1-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW1-GigabitEthernet1/0/1]int vlan 10 #进入vlan10 [SW1-Vlan-interface10]ip add 10.0.10.253 24 #设置IP [SW1-Vlan-interface10]int v20 #进入vlan20 [SW1-Vlan-interface20]ip add 10.0.20.253 24 #设置IP [SW1]dis ip int bri [sw1]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.253 -- Vlan20 up up 10.0.20.253 -- [SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2-vlan20]int g1/0/1 [SW2-GigabitEthernet1/0/1]port link-type trunk [SW2-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW2-GigabitEthernet1/0/1]int v10 [SW2-Vlan-interface10]ip add 10.0.10.252 24 [SW2-Vlan-interface10]int v20 [SW2-Vlan-interface20]ip add 10.0.20.252 24 [SW2]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.252 -- Vlan20 up up 10.0.20.252 --配置VRRP配置vlan10的vrrp [SW1]int v10 #进入vlan10 [SW1-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 #配置虚拟地址 [SW1-Vlan-interface10]vrrp vrid 10 priority 105 # 配置vrrp权重,默认为100 如果要设置master则大于100即 [SW1]track 10 int Bridge-Aggregation 1 # 配置心跳线为聚合链路 [SW2]int v10 [SW2-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 [SW2]track 10 int Bridge-Aggregation 1 配置vlan20的vrrp [SW1]int v20 [SW1-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW1]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [SW2]int v20 [SW2-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW2-Vlan-interface20]vrrp vrid 20 priority 105 #设置为vlan20的master [SW2]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [sw1]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Master 105 100 None 10.0.10.254 Vlan20 20 Backup 100 100 None 10.0.20.254 [sw2]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Backup 100 100 None 10.0.10.254 Vlan20 20 Master 105 100 None 10.0.20.254{dotted startColor="#ff6c6c" endColor="#1989fa"/}堆叠参考链接:CSDN博主「猫先生的早茶」的原创文章https://blog.csdn.net/qq_43017750/article/details/89323450注意!1、配置前必须移除两路由间连接线2、全部配置完成后,连线,次路由会自动重启master交换机#sys #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 1 priority 32 #配置irf成员优先级,32为最高,默认是1 #irf-port 1/1 #进入irf端口1/1 #port group interface Ten-GigabitEthernet 1/0/49 #加入当前irf端口 #port group interface Ten-GigabitEthernet 1/0/50 #port group interface Ten-GigabitEthernet 1/0/51 #port group interface Ten-GigabitEthernet 1/0/52 #quit #irf-port-configuration active #激活irf配置 #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #undo shutdown #启动端口 #save #保存standby交换机的命令#sys #irf member 1 renumber 2 #当前irf成员id重命名为2 #quit #reboot #sys #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 2 priority 1 #配置当前irf成员id2的优先级为1 #irf-port 2/2 #进入irf端口2/2 #port group interface Ten-GigabitEthernet 2/0/49 #加入当前irf #port group interface Ten-GigabitEthernet 2/0/50 #port group interface Ten-GigabitEthernet 2/0/51 #port group interface Ten-GigabitEthernet 2/0/52 #quit #irf-port-configuration active #激活irf #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #undo shutdown #启动端口 #quit #save验证:[sw1]dis irf MemberID Role Priority CPU-Mac Description *+1 Master 32 30e7-b21f-0104 --- 2 Standby 1 30e7-bae6-0204 ---{dotted startColor="#ff6c6c" endColor="#1989fa"/}链路聚合原文链接:https://blog.csdn.net/VictoryKingLIU/article/details/79560157二层端口静态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose二层端口动态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]link-aggregation mode dynamic [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose三层端口静态聚合创建端口三层聚合口 [SW1]interface Route-Aggregation 1 分别把GE1/0/11,GE1/0/12加入到聚合组1 [SW1]interface GigabitEthernet 1/0/11 [SW1-GigabitEthernet1/0/11]port link-mode route [SW1-GigabitEthernet1/0/11]port link-aggregation group 1 [SW1]interface GigabitEthernet 1/0/12 [SW1-GigabitEthernet1/0/12]port link-mode route [SW1-GigabitEthernet1/0/12]port link-aggregation group 1{dotted startColor="#ff6c6c" endColor="#1989fa"/}pvid 不同VLAN间通讯SW1: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 100 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 100 port trunk pvid vlan 100 combo enable fiber # SW2: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 200 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 200 port trunk pvid vlan 200 combo enable fiber # {dotted startColor="#ff6c6c" endColor="#1989fa"/}ACL控制规则[H3C]acl basic 2000 #创建基础规则 [H3C-acl-ipv4-basic-2000]rule deny source 192.168.1.2 0 #编写规则内容,阻止来自192.168.1.2的包 [H3C-acl-ipv4-basic-2000]int g1/0/1 #进入接口 [H3C-GigabitEthernet1/0/1]packet-filter 2000 inbound #应用规则 inbound入站 outbound出站在本案例中,若要禁止192.168.1.1访问2,需要在G1/0/1应用 outbound出站规则,这样数据包在抵达2并返回到接口时会被阻止;要禁止全体访问2,则需要在G1/0/2应用inbound入站规则,这样数据包从2出发并经过接口时会被阻止。端口控制若要阻止vlan1所有telnet访问,则可以在vlan1中设置出站规则[H3C]acl advanced 3001 [H3C-acl-ipv4-adv-3001]rule 1 deny tcp source-port eq 23 [H3C-acl-ipv4-adv-3001]int vlan1 [H3C-Vlan-interface1]packet-filter 3001 outbound若仅要阻止1.5或网段的telnet访问,则可以设置入站规则[H3C-acl-ipv4-adv-3002]rule 1 deny tcp source 192.168.1.5 0 destination-port eq 23 [H3C-Vlan-interface1]packet-filter 3002 inbound{dotted startColor="#ff6c6c" endColor="#1989fa"/}端口隔离参考连接:https://blog.csdn.net/weixin_34110749/article/details/92738677(特别注明:模拟器中端口隔离功能不起作用)[H3C]port-isolate group 2 [H3C]int g1/0/1 [H3C-GigabitEthernet1/0/1]port-isolate enable group 2 [H3C-GigabitEthernet1/0/1]int g1/0/2 [H3C-GigabitEthernet1/0/2]port-isolate enable group 2 [H3C-GigabitEthernet1/0/2]quit [H3C]dis port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2{dotted startColor="#ff6c6c" endColor="#1989fa"/}IRF堆叠LACP-MAD检测参考链接:https://blog.csdn.net/qq_45662411/article/details/105983636开启前,堆叠线断开后两设备都成为master在线,影响网络运行;开启后,LACP-MAD协议会控制在线的成员关闭端口,只保留一个master,防止网络冲突。IRF设备配置: [master]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [master-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [master-Bridge-Aggregation2]mad enable #开启mad检测 [master-Bridge-Aggregation2]quit #退出接口视图 [master]int range g1/0/1 g2/0/1 #同时进入这两个接口 [master-if-range]port link-aggregation group 2 #将他们加入到这个接口组2中 下层配置: [H3C]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [H3C-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [H3C-Bridge-Aggregation2]quit #退出接口视图 [H3C]int range g1/0/1 g1/0/2 #进入到这两个接口 [H3C-if-range]port link-aggregation group 2 #将这两个端口组加入到接口组2中{dotted startColor="#ff6c6c" endColor="#1989fa"/}AP三层上线所属VLAN配置DHCP Option43option43格式简要说明: 80 07 00 00 01 02 02 02 02 80:固定值,不用改变; 07:长度字段,其后面所跟数据的字节长度; 00 00:固定值,不用改变; 01:表示后面的IP地址的个数,此处为一个IP地址; 02 02 02 02:IP地址转换工具https://tool.520101.com/wangluo/jinzhizhuanhuan/dhcp server ip-pool vlan5 gateway-list 192.168.1.1 network 192.168.1.0 mask 255.255.255.0 dns-list 114.114.114.114 option 43 hex 800700000103030302本地转发性能更高更灵活,通过AC管理。AP接口如果是access,则ap和客户端在同一个VLAN。AP接口如果是trunk,则可以分别配置VLAN。{dotted startColor="#ff6c6c" endColor="#1989fa"/}UEFI PXE网络启动dhcp server ip-pool test gateway-list 192.168.1.254 network 192.168.1.0 mask 255.255.255.0 bootfile-name \\Boot\\x64\\wdsmgfw.efi #传统引导为\\Boot\\x64\\wdsnbp.com dns-list 114.114.114.114 next-server 192.168.100.100 #WDS服务器学习实验 acl策略PVID路由口端口汇聚堆叠、汇聚、ospf静态路五机堆叠三机堆叠
2024年06月27日
1,355 阅读
0 评论
5 点赞
2024-06-25
使用1Panel面板,快速部署百度千帆在线大模型、llama2本地大模型 问答系统
百度千帆在线大模型llama2本地大模型一、申请百度千帆免费大模型 1、登录百度智能云控制台,开通免费大模型https://console.bce.baidu.com/qianfan/ais/console/onlineService模型服务-在线服务2、模型服务-应用接入-创建应用-获得API Key和Secret Key二、部署Ollama 1Panel面板应用商店 端口允许外网访问安装完成,查看日志获取 key三、部署MaxKB 安装并允许外网访问四、添加大模型 1、百度千帆在线大模型系统设置-模型设置-千帆大模型2、llama2本地大模型系统设置-模型设置-Ollama注意,本文为快速演示,所以只使用最简单的llama2模型,支持8G内存运行,其他模型对配置要求高,需要GPU支持五、配置对话应用 1、创建应用2、千帆大模型3、本地大模型六、使用 打开链接使用正常七、总结 非常简单
2024年06月25日
82 阅读
0 评论
0 点赞
2024-06-21
python3开发uptime-kuma批量导入脚本
批量导入IP进行ping检测,如大批量摄像头uptime_kuma_api库使用说明https://github.com/lucasheld/uptime-kuma-api/所有接口https://uptime-kuma-api.readthedocs.io/en/latest/api.htmlfrom uptime_kuma_api import UptimeKumaApi, MonitorType zidian = { "ipadd" : [ {"hostname" : "test1" , "ip" : "172.16.1.1"}, {"hostname" : "test2" , "ip" : "172.16.1.2"}, {"hostname" : "test3" , "ip" : "172.16.1.3"}, {"hostname" : "test4" , "ip" : "172.16.1.4"}, {"hostname": "test5", "ip": "172.16.1.5"}, {"hostname": "test6", "ip": "172.16.1.6"}, {"hostname": "test7", "ip": "172.16.1.7"}, {"hostname": "test8", "ip": "172.16.1.8"}, {"hostname": "test9", "ip": "172.16.1.9"}, {"hostname": "test10", "ip": "172.16.1.10"}, {"hostname": "test11", "ip": "172.16.1.11"} ] } api = UptimeKumaApi('http://1.1.1.1:3001/') api.login('admin', 'mima') for key in zidian["ipadd"]: result = api.add_monitor(type=MonitorType.PING, name=key["hostname"], hostname=key["ip"]) print(result) api.disconnect()运行中导入完成
2024年06月21日
62 阅读
0 评论
0 点赞
2024-06-20
acme.sh自动解析并申请泛域名通配符证书 腾讯云 阿里云
一、部署 acme.shcurl https://get.acme.sh | sh -s email=admin@90apt.com安装后,acmesh会生成计划任务acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.8 crontab -l 37 12 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null配置默认ca服务器为letsencryptacme.sh --set-default-ca --server letsencrypt二、腾讯云申请泛域名通配符证书1、获取腾讯云 SecretId 和 SecretKeyhttps://console.cloud.tencent.com/cam/capi2、导入环境变量export Tencent_SecretId="AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" export Tencent_SecretKey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"3、申请证书acme.sh --issue --dns dns_tencent -d 90apt.com -d *.90apt.com --debug申请完成-----END CERTIFICATE----- [Thu Jun 20 14:13:23 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer [Thu Jun 20 14:13:23 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key [Thu Jun 20 14:13:23 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer [Thu Jun 20 14:13:23 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer [Thu Jun 20 14:13:23 CST 2024] _on_issue_success [Thu Jun 20 14:13:23 CST 2024] '' does not contain 'dns'4、查看证书ll /root/.acme.sh/90apt.com_ecc/ total 32 -rw-r--r-- 1 root root 1452 Jun 20 14:13 90apt.com.cer -rw-r--r-- 1 root root 567 Jun 20 14:13 90apt.com.conf -rw-r--r-- 1 root root 473 Jun 20 14:12 90apt.com.csr -rw-r--r-- 1 root root 198 Jun 20 14:12 90apt.com.csr.conf -rw------- 1 root root 227 Jun 20 14:12 90apt.com.key -rw-r--r-- 1 root root 2668 Jun 20 14:13 ca.cer -rw-r--r-- 1 root root 4120 Jun 20 14:13 fullchain.cer三、腾讯云申请泛域名通配符证书1、进入RAM访问控制2、创建用户组3、给用户组增加DNS完整控制权限 AliyunDNSFullAccess4、创建用户5、给用户分配用户组,使其获得DNS完整控制权6、创建AccessKey7、导入环境变量export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"8、申请证书acme.sh --issue --dns dns_ali -d 90apt.com -d *.90apt.com --debug申请完成[Thu Jun 20 14:41:41 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer [Thu Jun 20 14:41:41 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key [Thu Jun 20 14:41:41 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer [Thu Jun 20 14:41:41 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer [Thu Jun 20 14:41:41 CST 2024] _on_issue_success [Thu Jun 20 14:41:41 CST 2024] '' does not contain 'dns'9、查看证书ll /root/.acme.sh/90apt.com_ecc/ total 32 -rw-r--r-- 1 root root 2668 Jun 20 14:41 ca.cer -rw-r--r-- 1 root root 1460 Jun 20 14:41 90apt.com.cer -rw-r--r-- 1 root root 569 Jun 20 14:41 90apt.com.conf -rw-r--r-- 1 root root 481 Jun 20 14:40 90apt.com.csr -rw-r--r-- 1 root root 204 Jun 20 14:40 90apt.com.csr.conf -rw------- 1 root root 227 Jun 20 14:40 90apt.com.key -rw-r--r-- 1 root root 4128 Jun 20 14:41 fullchain.cer四、acme.sh程序自动升级:acme.sh --upgrade --auto-upgrade关闭自动升级acme.sh --upgrade --auto-upgrade 0五、debugacme.sh --issue ..... --debug
2024年06月20日
51 阅读
0 评论
0 点赞
2024-06-20
ALMA9 部署Spug开源运维平台
1、安装dockeryum install -y yum-utils #官方源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #阿里云加速源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce docker-ce-cli containerd.io2、配置docker网段和加速源/etc/docker/daemon.json { "bip": "192.168.120.1/24", "registry-mirrors": [ "https://docker.1panel.live" ] }3、启动服务systemctl enable --now docker4、创建docker-compose.ymldocker-compose.ymlversion: "3.3" services: db: image: mariadb:10.8.2 container_name: spug-db restart: always command: --port 3306 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci volumes: - /data/spug/mysql:/var/lib/mysql environment: - MYSQL_DATABASE=spug - MYSQL_USER=spug - MYSQL_PASSWORD=spug.cc - MYSQL_ROOT_PASSWORD=spug.cc spug: image: openspug/spug-service container_name: spug privileged: true restart: always volumes: - /data/spug/service:/data/spug - /data/spug/repos:/data/repos ports: # 如果80端口被占用可替换为其他端口,例如: - "8000:80" - "80:80" environment: - MYSQL_DATABASE=spug - MYSQL_USER=spug - MYSQL_PASSWORD=spug.cc - MYSQL_HOST=db - MYSQL_PORT=3306 depends_on: - db5、启动容器docker compose up -d6、初始化以下操作会创建一个用户名为 admin 密码为 spug.cc 的管理员账户,可自行替换管理员账户/密码。docker exec spug init_spug admin spug.cc7、访问测试在浏览器中输入 http://ip:80 访问。8、开始使用
2024年06月20日
33 阅读
0 评论
0 点赞
2024-06-19
ALMA Linux 9部署 Zabbix7.0 LTS 单服务器架构 PostgreSQL Nginx
Zabbix7.0 LTS 已于2024年6月4日正式发布。zabbix6.0安装教程请看这里https://90apt.com/2982一、架构选型 我这里使用单服务器架构ALMA9 Zabbix7.0 PostgreSQL Nginx二、系统准备 我这里部署的系统是ALMA Linux 9系统查看系统版本 cat /etc/redhat-release AlmaLinux release 9.4 (Seafoam Ocelot) 关闭SELINUX setenforce 0 setenforce: SELinux is disabled /etc/selinux/config SELINUX=disabled getenforce Disabled 防火墙,开放zabbix平台和zabbix监听端口,我nginx配置8080,zabbix默认监听10051 firewall-cmd --add-port=8080/tcp --permanent firewall-cmd --add-port=80/tcp --permanent firewall-cmd --add-port=10050-10051/tcp --permanent firewall-cmd --reload firewall-cmd --list-ports三、环境准备 1、部署数据库部署postgresql数据库yum install postgresql-server查看数据库版本psql --version psql (PostgreSQL) 13.14初始化数据库postgresql-setup initdb开启数据库密码验证,取消postgresql.conf配置文件中的注释/var/lib/pgsql/data/postgresql.conf password_encryption = md5 # md5 or scram-sha-256如果数据库不在本地,要通过网络访问,则需修改监听地址和防火墙开放对应端口/var/lib/pgsql/data/postgresql.conf listen_addresses = '*' # what IP address(es) to listen on; port = 5432配置数据库访问策略,允许本地网络使用密码访问数据库/var/lib/pgsql/data/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5启动数据库systemctl start postgresql systemctl enable postgresql2、安装中文语言dnf install langpacks-zh_CN.noarch四、安装zabbix7.0 1、安装zabbix yum 源rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-7.0-2.el9.noarch.rpm2、安装Zabbix Server、前端、agent等dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent3、创建zabbix数据库su - postgres 新建用户,回车后输入密码 createuser --pwprompt zabbix createdb -O zabbix zabbix4、root用户下导入初始数据库zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix5、配置Zabbix配置文件/etc/zabbix/zabbix_server.conf DBPassword=密码上面新建的数据库zabbix的密码6、配置nginx虚拟主机/etc/nginx/conf.d/zabbix.conf 配置默认端口和主机名 listen 8080; server_name example.com;7、启动Zabbix server和agent进程,并为它们设置开机自启systemctl restart zabbix-server zabbix-agent nginx php-fpm systemctl enable zabbix-server zabbix-agent nginx php-fpm五、进行zabbix安装向导 http://ip 验证nginx访问http://ip:8080 进入zabbix向导验证数据库配置主机名、时区最后检查安装完成六、登录Zabbix 1、登录默认账号 Admin 密码zabbix2、修改用户名密码我这里把Admin改为admin,密码自定义七、其他配置 八、故障排错 1、若出现 Zabbix服务器端运行中 否,请排查日志,根据日志处理/var/log/zabbix/zabbix_server.log
2024年06月19日
136 阅读
0 评论
2 点赞
2024-06-03
国产最强免费WAF 雷池社区版6.0 动态防护能力介绍
介绍: https://waf-ce.chaitin.cn/雷池WAF,基于智能语义分析的下一代 Web 应用防火墙使用情况 我司于2023年4月23日对雷池进行测试,测试一个月后,于2023年5月24日对雷池进行正式切换,此时版本为1.5.1。 里程碑纪念后续一直跟随雷池进行版本升级,当前版本已经升级到6.0,使用雷池已经一周年,使用期间未发生WEB层面入侵事件。里程碑纪念产品对比 在此期间,我司也考察购买了某某服、某恒的WAF产品,在操作简易度,报告精度方面,商业产品也无法与雷池社区版匹敌。某某服报警详情,无法用于研判攻击细节某恒报警详情,规则匹配,黑白名单颗粒度过大雷池社区版报警详情,细节清晰,可进行多重匹配精细化规则设置高级安全能力演示 1、动态防护 作用保护前端代码的隐私性阻止爬虫行为阻止漏洞扫描行为阻止攻击利用行为开启前开启后2、人机验证作用可抵御爬虫和自动化漏洞测试攻击软件开启前开启后3、身份认证作用 可为非公开站点增加整站验证 开启前开启后小结 经过一年使用,无故障无宕机无黑客事件,国产最强免费WAF当之无愧!
2024年06月03日
64 阅读
0 评论
1 点赞
2024-04-30
MariaDB10.6 MySql安装部署、权限设置、外网访问
本文使用Alma linux 8安装一、安装数据库配置mariabd源 /etc/yum.repos.d/MariaDB.repo# MariaDB 10.6 CentOS repository list - created 2023-02-02 03:14 UTC # https://mariadb.org/download/ [mariadb] name = MariaDB baseurl = https://mirrors.aliyun.com/mariadb/yum/10.6/centos8-amd64 module_hotfixes=1 gpgkey=https://mirrors.aliyun.com/mariadb/yum/RPM-GPG-KEY-MariaDB gpgcheck=1二、安装数据库、启动、并设置开机启动dnf clean all dnf install mariadb-server systemctl enable --now mariadb三、进行MariaDB数据库初始化mariadb-secure-installation首先是设置密码,会提示先输入密码 Enter current password for root (enter for none):<–初次运行直接回车 Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车 New password: <– 设置root用户的密码 Re-enter new password: <– 再输入一次你设置的密码 Remove anonymous users? [Y/n] <– 是否删除匿名用户 Disallow root login remotely? [Y/n] <–是否禁止root远程登录,建议禁止 Remove test database and access to it? [Y/n] <– 是否删除test数据库 Reload privilege tables now? [Y/n] <– 是否重新加载权限表四、创建数据库和数据库管理员账号、只读账号,允许外网访问control数据库管理员admin密码adminpasswdcontrol数据库只读guest密码guestpasswdmysql -uroot -p登录mariadb> create database control character set utf8mb4 collate utf8mb4_bin; mariadb> create user admin@'%' identified by 'adminpasswd'; mariadb> grant all privileges on control.* to admin@'%'; mariadb> CREATE USER 'guest'@'%' IDENTIFIED BY 'guestpasswd'; mariadb> GRANT SELECT ON control.* TO 'guest'@'%'; mariadb> FLUSH PRIVILEGES; mariadb> quit;五、开启事务、事件MariaDB [test]> SHOW VARIABLES LIKE 'event_scheduler'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | event_scheduler | OFF | +-----------------+-------+ 1 row in set (0.001 sec)临时开启MariaDB [test]>SET GLOBAL event_scheduler = ON;永久开启/etc/my.cnf[mysqld] event_scheduler=ON六、防火墙别忘了开放端口firewall-cmd --add-port=3306/tcp --permanent firewall-cmd --reload firewall-cmd --list-ports firewall-cmd --list-services七、客户端连接测试完毕
2024年04月30日
215 阅读
0 评论
0 点赞
2024-04-18
部署OceanBase分布式数据库全记录
一、介绍 OceanBase 社区版为现代数据架构打造的开源分布式数据库。兼容 MySQL 的单机分布式一体化国产开源数据库,具有原生分布式架构,支持金融级高可用、透明水平扩展、分布式事务、多租户和语法兼容等企业级特性。OceanBase 内核通过大规模商用场景的考验,已服务众多行业客户;面向未来携手社区生态伙伴,共建开源开放的数据库内核和生态。二、安装 1、环境安装6台centos7服务器OBS数据库服务器2台OBP代理2台OBE管理台1台NGINX负载均衡1台2、在OBE上使用白屏部署 OceanBase 数据库安装wget,下载安装包https://www.oceanbase.com/softwarecenterwget https://obbusiness-private.oss-cn-shanghai.aliyuncs.com/download-center/opensource/oceanbase-all-in-one/7/x86_64/oceanbase-all-in-one-4.3.0.1-100000242024032211.el7.x86_64.tar.gztar -xzf oceanbase-all-in-one-4.3.0.1-100000242024032211.el7.x86_64.tar.gzcd oceanbase-all-in-one/bin/./install.shsource ~/.oceanbase-all-in-one/bin/env.sh启动白屏界面,如无法启动,需开发防火墙端口obd web进入部署步骤http://x.x.x.x:8680/发现安装报错,配置SSH互信未解决
2024年04月18日
70 阅读
0 评论
0 点赞
1
2
...
23