搜索到
290
篇与
的结果
-
中型企业网络思路规划配置分享,H3C HCL模拟器,easy-irf堆叠 OSPF优化 整体规划 本架构是在小型企业网络思路上进行增强https://90apt.com/2449功能实现 1、easy-irf快速堆叠,配置心跳检测2、OSPF分区域、双线配置双路由、配置p2p模式、限制收发OSPF报文端口模拟器实验 线缆全部链接完成IP规划网段划分 loopback 0 网络核心 10.100.0.1 监控核心 10.100.0.2 网络汇聚 10.100.0.3 监控汇聚 10.100.0.4 网络核心1/0/49to监控核心1/0/49 10.100.1.1/30 10.100.1.2/30 网络核心2/0/49to监控核心1/0/50 10.100.1.5/30 10.100.1.6/30 网络核心1/0/50to网络汇聚1/0/50 10.100.1.9/30 10.100.1.10/30 网络核心2/0/50to网络汇聚1/0/49 10.100.1.13/30 10.100.1.14/30 监控核心1/0/51to监控汇聚1/0/49 10.100.1.17/30 10.100.1.18/30 网络配置 网络核心 堆叠 1/0/53 to 2/0/53 1/0/54 to 2/0/54 心跳 1/0/48 to 2/0/48 模拟器限制,连接会死机,不进行连接 IP地址 网络汇聚 vlan102 10.100.102.1/24 监控汇聚 vlan103 10.100.103.1/24 网络主机 10.100.102.2/24 监控主机 10.100.103.2/24 ospf区域 网络核心 area0 10.100.1.0 0.0.0.3 10.100.1.4 0.0.0.3 10.100.1.8 0.0.0.3 10.100.1.12 0.0.0.3 监控核心 area0 10.100.1.0 0.0.0.3 10.100.1.4 0.0.0.3 10.100.1.16 0.0.0.3 网络汇聚 area0 10.100.1.8 0.0.0.3 10.100.1.12 0.0.0.3 area1 10.100.102.0 0.0.0.255 监控汇聚 area0 10.100.1.16 0.0.0.3 area1 10.100.103.0 0.0.0.255 一、进行核心堆叠 1、配置交换机名hostname wangluo hexin2、核心1配置easy-irf member 1 domain 0 priority 24 irf-port1 FortyGigE 1/0/53 FortyGigE 1/0/54a 保存配置 save3、核心2配置第二台核心编号重命名为2,优先级18,低于第一台24easy-irf member 1 renumber 2 domain 0 priority 18 irf-port2 FortyGigE 1/0/5 3 FortyGigE 1/0/54按提示,输入Y重启4、配置堆叠心跳检测BFD MAD由于模拟器限制,配置完后心跳线连接会死机,因此心跳线不连接堆叠心跳检测BFD MAD新建用于irf检测的vlan,注意,后续trunk接口要阻止此VLAN通过vlan 4094 description irf-mad qu创建VPN实例,用于隔离路由路由表ip vpn-instance mgmt route-distinguisher 1:1 qu配置虚接口,配置心跳检测IP,绑定VPN实例int vlan4094 description irf-mad ip binding vpn-instance mgmt mad bfd enable mad ip address 1.0.0.1 255.255.255.252 member 1 mad ip address 1.0.0.2 255.255.255.252 member 2 qu心跳接口配置interface GigabitEthernet 1/0/48 description irf-mad port access vlan 4094 undo stp enable interface GigabitEthernet 2/0/48 description irf-mad port access vlan 4094 undo stp enable5、IRF保留接口,一般用于上行三层接口,设备分裂后保持通讯mad exclude interface Ten-GigabitEthernet 2/0/50二、配置所有IP地址 三层交换机改名、配置loopback地址、配置IP地址、PC配置IP地址interface Ten-GigabitEthernet1/0/49 port link-mode route combo enable fiber ip address 10.100.1.1 255.255.255.252 interface LoopBack0 ip address 10.100.0.3 255.255.255.255 [wangluo huiju-GigabitEthernet1/0/1]ping 10.100.102.2 Ping 10.100.102.2 (10.100.102.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.100.102.2: icmp_seq=0 ttl=255 time=6.212 ms 56 bytes from 10.100.102.2: icmp_seq=1 ttl=255 time=3.258 ms 56 bytes from 10.100.102.2: icmp_seq=2 ttl=255 time=3.670 ms 56 bytes from 10.100.102.2: icmp_seq=3 ttl=255 time=2.772 ms 56 bytes from 10.100.102.2: icmp_seq=4 ttl=255 time=4.012 ms三、配置OSPF 配置OSPF之前先配置loopback地址三层接口使能OSPF,配置为P2P模式,放在区域0[wangluo hexin-Ten-GigabitEthernet1/0/49]dis th # interface Ten-GigabitEthernet1/0/49 port link-mode route combo enable fiber ip address 10.100.1.1 255.255.255.252 ospf network-type p2p ospf 1 area 0.0.0.0loopback使能OSPF,放在区域0interface LoopBack0 ip address 10.100.0.3 255.255.255.255 ospf 1 area 0.0.0.0VLAN使能OSPF,业务网段放在区域1[wangluo huiju-Vlan-interface102]dis th # interface Vlan-interface102 ip address 10.100.102.1 255.255.255.0 ospf 1 area 0.0.0.1 #全部配置完成后,网络主机可ping通监控主机<H3C>ping 10.100.103.2 Ping 10.100.103.2 (10.100.103.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.100.103.2: icmp_seq=0 ttl=251 time=18.180 ms 56 bytes from 10.100.103.2: icmp_seq=1 ttl=251 time=9.608 ms 56 bytes from 10.100.103.2: icmp_seq=2 ttl=251 time=14.053 ms 56 bytes from 10.100.103.2: icmp_seq=3 ttl=251 time=13.112 ms 56 bytes from 10.100.103.2: icmp_seq=4 ttl=251 time=12.268 ms四、OSPF优化 限制OSPF收发报文的端口[wangluo hexin-ospf-1]dis th # ospf 1 silent-interface all undo silent-interface Ten-GigabitEthernet1/0/49 undo silent-interface Ten-GigabitEthernet1/0/50 undo silent-interface Ten-GigabitEthernet2/0/49 undo silent-interface Ten-GigabitEthernet2/0/50 area 0.0.0.0五、测试 网络主机ping监控主机,在ping过程中断掉双线中的一条,会丢包一个,删除多个双线中的一条,最多会丢包4个56 bytes from 10.100.103.2: icmp_seq=519 ttl=251 time=16.112 ms 56 bytes from 10.100.103.2: icmp_seq=520 ttl=251 time=20.881 ms 56 bytes from 10.100.103.2: icmp_seq=521 ttl=251 time=15.032 ms Request time out 56 bytes from 10.100.103.2: icmp_seq=523 ttl=251 time=36.649 ms 56 bytes from 10.100.103.2: icmp_seq=524 ttl=251 time=16.727 ms 56 bytes from 10.100.103.2: icmp_seq=525 ttl=251 time=15.137 ms 56 bytes from 10.100.103.2: icmp_seq=526 ttl=251 time=17.651 ms Request time out Request time out Request time out Request time out Request time out 56 bytes from 10.100.103.2: icmp_seq=532 ttl=251 time=13.904 ms 56 bytes from 10.100.103.2: icmp_seq=533 ttl=251 time=42.994 ms 56 bytes from 10.100.103.2: icmp_seq=534 ttl=251 time=27.916 ms 56 bytes from 10.100.103.2: icmp_seq=535 ttl=251 time=14.782 ms六、实机测试 1、实际测试BFD防分裂能力 物理机配置BFD不存在死机问题,模拟器有BUG当前1为主,2为从,共连接了1/0/18 2/0/18 2/0/23,其中2/0/23配置了IRF保留接口直接拔掉两条堆叠线结果,终端BFD告警,交换机接口2/0/18停止工作,仅保留接口2/0/23保持工作%Jan 7 12:29:20:050 2021 S5560X-30F-EI_09 BFD/5/BFD_CHANGE_FSM: Sess[1.0.0.1/1.0.0.2, LD/RD:32897/32897, Interface:Vlan4094, SessType:Ctrl, LinkType:INET], Ver:1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic) %Jan 7 12:29:20:055 2021 S5560X-30F-EI_09 BFD/5/BFD_CHANGE_FSM: Sess[1.0.0.1/1.0.0.2, LD/RD:32897/32897, Interface:Vlan4094, SessType:Ctrl, LinkType:INET], Ver:1, Sta: INIT->UP, Diag: 0 (No Diagnostic) %Jan 7 12:29:22:747 2021 S5560X-30F-EI_09 DEV/3/BOARD_REMOVED: Board was removed from slot 2, type is unknown.插回堆叠线,交换机2自动重启2、测试堆叠切换直接拔掉交换机1的电源线交换机2成为主交换机继续工作交换机1插电交换机1成为从交换机,交换机2保持主交换机,通讯恢复总结 爽 -
小型企业网络思路规划配置分享,H3C HCL模拟器 整体规划 采用三层网络结构,核心、汇聚三层互联,堆叠采用40G网络,汇聚10G,接入1G,网关下放到汇聚,交换机采用独立管理VLAN。功能实现 1、核心堆叠,汇聚堆叠,动态端口聚合2、配置DHCP服务器,配置DHCP中继,为多个VLAN提供服务3、静态路由与OSPF,配合ACL实现不同网络的访问控制4、外网NAT,专线静态路由5、接入交换机Telnet、管理IP实现6、SNMP网管服务部署7、DHCP仿冒防御8、端口隔离,防范网络风暴和ARP攻击项目文件分享 模拟器为H3C官方HCL模拟器,安装并导入即可{anote icon="" href="https://90apt.com/usr/uploads/2021/06/H3C%E7%BD%91%E7%BB%9C%E6%A8%A1%E6%8B%9F.zip" type="secondary" content="下载"/} 配置详情 1、设置固定IP,配置主机名如图片所示2、核心堆叠,采用40G口堆叠核心1<hexin1>sys System View: return to User View with Ctrl+Z. [hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54 [hexin1-if-range]shu [hexin1-if-range]quit [hexin1]irf member 1 priority 32 [hexin1]irf-port 1/1 [hexin1-irf-port1/1]port group interface FortyGigE 1/0/53 [hexin1-irf-port1/1]port group interface FortyGigE 1/0/54 [hexin1-irf-port1/1]quit [hexin1]irf-port-configuration active [hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54 [hexin1-if-range]un sh [hexin1-if-range]save核心2[hexin2]sys [hexin2]irf member 1 renumber 2 Renumbering the member ID may result in configuration change or loss. Continue?[Y/N]:y [hexin2]quit <hexin2>reboot <hexin2>sys System View: return to User View with Ctrl+Z. [hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54 [hexin2-if-range]shu [hexin2-if-range]quit [hexin2]irf member 2 priority 1 [hexin2]irf-port 2/2 [hexin2-irf-port2/2]port group interface FortyGigE 2/0/53 [hexin2-irf-port2/2]port group interface FortyGigE 2/0/54 [hexin2-irf-port2/2]qui [hexin2]irf-port-configuration active [hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54 [hexin2-if-range]un sh [hexin2-if-range]quit [hexin2]save连接堆叠线后,机器自动重启,此时两台交换机终端都会显示为 hexin1 3、车间汇聚堆叠,采用40G口步骤与核心相同,堆叠后两台终端都会显示为 chejianhuiju1 4、按图片为交换机配置IP和VLAN,三层采用路由模式,汇聚下联trunk,接入上联trunk,下联对应vlan车间汇聚做端口聚合[chejianhuiju1]vlan 1004 [chejianhuiju1-vlan1004]int vlan 1004 [chejianhuiju1-Vlan-interface1004]ip add 10.0.4.254 24 [chejianhuiju1-Vlan-interface1004]quit [chejianhuiju1]int Bridge-Aggregation 1 [chejianhuiju1-Bridge-Aggregation1]link-aggregation mode dynamic [chejianhuiju1-Bridge-Aggregation1]quit [chejianhuiju1]int g1/0/1 [chejianhuiju1-GigabitEthernet1/0/1]port link-aggregation group 1 [chejianhuiju1-GigabitEthernet1/0/1]int g2/0/1 [chejianhuiju1-GigabitEthernet2/0/1]port link-aggregation group 1 [chejianhuiju1-GigabitEthernet2/0/1]dis link-aggregation verbose GE1/0/1 0 32768 0 0x8000, 0000-0000-0000 {EF} GE2/0/1 0 32768 0 0x8000, 0000-0000-0000 {EF} [chejianhuiju1-GigabitEthernet2/0/1]vlan 1004 [chejianhuiju1-vlan1004]port Bridge-Aggregation 1 [chejianhuiju1]int Bridge-Aggregation 1 [chejianhuiju1-Bridge-Aggregation1]port link-type trunk [chejianhuiju1-Bridge-Aggregation1]port trunk permit vlan all [chejianhuiju1-Bridge-Aggregation1]save验证生产设备,ping 10.0.20.4 10.0.50.5 10.0.4.254 都通5、配置OSPF,实现车间、办公、生产服务器、基础服务器互通配置核心<hexin1>sys System View: return to User View with Ctrl+Z. [hexin1]ospf [hexin1-ospf-1]area 0 [hexin1-ospf-1-area-0.0.0.0]netwo [hexin1-ospf-1-area-0.0.0.0]network 10.0.70.0 0.0.0.255 [hexin1-ospf-1-area-0.0.0.0]network 10.0.40.0 0.0.0.255 [hexin1-ospf-1-area-0.0.0.0]network 10.0.60.0 0.0.0.255 [hexin1-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255 [hexin1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255 [hexin1-ospf-1-area-0.0.0.0]quit配置车间汇聚<chejianhuiju1>sys System View: return to User View with Ctrl+Z. [chejianhuiju1]ospf [chejianhuiju1-ospf-1]area 0 [chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.4.0 0.0.0.255 [chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255 [chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255 [chejianhuiju1-ospf-1-area-0.0.0.0]quit生产设备ping核心通,其他配置类似。6、配置DHCP服务器使用三层交换机搭建DHCP服务器,ping测试[H3C]hostname dhcp [dhcp]int g1/0/1 [dhcp-GigabitEthernet1/0/1]port link-mode route [dhcp-GigabitEthernet1/0/1]ip add 10.0.0.1 24 [dhcp-GigabitEthernet1/0/1]save [dhcp-GigabitEthernet1/0/1]quit [dhcp]ip route-static 0.0.0.0 0 10.0.0.254 [dhcp]ping 10.0.0.254 Ping 10.0.0.254 (10.0.0.254): 56 data bytes, press CTRL_C to break 56 bytes from 10.0.0.254: icmp_seq=0 ttl=255 time=0.000 ms创建DHCP池[dhcp]dhcp enable dhcp server ip-pool bangong gateway-list 10.0.3.254 network 10.0.3.0 mask 255.255.255.0 address range 10.0.3.100 10.0.3.200 dns-list 8.8.8.8 expired day 3 # dhcp server ip-pool wuxian gateway-list 10.0.2.254 network 10.0.2.0 mask 255.255.255.0 address range 10.0.2.150 10.0.2.200 dns-list 114.114.114.114 expired day 3 #沿途汇聚、核心都要开启DHCP中继,二层只要有对应VLAN并trunk即可。[jichuhuiju]dhcp enable # interface Vlan-interface1002 dhcp select relay dhcp relay server-address 10.0.0.1 # interface Vlan-interface1003 dhcp select relay dhcp relay server-address 10.0.0.1 # 查看客户端IP,成功获取IP[dhcp]display dhcp server ip-in-use IP address Client identifier/ Lease expiration Type Hardware address 10.0.2.150 0038-6163-312e-3334- Jun 26 20:35:43 2021 Auto(C) 3266-2e31-3730-362d- 4745-302f-302f-31 10.0.3.100 0038-6137-362e-3466- Jun 28 20:35:31 2021 Auto(C) 3864-2e31-3230-362d- 4745-302f-302f-31 7、配置专线,仅办公和无线可以访问办公汇聚、无线汇聚、核心、专线静态路由[wuxianhuiju] ip route-static 10.1.0.0 24 10.0.60.10 [hexin1]ip route-static 10.1.0.0 24 10.0.90.18 [zhuanxianwangguan]ip route-static 10.0.2.0 24 10.0.90.15测试办公和无线都可以访问专线IP10.1.0.28、配置办公和无线能访问外网,但外网无法直接访问内网办公汇聚、无线汇聚、核心默认路由,外网网关静态路由[bangonghuiju]ip route-static 0.0.0.0 0 10.0.30.6 [wuxianhuiju]ip route-static 0.0.0.0 0 10.0.60.10 [hexin1]ip route-static 0.0.0.0 0 10.0.10.1 [waibuwangguan]ip route-static 10.0.3.0 24 10.0.10.2 [waibuwangguan]ip route-static 10.0.2.0 24 10.0.10.2配置最简单NAT访问方式Easy IP[waibuwangguan]acl basic 200 [waibuwangguan-acl-ipv4-basic-2000]rule 0 permit source 10.0.2.0 0.0.0.255 [waibuwangguan-acl-ipv4-basic-2000]acl basic 2001 [waibuwangguan-acl-ipv4-basic-2001]rule 0 permit source 10.0.3.0 0.0.0.255 [waibuwangguan-acl-ipv4-basic-2001]quit [waibuwangguan]int g0/0 [waibuwangguan-GigabitEthernet0/0]nat outbound 2001 [waibuwangguan-GigabitEthernet0/0]nat outbound 2000办公和无线ping外网1.1.1.2通,外网ping内网不通9、POE供电受模拟器限制无法实现,实际在无线接入执行 poe enable 即可10、办公人员通过telnet远程管理车间接入交换机车间汇聚创建管理vlan2000[chejianhuiju1]vlan 2000 [chejianhuiju1-vlan2000]int vlan 2000 [chejianhuiju1-Vlan-interface2000]ip add 192.168.1.254 24车间接入创建管理vlan,开启telnet服务,设置默认路由<chejianjieru>sys System View: return to User View with Ctrl+Z. [chejianjieru]vlan 2000 [chejianjieru-vlan2000]int vlan 2000 [chejianjieru-Vlan-interface2000]ip add 192.168.1.2 24 [chejianjieru-Vlan-interface2000]quit [chejianjieru]user-interface vty 0 4 [chejianjieru-line-vty0-4]authentication-mode scheme [chejianjieru-line-vty0-4]quit [chejianjieru]local-user admin New local user added. [chejianjieru-luser-manage-admin]password simple 123456 [chejianjieru-luser-manage-admin]authorization-attribute user-role level-15 [chejianjieru-luser-manage-admin]service-type telnet [chejianjieru-luser-manage-admin]quit [chejianjieru]telnet server enable [chejianjieru]save [chejianjieru]ip route-static 0.0.0.0 0 192.168.1.254核心添加静态路由[hexin1]ip route-static 192.168.1.0 24 10.0.20.4办公人员远程telnet<bangonghuiju>telnet 192.168.1.2 Trying 192.168.1.2 ... Press CTRL+K to abort Connected to 192.168.1.2 ... ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** login: admin Password: <chejianjieru>11、配置snmp网络管理协议配置向10.0.0.1发送设备信息snmp-agent snmp-agent community write private snmp-agent community read public snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 10.0.0.1 params securityname public v2c12、配置监控网络,办公和无线可以访问监控服务器,不可访问摄像头,摄像头仅与监控服务器互相访问核心设置静态路由,监控汇聚设置默认路由[hexin1]ip route-static 10.0.5.0 24 10.0.80.17 [jiankonghuiju]ip route-static 0.0.0.0 0 10.0.80.16在监控汇聚上联接口配置ACL规则,只允许访问10.0.5.1发出,其他禁止,从而达到只允许监控服务器被访问的目的[jiankonghuiju]acl basic 2000 [jiankonghuiju-acl-ipv4-basic-2000]rule 0 permit source 10.0.5.1 0 [jiankonghuiju-acl-ipv4-basic-2000]rule 1 deny [jiankonghuiju-acl-ipv4-basic-2000]quit [jiankonghuiju]int Ten-GigabitEthernet1/0/49 [jiankonghuiju-Ten-GigabitEthernet1/0/49]packet-filter 2000 outbound测试办公可以ping通10.0.5.1,不能ping通10.0.5.213、配置DHCP snooping,防止仿冒攻击全局开启dhcp snooping,上联端口启用dhcp信任[bangongjieru]dhcp snooping enable [bangongjieru]interface GigabitEthernet1/0/2 [bangongjieru]dhcp snooping trust14、配置端口隔离,减少接入傻瓜交换机造成的网络风暴,防御ARP攻击[H3C]port-isolate group 2 [H3C]int g1/0/1 [H3C-GigabitEthernet1/0/1]port-isolate enable group 2 [H3C-GigabitEthernet1/0/1]int g1/0/2 [H3C-GigabitEthernet1/0/2]port-isolate enable group 2 [H3C-GigabitEthernet1/0/2]quit [H3C]dis port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2总结 爽
-
alma8 密钥更换 Import of key(s) didn't help, wrong key(s)? https://almalinux.org/blog/2023-12-20-almalinux-8-key-update/去年年底,我们经历了一次系统故障,导致主密钥丢失,这将使我们能够延长用于签署 AlmaLinux 8 软件包的 GPG 密钥的寿命,它将于 2024 年 1 月到期。虽然我们已经确保这种情况不会再次发生,但某些用户将需要采取特定步骤来导入新的 GPG 密钥。如果您的设备在 AlmaLinux 8 的更新中运行得有点滞后,请阅读下面的详细信息以确定您需要采取的措施。为 AlmaLinux 8 GPG 密钥更改做好准备2024 年 1 月 12 日,我们将开始使用更新的 GPG 密钥对 AlmaLinux 8 的 RPM 包和 repodata 进行签名。在我们进行切换时,采取以下步骤将使您能够继续接收更新而不会出现问题。快速通道如果你想确保你的系统已经包含并信任新的 AlmaLinux 8 GPG 密钥,你可以直接导入它:rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
-
SRS Docker一键搭建直播平台 视频采集端rtmp协议-推送到SRS直播服务器-客户端拉取直播流官方说明https://ossrs.net/lts/zh-cn/docs/v4/doc/introductiondocker run -d -p 1935:1935 -p 1985:1985 -p 8080:8080 ossrs/srs:latest 1935端口为rtmp默认服务端口 1985 为SRS API端口 8080 为web控制台端口一、web控制台使用登录控制台可查看默认rtmp推流地址进入控制台内容为空,通过SRS连接服务连接服务器服务器状态二、快速使用默认推流地址 rtmp://IP/live/livestream默认观看地址 http://IP:8080/live/livestream.flv三、多人使用推流地址+N,如rtmp://IP/live/livestream1rtmp://IP/live/livestream2rtmp://IP/live/livestream3则观看地址为http://IP:8080/live/livestream1.flvhttp://IP:8080/live/livestream2.flvhttp://IP:8080/live/livestream3.flv四、小结部署快速,但缺少密码防护,可以用于临时快速使用
-
使用1Panel面板,快速部署百度千帆在线大模型、llama2本地大模型 问答系统 百度千帆在线大模型llama2本地大模型一、申请百度千帆免费大模型 1、登录百度智能云控制台,开通免费大模型https://console.bce.baidu.com/qianfan/ais/console/onlineService模型服务-在线服务2、模型服务-应用接入-创建应用-获得API Key和Secret Key二、部署Ollama 1Panel面板应用商店 端口允许外网访问安装完成,查看日志获取 key三、部署MaxKB 安装并允许外网访问四、添加大模型 1、百度千帆在线大模型系统设置-模型设置-千帆大模型2、llama2本地大模型系统设置-模型设置-Ollama注意,本文为快速演示,所以只使用最简单的llama2模型,支持8G内存运行,其他模型对配置要求高,需要GPU支持五、配置对话应用 1、创建应用2、千帆大模型3、本地大模型六、使用 打开链接使用正常七、总结 非常简单
-
python3开发uptime-kuma批量导入脚本 批量导入IP进行ping检测,如大批量摄像头uptime_kuma_api库使用说明https://github.com/lucasheld/uptime-kuma-api/所有接口https://uptime-kuma-api.readthedocs.io/en/latest/api.htmlfrom uptime_kuma_api import UptimeKumaApi, MonitorType zidian = { "ipadd" : [ {"hostname" : "test1" , "ip" : "172.16.1.1"}, {"hostname" : "test2" , "ip" : "172.16.1.2"}, {"hostname" : "test3" , "ip" : "172.16.1.3"}, {"hostname" : "test4" , "ip" : "172.16.1.4"}, {"hostname": "test5", "ip": "172.16.1.5"}, {"hostname": "test6", "ip": "172.16.1.6"}, {"hostname": "test7", "ip": "172.16.1.7"}, {"hostname": "test8", "ip": "172.16.1.8"}, {"hostname": "test9", "ip": "172.16.1.9"}, {"hostname": "test10", "ip": "172.16.1.10"}, {"hostname": "test11", "ip": "172.16.1.11"} ] } api = UptimeKumaApi('http://1.1.1.1:3001/') api.login('admin', 'mima') for key in zidian["ipadd"]: result = api.add_monitor(type=MonitorType.PING, name=key["hostname"], hostname=key["ip"]) print(result) api.disconnect()运行中导入完成
-
acme.sh自动解析并申请泛域名通配符证书 腾讯云 阿里云 一、部署 acme.shcurl https://get.acme.sh | sh -s email=admin@90apt.com安装后,acmesh会生成计划任务acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.8 crontab -l 37 12 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null配置默认ca服务器为letsencryptacme.sh --set-default-ca --server letsencrypt二、腾讯云申请泛域名通配符证书1、获取腾讯云 SecretId 和 SecretKeyhttps://console.cloud.tencent.com/cam/capi2、导入环境变量export Tencent_SecretId="AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" export Tencent_SecretKey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"3、申请证书acme.sh --issue --dns dns_tencent -d 90apt.com -d *.90apt.com --debug申请完成-----END CERTIFICATE----- [Thu Jun 20 14:13:23 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer [Thu Jun 20 14:13:23 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key [Thu Jun 20 14:13:23 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer [Thu Jun 20 14:13:23 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer [Thu Jun 20 14:13:23 CST 2024] _on_issue_success [Thu Jun 20 14:13:23 CST 2024] '' does not contain 'dns'4、查看证书ll /root/.acme.sh/90apt.com_ecc/ total 32 -rw-r--r-- 1 root root 1452 Jun 20 14:13 90apt.com.cer -rw-r--r-- 1 root root 567 Jun 20 14:13 90apt.com.conf -rw-r--r-- 1 root root 473 Jun 20 14:12 90apt.com.csr -rw-r--r-- 1 root root 198 Jun 20 14:12 90apt.com.csr.conf -rw------- 1 root root 227 Jun 20 14:12 90apt.com.key -rw-r--r-- 1 root root 2668 Jun 20 14:13 ca.cer -rw-r--r-- 1 root root 4120 Jun 20 14:13 fullchain.cer三、腾讯云申请泛域名通配符证书1、进入RAM访问控制2、创建用户组3、给用户组增加DNS完整控制权限 AliyunDNSFullAccess4、创建用户5、给用户分配用户组,使其获得DNS完整控制权6、创建AccessKey7、导入环境变量export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"8、申请证书acme.sh --issue --dns dns_ali -d 90apt.com -d *.90apt.com --debug申请完成[Thu Jun 20 14:41:41 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer [Thu Jun 20 14:41:41 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key [Thu Jun 20 14:41:41 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer [Thu Jun 20 14:41:41 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer [Thu Jun 20 14:41:41 CST 2024] _on_issue_success [Thu Jun 20 14:41:41 CST 2024] '' does not contain 'dns'9、查看证书ll /root/.acme.sh/90apt.com_ecc/ total 32 -rw-r--r-- 1 root root 2668 Jun 20 14:41 ca.cer -rw-r--r-- 1 root root 1460 Jun 20 14:41 90apt.com.cer -rw-r--r-- 1 root root 569 Jun 20 14:41 90apt.com.conf -rw-r--r-- 1 root root 481 Jun 20 14:40 90apt.com.csr -rw-r--r-- 1 root root 204 Jun 20 14:40 90apt.com.csr.conf -rw------- 1 root root 227 Jun 20 14:40 90apt.com.key -rw-r--r-- 1 root root 4128 Jun 20 14:41 fullchain.cer四、acme.sh程序自动升级:acme.sh --upgrade --auto-upgrade关闭自动升级acme.sh --upgrade --auto-upgrade 0五、debugacme.sh --issue ..... --debug
-
ALMA9 部署Spug开源运维平台 1、安装dockeryum install -y yum-utils #官方源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #阿里云加速源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce docker-ce-cli containerd.io2、配置docker网段和加速源/etc/docker/daemon.json { "bip": "192.168.120.1/24", "registry-mirrors": [ "https://docker.1panel.live" ] }3、启动服务systemctl enable --now docker4、创建docker-compose.ymldocker-compose.ymlversion: "3.3" services: db: image: mariadb:10.8.2 container_name: spug-db restart: always command: --port 3306 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci volumes: - /data/spug/mysql:/var/lib/mysql environment: - MYSQL_DATABASE=spug - MYSQL_USER=spug - MYSQL_PASSWORD=spug.cc - MYSQL_ROOT_PASSWORD=spug.cc spug: image: openspug/spug-service container_name: spug privileged: true restart: always volumes: - /data/spug/service:/data/spug - /data/spug/repos:/data/repos ports: # 如果80端口被占用可替换为其他端口,例如: - "8000:80" - "80:80" environment: - MYSQL_DATABASE=spug - MYSQL_USER=spug - MYSQL_PASSWORD=spug.cc - MYSQL_HOST=db - MYSQL_PORT=3306 depends_on: - db5、启动容器docker compose up -d6、初始化以下操作会创建一个用户名为 admin 密码为 spug.cc 的管理员账户,可自行替换管理员账户/密码。docker exec spug init_spug admin spug.cc7、访问测试在浏览器中输入 http://ip:80 访问。8、开始使用
-
ALMA Linux 9部署 Zabbix7.0 LTS 单服务器架构 PostgreSQL Nginx Zabbix7.0 LTS 已于2024年6月4日正式发布。zabbix6.0安装教程请看这里https://90apt.com/2982一、架构选型 我这里使用单服务器架构ALMA9 Zabbix7.0 PostgreSQL Nginx二、系统准备 我这里部署的系统是ALMA Linux 9系统查看系统版本 cat /etc/redhat-release AlmaLinux release 9.4 (Seafoam Ocelot) 关闭SELINUX setenforce 0 setenforce: SELinux is disabled /etc/selinux/config SELINUX=disabled getenforce Disabled 防火墙,开放zabbix平台和zabbix监听端口,我nginx配置8080,zabbix默认监听10051 firewall-cmd --add-port=8080/tcp --permanent firewall-cmd --add-port=80/tcp --permanent firewall-cmd --add-port=10050-10051/tcp --permanent firewall-cmd --reload firewall-cmd --list-ports三、环境准备 1、部署数据库部署postgresql数据库yum install postgresql-server查看数据库版本psql --version psql (PostgreSQL) 13.14初始化数据库postgresql-setup initdb开启数据库密码验证,取消postgresql.conf配置文件中的注释/var/lib/pgsql/data/postgresql.conf password_encryption = md5 # md5 or scram-sha-256如果数据库不在本地,要通过网络访问,则需修改监听地址和防火墙开放对应端口/var/lib/pgsql/data/postgresql.conf listen_addresses = '*' # what IP address(es) to listen on; port = 5432配置数据库访问策略,允许本地网络使用密码访问数据库/var/lib/pgsql/data/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 如果要允许所有外部IP访问,地址要写all host all all all md5 启动数据库systemctl start postgresql systemctl enable postgresql2、安装中文语言dnf install langpacks-zh_CN.noarch四、安装zabbix7.0 1、安装zabbix yum 源rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-7.0-2.el9.noarch.rpm2、安装Zabbix Server、前端、agent等dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent3、创建zabbix数据库su - postgres 新建用户,回车后输入密码 createuser --pwprompt zabbix createdb -O zabbix zabbix4、root用户下导入初始数据库zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix5、配置Zabbix配置文件/etc/zabbix/zabbix_server.conf DBPassword=密码上面新建的数据库zabbix的密码6、配置nginx虚拟主机/etc/nginx/conf.d/zabbix.conf 配置默认端口和主机名 listen 8080; server_name example.com;7、启动Zabbix server和agent进程,并为它们设置开机自启systemctl restart zabbix-server zabbix-agent nginx php-fpm systemctl enable zabbix-server zabbix-agent nginx php-fpm五、进行zabbix安装向导 http://ip 验证nginx访问http://ip:8080 进入zabbix向导验证数据库配置主机名、时区最后检查安装完成六、登录Zabbix 1、登录默认账号 Admin 密码zabbix2、修改用户名密码我这里把Admin改为admin,密码自定义七、其他配置 八、故障排错 1、若出现 Zabbix服务器端运行中 否,请排查日志,根据日志处理/var/log/zabbix/zabbix_server.log
-
国产最强免费WAF 雷池社区版6.0 动态防护能力介绍 介绍: https://waf-ce.chaitin.cn/雷池WAF,基于智能语义分析的下一代 Web 应用防火墙使用情况 我司于2023年4月23日对雷池进行测试,测试一个月后,于2023年5月24日对雷池进行正式切换,此时版本为1.5.1。 里程碑纪念后续一直跟随雷池进行版本升级,当前版本已经升级到6.0,使用雷池已经一周年,使用期间未发生WEB层面入侵事件。里程碑纪念产品对比 在此期间,我司也考察购买了某某服、某恒的WAF产品,在操作简易度,报告精度方面,商业产品也无法与雷池社区版匹敌。某某服报警详情,无法用于研判攻击细节某恒报警详情,规则匹配,黑白名单颗粒度过大雷池社区版报警详情,细节清晰,可进行多重匹配精细化规则设置高级安全能力演示 1、动态防护 作用保护前端代码的隐私性阻止爬虫行为阻止漏洞扫描行为阻止攻击利用行为开启前开启后2、人机验证作用可抵御爬虫和自动化漏洞测试攻击软件开启前开启后3、身份认证作用 可为非公开站点增加整站验证 开启前开启后小结 经过一年使用,无故障无宕机无黑客事件,国产最强免费WAF当之无愧!
-
MariaDB10.6 MySql安装部署、权限设置、外网访问 本文使用Alma linux 8安装一、安装数据库配置mariabd源 /etc/yum.repos.d/MariaDB.repo# MariaDB 10.6 CentOS repository list - created 2023-02-02 03:14 UTC # https://mariadb.org/download/ [mariadb] name = MariaDB baseurl = https://mirrors.aliyun.com/mariadb/yum/10.6/centos8-amd64 module_hotfixes=1 gpgkey=https://mirrors.aliyun.com/mariadb/yum/RPM-GPG-KEY-MariaDB gpgcheck=1二、安装数据库、启动、并设置开机启动dnf clean all dnf install mariadb-server systemctl enable --now mariadb三、进行MariaDB数据库初始化mariadb-secure-installation首先是设置密码,会提示先输入密码 Enter current password for root (enter for none):<–初次运行直接回车 Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车 New password: <– 设置root用户的密码 Re-enter new password: <– 再输入一次你设置的密码 Remove anonymous users? [Y/n] <– 是否删除匿名用户 Disallow root login remotely? [Y/n] <–是否禁止root远程登录,建议禁止 Remove test database and access to it? [Y/n] <– 是否删除test数据库 Reload privilege tables now? [Y/n] <– 是否重新加载权限表四、创建数据库和数据库管理员账号、只读账号,允许外网访问control数据库管理员admin密码adminpasswdcontrol数据库只读guest密码guestpasswdmysql -uroot -p登录mariadb> create database control character set utf8mb4 collate utf8mb4_bin; mariadb> create user admin@'%' identified by 'adminpasswd'; mariadb> grant all privileges on control.* to admin@'%'; mariadb> CREATE USER 'guest'@'%' IDENTIFIED BY 'guestpasswd'; mariadb> GRANT SELECT ON control.* TO 'guest'@'%'; mariadb> FLUSH PRIVILEGES; mariadb> quit;五、开启事务、事件MariaDB [test]> SHOW VARIABLES LIKE 'event_scheduler'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | event_scheduler | OFF | +-----------------+-------+ 1 row in set (0.001 sec)临时开启MariaDB [test]>SET GLOBAL event_scheduler = ON;永久开启/etc/my.cnf[mysqld] event_scheduler=ON六、防火墙别忘了开放端口firewall-cmd --add-port=3306/tcp --permanent firewall-cmd --reload firewall-cmd --list-ports firewall-cmd --list-services七、客户端连接测试完毕
-
安恒EDR明御终端安全及防病毒系统、火绒explorer误报导致桌面黑屏 火绒关于近期explorer误报问题说明您好,由于火绒误报explorer.exe给您造成的不便我们深感抱歉,该误报为微软补丁更新后触发火绒之前查杀特征导致,涉及系统版本为windows10 22h2 64位和32位。https://bbs.huorong.cn/thread-136360-1-1.html安恒使用了火绒杀毒引擎,安恒EDR误报说明若已经出现黑屏问题:1)黑屏界面使用组合键 Ctrl + Alt + Del 调出任务管理器,左上角-文件-运行新命令或新任务- 勾选"管理员权限" 运行cmd命令;2)执行命令 sfc /scanfile=c:\windows\explorer.exe 回车,explorer.exe 修复成功,再次运行新命令c:\windows\explorer.exe可启动桌面或直接重启电脑。
