├── .gitignore ├── ngrok ├── ngrok.sh ├── ngrokd.sh ├── Dockerfile ├── ngrok.cfg └── docker-compose.yml ├── docs ├── basic │ ├── imgs │ │ ├── OSI.PNG │ │ ├── tcp-ip.PNG │ │ ├── ip-address.PNG │ │ ├── osi-tcp-ip.PNG │ │ ├── network-scope.PNG │ │ ├── device-structure.PNG │ │ └── URI_syntax_diagram.svg.png │ ├── 私有地址.md │ ├── [阿里云][域名解析]URL转发.md │ ├── [namesilo][dnspod]域名申请和解析.md │ ├── 局域网、广域网、互联网和私有专用网.md │ ├── 网络体系结构.md │ ├── DNS解析过程.md │ ├── 路由器、交换机、集线器、中继器.md │ ├── URL构成.md │ └── ip地址.md ├── nginx │ ├── imgs │ │ ├── aliyun-ca.png │ │ ├── first-index.png │ │ ├── hello-nginx.png │ │ ├── purchased-ca.png │ │ ├── nginx-jenkins.png │ │ ├── reverse_proxy.png │ │ ├── welcome-nginx.png │ │ └── welcome_nginx.png │ ├── 中文乱码.md │ ├── 多域名配置同一端口.md │ ├── 文件共享.md │ ├── 测试.md │ ├── 安装.md │ ├── 托管网站.md │ ├── [腾讯云]配置HTTPs.md │ ├── 反向代理.md │ ├── docker安装nginx.md │ ├── [阿里云]配置HTTPs.md │ ├── 配置.md │ └── [译]NGINX Reverse Proxy.md ├── tomcat │ ├── imgs │ │ └── tomcat-8080.png │ ├── 关于Tomcat.md │ ├── 非root用户运行.md │ └── [Ubuntu 16.02]Tomcat9安装.md ├── intranet-penetration │ ├── imgs │ │ ├── n2n_com.png │ │ ├── n2n_nat.png │ │ ├── n2n_network.png │ │ ├── oray-login.png │ │ ├── port-setting.png │ │ ├── switch-account.png │ │ └── router-visual-setting.png │ ├── ngrok │ │ ├── imgs │ │ │ ├── ngrok.png │ │ │ ├── ngrok-connect.png │ │ │ ├── ngrok_online.png │ │ │ ├── ngrok_online2.png │ │ │ └── tunnels_online.png │ │ ├── index.md │ │ ├── [ngrok]docker实现.md │ │ ├── [ngrok]Ubuntu service实现.md │ │ ├── [ngrok]TCP和HTTP连接配置.md │ │ └── [内网穿透]ngrok实现.md │ ├── [内网穿透][路由器]虚拟服务器.md │ ├── 前言.md │ ├── [内网穿透]n2n原理.md │ ├── [内网穿透]花生壳.md │ └── [内网穿透]n2n实现.md ├── ssh │ ├── [SSH]常用工具.md │ ├── [SSH]禁用公钥检查.md │ ├── Bad owner or permissions on .ssh config.md │ ├── Permission denied (publickey).md │ ├── [ssh-agent]代理设置.md │ ├── [SSH]连接卡住.md │ ├── [SSH -L]端口转发.md │ ├── http和ssh协议.md │ ├── ssh: connect to host github.com port 22: Connection timed out.md │ ├── [SSH]客户端连接一段时间后卡死问题解决.md │ ├── [ssh-copy-id]复制公钥到远程服务器.md │ ├── ssh_config: terminating, 1 bad configuration options.md │ ├── [SSH]客户端配置文件config.md │ ├── ssh_exchange_identification: Connection closed by remote host.md │ ├── [SSH]生成密钥.md │ ├── [ssh-add]添加私钥缓存.md │ ├── [SSH]Too many ssh failures.md │ └── [SSH]远程连接.md ├── index.md └── advanced │ ├── [Docker][Ubuntu 18.04]网络工具安装.md │ ├── [Ubuntu 18.04]wifi信息查询.md │ ├── [netstat]端口查询.md │ ├── [nc]远程端口查询.md │ ├── netplan.md │ ├── [nslookup]域名解析.md │ └── [Ubuntu 18.04][resolv.conf]公共DNS设置.md ├── requirements.txt ├── README.md ├── mkdocs.yml └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | 3 | node_modules/ 4 | 5 | docs/build/* 6 | -------------------------------------------------------------------------------- /ngrok/ngrok.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd /opt/ngrok 4 | 5 | ./ngrok -config ngrok.cfg start-all 6 | -------------------------------------------------------------------------------- /docs/basic/imgs/OSI.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/OSI.PNG -------------------------------------------------------------------------------- /docs/basic/imgs/tcp-ip.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/tcp-ip.PNG -------------------------------------------------------------------------------- /docs/nginx/imgs/aliyun-ca.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/aliyun-ca.png -------------------------------------------------------------------------------- /docs/basic/imgs/ip-address.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/ip-address.PNG -------------------------------------------------------------------------------- /docs/basic/imgs/osi-tcp-ip.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/osi-tcp-ip.PNG -------------------------------------------------------------------------------- /docs/nginx/imgs/first-index.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/first-index.png -------------------------------------------------------------------------------- /docs/nginx/imgs/hello-nginx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/hello-nginx.png -------------------------------------------------------------------------------- /docs/nginx/imgs/purchased-ca.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/purchased-ca.png -------------------------------------------------------------------------------- /docs/tomcat/imgs/tomcat-8080.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/tomcat/imgs/tomcat-8080.png -------------------------------------------------------------------------------- /docs/basic/imgs/network-scope.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/network-scope.PNG -------------------------------------------------------------------------------- /docs/nginx/imgs/nginx-jenkins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/nginx-jenkins.png -------------------------------------------------------------------------------- /docs/nginx/imgs/reverse_proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/reverse_proxy.png -------------------------------------------------------------------------------- /docs/nginx/imgs/welcome-nginx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/welcome-nginx.png -------------------------------------------------------------------------------- /docs/nginx/imgs/welcome_nginx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/nginx/imgs/welcome_nginx.png -------------------------------------------------------------------------------- /docs/basic/imgs/device-structure.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/device-structure.PNG -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs==1.0.4 2 | mkdocs-material==4.6.0 3 | mkdocs-minify-plugin==0.2.1 4 | Markdown==3.1.1 5 | markdown-katex==201912.11b0 -------------------------------------------------------------------------------- /docs/basic/imgs/URI_syntax_diagram.svg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/basic/imgs/URI_syntax_diagram.svg.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/n2n_com.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/n2n_com.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/n2n_nat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/n2n_nat.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/n2n_network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/n2n_network.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/oray-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/oray-login.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/port-setting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/port-setting.png -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/imgs/ngrok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/ngrok/imgs/ngrok.png -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/switch-account.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/switch-account.png -------------------------------------------------------------------------------- /ngrok/ngrokd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd /app 4 | 5 | ./ngrokd -tlsKey=a.key -tlsCrt=a.pem -domain="${DOMAIN}" -httpAddr=":6060" -httpsAddr=":6061" -tunnelAddr=":6062" -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/imgs/ngrok-connect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/ngrok/imgs/ngrok-connect.png -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/imgs/ngrok_online.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/ngrok/imgs/ngrok_online.png -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/imgs/ngrok_online2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/ngrok/imgs/ngrok_online2.png -------------------------------------------------------------------------------- /ngrok/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM zjzstu/ubuntu:latest 2 | LABEL Author="zhujian " 3 | 4 | COPY . /app 5 | 6 | WORKDIR /app 7 | 8 | ENTRYPOINT ["/app/ngrokd.sh"] 9 | -------------------------------------------------------------------------------- /docs/intranet-penetration/imgs/router-visual-setting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/imgs/router-visual-setting.png -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/imgs/tunnels_online.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Document-Collection/network-guide/HEAD/docs/intranet-penetration/ngrok/imgs/tunnels_online.png -------------------------------------------------------------------------------- /ngrok/ngrok.cfg: -------------------------------------------------------------------------------- 1 | server_addr: ngrok.xxx.xxx:tunnel-port 2 | trust_host_root_certs: true 3 | tunnels: 4 | http: 5 | subdomain: www 6 | remote_port: xxx 7 | proto: 8 | http: xxx 9 | ssh: 10 | remote_port: xxx 11 | proto: 12 | tcp: xxx 13 | -------------------------------------------------------------------------------- /docs/ssh/[SSH]常用工具.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]常用工具 3 | 4 | 参考: 5 | 6 | [OpenSSH-百度百科](https://baike.baidu.com/item/OpenSSH/1137789?fr=aladdin) 7 | 8 | [OpenSSH](http://www.openssh.com/) 9 | 10 | `OpenSSH`包含了许多`ssh`工具 11 | 12 | 1. `ssh`:远程管理 13 | 2. `scp`:远程传输 14 | 3. `ssh-keygen`:公/私钥生成 15 | 4. `ssh-add/ssh-agent`:私钥缓存 16 | 5. `ssh-copy-id`:复制本地公钥到远程服务器 -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # 本仓库不再维护,更新的内容前往:[ZJDoc/Deploy](https://github.com/ZJDoc/Deploy) 2 | 3 | # 引言 4 | 5 | 学习计算机网络基础知识以及相关工具使用 6 | 7 | * [基础知识](./basic/ip地址.md) 8 | * [进阶操作](./advanced/[Ubuntu 18.04]wifi信息查询.md) 9 | * [内网穿透](./intranet-penetration/前言.md) 10 | * [Nginx使用](./nginx/安装.md) 11 | * [Tomcat使用](./tomcat/关于Tomcat.md) 12 | * [SSH使用](./ssh/[SSH]远程连接.md) -------------------------------------------------------------------------------- /ngrok/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | ngrok: 4 | labels: 5 | AUTHOR: "zhujian " 6 | container_name: ngrokd 7 | image: zjzstu/ngrok:server 8 | build: . 9 | environment: 10 | - DOMAIN=xxx.xxx.xxx 11 | ports: 12 | - "xxxx:xxxx" 13 | restart: always 14 | tty: true 15 | stdin_open: true -------------------------------------------------------------------------------- /docs/intranet-penetration/[内网穿透][路由器]虚拟服务器.md: -------------------------------------------------------------------------------- 1 | 2 | # [内网穿透][路由器]虚拟服务器 3 | 4 | 参考:[路由器虚拟服务器(端口映射)设置指导](https://service.tp-link.com.cn/detail_article_69.html) 5 | 6 | 最方面的操作就是通过路由器的虚拟服务器功能进行端口映射 7 | 8 | ## 设置 9 | 10 | 进入设置页面,选择`高级功能`->`虚拟服务器`,点击`新增`按钮 11 | 12 | ![](./imgs/router-visual-setting.png) 13 | 14 | 输入规则名称(*自定义*)、生效接口(*就是WAN口,默认仅有一个WAN1口*)、外部端口、内部端口、内部服务器`IP` 15 | 16 | ## 实验室使用 17 | 18 | 因为实验室局域网位于学校大局域网下,所以通过路由器的虚拟服务器功能映射出去的端口仍旧处于内网中,`github`无法访问 -------------------------------------------------------------------------------- /docs/intranet-penetration/前言.md: -------------------------------------------------------------------------------- 1 | 2 | # 前言 3 | 4 | 参考: 5 | 6 | [内网穿透](https://baike.baidu.com/item/%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F) 7 | 8 | [nat穿透](https://baike.baidu.com/item/nat%E7%A9%BF%E9%80%8F) 9 | 10 | 在学校实验室使用`Jenkins`,想要实现`github`连接,所以需要进行内网穿透,将局域网端口映射到公网 11 | 12 | 常用的内网穿透方法包括 13 | 14 | 1. 路由器的虚拟服务器设置 15 | 2. 花生壳的内网穿透服务 16 | 3. `n2n`的`p2p`节点连接 17 | 4. `ssh`端口转发:[实战 SSH 端口转发](https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/) 18 | 5. `ngrok`实现(***推荐***) -------------------------------------------------------------------------------- /docs/nginx/中文乱码.md: -------------------------------------------------------------------------------- 1 | 2 | # 中文乱码 3 | 4 | 参考: 5 | 6 | [Nginx 显示中文乱码解决](https://blog.csdn.net/qq_35448976/article/details/79256873) 7 | 8 | 修改配置文件`/etc/nginx/conf.d/default.conf`,添加 9 | 10 | charset utf-8; 11 | 12 | $ cat default.conf 13 | server { 14 | ... 15 | ... 16 | charset utf-8; 17 | #charset koi8-r; 18 | ... 19 | } 20 | 21 | 重启`nginx`服务 22 | 23 | sudo service nginx restart 24 | 25 | 在浏览器刷新页面(`Ctrl+F5`)即可 26 | 27 | -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/index.md: -------------------------------------------------------------------------------- 1 | 2 | # 引言 3 | 4 | [Ngrok](https://github.com/inconshreveable/ngrok)是一个很有效的内网穿透工具,其不仅提供了在线服务,还可以自己搭建服务器进行内网穿透 5 | 6 | 之前已经完成了[[内网穿透]ngrok实现](./[内网穿透]ngrok实现.md),里面完整的实现了使用在线服务器和自建服务器的方式进行内网穿透。下面文档进一步补充自建服务器操作: 7 | 8 | 1. [[ngrok]TCP和HTTP连接配置](./[ngrok]TCP和HTTP连接配置.md):使用配置文件方式实现`HTTP`和`TCP`连接 9 | 2. [[ngrok]Ubuntu service实现](./[ngrok]Ubuntu service实现.md):配置`service`文件完成`ngrok`服务 10 | 3. [[ngrok]docker实现](./[ngrok]docker实现.md):使用`Docker`容器实现`ngrok`服务端 -------------------------------------------------------------------------------- /docs/ssh/[SSH]禁用公钥检查.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]禁用公钥检查 3 | 4 | 参考: 5 | 6 | [禁用SSH远程主机的公钥检查](http://www.worldhello.net/2010/04/08/1026.html) 7 | 8 | [TravisSendToServer](https://github.com/Godi13/TravisSendToServer/blob/master/.travis.yml) 9 | 10 | 第一次登录服务器时默认进行服务器公钥检查,可通过设置禁止 11 | 12 | 方法一:在`~/.ssh/config`文件中加入 13 | 14 | Host * 15 | StrictHostKeyChecking no 16 | # 或 17 | echo -e "Host ip-address\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config 18 | 19 | 方法二:在命令中添加禁止公钥检查参数 20 | 21 | $ ssh -o StrictHostKeyChecking=no ip-address -------------------------------------------------------------------------------- /docs/basic/私有地址.md: -------------------------------------------------------------------------------- 1 | 2 | # 私有地址 3 | 4 | 参考: 5 | 6 | [内网服务](https://cloud.tencent.com/document/product/213/5225) 7 | 8 | [私有地址](https://baike.baidu.com/item/%E7%A7%81%E6%9C%89%E5%9C%B0%E5%9D%80) 9 | 10 | `RFC 1918`指定了`3`个地址块仅能用于内部通信,不能在公网上和其他主机进行通信。`RFC 6890`全面给出了所有特殊用途的`IPv4`地址,针对这`3`个地址块没有变化 11 | 12 | 1. `10.0.0.0`到`10.255.255.255`(或记为`10.0.0.0/8`,又称为`24`位块,相当于一个`A`类网络) 13 | 2. `172.16.0.0`到`172.31.255.255`(或记为`172.16.0.0/12`,又称为`20`位块,相当于`16`个`B`类网络) 14 | 3. `192.168.0.0`到`192.168.255.255`(或记为`192.168.0.0/16`,又称为`16`位块,相当于`256`个`C`类网络) 15 | -------------------------------------------------------------------------------- /docs/advanced/[Docker][Ubuntu 18.04]网络工具安装.md: -------------------------------------------------------------------------------- 1 | 2 | # [Docker][Ubuntu 18.04]网络工具安装 3 | 4 | 参考: 5 | 6 | [Why isn't ifconfig available in Ubuntu Docker container?](https://serverfault.com/questions/613528/why-isnt-ifconfig-available-in-ubuntu-docker-container) 7 | 8 | [ubuntu 容器安装ping ifconfig ip命令](https://www.cnblogs.com/S--S/p/7209682.html) 9 | 10 | `Docker`官方`Ubuntu`镜像不包含`ifconfig/ip/ping`,必须手动安装 11 | 12 | ``` 13 | # ifconfig 14 | $ apt-get install net-tools 15 | # ip 16 | $ apt-get install iproute2 17 | # ping 18 | $ apt-get install iputils-ping 19 | ``` -------------------------------------------------------------------------------- /docs/ssh/Bad owner or permissions on .ssh config.md: -------------------------------------------------------------------------------- 1 | 2 | # Bad owner or permissions on .ssh config 3 | 4 | ## 问题复现 5 | 6 | ``` 7 | $ git push origin dev 8 | Bad owner or permissions on /home/zj/.ssh/config 9 | fatal: Could not read from remote repository. 10 | 11 | Please make sure you have the correct access rights 12 | and the repository exists. 13 | ``` 14 | 15 | ## 问题解决 16 | 17 | 参考:[Bad owner or permissions on .ssh/config的解决](https://blog.csdn.net/zcc_heu/article/details/79017606) 18 | 19 | 设置`config`文件权限为`600`即可 20 | 21 | ``` 22 | $ chmod 600 config 23 | ``` -------------------------------------------------------------------------------- /docs/ssh/Permission denied (publickey).md: -------------------------------------------------------------------------------- 1 | 2 | # Permission denied (publickey) 3 | 4 | ## 问题描述 5 | 6 | 使用`Docker Jenkins`,在本地生成私钥,把公钥放置到远程,还是出现了权限错误: 7 | 8 | ``` 9 | $ git ls-remote -h -- git@x48.xx.xx.9:/data/repositories/xxx.git HEAD 10 | Permission denied (publickey). 11 | fatal: Could not read from remote repository. 12 | 13 | Please make sure you have the correct access rights 14 | ``` 15 | 16 | ## 解决一 17 | 18 | 参考[[ssh-add]添加私钥缓存](./[ssh-add]添加私钥缓存.md)和[[ssh-agent]代理设置]([ssh-agent]代理设置.md),使用工具`ssh-agent`设置代理即可 19 | 20 | ## 解决二 21 | 22 | 设置私钥文件为`600`权限(**很重要!!!**) -------------------------------------------------------------------------------- /docs/ssh/[ssh-agent]代理设置.md: -------------------------------------------------------------------------------- 1 | 2 | # [ssh-agent]代理设置 3 | 4 | 参考:[Adding your SSH key to the ssh-agent](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent) 5 | 6 | 生成新的`ssh`密钥之后,可以添加私钥到`ssh-agent`,这样之后拉取新的仓库或测试时就不再需要输入密码了 7 | 8 | 1. 启动`ssh-agent` 9 | 10 | $ eval "$(ssh-agent -s)" 11 | Agent pid 7804 12 | 13 | 2. 添加`ssh`私钥 14 | 15 | $ ssh-add ~/.ssh/github_id_rsa 16 | Enter passphrase for /home/zj/.ssh/github_id_rsa: 17 | Identity added: /home/zj/.ssh/github_id_rsa (/home/zj/.ssh/github_id_rsa) -------------------------------------------------------------------------------- /docs/nginx/多域名配置同一端口.md: -------------------------------------------------------------------------------- 1 | 2 | # 多域名配置同一端口 3 | 4 | ## 问题描述 5 | 6 | 有两个域名:`www.aaa.com`和`www.bbb.com`。打算利用`Nginx`配置到同一服务器上,也就是`www.aaa.com`和`www.bbb.com`访问的是同一内容 7 | 8 | 为两个域名都申请了`SSL`证书,那么在`Nginx`上应该如何配置? 9 | 10 | ## 问题解决 11 | 12 | 写两个`server`即可,端口号可以重用的(当前`Nginx`版本为`nginx/1.17.9`) 13 | 14 | ``` 15 | server { 16 | #SSL 访问端口号为 443 17 | listen 443 ssl; 18 | #填写绑定证书的域名 19 | server_name www.aaa.com; 20 | 。。。 21 | 。。。 22 | } 23 | server { 24 | #SSL 访问端口号为 443 25 | listen 443 ssl; 26 | #填写绑定证书的域名 27 | server_name www.bbb.com; 28 | 。。。 29 | 。。。 30 | } 31 | ``` -------------------------------------------------------------------------------- /docs/advanced/[Ubuntu 18.04]wifi信息查询.md: -------------------------------------------------------------------------------- 1 | 2 | # [Ubuntu 18.04]wifi信息查询 3 | 4 | 在修改本地`DNS`设置的时候无意间发现`wifi`信息查询。从`Ubuntu 18.04`开始使用`netplan`管理网络操作,其配置文件如下: 5 | 6 | ``` 7 | $ pwd 8 | /etc/netplan 9 | $ cat 01-network-manager-all.yaml 10 | # Let NetworkManager manage all devices on this system 11 | network: 12 | version: 2 13 | renderer: NetworkManager 14 | ``` 15 | 16 | `netplan`利用`NetworkManager`来管理网络相关操作,而`NetworkManager`的配置文件路径位于 17 | 18 | ``` 19 | $ pwd 20 | /etc/NetworkManager 21 | $ ls 22 | conf.d dispatcher.d dnsmasq.d dnsmasq-shared.d NetworkManager.conf system-connections 23 | ``` 24 | 25 | 进入`system-connections`文件夹,即可发现过往连接过的`wifi`日志 -------------------------------------------------------------------------------- /docs/ssh/[SSH]连接卡住.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]连接卡住 3 | 4 | 使用`ssh`远程连接卡住,打印详细信息如下: 5 | 6 | ``` 7 | 。。。 8 | 。。。 9 | debug1: SSH2_MSG_KEXINIT sent 10 | debug1: SSH2_MSG_KEXINIT received 11 | debug1: kex: algorithm: curve25519-sha256@libssh.org 12 | debug1: kex: host key algorithm: ecdsa-sha2-nistp256 13 | debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none 14 | debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none 15 | debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 16 | ``` 17 | 18 | 解决方法是重新删除`~/.ssh/known_hosts`保存的服务器公钥 19 | 20 | ``` 21 | $ ssh-keygen -f "/home/zj/.ssh/known_hosts" -R 207.xxx.xx.97 22 | ``` -------------------------------------------------------------------------------- /docs/nginx/文件共享.md: -------------------------------------------------------------------------------- 1 | 2 | # 文件共享 3 | 4 | 通过`Nginx`实现文件共享,参考[11.Nginx搭建简单的文件共享服务](https://www.jianshu.com/p/985946e8aa4d) 5 | 6 | ## 配置文件 7 | 8 | 创建配置文件`share.conf`: 9 | 10 | ``` 11 | $ cat share.conf 12 | server { 13 | listen 12xxx; 14 | server_name xxx.xxx.xxx.xxx; 15 | 16 | # 避免中文乱码 17 | charset utf-8; 18 | 19 | # 存放文件的目录 20 | root /app/share; 21 | 22 | location / { 23 | # 索引 24 | autoindex on; 25 | # 显示文件大小 26 | autoindex_exact_size on; 27 | # 显示文件时间 28 | autoindex_localtime on; 29 | } 30 | } 31 | ``` 32 | 33 | ## 启动 34 | 35 | 启动`Nginx`后,将文件放置于`/app/share`路径下,即可通过地址`http://xxx.xxx.xxx.xxx:12xxx`进行访问 -------------------------------------------------------------------------------- /docs/ssh/[SSH -L]端口转发.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH -L]端口转发 3 | 4 | 参考: 5 | 6 | [WEB安全-端口转发](https://zhuanlan.zhihu.com/p/80834638) 7 | 8 | [SSH Port Forwarding Example](https://www.ssh.com/ssh/tunneling/example) 9 | 10 | [ssh tunnel refusing connections with “channel 2: open failed”](https://serverfault.com/questions/489192/ssh-tunnel-refusing-connections-with-channel-2-open-failed) 11 | 12 | ## 定义 13 | 14 | `ssh`命令使用参数`-L`能够实现端口转发功能,设置如下 15 | 16 | ``` 17 | $ ssh -L 7788:127.0.0.1:8888 xxx@xxx.xxx.xx 18 | ``` 19 | 20 | 上述命令将本地`7788`端口映射到远程服务器`8888`端口 21 | 22 | ## 使用 23 | 24 | 在远程服务端打开`jupyter notebook`: 25 | 26 | ``` 27 | jupyter notebook --ip 0.0.0.0 --allow-root 28 | ``` 29 | 30 | 在本地就可以通过`127.0.0.1:7788?xxxxx`打开 -------------------------------------------------------------------------------- /docs/tomcat/关于Tomcat.md: -------------------------------------------------------------------------------- 1 | 2 | # 关于Tomcat 3 | 4 | `Tomcat`文档在开头提供了一些重要的信息和内容 - [Introduction](https://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE) 5 | 6 | ## 术语 7 | 8 | 具体规范参考:[Servlet and JSP specifications](https://wiki.apache.org/tomcat/Specifications)。比如 9 | 10 | * `Context` - 表示一个`Web`应用程序 11 | 12 | ## 目录和文件 13 | 14 | 重要的`tomcat`目录: 15 | 16 | 1. `/bin`:启动、关闭以及其他一些脚本 17 | 2. `/conf`:配置文件和相关的`DTDs`,其中最重要的配置文件就是`server.xml` 18 | 3. `/logs`:默认放置的日志目录 19 | 4. `/webapps`:`webapp`存放的目录 20 | 21 | ## CATALINA_HOME和CATALINA_BASE 22 | 23 | 需要设置两个重要的环境变量: 24 | 25 | 1. `CATALINA_HOME`:表示`Tomcat`安装路径 26 | 2. `CATALINA_BASE`:表示特定`Tomcat`实例的运行时配置的根路径 27 | 28 | 默认情况下,两个环境变量设置为相同路径 -------------------------------------------------------------------------------- /docs/advanced/[netstat]端口查询.md: -------------------------------------------------------------------------------- 1 | 2 | # [netstat]端口查询 3 | 4 | 使用命令`netstat`进行端口查询 5 | 6 | ## 查询被占用的端口 7 | 8 | ``` 9 | $ sudo netstat -lnp | grep xxx 10 | ``` 11 | 12 | 比如查询占用`1080`的进程 13 | 14 | ``` 15 | $ sudo netstat -lnp | grep 1080 16 | tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 5482/python 17 | udp 0 0 127.0.0.1:1080 0.0.0.0:* 5482/python 18 | ``` 19 | 20 | 端口`1080`被进程`id`为`5482`的应用占据,查询该应用并`kill` 21 | 22 | ``` 23 | $ ps aux | grep 5482 24 | root 5482 0.0 0.0 48020 11940 ? Ss 18:10 0:00 python local.py -d start 25 | zj 8708 0.0 0.0 15964 1020 pts/21 S+ 18:51 0:00 grep --color=auto 5482 26 | $ sudo kill 5482 27 | ``` -------------------------------------------------------------------------------- /docs/basic/[阿里云][域名解析]URL转发.md: -------------------------------------------------------------------------------- 1 | 2 | # [阿里云][域名解析]URL转发 3 | 4 | ## 需求描述 5 | 6 | 在远程服务器上使用`9980`端口实现`HTTPs`服务,直接访问方式如下: 7 | 8 | ``` 9 | https://www.test.com:9980 10 | ``` 11 | 12 | 理想状态下是希望只输入域名而不需要额外端口号,解析后跳转到新地址并且能够指定端口,比如: 13 | 14 | ``` 15 | http://www.xxx.com -> https://www.test.com:9980 16 | ``` 17 | 18 | ## URL转发 19 | 20 | 参考: 21 | 22 | [添加网站解析](https://help.aliyun.com/document_detail/106535.html?spm=a2c4g.11186623.2.12.936e52fbvbu0gM) 23 | 24 | [URL转发类问题排查](https://help.aliyun.com/knowledge_detail/118166.html) 25 | 26 | 阿里云域名解析服务提供了`URL转发`功能,能够实现`域名+端口`的绑定。实现如下: 27 | 28 | 1. 在记录类型中选择`显性URL`或者`隐性URL` 29 | 2. 记录值中可以输入域名+端口,比如`https://www.xxx.com:9980` 30 | 31 | `显性URL`和`隐性URL`的区别在于`显性URL`服务会重定向到真实目标地址(也就是会在地址栏暴露端口号),而`隐形URL`服务会隐藏真实地址 32 | 33 | **注意:`URL`转发前域名支持`HTTP`,不支持`HTTPS`,转发后的目标地址支持`HTTP、HTTPS`** -------------------------------------------------------------------------------- /docs/intranet-penetration/[内网穿透]n2n原理.md: -------------------------------------------------------------------------------- 1 | 2 | # [内网穿透]n2n原理 3 | 4 | [n2n](https://www.ntop.org/products/n2n/#)是一个开源的`2`层`P2P`架构`VPN`,有如下特点: 5 | 6 | 1. 基于`P2P`协议的加密`2`层专用网络 7 | 2. 边缘节点(`edge node`)的加密是使用带有用户自定义密码的开放协议 8 | 3. 每个`n2n`用户可以同时加入不同的网络(或称为社区) 9 | 4. `n2n`能够以反向流量方向(即从外部到内部)跨越`NAT`和防火墙。防火墙不再是`IP`级别直接通信的障碍。 10 | 5. `n2n`网络并不意味着是独立的:可以通过`n2n`和非`n2n`网络连接。 11 | 12 | ## 网络结构 13 | 14 | `n2n`是一个`2`层网络架构,分别由核心节点(`supernode`)和边缘节点(`edgenode`)构成 15 | 16 | ![](./imgs/n2n_network.png) 17 | 18 | 边缘节点运行在客户端,通过创建虚拟网卡作为`n2n`网络的入口 19 | 20 | 核心节点作为服务器端,作为边缘节点的目录寄存器(`directory register`)和包路由器(`packet router`) 21 | 22 | ## `n2n`优势 23 | 24 | `n2n`网络通过虚拟网卡,利用`UDP`协议进行通信,每个边缘节点(客户端)可以创建多个虚拟网卡,可以从属于多个不同网络 25 | 26 | ![](./imgs/n2n_com.png) 27 | 28 | 边缘节点通过核心节点握手后可以直接通信,这样能够降低通信的延时,也能够减轻核心节点的带宽压力 29 | 30 | ![](./imgs/n2n_nat.png) 31 | 32 | -------------------------------------------------------------------------------- /docs/basic/[namesilo][dnspod]域名申请和解析.md: -------------------------------------------------------------------------------- 1 | 2 | # [namesilo][dnspod]域名申请和解析 3 | 4 | 之前在大陆地址申请了域名,并搭建了一个博客网站。前几天腾讯云客户通知我整改博客中存在外部链接的问题,因为不想要做任何限制,所以打算在香港申请服务器进行网站搭建,顺便也在国外注册了一个域名 5 | 6 | ## 域名选择 7 | 8 | 参考[有哪些国外便宜域名注册商是值得推荐的?](https://zhuanlan.zhihu.com/p/63866401),在[namesilo](https://www.namesilo.com/)上注册域名 9 | 10 | ## namesilo域名申请 11 | 12 | 参考[Namesilo 域名购买保姆式教程,赠送1刀优惠码!](https://zhuanlan.zhihu.com/p/82666679),注册完成用户后,选择自己喜欢的域名,购买即可 13 | 14 | ## dnspod域名解析 15 | 16 | `namesilo`自带了域名解析服务,但是还是选择了国内的域名解析厂商[DNSPod](https://www.dnspod.cn)。参考[免费namesilo域名注册解析到dnspod教程](https://since1989.org/stuff/dnspod-name-servers-domain.html),首先在`namesilo`中修改`nameserver`,添加`DNSPod`地址 17 | 18 | ``` 19 | f1g1ns1.dnspod.net 20 | f1g1ns2.dnspod.net 21 | ``` 22 | 23 | 然后在`DNSPod`上注册账户,添加域名 24 | 25 | **注意:上述两个过程都需要几个小时的解析,耐性等待即可** 26 | 27 | 最后在`DNSPod`上添加解析记录,将域名和服务器`IP`绑定 -------------------------------------------------------------------------------- /docs/nginx/测试.md: -------------------------------------------------------------------------------- 1 | 2 | # 测试 3 | 4 | 参考: 5 | 6 | [linux下解决80端口被占用](https://blog.csdn.net/w592376568/article/details/82862249) 7 | 8 | [Nginx安装](http://www.nginx.cn/install) 9 | 10 | `nginx`占用`80`端口,确保未被使用 11 | 12 | $ sudo netstat -lnp | grep 80 13 | tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22308/nginx: master 14 | 15 | 如果已被占用则退出该进程 16 | 17 | $ sudo kill 22308 18 | 19 | 启动`nginx` 20 | 21 | $ sudo nginx 22 | $ ps -ef | grep nginx 23 | root 1068 1 0 16:31 ? 00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; 24 | nginx 1069 1068 0 16:31 ? 00:00:00 nginx: worker process 25 | ubuntu 15252 1320 0 19:13 pts/0 00:00:00 grep --color=auto nginx 26 | 27 | 打开浏览器,访问该机器的`ip`,即会出现`nginx`欢迎页面 28 | 29 | ![](./imgs/welcome-nginx.png) -------------------------------------------------------------------------------- /docs/ssh/http和ssh协议.md: -------------------------------------------------------------------------------- 1 | 2 | # http和ssh协议 3 | 4 | 参考:[4.1 服务器上的 Git - 协议](https://git-scm.com/book/zh/v2/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%E7%9A%84-Git-%E5%8D%8F%E8%AE%AE) 5 | 6 | 大多数`git`托管网站都支持使用`http`协议或`ssh`协议进行代码拉取和推送操作 7 | 8 | ## `http` 9 | 10 | 其命名方式如下: 11 | 12 | https:////.git 13 | 14 | # github仓库 15 | https://github.com/zjZSTU/zjzstu.github.com.git 16 | # gitee仓库 17 | https://gitee.com/zjZSTU/zjzstu.gitee.io.git 18 | 19 | 使用`http`协议的优点在于每次推送都需要进行授权验证,服务器会提示你输入用户名和密码 20 | 21 | ## `ssh` 22 | 23 | 其命名方式如下: 24 | 25 | git@:/.git 26 | 27 | # github仓库 28 | git@github.com:zjZSTU/zjzstu.github.com.git 29 | # gitee仓库 30 | git@gitee.com:zjZSTU/zjzstu.gitee.io.git 31 | 32 | 使用`ssh`协议进行代码推送之前需要进行`ssh`密钥认证,在本地生成`ssh`密钥,上传`ssh`公钥到托管网站,这样每次推送就能自动认证 33 | -------------------------------------------------------------------------------- /docs/ssh/ssh: connect to host github.com port 22: Connection timed out.md: -------------------------------------------------------------------------------- 1 | 2 | # ssh: connect to host github.com port 22: Connection timed out 3 | 4 | 今天突然无法访问`github`,出现下面问题: 5 | 6 | ``` 7 | $ ssh -vT git@github.com 8 | 。。。 9 | ssh: connect to host github.com port 22: Connection timed out 10 | ``` 11 | 12 | 参考[ssh: connect to host github.com port 22: Connection timed out](https://stackoverflow.com/questions/15589682/ssh-connect-to-host-github-com-port-22-connection-timed-out)和[Using SSH over the HTTPS port](https://help.github.com/en/articles/using-ssh-over-the-https-port) 13 | 14 | 新建文件`~/.ssh/config`,添加如下内容: 15 | 16 | ``` 17 | $ cat config 18 | Host github.com 19 | Hostname ssh.github.com 20 | Port 443 21 | ``` 22 | 23 | 重新测试成功 24 | 25 | ``` 26 | $ ssh -T git@github.com 27 | Hi zjZSTU! You've successfully authenticated, but GitHub does not provide shell access. 28 | ``` -------------------------------------------------------------------------------- /docs/nginx/安装.md: -------------------------------------------------------------------------------- 1 | 2 | # 安装 3 | 4 | 参考:[Installing nginx](http://nginx.org/en/docs/install.html) 5 | 6 | 当前在`Ubuntu 16.04`下安装`Nginx` 7 | 8 | 安装预置应用 9 | 10 | sudo apt install curl gnupg2 ca-certificates lsb-release 11 | 12 | 安装稳定版`nginx` 13 | 14 | echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ 15 | | sudo tee /etc/apt/sources.list.d/nginx.list 16 | 17 | 导入官方`nginx`签名密钥 18 | 19 | curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - 20 | 21 | 验证 22 | 23 | sudo apt-key fingerprint ABF5BD827BD9BF62 24 | 25 | 结果如下 26 | 27 | pub 2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14] 28 | Key fingerprint = 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 29 | uid nginx signing key 30 | 31 | 安装`nginx` 32 | 33 | sudo apt update 34 | sudo apt install nginx -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/[ngrok]docker实现.md: -------------------------------------------------------------------------------- 1 | 2 | # [ngrok]docker实现 3 | 4 | 通过`docker`容器实现`ngrok`服务端 5 | 6 | ## Dockerfile 7 | 8 | ``` 9 | FROM zjzstu/ubuntu:latest 10 | LABEL Author="zhujian " 11 | 12 | COPY . /app 13 | 14 | WORKDIR /app 15 | 16 | ENTRYPOINT ["/app/ngrokd.sh"] 17 | ``` 18 | 19 | 将证书/应用以及脚本复制到容器内,执行脚本 20 | 21 | ## docker-compose.yml 22 | 23 | ``` 24 | version: "3.7" 25 | services: 26 | ngrok: 27 | labels: 28 | AUTHOR: "zhujian " 29 | container_name: ngrokd 30 | image: zjzstu/ngrok:server 31 | build: . 32 | environment: 33 | - DOMAIN=xxx.xxx.xxx 34 | ports: 35 | - "xxx:xxx" 36 | restart: always 37 | tty: true 38 | stdin_open: true 39 | ``` 40 | 41 | 使用`docker-compose`完成镜像创建和启动,指定`ngrok`使用的端口 42 | 43 | ## 使用 44 | 45 | ``` 46 | # 后台启动 47 | $ docker-compose up -d 48 | ``` -------------------------------------------------------------------------------- /docs/advanced/[nc]远程端口查询.md: -------------------------------------------------------------------------------- 1 | 2 | # [nc]远程端口查询 3 | 4 | 参考: 5 | 6 | [Linux测试远程端口是否开放](https://blog.csdn.net/calmboy_/article/details/89455925) 7 | 8 | [Linux nc命令](https://www.runoob.com/linux/linux-comm-nc.html) 9 | 10 | ## 使用 11 | 12 | ``` 13 | nc -vz [-w <超时秒数>] host port 14 | ``` 15 | 16 | * 参数`-v`表示显示指令执行过程 17 | * 参数`-z`表示使用`0`输入/输出模式,只在扫描通信端口时使用 18 | 19 | 指定远程地址`host`,以及端口号`port`(*可以指定某一范围内的端口*) 20 | 21 | 默认使用`tcp`进行检测,如果需要`udp`, 设置参数`-u` 22 | 23 | ## 示例 24 | 25 | 测试单个端口号 26 | 27 | ``` 28 | $ nc -vz 148.xxx.xxx.9 12xxx 29 | Connection to 148.70.133.9 12xxx port [tcp/*] succeeded! 30 | ``` 31 | 32 | 测试连续多个端口号 33 | 34 | ``` 35 | $ nc -vz -w 2 148.xxx.xxx.9 12344-12346 36 | nc: connect to 148.70.133.9 port 12344 (tcp) timed out: Operation now in progress 37 | Connection to 148.70.133.9 12345 port [tcp/*] succeeded! 38 | nc: connect to 148.70.133.9 port 12346 (tcp) failed: Connection refused 39 | ``` -------------------------------------------------------------------------------- /docs/ssh/[SSH]客户端连接一段时间后卡死问题解决.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]客户端连接一段时间后卡死问题解决 3 | 4 | 在`Ubuntu`下经常需要通过`SSH`进行远程连接,使用过程中往往会遇到一个问题,就是命令行窗口在经过一段时间后就会卡死,无法输入命令 5 | 6 | 参考: 7 | 8 | [连接远程ssh老是掉线解决办法](https://blog.csdn.net/qq_39846820/article/details/103371782) 9 | 10 | [Linux下ssh连接时间过长客户端卡死问题](https://blog.csdn.net/zhangwei_2010/article/details/105239604) 11 | 12 | 其解决方案是通过定时发送心跳响应,保证客户端和服务器之间的连接 13 | 14 | ## 修改客户端 15 | 16 | 在客户端上修改文件`/etc/ssh/ssh_config`,添加如下内容: 17 | 18 | ``` 19 | # 添加 20 | ServerAliveInterval 20 21 | ServerAliveCountMax 999 22 | ``` 23 | 24 | 每隔`20s`向服务器发送一次心跳;若超过`999`次请求都没有发送成功,则主动断开与服务器端的连接 25 | 26 | ## 修改服务端 27 | 28 | 在服务器上修改文件`/etc/ssh/sshd_config`,添加如下内容: 29 | 30 | ``` 31 | # 添加 32 | ClientAliveInterval 30 33 | ClientAliveCountMax 10 34 | ``` 35 | 36 | 每隔`30s`向客户端发送一次心跳;若超过`10`次请求都没有发送成功,则主动断开与客户端的连接 37 | 38 | ## 更新 39 | 40 | 可同时修复上述两项配置文件,完成后重启`ssh`服务 41 | 42 | ``` 43 | # 重启客户端 44 | $ sudo systemctl restart ssh 45 | # 重启服务端 46 | $ sudo systemctl restart sshd 47 | ``` -------------------------------------------------------------------------------- /docs/basic/局域网、广域网、互联网和私有专用网.md: -------------------------------------------------------------------------------- 1 | 2 | # 局域网、广域网、互联网和私有专用网 3 | 4 | 参考:[局域网,广域网,因特网之间的区别和联系?](https://www.zhihu.com/question/51295773) 5 | 6 | ## 局域网 7 | 8 | 参考: 9 | 10 | [局域网](https://www.zhihu.com/topic/19562846/intro) 11 | 12 | [局域网](https://baike.baidu.com/item/%E5%B1%80%E5%9F%9F%E7%BD%91) 13 | 14 | 局域网(`Local Area NetWork, LAN`)指在某一区域内由多台计算机互联组成的计算机网络 15 | 16 | 局域网内的主机通过同一个路由器对外传输和转发数据,通过若干个集线器或交换机进行内部交流 17 | 18 | 局域网通常覆盖的地理范围小,建设、维护和扩展灵活,同时网络延时低,数据传输率高,可靠性高 19 | 20 | ## 广域网 21 | 22 | 参考:[广域网](https://baike.baidu.com/item/%E5%B9%BF%E5%9F%9F%E7%BD%91) 23 | 24 | 广域网(`Wide Area Network, WAN`)指的是连接多个局域网或城域网通信的计算机网络 25 | 26 | ## 互联网 27 | 28 | 参考:[互联网](https://baike.baidu.com/item/%E4%BA%92%E8%81%94%E7%BD%91/199186) 29 | 30 | 互联网(`Internet`)指的是通过一组通用协议来串联不同广域网从而得到的计算机网络 31 | 32 | ## 虚拟专用网 33 | 34 | 参考: 35 | 36 | [VPN](https://www.zhihu.com/topic/19551882/hot) 37 | 38 | [虚拟专用网](https://baike.baidu.com/item/%E8%99%9A%E6%8B%9F%E4%B8%93%E7%94%A8%E7%BD%91) 39 | 40 | 虚拟专用网(`Visual Private Network, VPN`)在公网上建立专用网络,进行加密通讯 41 | 42 | 它模拟了单个局域网内的通信,但实际是通过公网进行不同局域网之间的远程通信 43 | 44 | ## 相互关系 45 | 46 | ![](./imgs/network-scope.PNG) -------------------------------------------------------------------------------- /docs/advanced/netplan.md: -------------------------------------------------------------------------------- 1 | 2 | # netplan 3 | 4 | 从`Ubuntu 18.04`开始,使用`netplan`统一管理网络配置,其配置文件位于`/etc/netplan`,通过`YAML`文件进行网络配置 5 | 6 | 默认包含了一个配置文件`01-network-manager-all.yaml` 7 | 8 | ``` 9 | /etc/netplan$ cat 01-network-manager-all.yaml 10 | # Let NetworkManager manage all devices on this system 11 | network: 12 | version: 2 13 | renderer: NetworkManager 14 | ``` 15 | 16 | 关于netplan的使用示例参考[Netplan configuration examples](https://netplan.io/examples),其具体属性参考[Ubuntu 18.04 网络配置介绍](https://developer.aliyun.com/article/744737) 17 | 18 | 当前电脑在Wifi环境下,所以配置文件修改如下: 19 | 20 | ``` 21 | # Let NetworkManager manage all devices on this system 22 | network: 23 | version: 2 24 | renderer: NetworkManager 25 | # 在wifi环境下配置,在以太网下面使用ethernets 26 | wifis: 27 | # 网卡名 28 | wlp2s0b1: 29 | # 开启使用ipv4/ipv6的DHCP,默认是关闭 30 | dhcp4: no 31 | dhcp6: no 32 | # 对应网卡配置的静态ip地址,是ip/掩码的格式 33 | addresses: [192.168.0.184/24] 34 | # 默认网关 35 | gateway4: 192.168.0.1 36 | # 设置DNS服务器 37 | nameservers: 38 | addresses: [119.29.29.29, 223.5.5.5, 223.6.6.6] 39 | ``` 40 | 41 | 修改完成后执行更新命令 42 | 43 | ``` 44 | $ sudo netplan try 45 | $ sudo netplan apply 46 | ``` 47 | -------------------------------------------------------------------------------- /docs/basic/网络体系结构.md: -------------------------------------------------------------------------------- 1 | 2 | # 网络体系结构 3 | 4 | 参考:[OSI七层模型和两主机传输过程(转)](https://www.jianshu.com/p/d8dbe0798d4c) 5 | 6 | 计算机网络的各层及其协议的集合就是计算机网络体系结构 7 | 8 | 其设计目的是通过对网络的分层,将各个系统硬软件的差异转化成较小的局部问题,更易于研究和处理,最终保证遵循同一套体系结构的系统能够相互通信 9 | 10 | 目前并行有两套网络体系结构: 11 | 12 | 1. 开放系统互联基本参考模型`OSI/RM` 13 | 2. `TCP/IP`体系结构 14 | 15 | ## 开放系统互联基本参考模型`OSI/RM` 16 | 17 | 开发系统互联基本参考模型(`Open Systems Interconnection Reference Model, OSI/RM`)是国际标准化组织`ISO`制定的,在`1983`年形成正式的文件,即`ISO 7498`国际标准,简称为`OSI` 18 | 19 | `OSI`是一个`7`层协议的体系结构,从上到下分别是应用层、会话层、表示层、运输层、网络层、数据链路层、物理层 20 | 21 | ![](./imgs/OSI.PNG) 22 | 23 | *`OSI`并没有获得大规模的应用,因为同一时期出现的`TCP/IP`四层网络系统结构已经抢先在全世界大范围的运行* 24 | 25 | ## `TCP/IP`体系结构 26 | 27 | `TCP/IP`体系结构共`4`层,分别由应用层、运输层、网际层和网络接口层构成 28 | 29 | ![](./imgs/tcp-ip.PNG) 30 | 31 | 其与`OSI`体系结构对应如下 32 | 33 | ![](./imgs/osi-tcp-ip.PNG) 34 | 35 | ## 层解析 36 | 37 | 1. 应用层(`application layer`):其任务是通过应用进程间的交互来完成特定网络应用 38 | 2. 运输层(`transport layer`):其任务是负责向两台主机之间的通信提供通用的数据传输服务。应用进程通过该服务来传送`应用层报文` 39 | 3. 网络层(`network layer`):负责为分组交换网上的不同主机提供通信服务。在发送数据时,将运输层生成的`报文段`或`用户数据报`封装成`分组`或`包`进行传送 40 | 4. 数据链路层(`data link layer`):负责两台主机之间的数据在链路上的传输。将网络层得到的`数据包`封装成`帧` 41 | 5. 物理层(`physical layer`):确定电压大小(多大是`1`、多大是`0`)以及接收方如何识别发送方所发送的比特等关于硬件的参数 -------------------------------------------------------------------------------- /docs/tomcat/非root用户运行.md: -------------------------------------------------------------------------------- 1 | 2 | # 非root用户运行 3 | 4 | 参考: 5 | 6 | [用非root用户启动tomcat进程](https://rorschachchan.github.io/2018/04/18/%E4%BD%BF%E7%94%A8%E6%99%AE%E9%80%9A%E7%94%A8%E6%88%B7%E5%90%AF%E5%8A%A8tomcat/) 7 | 8 | [How To Install Apache Tomcat 8 on Ubuntu 16.04](https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-16-04) 9 | 10 | [Tomcat用普通用户身份运行](http://www.zhengdazhi.com/archives/1382) 11 | 12 | 默认安装的`tomcat`以`root`用户运行,为保证其安全性,进一步设置`tomcat`以普通用户运行 13 | 14 | ## 创建tomcat用户 15 | 16 | 创建新用户`tomcat`,设置`home`目录为`/opt/tomcat` 17 | 18 | ``` 19 | $ useradd -d /opt/tomcat tomcat 20 | ``` 21 | 22 | 修改`/opt/tomcat`文件属主为`tomcat` 23 | 24 | ``` 25 | $ sudo chown -R tomcat:tomcat apache-tomcat-9.0.27 26 | ``` 27 | 28 | ## 实现 29 | 30 | 切换到`tomcat`用户后进行启动即可;如果是开机自启动,则修改`/etc/rc.local` 31 | 32 | ``` 33 | su tomcat -c "/opt/apache-tomcat-9.0.27/bin/startup.sh" 34 | ``` 35 | 36 | 这篇文章[How To Install Apache Tomcat 8 on Ubuntu 16.04](https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-16-04)也介绍的很详细 37 | 38 | ## 其他实现 39 | 40 | `tomcat`提供了工具`jsvc`,允许`tomcat`以非`root`用户运行,参考[Unixroot daemon](https://tomcat.apache.org/tomcat-9.0-doc/setup.html) -------------------------------------------------------------------------------- /docs/intranet-penetration/[内网穿透]花生壳.md: -------------------------------------------------------------------------------- 1 | 2 | # [内网穿透]花生壳 3 | 4 | 参考: 5 | 6 | [如何进入学校内网?花生壳“内网穿透”服务帮上大忙](https://hsk.oray.com/news/6453.html) 7 | 8 | [用花生壳实现访问局域网内的SVN](http://service.oray.com/question/5575.html) 9 | 10 | [花生壳](https://b.oray.com/)是一款动态域名解析软件,通过它能够实现端口映射功能 11 | 12 | ## 安装 13 | 14 | 参考:[花生壳 3.0 for Linux 相关安装使用文档](http://service.oray.com/question/4287.html) 15 | 16 | 下载[安装包](https://hsk.oray.com/download/#linux),以`root`用户进行安装 17 | 18 | ``` 19 | # 切换为root 20 | $ sudo su 21 | # 安装 22 | $ dpkg -i phddns_3.0_x86_64.deb 23 | ``` 24 | 25 | 安装完成后会生成`SN`用户名和密码 26 | 27 | ![](./imgs/oray-login.png) 28 | 29 | ## `phddns`使用 30 | 31 | ``` 32 | # 当前版本 33 | $ phddns version 34 | # 当前状态 35 | $ phddns status 36 | 37 | # 启动 38 | $ phddns start 39 | # 重启 40 | $ phddns restart 41 | # 停止 42 | $ phddns stop 43 | # 重置 44 | $ phddns reset 45 | ``` 46 | 47 | ## 官网设置 48 | 49 | 登录[网站](https://b.oray.com/forward/),使用之前的生成的`SN`用户名和密码登录,默认会赠送一个域名 50 | 51 | 如果已注册过网站,先使用`SN`用户名和密码登录,然后选择`切换帐号`服务,将`SN`绑定到之前的帐号 52 | 53 | ![](./imgs/switch-account.png) 54 | 55 | 先购买体验版套餐,就可以设置端口映射 56 | 57 | ![](./imgs/port-setting.png) 58 | 59 | ### 添加映射不成功 60 | 61 | 问题:填写完内网`ip`/端口后,点击确定按钮提示不成功 62 | 63 | 解决:1. 确保客户端已启动;2. 使用`SN`用户名和密码登录 -------------------------------------------------------------------------------- /docs/advanced/[nslookup]域名解析.md: -------------------------------------------------------------------------------- 1 | 2 | # [nslookup]域名解析 3 | 4 | 参考: 5 | 6 | [nslookup](https://en.wikipedia.org/wiki/Nslookup) 7 | 8 | [nslookup(1) - Linux man page](https://linux.die.net/man/1/nslookup) 9 | 10 | `nslookup`是一个域名解析工具,用于查询域名对应的`IP`地址 11 | 12 | 有两种使用方式 13 | 14 | 1. 交互式(`interactive`) 15 | 2. 非交互式(`non-interactive`) 16 | 17 | ## 安装 18 | 19 | ``` 20 | $ sudo apt install dnsutils 21 | ``` 22 | 23 | ## 交互式 24 | 25 | 首先输入`nslookup`,然后按回车键进入交互界面,再输入相应的域名即可查询对应`IP`,输入`exit`退出 26 | 27 | ``` 28 | $ nslookup 29 | > www.baidu.com 30 | Server: 127.0.1.1 31 | Address: 127.0.1.1#53 32 | 33 | Non-authoritative answer: 34 | www.baidu.com canonical name = www.a.shifen.com. 35 | Name: www.a.shifen.com 36 | 37 | ## Address: 112.80.248.75 38 | Name: www.a.shifen.com 39 | Address: 112.80.248.76 40 | > 41 | > www.google.com 42 | Server: 127.0.1.1 43 | Address: 127.0.1.1#53 44 | 45 | Non-authoritative answer: 46 | Name: www.google.com 47 | Address: 173.252.73.48 48 | > exit 49 | ``` 50 | 51 | ## 非交互式 52 | 53 | 在`nslookup`后跟域名即可 54 | 55 | ``` 56 | $ nslookup www.zhujian.tech 57 | Server: 127.0.1.1 58 | Address: 127.0.1.1#53 59 | 60 | Non-authoritative answer: 61 | Name: www.zhujian.tech 62 | Address: 148.70.133.9 63 | ``` -------------------------------------------------------------------------------- /docs/ssh/[ssh-copy-id]复制公钥到远程服务器.md: -------------------------------------------------------------------------------- 1 | 2 | # [ssh-copy-id]复制公钥到远程服务器 3 | 4 | 创建密钥后,需要添加公钥内容追加到远程服务器的`authorized_keys`文件 5 | 6 | 创建密码参考:[[ssh]生成密钥](https://zj-git-guide.readthedocs.io/zh_CN/latest/authentication/[ssh]%E7%94%9F%E6%88%90%E5%AF%86%E9%92%A5.html) 7 | 8 | 添加到远程服务器有两种方式: 9 | 10 | 1. 使用命令`ssh-copy-id` 11 | 2. 手动复制公钥到远程 12 | 13 | ## `ssh-copy-id` 14 | 15 | 命令`ssh-copy-id`使用本地公钥认证远程服务器 16 | 17 | ``` 18 | $ ssh-copy-id -i ~/.ssh/id_rsa.pub lab305@192.168.0.144 19 | /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/zj/.ssh/id_rsa.pub" 20 | /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 21 | /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 22 | Received disconnect from 192.168.0.144 port 22:2: Too many authentication failures 23 | Connection to 192.168.0.144 closed by remote host. 24 | ``` 25 | 26 | 参数`-i`输入本地公钥文件 27 | 28 | 本次连接失败,因为服务器设置了认证次数,参考[[Ubuntu 18.04][SSH]Too many authentication failures](https://zj-linux-guide.readthedocs.io/zh_CN/latest/ssh/[Ubuntu%2018.04][SSH]Too%20many%20authentication%20failures.html) 29 | 30 | ## 手动复制 31 | 32 | 使用命令`>>`追加到文件末尾 33 | 34 | ``` 35 | $ cat id_rsa.pub >> authorized_keys 36 | ``` -------------------------------------------------------------------------------- /docs/basic/DNS解析过程.md: -------------------------------------------------------------------------------- 1 | 2 | # DNS解析过程 3 | 4 | 参考: 5 | 6 | [面试官:讲讲DNS的原理?](https://zhuanlan.zhihu.com/p/79350395) 7 | 8 | [DNS原理及解析过程详解](https://zhuanlan.zhihu.com/p/88260838) 9 | 10 | [DNS解析全过程分析](https://www.cnblogs.com/kongtongshu/p/11069559.html) 11 | 12 | `DNS`解析过程就是将域名转换成`IP`地址的过程 13 | 14 | ## DNS简介 15 | 16 | `DNS`(`Domain Name System`,称为域名系统),是一种组织成域层次结构的计算机和网络服务命名系统,它作用于`TCP/IP`网络,所提供的服务是用来将主机名和域名转换为`IP`地址的工作 17 | 18 | ## 解析过程 19 | 20 | 浏览器从`URL`中解析出`host`字段后,依次按如下顺序进行查询: 21 | 22 | 1. 从浏览器缓存中查找是否有该域名对应的IP地址。如果没有访问过该域名或者缓存已清空,则使用第二步 23 | 2. 查询系统缓存,从`hosts`文件中查找是否存在该域名以及对应`IP`。如果不存在,使用第三步 24 | 3. 查询路由器缓存 25 | 26 | 以上`3`步均在`DNS`客户端完成,后续操作将请求域名服务器 27 | 28 | ## /etc/hosts 29 | 30 | 参考:[linux环境下/etc/hosts文件详解](https://www.jianshu.com/p/476a92a39b45) 31 | 32 | `hosts`文件是`linux`系统中负责`ip`地址与域名快速解析的文件,`DNS`客户端首先查询缓存,然后查询`hosts`文件,最后查询`DNS`服务器 33 | 34 | `Ubuntu`中的文件地址为`/etc/hosts` 35 | 36 | ``` 37 | $ cat /etc/hosts 38 | 127.0.0.1 localhost 39 | 127.0.1.1 zj-ThinkPad-T470p 40 | 41 | # The following lines are desirable for IPv6 capable hosts 42 | ::1 ip6-localhost ip6-loopback 43 | fe00::0 ip6-localnet 44 | ff00::0 ip6-mcastprefix 45 | ff02::1 ip6-allnodes 46 | ff02::2 ip6-allrouters 47 | 48 | 0.0.0.0 account.jetbrains.com 49 | ``` 50 | 51 | 每行表示一条域名解析,其格式为 52 | 53 | ``` 54 | ip地址 主机名/域名 [主机别名] 55 | ``` -------------------------------------------------------------------------------- /docs/basic/路由器、交换机、集线器、中继器.md: -------------------------------------------------------------------------------- 1 | 2 | # 路由器、交换机、集线器、中继器 3 | 4 | 网络和主机之间的传输依赖于硬件支持,常用的信号传输设备有集线器、中继器、路由器和交换机 5 | 6 | ![](./imgs/device-structure.PNG) 7 | 8 | ## 路由器 9 | 10 | 参考:[路由器](https://baike.baidu.com/item/%E8%B7%AF%E7%94%B1%E5%99%A8) 11 | 12 | 路由器(`Router`)又称为网关设备(`Gateway`),用于连接多个逻辑上分开的网络,是连接互联网中各局域网和广域网的设备 13 | 14 | 路由操作在网络层进行,路由器属于网络层的互联设备 15 | 16 | ## 交换机 17 | 18 | 参考:[交换机](https://baike.baidu.com/item/%E4%BA%A4%E6%8D%A2%E6%9C%BA) 19 | 20 | 交换机(`Switch`)作用于数据链路层,通过`MAC`地址为接入交换机的任意两个节点提供独享的电信号通路,通常分为广域网交换机和局域网交换机 21 | 22 | ## 集线器 23 | 24 | 参考:[集线器](https://baike.baidu.com/item/%E9%9B%86%E7%BA%BF%E5%99%A8) 25 | 26 | 集线器(`Hub`)主要功能是对接收到的信号进行再生放大,以扩大网络传输距离 27 | 28 | 集线器工作在局域网环境,属于物理层的互联设备 29 | 30 | ## 中继器 31 | 32 | 参考: 33 | 34 | [中继器](https://baike.baidu.com/item/%E4%B8%AD%E7%BB%A7%E5%99%A8) 35 | 36 | [中继器](https://www.zhihu.com/topic/20138474/intro) 37 | 38 | 中继器(`RP repeater`)作用于物理层,其作用于两个同类网络的互联,主要功能是通过对数据信号的放大和转发,来扩大网络传输的距离 39 | 40 | ## FAQ 41 | 42 | 参考: 43 | 44 | [如何跟小白解释路由器和交换机的区别?并且家用路由器充当了猫和路由器和交换机的功能吗?](https://www.zhihu.com/question/22007235/answer/402261894) 45 | 46 | [集线器和交换机的区别?](https://www.zhihu.com/question/21782368/answer/31826769) 47 | 48 | **1. 路由器和交换机的区别?** 49 | 50 | 交换机根据`MAC`地址进行数据的传输和转发;而路由器根据`IP`地址进行数据的传输和转发 51 | 52 | 它们作用在网络体系结构中的不同层,交换机作用于数据链路层,路由器作用于网络层 53 | 54 | **2. 交换机和集线器的区别?** 55 | 56 | 集线器仅对物理电信号进行放大,发送数据没有目标,对所有节点进行广播 57 | 58 | 交换机根据数据头的`MAC`地址进行转发,不会影响其他节点 59 | 60 | 集线器作用于物理层,交换机作用于数据链路层 61 | 62 | **3. 集线器和中继器的区别?** 63 | 64 | 中继器仅有两个端口,仅起到连接作用 65 | 66 | 集线器有多个端口,除了再生放大信号其扩大网络距离外,还同时把所有节点集中在以它为中心的节点上,所有端口处于同一个冲突域,这样单条网络线路的故障不影响其他线路 -------------------------------------------------------------------------------- /docs/ssh/ssh_config: terminating, 1 bad configuration options.md: -------------------------------------------------------------------------------- 1 | 2 | # /etc/ssh/ssh_config: terminating, 1 bad configuration options 3 | 4 | ## 问题复现 5 | 6 | 使用`ssh`登录远程服务器,遇到如下问题: 7 | 8 | ``` 9 | $ ssh root@47.240.173.235 -vv 10 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016 11 | debug1: Reading configuration data /etc/ssh/ssh_config 12 | /etc/ssh/ssh_config: line 1: Bad configuration option: maxstartups 13 | debug1: /etc/ssh/ssh_config line 19: Applying options for * 14 | /etc/ssh/ssh_config: terminating, 1 bad configuration options 15 | ``` 16 | 17 | 尝试使用`git`克隆远程仓库,也遇到以下问题 18 | 19 | ``` 20 | $ git clone git@47.xxx.xxx.235:/data/repositories/hello.git 21 | Cloning into 'hello'... 22 | /etc/ssh/ssh_config: line 1: Bad configuration option: maxstartups 23 | /etc/ssh/ssh_config: terminating, 1 bad configuration options 24 | fatal: Could not read from remote repository. 25 | 26 | Please make sure you have the correct access rights 27 | and the repository exists. 28 | ``` 29 | 30 | ## 问题解析 31 | 32 | 参考:[ssh: Bad configuration option: usedns](https://www.cnblogs.com/minglee/p/11210203.html) 33 | 34 | 搜索`/etc/ssh/ssh_config`,第一行内容如下: 35 | 36 | ``` 37 | /etc/ssh$ cat ssh_config 38 | MaxStartups 100 39 | ... 40 | ``` 41 | 42 | 上面这个命令是为了扩大服务端`ssh`的连接限制而添加的。又搜索了`sshd_config`文件,发现如下内容: 43 | 44 | ``` 45 | $ cat sshd_config | grep Max -i 46 | #MaxStartups 10:30:60 47 | ``` 48 | 49 | 所以之前的修改错了,取消`ssh_config`中的修改;将`MaxStartups 30`重新添加到`sshd_config` 50 | 51 | ``` 52 | $ cat sshd_config | grep Max -i 53 | MaxStartups 30 54 | #MaxStartups 10:30:60 55 | ``` 56 | 57 | 重启`ssh/sshd` 58 | 59 | ``` 60 | $ sudo systemctl restart ssh 61 | $ sudo systemctl restart sshd 62 | ``` -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/[ngrok]Ubuntu service实现.md: -------------------------------------------------------------------------------- 1 | 2 | # [ngrok]Ubuntu service实现 3 | 4 | 分别在服务器和客户端配置`ngrok service`服务 5 | 6 | ## 服务端 7 | 8 | 在`/opt/ngrok`目录内存放应用`ngrokd`及配置文件 9 | 10 | ``` 11 | ├── a.key 12 | ├── a.pem 13 | ├── ngrokd 14 | └── ngrokd.sh 15 | ``` 16 | 17 | 其中`ngrokd.sh`是脚本内容,用于启动`ngrokd` 18 | 19 | ``` 20 | #!/bin/bash 21 | 22 | cd /opt/ngrokd 23 | ./ngrokd -tlsKey=a.key -tlsCrt=a.pem -domain="xxx.xxx.xxx" -httpAddr=":xxxx" -httpsAddr=":xxxx" -tunnelAddr=":xxxx" 24 | ``` 25 | 26 | 在`/etc/systemd/system/`目录内编写`ngrokd.service`文件 27 | 28 | ``` 29 | [Unit] 30 | Description= Ngrok 31 | Documentation=https://github.com/inconshreveable/ngrok 32 | 33 | [Service] 34 | ExecStart=/bin/bash /opt/ngrokd/ngrokd.sh 35 | Type=simple 36 | KillMode=process 37 | Restart=no 38 | RestartSec=42s 39 | 40 | [Install] 41 | WantedBy=multi-user.target 42 | ``` 43 | 44 | ## 客户端 45 | 46 | 在`/opt/ngrok`目录内存放应用`ngrok`及配置文件 47 | 48 | ``` 49 | ├── ngrok 50 | ├── ngrok.cfg 51 | └── ngrok.sh 52 | ``` 53 | 54 | 其中`ngrok.sh`是脚本内容,用于启动`ngrok` 55 | 56 | ``` 57 | #!/bin/bash 58 | 59 | cd /opt/ngrok 60 | ./ngrok -config ngrok.cfg start-all 61 | ``` 62 | 63 | 在`/etc/systemd/system/`目录内编写`ngrok.service`文件 64 | 65 | ``` 66 | [Unit] 67 | Description= Ngrok 68 | Documentation=https://github.com/inconshreveable/ngrok 69 | 70 | [Service] 71 | ExecStart=/bin/bash /opt/ngrokd/ngrok.sh 72 | Type=simple 73 | KillMode=process 74 | Restart=no 75 | RestartSec=42s 76 | 77 | [Install] 78 | WantedBy=multi-user.target 79 | ``` 80 | 81 | ## 使用 82 | 83 | ``` 84 | # 重载service配置 85 | $ sudo systemctl daemon-reload 86 | # 启动 87 | $ sudo systemctl start ngrokd.service 88 | # 开机子启动 89 | $ sudo systemctl enable ngrokd.service 90 | ``` -------------------------------------------------------------------------------- /docs/basic/URL构成.md: -------------------------------------------------------------------------------- 1 | 2 | # URL构成 3 | 4 | 参考: 5 | 6 | [快速搞懂URL的构成](https://www.jianshu.com/p/406d19dfabd3) 7 | 8 | [URL的各个组成部分详解](https://blog.csdn.net/irony0egoist/article/details/81019440) 9 | 10 | [URL](https://en.wikipedia.org/wiki/URL) 11 | 12 | ## 简介 13 | 14 | `URL(Uniform Resource Locator)`用于表示互联网上资源(文件)的具体位置 15 | 16 | ## 语法 17 | 18 | `URL`的实现符合通用的`URI(Uniform Resource Identifier)`语法,由五个组件的层次结构序列组成 19 | 20 | ``` 21 | URI = scheme:[//authority]path[?query][#fragment] 22 | ``` 23 | 24 | 其中`authority`部分还可分为`3`个组件 25 | 26 | ``` 27 | authority = [userinfo@]host[:port] 28 | ``` 29 | 30 | 所以完整的语法如下: 31 | 32 | ``` 33 | scheme:[//[userinfo@]host[:port]]path[?query][#fragment] 34 | ``` 35 | 36 | ![](./imgs/URI_syntax_diagram.svg.png) 37 | 38 | ## 语法解析 39 | 40 | * `scheme`组件表示传输协议,常用的有`http/https/ftp/mailto/file`等等 41 | * `authority`组件用于指定服务器位置,指定主机名和端口号,还可能包含用户名和密码 42 | * 如果包含用户名和密码:`[//[username[:passwd]]host[:port]]` 43 | * 通常仅指定主机名和端口号:`[//host[:port]]` 44 | * 主机名可以用`IP`地址或者域名表示;如果忽略端口号,表示使用`80`端口 45 | * `path`组件指定资源在服务器中的位置 46 | * `query`组件表示查询参数,包含一组查询字符串 47 | * 其语法没有很好定义,通常是由一个分隔符分隔的一系列属性-值对 48 | * `key1=value1&key2=value2` 49 | * `fragment`组件表示锚部分,指定文件打开时页面滚动到锚点位置 50 | 51 | ## 示例 52 | 53 | ### 一 54 | 55 | ``` 56 | https://www.zhujian.tech 57 | ``` 58 | 59 | * 指定传输协议为`https` 60 | * 主机名为`www.zhujian.tech` 61 | * 使用默认端口`80` 62 | 63 | ### 二 64 | 65 | ``` 66 | https://github.com/zjZSTU/network-guide 67 | ``` 68 | 69 | * 指定传输协议为`https` 70 | * 主机名为`github.com` 71 | * 使用默认端口`80` 72 | * 资源路径为`/zjZSTU/network-guide` 73 | 74 | ### 三 75 | 76 | ``` 77 | http://localhost:8080/jenkins 78 | ``` 79 | 80 | * 指定传输协议为`http` 81 | * 主机名为`localhost` 82 | * 指定端口`8080` 83 | * 资源路径为`/jenkins` 84 | 85 | ### 四 86 | 87 | ``` 88 | https://fanyi.baidu.com/?aldtype=16047#zh/en/ 89 | ``` 90 | 91 | * 指定传输协议为`https` 92 | * 主机名为`fanyi.baidu.com` 93 | * 使用默认端口`80` 94 | * 资源路径为`/` 95 | * 查询参数为`aldtype=16047` 96 | * 锚点位置为`zh/en/` 97 | -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/[ngrok]TCP和HTTP连接配置.md: -------------------------------------------------------------------------------- 1 | 2 | # [ngrok]TCP和HTTP连接配置 3 | 4 | 参考: 5 | 6 | [How to run your own ngrokd server](https://github.com/inconshreveable/ngrok/blob/master/docs/SELFHOSTING.md) 7 | 8 | [内网穿透 ngrok 服务器和客户端配置](https://xicheng412.github.io/2016/09/27/ngrok-config/) 9 | 10 | [ngrok实现内网穿透,让家里的笔记本也能做服务器](https://blog.csdn.net/cece409770352/article/details/87870356) 11 | 12 | 通过配置文件的方式设置`TCP`和`HTTP`连接 13 | 14 | ## 服务端配置 15 | 16 | 启动`ngrok`服务端应用,指定证书、域名、`http/https`端口以及隧道端口 17 | 18 | ``` 19 | ./ngrokd -tlsKey=a.key -tlsCrt=a.pem -domain="xxx.xxx.xxx" -httpAddr=":port1" -httpsAddr=":port2" -tunnelAddr=":port3" 20 | ``` 21 | 22 | * 输入域名应该和证书匹配,当前使用二级域名`xxx.xxx.xxx` 23 | * 端口号的设置方式为`:port` 24 | * `http`端口默认为`80` 25 | * `https`端口默认为`443` 26 | * 隧道端口默认为`4443` 27 | 28 | ## 客户端配置 29 | 30 | 通过配置文件方式来完成`HTTP`和`TCP`连接 31 | 32 | ### 配置文件 33 | 34 | `ngrok`使用的配置文件是`YAML`格式,新建`ngrok.cfg`: 35 | 36 | ``` 37 | server_addr: DOMAIN_NAME:TUNNEL_PORT 38 | trust_host_root_certs: true 39 | tunnels: 40 | tunnel-1: 41 | subdomain: SUB_DOMAIN 42 | remote_port: REMOTE_PORT 43 | proto: 44 | http: LOCAL_PORT 45 | tunnel-2: 46 | remote_port: REMOTE_PORT 47 | proto: 48 | tcp: LOCAL_PORT 49 | ``` 50 | 51 | * `server_addr`:指定远程服务器地址以及隧道端口 52 | * `trust_host_root_certs`:如果使用自签名证书,设为`false` 53 | * `tunnels`:设置要连接的服务(`TCP/HTTP/HTTPs`) 54 | 55 | 当前设置了两个服务:`tunnel-1`和`tunnel-2`。`tunnel-1`设置了`http`连接,`tunnel-2`设置了`tcp`连接 56 | 57 | * `subdomain`:指定子域名。**注意:`http`服务均会设置子域名,如果没有设置`subdomain`属性,将会使用`tunnel-1`作为子域名** 58 | * `remote_port`:远程绑定的端口号 59 | * `proto`:指定当前协议和本地端口号 60 | 61 | ### 使用 62 | 63 | 启动指定服务 64 | 65 | ``` 66 | # 启动http 67 | $ ./ngrok -config ngrok.cfg start tunnel-1 68 | # 启动tcp 69 | $ ./ngrok -config ngrok.cfg start tunnel-2 70 | ``` 71 | 72 | 启动所有服务 73 | 74 | ``` 75 | $ ./ngrok -config ngrok.cfg start-all 76 | ``` 77 | 78 | ![](./imgs/ngrok-connect.png) 79 | 80 | **注意:`http`连接得到了三级域名(`xxx.xxx.xxx.xxx`),需要额外进行`DNS`解析** -------------------------------------------------------------------------------- /docs/nginx/托管网站.md: -------------------------------------------------------------------------------- 1 | 2 | # 托管网站 3 | 4 | 参考: 5 | 6 | [Ubuntu服务器使用Nginx配个静态网站](https://www.jianshu.com/p/a7603c86811b) 7 | 8 | `nginx`启动后,打开浏览器输入服务器`ip`,显示一个欢迎页面,其地址为 9 | 10 | /usr/share/nginx/html/index.html 11 | 12 | 其在配置文件`/etc/nginx/conf.d/default.conf`中引用 13 | 14 | $ cat conf.d/default.conf 15 | server { 16 | listen 80; 17 | server_name localhost; 18 | ... 19 | location / { 20 | root /usr/share/nginx/html; 21 | index index.html index.htm; 22 | } 23 | ... 24 | } 25 | 26 | ## 托管静态文件 27 | 28 | 参考:[W3School TIY](http://www.w3school.com.cn/tiy/t.asp?f=html_basic) 29 | 30 | 新建文件夹`blogs` 31 | 32 | $ mkdir blogs 33 | $ cd blogs/ 34 | $ pwd 35 | /home/ubuntu/blogs 36 | 37 | 在里面新建文件`index.html` 38 | 39 | $ vim index.html 40 | 41 | 42 | 43 | 我的第一个 HTML 页面 44 | 45 | 46 | 47 |

body 元素的内容会显示在浏览器中。

48 |

title 元素的内容会显示在浏览器的标题栏中。

49 | 50 | 51 | 52 | 53 | 修改`default.conf`文件,修改`root`路径为`blogs` 54 | 55 | $ sudo vim default.conf 56 | server { 57 | ... 58 | location / { 59 | root /home/ubuntu/blogs; 60 | index index.html index.htm; 61 | } 62 | } 63 | 64 | 重启`nginx` 65 | 66 | sudo source nginx restart 67 | 68 | 在浏览器输入服务器`ip` 69 | 70 | ![](./imgs/first-index.png) 71 | 72 | ## 绑定域名 73 | 74 | 参考:[Server names](https://nginx.org/en/docs/http/server_names.html) 75 | 76 | 修改`default.conf`下的`server_name`选项,设置成自定义域名 77 | 78 | server { 79 | listen 80; 80 | server_name example.org www.example.org; 81 | ... 82 | } 83 | 84 | 然后到域名解析中添加服务器`ip` 85 | 86 | **注意:需要云服务器开启`80`端口,腾讯云服务器需要进行安全组配置** 87 | 88 | ## 绑定`404`页面 89 | 90 | 修改`default.conf`,取消`404`页面的注释,使用`root`路径下的`404.html`(也可以设置成其他路径) 91 | 92 | #error_page 404 /404.html; -------------------------------------------------------------------------------- /docs/tomcat/[Ubuntu 16.02]Tomcat9安装.md: -------------------------------------------------------------------------------- 1 | 2 | # [Ubuntu 16.02]Tomcat9安装 3 | 4 | 参考: 5 | 6 | [Ubuntu16.04安装Tomcat](https://blog.csdn.net/ItJavawfc/article/details/87370956) 7 | 8 | [Ubuntu16.04服务器安装tomcat](https://blog.csdn.net/Shezzer/article/details/84074133) 9 | 10 | ## 先决条件 11 | 12 | `Tomcat`需要预先安装`JDK` 13 | 14 | ## 下载 15 | 16 | 当前最新版本:`Tomcat 9.0.27`。下载地址:[Tomcat 9 Software Downloads](https://tomcat.apache.org/download-90.cgi) 17 | 18 | ## 配置 19 | 20 | 解压到`/opt/tomcat`目录下,在`bin`目录下新建文件`setenv.sh`(*如果没有的话*) 21 | 22 | ``` 23 | # JAVA 24 | export JAVA_HOME=/home/zj/software/java/jdk1.8.0_201 25 | export JRE_HOME=$JAVA_HOME/jre 26 | 27 | # Tomcat 28 | export CATALINA_HOME=/opt/tomcat/apache-tomcat-9.0.27 29 | export CATALINA_BASE=/opt/tomcat/apache-tomcat-9.0.27 30 | ``` 31 | 32 | ## 启动 33 | 34 | 执行文件`/bin/startup.sh`,即可启动`Tomcat` 35 | 36 | ``` 37 | $ ./startup.sh 38 | Using CATALINA_BASE: /opt/tomcat/apache-tomcat-9.0.27 39 | Using CATALINA_HOME: /opt/tomcat/apache-tomcat-9.0.27 40 | Using CATALINA_TMPDIR: /opt/tomcat/apache-tomcat-9.0.27/temp 41 | Using JRE_HOME: /home/zj/software/java/jdk1.8.0_201/jre 42 | Using CLASSPATH: /opt/tomcat/apache-tomcat-9.0.27/bin/bootstrap.jar:/opt/tomcat/apache-tomcat-9.0.27/bin/tomcat-juli.jar 43 | Tomcat started. 44 | ``` 45 | 46 | 查询`localhost:8080`是否已被监听 47 | 48 | ``` 49 | # curl localhost:8080 50 | 51 | 52 | 53 | 54 | Apache Tomcat/9.0.27 55 | ... 56 | ... 57 | ``` 58 | 59 | ![](./imgs/tomcat-8080.png) 60 | 61 | ## 停止 62 | 63 | 调用脚本`/bin/shutdown.sh` 64 | 65 | ## 开机自启动 66 | 67 | 修改文件`/etc/rc.local` 68 | 69 | ``` 70 | #!/bin/sh -e 71 | # 72 | # rc.local 73 | # 74 | # This script is executed at the end of each multiuser runlevel. 75 | # Make sure that the script will "exit 0" on success or any other 76 | # value on error. 77 | # 78 | # In order to enable or disable this script just change the execution 79 | # bits. 80 | # 81 | # By default this script does nothing. 82 | 83 | /opt/tomcat/apache-tomcat-9.0.27/bin/startup.sh 84 | 85 | exit 0 86 | ``` -------------------------------------------------------------------------------- /docs/nginx/[腾讯云]配置HTTPs.md: -------------------------------------------------------------------------------- 1 | 2 | # [腾讯云]配置HTTPs 3 | 4 | 参考:[Nginx 服务器证书安装](https://cloud.tencent.com/document/product/400/35244) 5 | 6 | 使用了腾讯云的`DNS`解析服务,顺便申请了`ssl`,其实现步骤和[[阿里云]配置HTTPs](./[阿里云]配置HTTPs.md)没有差别,不过目前使用的`Nginx`版本更新,在具体配置上会有略微差别 7 | 8 | **`Note`:当前`Nginx`版本为`nginx version: nginx/1.17.9`** 9 | 10 | ## CA证书 11 | 12 | 申请地址:[https://console.cloud.tencent.com/ssl](https://console.cloud.tencent.com/ssl) 13 | 14 | 一天内就可以完成审核,下载证书后将`nginx`部分放置在`/etc/nginx/ssl`文件夹中(这是我的配置,`/etc/nginx`是`nginx`配置文件路径,`ssl`是新建的文件夹) 15 | 16 | ## conf文件 17 | 18 | 在`/etc/nginx/conf.d`目录下新建配置文件`xxx.conf` 19 | 20 | ``` 21 | server { 22 | #SSL 访问端口号为 443 23 | listen 443 ssl; 24 | #填写绑定证书的域名 25 | server_name xxx.xxx.xxx; 26 | 27 | # 防止中文乱码 28 | charset utf-8; 29 | 30 | #证书文件名称 31 | ssl_certificate /etc/nginx/ssl/1_xxx.xxx.xxx_bundle.crt; 32 | #私钥文件名称 33 | ssl_certificate_key /etc/nginx/ssl/2_xxx.xxx.xxx.key; 34 | ssl_session_timeout 5m; 35 | #请按照以下协议配置 36 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 37 | #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。 38 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 39 | ssl_prefer_server_ciphers on; 40 | 41 | location / { 42 | #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。 43 | #root /var/www/www.domain.com; 44 | root /opt/www; 45 | index index.html index.htm; 46 | } 47 | 48 | error_page 404 /404.html; 49 | } 50 | server { 51 | listen 80; 52 | #填写绑定证书的域名 53 | server_name xxx.xxx.xxx; 54 | #把http的域名请求转成https 55 | return 301 https://$host$request_uri; 56 | } 57 | ``` 58 | 59 | >由于版本问题,配置文件可能存在不同的写法。例如:Nginx 版本为 nginx/1.15.0 以上请使用 listen 443 ssl 代替 listen 443 和 ssl on。 60 | 61 | ## 启动nginx 62 | 63 | 测试配置文件是否正确 64 | 65 | ``` 66 | $ sudo nginx -t 67 | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 68 | nginx: configuration file /etc/nginx/nginx.conf test is successful 69 | ``` 70 | 71 | 启动nginx 72 | 73 | ``` 74 | # 停止nginx 75 | $ sudo systemctl stop nginx 76 | # 启动nginx 77 | $ sudo systemctl start nginx 78 | # 查询nginx状态 79 | $ sudo systemctl status nginx 80 | ``` -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # 本仓库不再维护,更新的内容前往:[ZJDoc/Deploy](https://github.com/ZJDoc/Deploy) 3 | 4 | # 网络指南 5 | 6 | [![Documentation Status](https://readthedocs.org/projects/zj-network-guide/badge/?version=latest)](https://zj-network-guide.readthedocs.io/zh_CN/latest/?badge=latest) [![standard-readme compliant](https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme) [![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg)](https://conventionalcommits.org) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/) 7 | 8 | > 计算机网络相关概念、工具 9 | 10 | 学习计算机网络基础知识以及相关工具 11 | 12 | ## 内容列表 13 | 14 | - [本仓库不再维护,更新的内容前往:ZJDoc/Deploy](#本仓库不再维护更新的内容前往zjdocdeploy) 15 | - [网络指南](#网络指南) 16 | - [内容列表](#内容列表) 17 | - [背景](#背景) 18 | - [安装](#安装) 19 | - [文档工具安装](#文档工具安装) 20 | - [用法](#用法) 21 | - [主要维护人员](#主要维护人员) 22 | - [参与贡献方式](#参与贡献方式) 23 | - [许可证](#许可证) 24 | 25 | ## 背景 26 | 27 | 计算机网络内容复杂,除了常见的基本概念(比如`IP`,局域网,路由器等)外,还包括了相关工具的配置和使用(比如`nginx`,`ngrok`等)。在生活工作中不太会碰到相关问题,所以经常学完就丢,记录下来以便快速查询和学习 28 | 29 | ## 安装 30 | 31 | ### 文档工具安装 32 | 33 | ``` 34 | $ pip install -r requirements.txt 35 | ``` 36 | 37 | ## 用法 38 | 39 | 有两种文档使用方式 40 | 41 | 1. 在线浏览文档:[网络指南](https://zj-network-guide.readthedocs.io/zh_CN/latest/?badge=latest) 42 | 43 | 2. 本地浏览文档,实现如下: 44 | 45 | ``` 46 | $ git clone https://github.com/zjZSTU/network-guide.git 47 | $ cd network-guide 48 | $ mkdocs serve 49 | ``` 50 | 启动本地服务器后即可登录浏览器`localhost:8000` 51 | 52 | ## 主要维护人员 53 | 54 | * zhujian - *Initial work* - [zjZSTU](https://github.com/zjZSTU) 55 | 56 | ## 参与贡献方式 57 | 58 | 欢迎任何人的参与!打开[issue](https://github.com/zjZSTU/git-guide/issues)或提交合并请求。 59 | 60 | 注意: 61 | 62 | * `GIT`提交,请遵守[Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0-beta.4/)规范 63 | * 语义版本化,请遵守[Semantic Versioning 2.0.0](https://semver.org)规范 64 | * `README`编写,请遵守[standard-readme](https://github.com/RichardLitt/standard-readme)规范 65 | 66 | ## 许可证 67 | 68 | [Apache License 2.0](LICENSE) © 2019 zjZSTU 69 | -------------------------------------------------------------------------------- /docs/ssh/[SSH]客户端配置文件config.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]客户端配置文件config 3 | 4 | 参考: 5 | 6 | [利用 SSH 的用户配置文件 Config 管理 SSH 会话](https://www.hi-linux.com/posts/14346.html) 7 | 8 | [SSH Config File](https://www.ssh.com/ssh/config/) 9 | 10 | `man ssh_config` 11 | 12 | `ssh`除了命令行配置参数外,还可以通过配置文件来辅助管理,有两个级别的配置文件 13 | 14 | * 用户级(`user-specific file`):`~/.ssh/config`,通常不存在,如果需要自己新建 15 | * 系统级(`system-wide file`):`/etc/ssh/ssh_config`,内置有一些默认配置 16 | 17 | ## 访问权限 18 | 19 | 用户配置文件的访问权限设置为用户可读可写,组和其他不能操作 20 | 21 | $ sudo chmod 600 ~/.ssh/config 22 | 23 | ## 优先级 24 | 25 | 参数数据解析顺序如下: 26 | 27 | 1. 命令行选项 28 | 2. 用户配置文件 29 | 3. 系统配置文件 30 | 31 | 所有的配置选项仅第一次设置有效,所以可以将默认值放置在系统配置文件,修改参数放置在用户配置文件 32 | 33 | ## 配置方式 34 | 35 | 用配置文件可以管理多个远程服务器,其格式如下: 36 | 37 | Host 服务器名A 38 | user 用户名 39 | hostname 服务器ip 40 | port 端口号 41 | identityfile 本地私钥地址 42 | ... 43 | Host 服务器名B 44 | user 用户名 45 | hostname 服务器ip 46 | port 端口号 47 | identityfile 本地私钥地址 48 | ... 49 | ... 50 | ... 51 | Host * 52 | ... 53 | ... 54 | 55 | 通过`Host`指定配置块,用`tab`键来区分配置头和内置参数 56 | 57 | 所有参数值都可使用通配符设定,比如可以设置一个`Host`值为星号(`*`),用于设置全局配置 58 | 59 | 注释用`#`号开头 60 | 61 | **配置文件不区分大小写,所以`Host`和`host`一样** 62 | 63 | ## 常用配置选项 64 | 65 | * 必须配置 66 | * `Host`:指定配置块 67 | * `User`:指定登录用户 68 | * `Hostname`:指定服务器地址,通常用`ip`地址 69 | * `Port`:指定端口号,默认值为`22` 70 | * 可选 71 | * `Identityfile`:指定本地认证私钥地址 72 | * `ForwardAgent yes`:允许`ssh-agent`转发 73 | * `IdentitiesOnly`:指定`ssh`是否仅使用配置文件或命令行指定的私钥文件进行认证。值为`yes`或`no`,默认为`no`,该情况可在`ssh-agent`提供了太多的认证文件时使用 74 | * `IdentityFile`:指定认证私钥文件 75 | * `StrictHostKeyChecking`:有`3`种选项 76 | * `ask`:默认值,第一次连接陌生服务器时提示是否添加,同时如果远程服务器公钥改变时拒绝连接 77 | * `yes`:不会自动添加服务器公钥到`~/.ssh/known_hosts`中,同时如果远程服务器公钥改变时拒绝连接 78 | * `no`:自动增加新的主机键到`~/.ssh/known_hosts`中 79 | 80 | ## 使用方式 81 | 82 | 比如配置文件如下: 83 | 84 | Host server 85 | user ubuntu 86 | hostname 123.231.032.123 87 | port 22 88 | 89 | 连接方式如下: 90 | 91 | # 登录远程服务器 92 | $ ssh server 93 | # 传输文件 94 | $ scp hello.txt server:/home/ubuntu/ -------------------------------------------------------------------------------- /docs/ssh/ssh_exchange_identification: Connection closed by remote host.md: -------------------------------------------------------------------------------- 1 | # ssh_exchange_identification: Connection closed by remote host 2 | 3 | 连接远程服务器时,老是连接失败 4 | 5 | ``` 6 | $ ssh -p 12xxx zj@xxx.xxx.xxx -vv 7 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 8 | debug1: Reading configuration data /etc/ssh/ssh_config 9 | debug1: /etc/ssh/ssh_config line 19: Applying options for * 10 | debug2: resolving "ngrok.zhujian.tech" port 12346 11 | debug2: ssh_connect_direct: needpriv 0 12 | debug1: Connecting to ngrok.zhujian.tech [148.70.133.9] port 12346. 13 | debug1: Connection established. 14 | debug1: key_load_public: No such file or directory 15 | debug1: identity file /home/lab305/.ssh/id_rsa type -1 16 | debug1: key_load_public: No such file or directory 17 | debug1: identity file /home/lab305/.ssh/id_rsa-cert type -1 18 | debug1: key_load_public: No such file or directory 19 | debug1: identity file /home/lab305/.ssh/id_dsa type -1 20 | debug1: key_load_public: No such file or directory 21 | debug1: identity file /home/lab305/.ssh/id_dsa-cert type -1 22 | debug1: key_load_public: No such file or directory 23 | debug1: identity file /home/lab305/.ssh/id_ecdsa type -1 24 | debug1: key_load_public: No such file or directory 25 | debug1: identity file /home/lab305/.ssh/id_ecdsa-cert type -1 26 | debug1: key_load_public: No such file or directory 27 | debug1: identity file /home/lab305/.ssh/id_ed25519 type -1 28 | debug1: key_load_public: No such file or directory 29 | debug1: identity file /home/lab305/.ssh/id_ed25519-cert type -1 30 | debug1: Enabling compatibility mode for protocol 2.0 31 | debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 32 | ssh_exchange_identification: Connection closed by remote host 33 | ``` 34 | 35 | 网上有很多的解答,参考 36 | 37 | [ssh问题:ssh_exchange_identification: Connection closed by remote host](https://www.cnblogs.com/gaobo543013306/p/9382867.html) 38 | 39 | [大量远程ssh连接请求--造成拒绝服务的问题](https://cloud.tencent.com/developer/article/1055038) 40 | 41 | [ssh连接提示 "Connection closed by remote host"](https://blog.csdn.net/mjm26/article/details/52242398/) 42 | 43 | 当前我的问题则是服务器没有装`openssh-server` 44 | 45 | ``` 46 | $ sudo apt install openssh-server 47 | ``` -------------------------------------------------------------------------------- /docs/nginx/反向代理.md: -------------------------------------------------------------------------------- 1 | 2 | # 反向代理 3 | 4 | ## 反向代理简介 5 | 6 | 参考:[Nginx Reverse Proxy](https://www.jianshu.com/p/b1debd31149b) 7 | 8 | 反向代理(`reverse proxy`)用于代理服务器,用户输入代理服务器地址,通过`nginx`请求正确的服务器地址,并将资源返回给用户 9 | 10 | ![](./imgs/reverse_proxy.png) 11 | 12 | ## 配置 13 | 14 | 参考: 15 | 16 | [Module ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) 17 | 18 | [NGINX Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/#pass) 19 | 20 | [nginx location 语法](https://blog.csdn.net/zhang_referee/article/details/88958074) 21 | 22 | 使用指令`proxy_pass`指定反向代理的服务器地址,在`/etc/nginx/conf.d/`目录下添加配置文件`test.conf` 23 | 24 | ``` 25 | { 26 | listen 80; 27 | server_name localhost; 28 | 29 | location /jk/ { 30 | proxy_pass http://localhost:8080/jenkins/; 31 | } 32 | } 33 | ``` 34 | 35 | 当`URL`符合`localhost/jenkins/`时,`nginx`将会请求代理地址 36 | 37 | **注意**:上面的代理服务器地址指定了资源地址为`/jenkins/`,则该字段将替代`location`匹配的参数`/jk`。比如客户端请求地址为`http://localhost/jk/page.html`,`nginx`代理后的地址为`http://localhost:8080/jenkins/page.html` 38 | 39 | 所以上面代码也可以修改如下: 40 | 41 | ``` 42 | ... 43 | location /jenkins/ { 44 | proxy_pass http://localhost:8080; 45 | } 46 | ... 47 | ``` 48 | 49 | ## 反向代理过程 50 | 51 | 参考:[nginx做反向代理处理http请求的过程](https://blog.csdn.net/yusiguyuan/article/details/39249497) 52 | 53 | `nginx`安装在本地,所以当`URL`输入`localhost/jenkins/`时 54 | 55 | 1. 解析域名为`IP`地址`127.0.0.1`,请求本地`nginx`进行处理 56 | 2. `nginx`将`URL`转换成`http://localhost:8080/jenkins/`后再次请求 57 | 3. `nginx`获得`html`数据后转发给浏览器 58 | 59 | 下面实现输入`www.123.com/jenkins/`,反向代理到`http://localhost/jenkins/` 60 | 61 | 修改`/etc/hosts`文件,将域名`www.123.com`映射到`nginx`服务器地址`127.0.0.1` 62 | 63 | ``` 64 | 127.0.0.1 www.123.com 65 | ``` 66 | 67 | 添加`nginx`配置文件`/etc/nginx/conf.d/test.conf` 68 | 69 | ``` 70 | server { 71 | listen 80; 72 | server_name www.123.com; 73 | 74 | location /jenkins/ { 75 | proxy_pass http://localhost:8080/jenkins/; 76 | } 77 | } 78 | ``` 79 | 80 | 热更新`nginx` 81 | 82 | ``` 83 | $ sudo nginx -s reload 84 | ``` 85 | 86 | 在浏览器登录`www.123.com/jenkins/`,即可登录本地安装的`jenkins` 87 | 88 | ![](./imgs/nginx-jenkins.png) 89 | 90 | **如果不成功,可能是由于`DNS`缓存的关系,需要清空浏览器缓存和系统缓存** -------------------------------------------------------------------------------- /docs/nginx/docker安装nginx.md: -------------------------------------------------------------------------------- 1 | 2 | # docker安装nginx 3 | 4 | 主要参考[Docker 安装 Nginx](https://www.runoob.com/docker/docker-install-nginx.html)完成`nginx`的安装和配置 5 | 6 | ## 镜像下载 7 | 8 | `Docker`提供了官方[nginx](https://hub.docker.com/_/nginx) 9 | 10 | ``` 11 | $ docker pull nginx 12 | ``` 13 | 14 | ## 启动 15 | 16 | 使用如下命令: 17 | 18 | ``` 19 | $ docker run --name nginx-test -p 7700:80 -d nginx 20 | ``` 21 | 22 | * `--name`:容器名 23 | * `-p`:映射主机`7700`端口到容器`80`端口 24 | * `-d`:后台运行 25 | 26 | 打开浏览器,登录`localhost:7700`查看是否成功 27 | 28 | ![](./imgs/welcome_nginx.png) 29 | 30 | ## 配置 31 | 32 | 在主机创建文件夹 33 | 34 | ``` 35 | $ mkdir -p ~/nginx/www ~/nginx/logs ~/nginx/conf.d 36 | ``` 37 | 38 | * `www`:保存`html`文件 39 | * `logs`:保存`nginx`运行日志 40 | * `conf.d`:保存配置文件 41 | 42 | 将容器内`Nginx`配置文件拷贝到主机 43 | 44 | ``` 45 | $ docker cp CONTAINER_ID:/etc/nginx/nginx.conf ~/nginx 46 | $ docker cp COMTAINER_ID:/etc/nginx/conf.d/default.conf ~/nginx/conf.d 47 | 48 | :~/nginx$ tree 49 | . 50 | ├── conf.d 51 | │   └── default.conf 52 | ├── logs 53 | │   ├── access.log 54 | │   └── error.log 55 | ├── nginx.conf 56 | └── www 57 | └── index.html 58 | ``` 59 | 60 | 修改配置文件`~/nginx/conf.d/default.conf`,修改`Location` 61 | 62 | ``` 63 | ... 64 | ... 65 | location / { 66 | #root /usr/share/nginx/html; 67 | root /opt/www; 68 | index index.html index.htm; 69 | } 70 | ... 71 | ... 72 | ``` 73 | 74 | 在`~/nginx/www`目录下创建文件`index.html` 75 | 76 | ``` 77 | 78 | 79 | 80 | Docker Nginx 81 | 82 | 83 | 84 | Hello Nginx 85 | 86 | 87 | 88 | ``` 89 | 90 | 重新启动`nginx`(*注意端口冲突,可以调整主机端口或停止之前的容器*),命令如下: 91 | 92 | ``` 93 | $ docker run -d -p 7700:80 \ 94 | --name nginx-test-web \ 95 | -v ~/nginx/www:/opt/www \ 96 | -v ~/nginx/logs:/var/log/nginx \ 97 | -v ~/nginx/conf.d:/etc/nginx/conf.d \ 98 | -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \ 99 | nginx 100 | ``` 101 | 102 | * `-d`:后台运行 103 | * `-p`:映射主机`7700`端口到容器`80`端口 104 | * `--name`:设置容器名 105 | * `-v`:挂载本地目录到容器中 106 | 107 | ![](./imgs/hello-nginx.png) 108 | 109 | 上述操作后`nginx`将使用主机保存的配置文件,可以修改`~/nginx/conf.d/default.conf`,重新启动正在运行的容器即可更新配置 110 | 111 | ``` 112 | $ docker restart COMTAINER_ID 113 | ``` -------------------------------------------------------------------------------- /docs/ssh/[SSH]生成密钥.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]生成密钥 3 | 4 | 参考:[4.3 服务器上的 Git - 生成 SSH 公钥](https://git-scm.com/book/zh/v2/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%E7%9A%84-Git-%E7%94%9F%E6%88%90-SSH-%E5%85%AC%E9%92%A5) 5 | 6 | ## 查询 7 | 8 | 验证本地是否已存在密钥 9 | 10 | $ cd ~/.ssh/ 11 | 12 | 查看是否存在`id_dsa`或`id_rsa`命名的文件,其中`.pub`文件是公钥 13 | 14 | ## 生成 15 | 16 | 在本地生成密钥,使用`ssh-keygen`进行,默认生成`id_rsa`文件在`~/.ssh`文件夹内 17 | 18 | $ ssh-keygen 19 | Generating public/private rsa key pair. 20 | Enter file in which to save the key (/home/zj/.ssh/id_rsa): 21 | Enter passphrase (empty for no passphrase): 22 | Enter same passphrase again: 23 | Your identification has been saved in /home/zj/.ssh/id_rsa. 24 | Your public key has been saved in /home/zj/.ssh/id_rsa.pub. 25 | The key fingerprint is: 26 | ... 27 | ... 28 | 29 | 其中会要求你输入两次密码,也可以为空 30 | 31 | $ ls 32 | id_rsa id_rsa.pub ... 33 | 34 | ### 自定义 35 | 36 | 参考: 37 | 38 | [Generating a new SSH key and adding it to the ssh-agent](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/) 39 | 40 | 指定密钥加密算法、密钥长度、密钥标签、密钥文件名 41 | 42 | $ ssh-keygen -t rsa -b 4096 -C "github.com" -f ~/.ssh/github_id_rsa 43 | Generating public/private rsa key pair. 44 | Enter passphrase (empty for no passphrase): 45 | Enter same passphrase again: 46 | Your identification has been saved in /home/zj/.ssh/github_id_rsa. 47 | Your public key has been saved in /home/zj/.ssh/github_id_rsa.pub. 48 | The key fingerprint is: 49 | SHA256:WRZktNSVoY+a5hAgNwou 50 | ... 51 | ... 52 | 53 | * `-t`指定加密算法,当前设置为`rsa`加密算法 54 | * `-b`指定密钥长度 55 | * `-C`指定了标签 56 | * `-f`指定生成文件名 57 | 58 | 当你已经存在`github_id_rsa/github_id_rsa.pub`文件时,会提示你是否重载 59 | 60 | ## 重设密钥 61 | 62 | 参考:[Working with SSH key passphrases](https://help.github.com/articles/working-with-ssh-key-passphrases/) 63 | 64 | 重新设置密钥密码 65 | 66 | $ ssh-keygen -p 67 | Enter file in which the key is (/home/zj/.ssh/id_rsa): # 默认是id_rsa文件,点击Enter键;否则,输入正确文件地址 68 | Enter old passphrase: # 输入旧密码 69 | Enter new passphrase (empty for no passphrase): # 输入新密码 70 | Enter same passphrase again: # 重复新密码 71 | Your identification has been saved with the new passphrase. 72 | 73 | 或者加上参数`-f`指定要修改的文件 74 | 75 | $ ssh-keygen -p -f /home/zj/.ssh/github_id_rsa 76 | Enter old passphrase: 77 | Enter new passphrase (empty for no passphrase): 78 | Enter same passphrase again: 79 | Your identification has been saved with the new passphrase. 80 | 81 | 或者加上参数`-P`指定旧密码、`-N`指定新密码 82 | 83 | $ ssh-keygen -p -P zhujian -N 123456 -f ~/.ssh/github_id_rsa 84 | Your identification has been saved with the new passphrase. 85 | 86 | 87 | -------------------------------------------------------------------------------- /docs/ssh/[ssh-add]添加私钥缓存.md: -------------------------------------------------------------------------------- 1 | 2 | # [ssh-add]添加私钥缓存 3 | 4 | 最近腾讯云服务器到期了,重新买了一个实例,在云上创建了一对密钥,将私钥下载到本地,放置在`~/.ssh`文件夹 5 | 6 | 远程连接时出错: 7 | 8 | ``` 9 | $ ssh ubuntu@148.70.117.214 -v 10 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 11 | debug1: Reading configuration data /home/zj/.ssh/config 12 | debug1: Reading configuration data /etc/ssh/ssh_config 13 | 。。。 14 | 。。。 15 | debug1: Authentications that can continue: publickey 16 | debug1: Next authentication method: publickey 17 | debug1: Offering RSA public key: /home/zj/.ssh/id_rsa 18 | debug1: Authentications that can continue: publickey 19 | debug1: Trying private key: /home/zj/.ssh/id_dsa 20 | debug1: Trying private key: /home/zj/.ssh/id_ecdsa 21 | debug1: Trying private key: /home/zj/.ssh/id_ed25519 22 | debug1: No more authentication methods to try. 23 | Permission denied (publickey). 24 | ``` 25 | 26 | 参考[用ssh登陆服务器(腾讯云)提示permission denied(public key)](https://segmentfault.com/q/1010000004905628),用`ssh-add`将私钥添加到缓存中 27 | 28 | ``` 29 | $ ssh-add tencent_id_rsa 30 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 31 | @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ 32 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 33 | Permissions 0664 for 'tencent_id_rsa' are too open. 34 | It is required that your private key files are NOT accessible by others. 35 | This private key will be ignored. 36 | ``` 37 | 38 | 提示私钥`tencent_id_rsa`的权限太大了,所以先修改权限再添加 39 | 40 | ``` 41 | $ chmod 600 tencent_id_rsa 42 | $ ssh-add tencent_id_rsa 43 | Identity added: tencent_id_rsa (tencent_id_rsa) 44 | ``` 45 | 46 | 最后重新连接成功 47 | 48 | ``` 49 | $ ssh ubuntu@148.70.117.214 -v 50 | ... 51 | ... 52 | debug1: Offering RSA public key: tencent_id_rsa 53 | debug1: Server accepts key: pkalg rsa-sha2-512 blen 151 54 | debug1: Authentication succeeded (publickey). 55 | Authenticated to 148.70.117.214 ([148.70.117.214]:22). 56 | ... 57 | ... 58 | Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-54-generic x86_64) 59 | 60 | * Documentation: https://help.ubuntu.com 61 | * Management: https://landscape.canonical.com 62 | * Support: https://ubuntu.com/advantage 63 | 64 | System information as of Thu Sep 26 14:40:46 CST 2019 65 | 66 | System load: 0.05 Processes: 89 67 | Usage of /: 4.6% of 49.15GB Users logged in: 0 68 | Memory usage: 15% IP address for eth0: 172.27.16.16 69 | Swap usage: 0% 70 | 71 | * MicroK8s 1.15 is out! Thanks to all 40 contributors, you get the latest 72 | greatest upstream Kubernetes in a single package. 73 | 74 | https://github.com/ubuntu/microk8s 75 | 76 | Last login: Thu Sep 26 14:31:20 2019 from 101.68.71.72 77 | ``` 78 | 79 | ## 查询缓存私钥 80 | 81 | ``` 82 | $ ssh-add -l 83 | 4096 SHA256:fmK9Jxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcs /var/jenkins_home/.ssh/zj_rsa (RSA) 84 | ``` 85 | 86 | ## 删除缓存私钥 87 | 88 | ``` 89 | $ ssh-add -D 90 | All identities removed. 91 | ``` -------------------------------------------------------------------------------- /docs/basic/ip地址.md: -------------------------------------------------------------------------------- 1 | 2 | # ip地址 3 | 4 | 参考: 5 | 6 | [IP地址](https://www.zhihu.com/topic/19592543/intro) 7 | 8 | [IP地址](https://baike.baidu.com/item/IP%E5%9C%B0%E5%9D%80) 9 | 10 | `ip`地址(`internet protocol address`)全称是互联网协议地址,也称为网际协议地址 11 | 12 | `ip`地址使用`ip`协议为主机和网络提供统一格式的逻辑地址,其目的是屏蔽物理地址的差异 13 | 14 | 目前最常用的`ip`地址包括`ipv4`地址和`ipv6`地址 15 | 16 | ## `ipv4`地址 17 | 18 | 参考: 19 | 20 | [IPv4](https://baike.baidu.com/item/IPv4) 21 | 22 | `ipv4(internet protocol version 4)`表示`ip`协议的第`4`个版本,`ip`协议地址是目前最常用的地址格式 23 | 24 | ### 格式 25 | 26 | `ipv4`地址长`32`位(`4`个字节),以`点分十进制`形式表示,即`4`个字节用点号隔开,以十进制表示 27 | 28 | > a.b.c.d 29 | 30 | ### 结构 31 | 32 | `ipv4`地址结构经历过三个大的改变,一是设置两级`IP`地址,二是添加子网字段设置三级`IP`地址,三是无分类编址 33 | 34 | ![](./imgs/ip-address.PNG) 35 | 36 | #### 设置两级`IP`地址 37 | 38 | `ipv4`地址由两部分组成: 39 | 40 | > ipv4地址 = {<网络号>,<主机号>} 41 | 42 | 网络号标志主机(或路由器)所连接到的网络 43 | 44 | 主机号标志该主机(或路由器) 45 | 46 | 根据网络号的不同长度可分为`A/B/C/D/E`类网络 47 | 48 | * `A`类地址网络号长度为`1`个字节,前`1`位是类别位,规定为`0` 49 | * `B`类地址网络号长度为`2`个字节,前`2`位是类别位,规定为`10` 50 | * `C`类地址网络号长度为`3`个字节,前`3`位是类别位,规定为`110` 51 | * `D`类地址没有网络号,前`4`位是类别位,规定为`1110` 52 | * `E`类地址没有网络号,前`4`位为类别位,规定为`1111` 53 | 54 | `A/B/C`类地址是单播地址,用于一对一通信 55 | 56 | `D`类地址是多播地址,用于一对多通信 57 | 58 | `E`类地址保留为以后使用 59 | 60 | #### 添加子网字段设置三级`IP`地址 61 | 62 | 参考:[子网划分](https://baike.baidu.com/item/%E5%AD%90%E7%BD%91%E5%88%92%E5%88%86) 63 | 64 | `ipv4`地址由三部分组成: 65 | 66 | > ipv4地址 = {<网络号>,<子网号>,<主机号>} 67 | 68 | 网络号标志主机(或路由器)所连接到的网络 69 | 70 | 子网号标志主机(或路由器)所连接到的子网 71 | 72 | 主机号标志该主机(或路由器) 73 | 74 | 通过子网掩码区分子网号和主机号,子网掩码长`32`位,与`ipv4`地址一一对应,网络号和子网号的对应位置为`1`,主机号的对应位置为`0` 75 | 76 | 比如设置`B`类地址的子网号占3位,那么主机号占`13`位,子网掩码为 77 | 78 | ``` 79 | # 二进制 80 | 11111111 11111111 11100000 00000000 81 | # 点分十进制 82 | 255.255.224.0 83 | ``` 84 | 85 | 通过`ipv4`地址和子网掩码进行`与运算`,得到子网号和主机号 86 | 87 | ##### 默认子网掩码 88 | 89 | 若网络不划分子网,就使用默认子网掩码 90 | 91 | * `A`类地址的默认子网掩码是`255.0.0.0` 92 | * `B`类地址的默认子网掩码是`255.255.0.0` 93 | * `C`类地址的默认子网掩码是`255.255.255.0` 94 | 95 | ##### 子网个数 96 | 97 | 根据`RFC 950`文档,子网号不能为全`1`或全`0`(全`0`表示本网络,全`1`表示广播地址) 98 | 99 | 比如上例中B类地址的子网号占`3`位,子网掩码为`255.255.224.0`,其可划分子网数为`2^3-2=6` 100 | 101 | ##### 主机号划分 102 | 103 | 主机号不能分配全`1`和全`0`地址 104 | 105 | 比如上例中`B`类地址的子网号占`3`位,那么主机号占`13`位,其可分配主机号个数为`2^13-2=8190` 106 | 107 | #### 无分类编址 108 | 109 | 无分类域间路由选择(`Classles Inter-Domain Routing, CIDR`)取消之前的`A/B/C/D/E`类地址和子网划分概念,将`32`位`ip`地址划分为前后两个部分 110 | 111 | > ipv4地址 = {<网络前缀>,<主机号>} 112 | 113 | 其中网络前缀长度任意,通过斜线记法(`slash notation`),在`ip`地址后加上斜线,后面写上网络前缀的位数 114 | 115 | > xxx.xxx.xxx.xxx/22 116 | 117 | 在路由选择中使用`32`位的地址掩码,网络前缀的对应位数为`1`,主机号的对应位数为`0` 118 | 119 | ##### 子网划分 120 | 121 | 各自单位在获取无分类编址后,仍旧可以划分子网,在原先的网络前缀中再加上子网位数 122 | 123 | 比如网络前缀长度为`20`,再继续划分`8`个子网(占`3`位),那么每个子网的网络前缀长度变成`23`位 124 | 125 | ##### 子网个数 126 | 127 | 根据`RFC 1878`文档,子网数可以为全`1`或者全`0` 128 | 129 | ## `ipv6`地址 130 | 131 | 参考:[IPv6](https://baike.baidu.com/item/IPv6) 132 | 133 | `ipv6(internet protocol version 6)`表示`ip`协议的第`6`个版本,其目的是提供更多的`ip`地址,解决`ipv4`地址资源有限的问题 134 | 135 | `ipv6`地址长度为`128`位,采用`16`进制表示,使用`冒分十六进制`表示法 136 | 137 | 格式为`X:X:X:X:X:X:X:X`,每个`X`表示`16`位,用十六进制表示,比如`ABCD:EF01:2345:6789:ABCD:EF01:2345:6789`(每个`X`的前导`0`可以省略) -------------------------------------------------------------------------------- /docs/nginx/[阿里云]配置HTTPs.md: -------------------------------------------------------------------------------- 1 | 2 | # [阿里云]配置HTTPs 3 | 4 | 参考: 5 | 6 | [Nginx/Tengine服务器安装SSL证书](https://help.aliyun.com/knowledge_detail/95491.html?spm=5176.2020520154.cas.25.220e56a7X6XAdR) 7 | 8 | [2. Nginx 证书部署](https://cloud.tencent.com/document/product/400/4143#2.-nginx-.E8.AF.81.E4.B9.A6.E9.83.A8.E7.BD.B2) 9 | 10 | 共分`4`步进行: 11 | 12 | 1. 申请`CA`服务 13 | 2. 配置`CA`证书 14 | 3. 配置`nginx` 15 | 4. 重启`nginx` 16 | 17 | **`Note`:当前`Nginx`版本为`nginx version: nginx/1.14.2`** 18 | 19 | >由于版本问题,配置文件可能存在不同的写法。例如:Nginx 版本为 nginx/1.15.0 以上请使用 listen 443 ssl 代替 listen 443 和 ssl on。 20 | 21 | ## 申请`CA`服务 22 | 23 | 首先在[阿里云](https://www.aliyun.com/?utm_content=se_1000301881)或[腾讯云](https://cloud.tencent.com/?fromSource=gwzcw.2212127.2212127.2212127&utm_medium=cpd&utm_id=gwzcw.2212127.2212127.2212127)上申请[CA证书服务](https://www.aliyun.com/product/cas?spm=5176.10695662.1171680.1.752f3ae1Hnibka) 24 | 25 | ![](./imgs/aliyun-ca.png) 26 | 27 | 有免费`CA`证书可以申请,参考:[SSL证书申请](https://hexo-guide.readthedocs.io/zh_CN/latest/advanced/%E5%9F%9F%E5%90%8D%E7%BB%91%E5%AE%9A.html#ssl) 28 | 29 | ## 配置`CA`证书 30 | 31 | 购买完成后进入控制台,下载相应的实例(选择`nginx`版本下载) 32 | 33 | ![](./imgs/purchased-ca.png) 34 | 35 | 是一个`zip`压缩包,里面有两个文件:一个`.key`文件(加密)和一个`.pem`文件(证书) 36 | 37 | 在`nginx`配置路径下新建文件夹`cert`,解压放置其中 38 | 39 | /etc/nginx/cert/ 40 | 41 | ## 配置`nginx` 42 | 43 | 修改`/etc/nginx/conf.d/default.conf`文件如下: 44 | 45 | $ cat default.conf 46 | server { 47 | listen 80; # http端口 48 | server_name 自己的域名; 49 | return 301 https://$host$request_uri; # 跳转到https 50 | } 51 | server { 52 | listen 443; # https端口 53 | server_name 自己的域名; 54 | 55 | charset utf-8; 56 | #charset koi8-r; 57 | #access_log /var/log/nginx/host.access.log main; 58 | 59 | ssl on; 60 | ssl_certificate cert/1771479_www.zhujian.tech.pem; 61 | ssl_certificate_key cert/1771479_www.zhujian.tech.key; 62 | ssl_session_timeout 5m; 63 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 64 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; # 阿里云和腾讯云会有差别 65 | ssl_prefer_server_ciphers on; 66 | 67 | location / { 68 | root /home/ubuntu/blogs; # 静态文件根路径 69 | index index.html index.htm; 70 | } 71 | 72 | error_page 404 /404.html; 73 | 74 | # redirect server error pages to the static page /50x.html 75 | # 76 | error_page 500 502 503 504 /50x.html; 77 | location = /50x.html { 78 | root /usr/share/nginx/html; 79 | } 80 | 81 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 82 | # 83 | #location ~ \.php$ { 84 | # proxy_pass http://127.0.0.1; 85 | #} 86 | 87 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 88 | # 89 | #location ~ \.php$ { 90 | # root html; 91 | # fastcgi_pass 127.0.0.1:9000; 92 | # fastcgi_index index.php; 93 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 94 | # include fastcgi_params; 95 | #} 96 | 97 | # deny access to .htaccess files, if Apache's document root 98 | # concurs with nginx's one 99 | # 100 | #location ~ /\.ht { 101 | # deny all; 102 | #} 103 | } 104 | 105 | ## 重启`nginx` 106 | 107 | 先测试配置文件是否正确 108 | 109 | $ sudo nginx -t 110 | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 111 | nginx: configuration file /etc/nginx/nginx.conf test is successful 112 | 113 | 再重启`nginx` 114 | 115 | $ sudo service nginx restart -------------------------------------------------------------------------------- /docs/advanced/[Ubuntu 18.04][resolv.conf]公共DNS设置.md: -------------------------------------------------------------------------------- 1 | 2 | # [Ubuntu 18.04][resolv.conf]公共DNS设置 3 | 4 | ## 为什么要使用公共DNS 5 | 6 | 参考:[为什么要使用 Public DNS ?](https://www.dnspod.cn/Products/Public.DNS) 7 | 8 | * 速度快 9 | * 更稳定 10 | * 无劫持 11 | 12 | 国内国外都有很多的厂商提供了免费的公共`DNS`,比如: 13 | 14 | 1. [DNSPod Public DNS](https://www.dnspod.cn/Products/Public.DNS):`119.29.29.29` 15 | 2. [阿里云公共DNS](http://www.alidns.com/index.html?spm=a2chw.13814944.0.0.46ad1760TccxQ0):`223.5.5.5/223.6.6.6` 16 | 3. [Google Public DNS](https://developers.google.com/speed/public-dns):`8.8.8.8/8.8.4.4` 17 | 18 | ## /etc/resolv.conf 19 | 20 | 参考:[ resolv.conf](http://manpages.ubuntu.com/manpages/bionic/man5/resolv.conf.5.html) 21 | 22 | `Ubuntu`系统通过读取`/etc/resolv.conf`中的`DNS`地址进行查询,默认`DNS`服务器`IP`是`127.0.0.53` 23 | 24 | ``` 25 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 26 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 27 | # 127.0.0.53 is the systemd-resolved stub resolver. 28 | # run "systemd-resolve --status" to see details about the actual nameservers. 29 | 30 | nameserver 127.0.0.53 31 | ``` 32 | 33 | 该文件是一个软链接,其指向`/run/systemd/resolve/resolv.conf` 34 | 35 | ## 如何设置公告DNS 36 | 37 | 由于`/etc/resolv.conf`会被重写,所以关键问题在于如何在`/etc/resolv.conf`文件中添加新的`DNS`服务器地址 38 | 39 | 参考: 40 | 41 | [ubuntu18.04 dsn 重启就会重置该怎么办?](https://segmentfault.com/q/1010000015091523) 42 | 43 | [Ubuntu 18.04的DNS问题(已解决)](https://my.oschina.net/u/2306127/blog/1930116) 44 | 45 | [ubuntu18.04直接更改/etc/resolv.conf修改nameserver重启被重置解决方法](https://blog.csdn.net/lengye7/article/details/88877867) 46 | 47 | 尝试了很多种方式,包括命令`resolvconf`和`netplan`,最后找到一种比较合理的方式 48 | 49 | 第一步:调整`/etc/resolv.conf`的软链接,使其指向文件`/run/systemd/resolve/resolv.conf` 50 | 51 | ``` 52 | $ cd /etc 53 | $ rm resolv.conf 54 | $ ln -s /run/systemd/resolve/resolv.conf resolv.conf 55 | ``` 56 | 57 | 第二步:修改配置文件`/etc/systemd/resolved.conf`,添加新的`DNS`服务器`IP` 58 | 59 | ``` 60 | $ cat resolved.conf 61 | # This file is part of systemd. 62 | # 63 | # systemd is free software; you can redistribute it and/or modify it 64 | # under the terms of the GNU Lesser General Public License as published by 65 | # the Free Software Foundation; either version 2.1 of the License, or 66 | # (at your option) any later version. 67 | # 68 | # Entries in this file show the compile time defaults. 69 | # You can change settings by editing this file. 70 | # Defaults can be restored by simply deleting this file. 71 | # 72 | # See resolved.conf(5) for details 73 | 74 | [Resolve] 75 | DNS=119.29.29.29 223.5.5.5 223.6.6.6 76 | #DNS= 77 | #FallbackDNS= 78 | #Domains= 79 | #LLMNR=no 80 | #MulticastDNS=no 81 | #DNSSEC=no 82 | #Cache=yes 83 | #DNSStubListener=yes 84 | ``` 85 | 86 | 第三步:重启系统 87 | 88 | 完成后,可以查看新的`/etc/resolv.conf`配置 89 | 90 | ``` 91 | $ cat /etc/resolv.conf 92 | # This file is managed by man:systemd-resolved(8). Do not edit. 93 | # 94 | # This is a dynamic resolv.conf file for connecting local clients directly to 95 | # all known uplink DNS servers. This file lists all configured search domains. 96 | # 97 | # Third party programs must not access this file directly, but only through the 98 | # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, 99 | # replace this symlink by a static file or a different symlink. 100 | # 101 | # See man:systemd-resolved.service(8) for details about the supported modes of 102 | # operation for /etc/resolv.conf. 103 | 104 | nameserver 119.29.29.29 105 | nameserver 223.5.5.5 106 | nameserver 223.6.6.6 107 | # Too many DNS servers configured, the following entries may be ignored. 108 | nameserver 113.214.230.25 109 | nameserver 113.215.2.222 110 | ``` 111 | 112 | 使用命令`systemd-resolve --status`查询 113 | 114 | ``` 115 | $ systemd-resolve --status 116 | Global 117 | DNS Servers: 119.29.29.29 118 | 223.5.5.5 119 | 223.6.6.6 120 | 。。。 121 | 。。。 122 | ``` 123 | 124 | 使用命令`nslookup`解析网址: 125 | 126 | ``` 127 | $ nslookup www.baidu.com 128 | Server: 119.29.29.29 129 | Address: 119.29.29.29#53 130 | 131 | Non-authoritative answer: 132 | www.baidu.com canonical name = www.a.shifen.com. 133 | Name: www.a.shifen.com 134 | Address: 182.61.200.7 135 | Name: www.a.shifen.com 136 | Address: 182.61.200.6 137 | ``` -------------------------------------------------------------------------------- /docs/nginx/配置.md: -------------------------------------------------------------------------------- 1 | 2 | # 配置 3 | 4 | ## nginx相关 5 | 6 | 参考:[1.阿里云 ubuntu 服务器安装nginx爬坑小结](https://blog.csdn.net/zjscy666/article/details/80738032) 7 | 8 | `nginx`可执行文件 9 | 10 | $ file /usr/sbin/nginx 11 | /usr/sbin/nginx: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=aea1a3059091725ead573b5845a31286fd6170c1, stripped 12 | 13 | `nginx`配置文件`/etc/nginx/nginx.conf` 14 | 15 | $ sudo nginx -t 16 | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 17 | nginx: configuration file /etc/nginx/nginx.conf test is successful 18 | 19 | `nginx`版本信息 20 | 21 | $ nginx -v 22 | nginx version: nginx/1.10.3 (Ubuntu) 23 | 24 | `nginx`配置参数 25 | 26 | $ nginx -V 27 | nginx version: nginx/1.10.3 (Ubuntu) 28 | built with OpenSSL 1.0.2g 1 Mar 2016 29 | TLS SNI support enabled 30 | configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads 31 | 32 | ## 配置文件 33 | 34 | 默认配置为`/etc/nginx/nginx.conf` 35 | 36 | $ cat nginx.conf 37 | 38 | user nginx; 39 | worker_processes 1; 40 | 41 | error_log /var/log/nginx/error.log warn; 42 | pid /var/run/nginx.pid; 43 | 44 | 45 | events { 46 | worker_connections 1024; 47 | } 48 | 49 | 50 | http { 51 | include /etc/nginx/mime.types; 52 | default_type application/octet-stream; 53 | 54 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 55 | '$status $body_bytes_sent "$http_referer" ' 56 | '"$http_user_agent" "$http_x_forwarded_for"'; 57 | 58 | access_log /var/log/nginx/access.log main; 59 | 60 | sendfile on; 61 | #tcp_nopush on; 62 | 63 | keepalive_timeout 65; 64 | 65 | #gzip on; 66 | 67 | include /etc/nginx/conf.d/*.conf; 68 | } 69 | 70 | 其`http`设置包括了`/etc/nginx/conf.d`下的`*.conf`文件,里面有一个默认配置`default.conf` 71 | 72 | $ cat conf.d/default.conf 73 | server { 74 | listen 80; 75 | server_name localhost; 76 | 77 | #charset koi8-r; 78 | #access_log /var/log/nginx/host.access.log main; 79 | 80 | location / { 81 | root /usr/share/nginx/html; 82 | index index.html index.htm; 83 | } 84 | 85 | #error_page 404 /404.html; 86 | 87 | # redirect server error pages to the static page /50x.html 88 | # 89 | error_page 500 502 503 504 /50x.html; 90 | location = /50x.html { 91 | root /usr/share/nginx/html; 92 | } 93 | 94 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 95 | # 96 | #location ~ \.php$ { 97 | # proxy_pass http://127.0.0.1; 98 | #} 99 | 100 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 101 | # 102 | #location ~ \.php$ { 103 | # root html; 104 | # fastcgi_pass 127.0.0.1:9000; 105 | # fastcgi_index index.php; 106 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 107 | # include fastcgi_params; 108 | #} 109 | 110 | # deny access to .htaccess files, if Apache's document root 111 | # concurs with nginx's one 112 | # 113 | #location ~ /\.ht { 114 | # deny all; 115 | #} 116 | } 117 | 118 | 默认监听端口为`80`, 服务器名为当前`ip`,根目录为`/usr/share/nginx/html` -------------------------------------------------------------------------------- /docs/ssh/[SSH]Too many ssh failures.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]Too many ssh failures 3 | 4 | 昨天不小心删除了`ubuntu`用户,导致系统无法登录 5 | 6 | 今天重装了系统,使用公共镜像`Ubuntu 18.04`,重装完成后进行登录发现如下错误 7 | 8 | $ ssh ubuntu@132.232.142.219 9 | Received disconnect from 132.232.142.219 port 22:2: Too many authentication failures 10 | Connection to 132.232.142.219 closed by remote host. 11 | Connection to 132.232.142.219 closed. 12 | 13 | ## 解决 14 | 15 | 先到控制台的云服务器页面,选择左侧的`SSH`密钥选项,删除之前设置的密钥 16 | 17 | 然后关闭实例,重新设置密钥,输入本地的公钥内容,再次启动实例后就能够登录了 18 | 19 | ## 调试 20 | 21 | 使用参数`-v`能够打印出登录进度的调试信息 22 | 23 | $ ssh -v ubuntu@132.232.142.219 24 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.7, OpenSSL 1.0.2g 1 Mar 2016 25 | debug1: Reading configuration data /etc/ssh/ssh_config 26 | debug1: /etc/ssh/ssh_config line 19: Applying options for * 27 | debug1: Connecting to 132.232.142.219 [132.232.142.219] port 22. 28 | debug1: Connection established. 29 | debug1: identity file /home/zj/.ssh/id_rsa type 1 30 | debug1: key_load_public: No such file or directory 31 | debug1: identity file /home/zj/.ssh/id_rsa-cert type -1 32 | debug1: key_load_public: No such file or directory 33 | debug1: identity file /home/zj/.ssh/id_dsa type -1 34 | debug1: key_load_public: No such file or directory 35 | debug1: identity file /home/zj/.ssh/id_dsa-cert type -1 36 | debug1: key_load_public: No such file or directory 37 | debug1: identity file /home/zj/.ssh/id_ecdsa type -1 38 | debug1: key_load_public: No such file or directory 39 | debug1: identity file /home/zj/.ssh/id_ecdsa-cert type -1 40 | debug1: key_load_public: No such file or directory 41 | debug1: identity file /home/zj/.ssh/id_ed25519 type -1 42 | debug1: key_load_public: No such file or directory 43 | debug1: identity file /home/zj/.ssh/id_ed25519-cert type -1 44 | debug1: Enabling compatibility mode for protocol 2.0 45 | debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7 46 | debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4 47 | debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000 48 | debug1: Authenticating to 132.232.142.219:22 as 'ubuntu' 49 | debug1: SSH2_MSG_KEXINIT sent 50 | debug1: SSH2_MSG_KEXINIT received 51 | debug1: kex: algorithm: curve25519-sha256@libssh.org 52 | debug1: kex: host key algorithm: ecdsa-sha2-nistp256 53 | debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none 54 | debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none 55 | debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 56 | debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Jo/TLQ//NbUA3Sg3iZy3glGFLpf26BJtUOmBNMOtfdo 57 | debug1: Host '132.232.142.219' is known and matches the ECDSA host key. 58 | debug1: Found key in /home/zj/.ssh/known_hosts:12 59 | debug1: rekey after 134217728 blocks 60 | debug1: SSH2_MSG_NEWKEYS sent 61 | debug1: expecting SSH2_MSG_NEWKEYS 62 | debug1: SSH2_MSG_NEWKEYS received 63 | debug1: rekey after 134217728 blocks 64 | debug1: SSH2_MSG_EXT_INFO received 65 | debug1: kex_input_ext_info: server-sig-algs= 66 | debug1: SSH2_MSG_SERVICE_ACCEPT received 67 | debug1: Authentications that can continue: publickey 68 | debug1: Next authentication method: publickey 69 | debug1: Offering RSA public key: /home/zj/.ssh/id_rsa 70 | debug1: Authentications that can continue: publickey 71 | debug1: Offering RSA public key: gitee.com 72 | debug1: Authentications that can continue: publickey 73 | debug1: Offering RSA public key: github.com 74 | debug1: Authentications that can continue: publickey 75 | debug1: Offering RSA public key: zj@zj-ThinkPad-T470p 76 | debug1: Authentications that can continue: publickey 77 | debug1: Offering RSA public key: coding.com 78 | debug1: Authentications that can continue: publickey 79 | debug1: Offering RSA public key: zj@zj-ThinkPad-T470p 80 | debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 81 | debug1: Authentication succeeded (publickey). 82 | Authenticated to 132.232.142.219 ([132.232.142.219]:22). 83 | ... 84 | ... 85 | 86 | 上述调试信息是修改后的认证成功信息,可以看出`ssh`会遍历`~/.ssh`目录下的私钥文件,所以最开始的`Too many authentication failures`表明服务器端设置了认证的次数,可以通过配置文件修改 87 | 88 | $ cat /etc/ssh/sshd_config | grep MaxAuth 89 | #MaxAuthTries 6 90 | 91 | ## 配置 92 | 93 | 比如修改`ssh`服务端配置文件`/etc/ssh/sshd_config`,设置认证次数为`100`次,然后重启服务端即可 94 | 95 | ``` 96 | $ sudo vim /etc/ssh/sshd_config 97 | MaxAuthTries 100 98 | $ service sshd restart 99 | ``` -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | # 站点名称 2 | site_name: 'Network Guide' 3 | # 仓库链接 4 | repo_url: https://github.com/zjZSTU/network-guide.git 5 | # 作者 6 | site_author: 'zhujian' 7 | # 版权信息 8 | copyright: '2019, zhujian' 9 | # 源文件目录 10 | docs_dir: 'docs' 11 | # 生成静态文件目录 12 | site_dir: 'site' 13 | # 额外信息 14 | extra: 15 | # 版本号 16 | version: 2.0.0 17 | # 主题 18 | theme: 19 | # name: 'readthedocs' 20 | # name: 'mkdocs' 21 | name: 'material' 22 | # markdown扩展 23 | markdown_extensions: 24 | - toc: 25 | permalink: true 26 | - pymdownx.arithmatex 27 | 28 | extra_javascript: 29 | - 'https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-MML-AM_CHTML' 30 | # 导航 31 | nav: 32 | - Home: index.md 33 | - 基本概念: 34 | - 'IP地址': './basic/ip地址.md' 35 | - '路由器、交换机、集线器、中继器': './basic/路由器、交换机、集线器、中继器.md' 36 | - '局域网、广域网、互联网和私有专用网': './basic/局域网、广域网、互联网和私有专用网.md' 37 | - '网络体系结构': './basic/网络体系结构.md' 38 | - 'URL构成': './basic/URL构成.md' 39 | - 'DNS解析过程': './basic/DNS解析过程.md' 40 | - '[namesilo][dnspod]域名申请和解析': './basic/[namesilo][dnspod]域名申请和解析.md' 41 | - '[阿里云][域名解析]URL转发': './basic/[阿里云][域名解析]URL转发.md' 42 | - 进阶操作: 43 | - '[Ubuntu 18.04]wifi信息查询': './advanced/[Ubuntu 18.04]wifi信息查询.md' 44 | - '[Ubuntu 18.04][resolv.conf]公共DNS设置': './advanced/[Ubuntu 18.04][resolv.conf]公共DNS设置.md' 45 | - '[Docker][Ubuntu 18.04]网络工具安装': './advanced/[Docker][Ubuntu 18.04]网络工具安装.md' 46 | - '[nslookup]域名解析': './advanced/[nslookup]域名解析.md' 47 | - '[netstat]端口查询': './advanced/[netstat]端口查询.md' 48 | - '[nc]远程端口查询': './advanced/[nc]远程端口查询.md' 49 | - 内网穿透: 50 | - '前言': './intranet-penetration/前言.md' 51 | - '[内网穿透][路由器]虚拟服务器': './intranet-penetration/[内网穿透][路由器]虚拟服务器.md' 52 | - '[内网穿透]花生壳': './intranet-penetration/[内网穿透]花生壳.md' 53 | - '[内网穿透]n2n原理': './intranet-penetration/[内网穿透]n2n原理.md' 54 | - '[内网穿透]n2n实现': './intranet-penetration/[内网穿透]n2n实现.md' 55 | - Ngrok: 56 | - '引言': './intranet-penetration/ngrok/index.md' 57 | - '[内网穿透]ngrok实现': './intranet-penetration/ngrok/[内网穿透]ngrok实现.md' 58 | - '[ngrok]TCP和HTTP连接配置': './intranet-penetration/ngrok/[ngrok]TCP和HTTP连接配置.md' 59 | - '[ngrok]Ubuntu service实现': './intranet-penetration/ngrok/[ngrok]Ubuntu service实现.md' 60 | - '[ngrok]docker实现': './intranet-penetration/ngrok/[ngrok]docker实现.md' 61 | - 'Nginx使用': 62 | - '安装': './nginx/安装.md' 63 | - '测试': './nginx/测试.md' 64 | - '配置': './nginx/配置.md' 65 | - '中文乱码': './nginx/中文乱码.md' 66 | - '托管网站': './nginx/托管网站.md' 67 | - '[阿里云]配置HTTPs': './nginx/[阿里云]配置HTTPs.md' 68 | - '[腾讯云]配置HTTPs': './nginx/[腾讯云]配置HTTPs.md' 69 | - '多域名配置同一端口': './nginx/多域名配置同一端口.md' 70 | - '反向代理': './nginx/反向代理.md' 71 | - '[译]NGINX Reverse Proxy': './nginx/[译]NGINX Reverse Proxy.md' 72 | - 'docker安装nginx': './nginx/docker安装nginx.md' 73 | - '文件共享': './nginx/文件共享.md' 74 | - 'Tomcat使用': 75 | - '关于Tomcat': './tomcat/关于Tomcat.md' 76 | - '[Ubuntu 16.02]Tomcat9安装': './tomcat/[Ubuntu 16.02]Tomcat9安装.md' 77 | - '非root用户运行': './tomcat/非root用户运行.md' 78 | - 'SSH使用': 79 | - 'get-started': 80 | - 'http和ssh协议': './ssh/http和ssh协议.md' 81 | - '[SSH]远程连接': './ssh/[SSH]远程连接.md' 82 | - '[SSH]常用工具': './ssh/[SSH]常用工具.md' 83 | - '[SSH]生成密钥': './ssh/[SSH]生成密钥.md' 84 | - '[SSH]客户端配置文件config': './ssh/[SSH]客户端配置文件config.md' 85 | - '进阶': 86 | - '[SSH]禁用公钥检查': './ssh/[SSH]禁用公钥检查.md' 87 | - '[ssh-copy-id]复制公钥到远程服务器': './ssh/[ssh-copy-id]复制公钥到远程服务器.md' 88 | - '[ssh-add]添加私钥缓存': './ssh/[ssh-add]添加私钥缓存.md' 89 | - '[ssh-agent]代理设置': './ssh/[ssh-agent]代理设置.md' 90 | - '[SSH]客户端连接一段时间后卡死问题解决': './ssh/[SSH]客户端连接一段时间后卡死问题解决.md' 91 | - '[SSH -L]端口转发': './ssh/[SSH -L]端口转发.md' 92 | - '常见问题': 93 | - '[SSH]连接卡住': './ssh/[SSH]连接卡住.md' 94 | - '[SSH]Too many ssh failures': './ssh/[SSH]Too many ssh failures.md' 95 | - 'ssh: connect to host github.com port 22: Connection timed out': './ssh/ssh: connect to host github.com port 22: Connection timed out.md' 96 | - 'Bad owner or permissions on .ssh config': './ssh/Bad owner or permissions on .ssh config.md' 97 | - 'ssh_exchange_identification: Connection closed by remote host': './ssh/ssh_exchange_identification: Connection closed by remote host.md' 98 | - 'Permission denied (publickey)': './ssh/Permission denied (publickey).md' 99 | - '/etc/ssh/ssh_config: terminating, 1 bad configuration options': './ssh/ssh_config: terminating, 1 bad configuration options.md' -------------------------------------------------------------------------------- /docs/ssh/[SSH]远程连接.md: -------------------------------------------------------------------------------- 1 | 2 | # [SSH]远程连接 3 | 4 | 参考: 5 | 6 | [SSH](https://help.ubuntu.com/community/SSH) 7 | 8 | [OpenSSH Server](https://help.ubuntu.com/lts/serverguide/openssh-server.html.en) 9 | 10 | [OpenSSH](https://baike.baidu.com/item/OpenSSH) 11 | 12 | `SSH`(`Secure Shell`)是一个远程访问和数据传输的安全协议,其相比与`TELNET`等协议,它能够加密用户密码和数据,保证安全传输 13 | 14 | `OpenSSH`是基于`SSH`协议实现的开源软件,包括了`ssh`(远程连接)、`scp`(远程传输)等等工具 15 | 16 | ## 安装 17 | 18 | 查看当前是否已运行`ssh` 19 | 20 | $ ps -aux | grep ssh 21 | 22 | 安装客户端 23 | 24 | sudo apt-get install openssh-client 25 | 26 | 安装服务端 27 | 28 | sudo apt-get install openssh-server 29 | 30 | ## 配置文件 31 | 32 | 参考:[How to Enable SSH on Ubuntu (18.04, 17.04, 16.04, 14.04 etc.)](https://thishosting.rocks/how-to-enable-ssh-on-ubuntu/) 33 | 34 | 系统配置文件在路径`/etc/ssh`文件夹下 35 | 36 | # 客户端配置 37 | ssh_config 38 | # 服务器设置 39 | sshd_config 40 | 41 | 里面列出了一些默认配置信息,比如使用端口号为`22` 42 | 43 | 也可以在用户路径下`~/.ssh/`新建配置文件`config` 44 | 45 | 如果修改配置文件需要重启服务 46 | 47 | $ sudo service ssh restart 48 | # 或 49 | $ sudo systemctl restart ssh 50 | 51 | ## 远程连接 52 | 53 | 参考: 54 | 55 | [How To Use SSH to Connect to a Remote Server in Ubuntu ](https://www.digitalocean.com/community/tutorials/how-to-use-ssh-to-connect-to-a-remote-server-in-ubuntu) 56 | 57 | 使用`ssh`命令进行远程连接 58 | 59 | $ ssh 60 | usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] 61 | [-D [bind_address:]port] [-E log_file] [-e escape_char] 62 | [-F configfile] [-I pkcs11] [-i identity_file] [-L address] 63 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] 64 | [-Q query_option] [-R address] [-S ctl_path] [-W host:port] 65 | [-w local_tun[:remote_tun]] [user@]hostname [command] 66 | 67 | ### 密码连接 68 | 69 | 最简单的连接格式,输入登录名和主机地址,然后输入登录密码即可 70 | 71 | ssh user@hostname 72 | 73 | 指定端口号 74 | 75 | ssh -p port [user@]hostname 76 | 77 | 指定登录名 78 | 79 | ssh -l login_name hostname 80 | 81 | #### 禁止密码连接 82 | 83 | 参考:[Disable Password Authentication](https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#disable-password-authentication) 84 | 85 | ### 密钥连接 86 | 87 | 参考: 88 | 89 | [SSH/OpenSSH/Keys](https://help.ubuntu.com/community/SSH/OpenSSH/Keys) 90 | 91 | 首先本地生成公钥和私钥,参考[[SSH]生成密钥](./[SSH]生成密钥.md) 92 | 93 | $ ssh-keygen -t rsa -b 4096 -C "132.232.142.219" -f ~/.ssh/tencent_id_rsa 94 | Generating public/private rsa key pair. 95 | Enter passphrase (empty for no passphrase): 96 | Enter same passphrase again: 97 | Your identification has been saved in /home/zj/.ssh/tencent_id_rsa. 98 | Your public key has been saved in /home/zj/.ssh/tencent_id_rsa.pub. 99 | The key fingerprint is: 100 | SHA256:VJGQlDH 101 | ... 102 | ... 103 | 104 | 有两种方法将公钥传输到远程服务器 105 | 106 | 1. 使用命令`ssh-copy-id` 107 | 108 | ssh-copy-id @ 109 | 110 | 2. 复制公钥到服务器`authorized_keys`文件 111 | 112 | $ pwd 113 | /home/ubuntu/.ssh 114 | $ file authorized_keys 115 | authorized_keys: OpenSSH RSA public key 116 | 117 | 如果没有`authorized_keys`文件就新建,将公钥内容复制到上面 118 | 119 | ## `agent refused operation Permission denied (publickey) Error` 120 | 121 | 参考:[git使用错误记录及解决](https://segmentfault.com/a/1190000008733238) 122 | 123 | 私钥没有添加到缓存 124 | 125 | $ eval "$(ssh-agent -s)" 126 | $ ssh-add 指定私钥文件 127 | 128 | ## `known_hosts` 129 | 130 | 参考:[What is the difference between authorized_keys and known_hosts file for SSH?](https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-keys-and-known-hosts-file-for-ssh) 131 | 132 | `known_hosts`存放在`~/.ssh`文件夹内,用于保存已连接过的服务器公钥,其目的是确保服务器连接的安全性,第一次连接时需要会询问你是否添加到 133 | 134 | 搜索已经连接过的服务器公钥 135 | 136 | $ ssh-keygen -F hostname [-f known_hosts_file] [-l] 137 | 138 | $ ssh-keygen -F 132.232.142.219 139 | # Host 132.232.142.219 found: line 10 140 | |1|pi+zsVaxd0uefX2luX9dfHymHok=|HIEJX3xNsPOqV31fvg3nIfRkfmE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItb... 141 | 142 | 当服务器重装后,会生成新的服务器公钥,需要删除客户端当前公钥然后重新设置 143 | 144 | # 错误消息 145 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 146 | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ 147 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 148 | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 149 | Someone could be eavesdropping on you right now (man-in-the-middle attack)! 150 | It is also possible that a host key has just been changed. 151 | The fingerprint for the ECDSA key sent by the remote host is 152 | SHA256:8eHlAUPZtTc6WT+dXP4RHYw7fO8hO4lpzOH89hPUOR8. 153 | Please contact your system administrator. 154 | Add correct host key in /home/zj/.ssh/known_hosts to get rid of this message. 155 | Offending ECDSA key in /home/zj/.ssh/known_hosts:10 156 | remove with: 157 | ssh-keygen -f "/home/zj/.ssh/known_hosts" -R 132.232.142.219 158 | ECDSA host key for 132.232.142.219 has changed and you have requested strict checking. 159 | Host key verification failed. 160 | 161 | 删除本地存储公钥 162 | 163 | $ ssh-keygen -f "/home/zj/.ssh/known_hosts" -R 132.232.142.219 164 | # Host 132.232.142.219 found: line 10 165 | /home/zj/.ssh/known_hosts updated. 166 | Original contents retained as /home/zj/.ssh/known_hosts.old -------------------------------------------------------------------------------- /docs/intranet-penetration/ngrok/[内网穿透]ngrok实现.md: -------------------------------------------------------------------------------- 1 | 2 | # [内网穿透]ngrok实现 3 | 4 | [ngrok](https://baike.baidu.com/item/ngrok)是一种反向代理服务,能够实现内网穿透。首先介绍其官网实现,再自建`ngrok`服务器 5 | 6 | ## 官网实现 7 | 8 | [ngrok](https://ngrok.com/)官网已经搭建好了服务器,同时提供了客户端以及详细的教程 9 | 10 | 注册好后登录到个人主页,下载客户端进行配置 11 | 12 | 1. 下载客户端 13 | 2. 解压压缩包 14 | 3. 运行客户端程序添加账户的`authtoken`到配置文件`ngrok.yml` 15 | 4. 启动客户端 16 | 17 | 配置文件`ngrok.yml`默认放置在`~/.ngrok2`目录下 18 | 19 | `ngrok`可使用不同协议进行通信,当前实现`ssh`连接,执行如下命令: 20 | 21 | ``` 22 | $ ./ngrok tcp 22 23 | ``` 24 | 25 | ![](./imgs/ngrok_online.png) 26 | 27 | 配置成功后在官网个人主页的状态栏中会列出连接的信息 28 | 29 | ![](./imgs/tunnels_online.png) 30 | 31 | 这样就可以在本地打开命令行窗口连接到内网 32 | 33 | ``` 34 | $ ssh -p 12544 内网服务器用户名@0.tcp.ngrok.io 35 | The authenticity of host '[0.tcp.ngrok.io]:12544 ([3.17.202.129]:12544)' can't be established. 36 | ECDSA key fingerprint is SHA256:YXdgs3OJN0yxuNLLU. 37 | Are you sure you want to continue connecting (yes/no)? yes 38 | Warning: Permanently added '[0.tcp.ngrok.io]:12544,[3.17.202.129]:12544' (ECDSA) to the list of known hosts. 39 | Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-130-generic x86_64) 40 | 41 | * Documentation: https://help.ubuntu.com 42 | * Management: https://landscape.canonical.com 43 | * Support: https://ubuntu.com/advantage 44 | 45 | 544 packages can be updated. 46 | 393 updates are security updates. 47 | 48 | Last login: Thu Jul 11 11:00:36 2019 from 127.0.0.1 49 | $ 50 | ``` 51 | 52 | ## 自建ngrok服务器 53 | 54 | 参考: 55 | 56 | [How to run your own ngrokd server](https://github.com/inconshreveable/ngrok/blob/master/docs/SELFHOSTING.md) 57 | 58 | [Developer's guide to ngrok](https://github.com/inconshreveable/ngrok/blob/master/docs/DEVELOPMENT.md) 59 | 60 | [ngrok实现公网访问内网主机并开机启动,远程管理,校外也能看论文](https://zhuanlan.zhihu.com/p/54956793) 61 | 62 | [搭建并配置优雅的 ngrok 服务实现内网穿透](https://yii.im/posts/pretty-self-hosted-ngrokd/) 63 | 64 | 使用官网服务器进行内网穿透很方便,不过其延迟比较大,估计是因为服务器都搭建在国外,作者[inconshreveable](https://github.com/inconshreveable)开源了其[ngrok](https://github.com/inconshreveable/ngrok)实现,所以可以自建服务器进行配置 65 | 66 | ![](./imgs/ngrok.png) 67 | 68 | 共分为`6`步 69 | 70 | 1. `SSL`证书配置 71 | 2. `DNS`修改 72 | 3. 客户端和服务器软件编译 73 | 4. 服务器软件运行 74 | 5. 客户端配置 75 | 6. 客户端运行 76 | 77 | ### SSL证书配置 78 | 79 | `ngrok`通过`SSL`证书进行安全通信,有两种方式创建`SSL`证书,一是购买公共`SSL`证书,另一种是自建`SSL`证书,我在阿里云上购买了免费的[SSL证书](https://common-buy.aliyun.com/?spm=5176.2020520163.cas.3.5d5fYnY9YnY9fF&commodityCode=cas#/buy) 80 | 81 | 证书申请成功后下载解压后得到两个文件:`***.key` 和 `***.pem` 82 | 83 | 如果不是使用`https`隧道(比如`http`隧道、`ssh`隧道等),在证书上绑定指定域名即可,比如`ngrok.xxx.com`;否则添加一个通配符(`wildcard`)域名,比如`*.xxx.com` 84 | 85 | ### DNS修改 86 | 87 | 自建服务器需要申请一个域名,同时在`DNS`解析设置上新增一条`A`记录,将指定域名和服务器`IP`进行绑定 88 | 89 | ### 客户端和服务器软件编译 90 | 91 | #### 环境配置 92 | 93 | 当前使用腾讯云服务器,首先配置运行环境(编译器+`go`环境) 94 | 95 | ``` 96 | $ sudo apt-get install mercurial git gcc g++ 97 | ``` 98 | 99 | 安装`go`,参考[Getting Started](https://golang.org/doc/install) 100 | 101 | ``` 102 | # 下载已编译压缩包 103 | $ wget https://dl.google.com/go/go1.12.1.linux-amd64.tar.gz 104 | # 解压到指定路径 105 | $ sudo tar -C /usr/local -xzf go1.12.1.linux-amd64.tar.gz 106 | # 设置全局变量 107 | $ export PATH=$PATH:/usr/local/go/bin 108 | # 测试 109 | $ go version 110 | go version go1.12.1 linux/amd64 111 | ``` 112 | 113 | 设置环境变量`GOOS/GOARCH`为指定服务器和客户端平台,比如 114 | 115 | ``` 116 | $ export GOOS=linux 117 | $ export GOARCH=amd64 118 | ``` 119 | 120 | #### ngrok编译 121 | 122 | 下载`ngrok`源码 123 | 124 | ``` 125 | $ git clone https://github.com/inconshreveable/ngrok.git 126 | ``` 127 | 128 | 编译服务器和客户端软件 129 | 130 | ``` 131 | # 两个平台都一样的话同时编译 132 | $ make release-all 133 | # 或者分开编译,注意GOOS/GOARCH设置 134 | $ make release-server 135 | $ make release-client 136 | ``` 137 | 138 | 生成的文件在`bin`目录下,`ngrok`是客户端应用,`ngrokd`是服务器应用 139 | 140 | ### 服务器软件运行 141 | 142 | 运行如下命令: 143 | 144 | ``` 145 | $ ./ngrokd -tlsKey=a.key -tlsCrt=a.pem -domain="ngrok.example.com" -httpAddr=":6060" -httpsAddr=":6061" -tunnelAddr=":6062" 146 | ``` 147 | 148 | * `tlsKey`和`tlsCrt`表示`SSL`证书地址 149 | * `domain`表示之前配置的域名 150 | * `ngrok`服务器会监听`HTTPS/HTTPSs/TCP`端口,默认是`80/443/4443`,修改为其他端口号 151 | 152 | **注意:腾讯云服务器上需要在安全组设置中开放上述端口号** 153 | 154 | ### 客户端配置 155 | 156 | 下载编译好的`ngrok`到内网电脑上,创建配置文件`ngrok.cfg`: 157 | 158 | ``` 159 | $ cat ngrok.cfg 160 | server_addr: ngrok.xxx.xxx:6062 161 | trust_host_root_certs: true 162 | tunnels: 163 | ssh: 164 | remote_port: 12345 165 | proto: 166 | tcp: 22 167 | ``` 168 | 169 | 配置文件指定了远程服务器地址和端口号,并指定了远程映射的端口号`12345`以及使用的协议和本地端口号`22`,表明将远程端口号`12345`和本地端口号`22`进行绑定 170 | 171 | 参数`trust_host_root_certs`用于`SSL`证书配置,如果使用了公共证书,设置为`true`;如果使用了私有证书,设置为`false` 172 | 173 | **注意:同样需要在安全组中开放端口`12345`** 174 | 175 | ### 客户端运行 176 | 177 | 运行如下命令: 178 | 179 | ``` 180 | $ ./ngrok -config ngrok.cfg -log ngrok.log start ssh 181 | ``` 182 | 183 | 参数`config`指定配置文件,参数`log`指定日志文件 184 | 185 | ![](./imgs/ngrok_online2.png) 186 | 187 | 运行成功后就可以打开命令行窗口登录 188 | 189 | ``` 190 | $ ssh -p 12345 zj@ngrok.xxx.xxx # zj是内网的用户名 191 | Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-130-generic x86_64) 192 | 193 | * Documentation: https://help.ubuntu.com 194 | * Management: https://landscape.canonical.com 195 | * Support: https://ubuntu.com/advantage 196 | 197 | 544 packages can be updated. 198 | 393 updates are security updates. 199 | 200 | Last login: Thu Jul 11 12:25:19 2019 from 127.0.0.1 201 | $ 202 | ``` 203 | 204 | ## 系统服务设置 205 | 206 | ### 外网服务器系统服务配置 207 | 208 | 在云服务器上新建`ngrokd.service`,目录是`/etc/systemd/system/` 209 | 210 | ``` 211 | $ cat ngrokd.service 212 | [Unit] 213 | Description=ngrok 214 | 215 | [Service] 216 | ExecStart=/bin/bash /opt/ngrokd/ngrokd.sh 217 | 218 | [Install] 219 | WantedBy=multi-user.target 220 | ``` 221 | 222 | 赋予可执行权限`777` 223 | 224 | ``` 225 | $ sudo chmod 777 ngrokd.service 226 | ``` 227 | 228 | 其作用是执行`/opt/ngrokd/ngrokd.sh`脚本,脚本实现如下: 229 | 230 | ``` 231 | $ cat ngrokd.sh 232 | #!/bin/bash 233 | 234 | cd /opt/ngrokd 235 | 236 | ./ngrokd -tlsKey=a.key -tlsCrt=a.pem -domain="ngrok.zhujian.com" -httpAddr=":6060" -httpsAddr=":6061" -tunnelAddr=":6062" 237 | ``` 238 | 239 | *同样授予脚本可执行权限* 240 | 241 | ### 内网服务器系统服务配置 242 | 243 | 同样在内网电脑上编写脚本`ngrok.sh` 244 | 245 | ``` 246 | #!/bin/bash 247 | 248 | cd /opt/ngrok 249 | 250 | ./ngrok -config ngrok.cfg -log ngrok.log start ssh 251 | ``` 252 | 253 | 在`/etc/systemc/system`目录下编写服务`ngrok.service` 254 | 255 | ``` 256 | [Unit] 257 | Description=ngrok 258 | 259 | [Service] 260 | ExecStart=/bin/bash /opt/ngrok/ngrok.sh 261 | 262 | [Install] 263 | WantedBy=multi-user.target 264 | ``` 265 | 266 | **注意:基于脚本和服务程序可执行权限** 267 | 268 | ### 启动服务 269 | 270 | 使用命令`systemctl`分别启动系统服务`ngrokd.service`和`ngrok.service` 271 | 272 | ``` 273 | $ sudo systemctl start ngrok.service 274 | ``` -------------------------------------------------------------------------------- /docs/intranet-penetration/[内网穿透]n2n实现.md: -------------------------------------------------------------------------------- 1 | 2 | # [内网穿透]n2n实现 3 | 4 | 参考: 5 | 6 | [n2n内网穿透打洞部署全过程 + nginx公网端口映射](https://cloud.tencent.com/developer/article/1120865) 7 | 8 | [如何在 Linux 上配置点对点 VPN](https://linux.cn/article-4608-1.html) 9 | 10 | ## 安装 11 | 12 | 下载[ntop/n2n](https://github.com/ntop/n2n)源码 13 | 14 | ``` 15 | git clone https://github.com/ntop/n2n.git 16 | ``` 17 | 18 | 安装其他库 19 | 20 | ``` 21 | $ sudo apt-get install cmake make libssl-dev 22 | ``` 23 | 24 | 切换到`v2`版本 25 | 26 | ``` 27 | $ git checkout -b 2.4-stable origin/2.4-stable 28 | Branch 2.4-stable set up to track remote branch 2.4-stable from origin. 29 | Switched to a new branch '2.4-stable' 30 | ``` 31 | 32 | 链接、编译和安装 33 | 34 | ``` 35 | $ cmake . 36 | -- The C compiler identification is GNU 5.4.0 37 | -- The CXX compiler identification is GNU 5.4.0 38 | -- Check for working C compiler: /usr/bin/cc 39 | -- Check for working C compiler: /usr/bin/cc -- works 40 | -- Detecting C compiler ABI info 41 | -- Detecting C compiler ABI info - done 42 | -- Detecting C compile features 43 | -- Detecting C compile features - done 44 | -- Check for working CXX compiler: /usr/bin/c++ 45 | -- Check for working CXX compiler: /usr/bin/c++ -- works 46 | -- Detecting CXX compiler ABI info 47 | -- Detecting CXX compiler ABI info - done 48 | -- Detecting CXX compile features 49 | -- Detecting CXX compile features - done 50 | -- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so (found version "1.0.2g") 51 | CMake Warning (dev) at CMakeLists.txt:79 (add_executable): 52 | Policy CMP0037 is not set: Target names should not be reserved and should 53 | match a validity pattern. Run "cmake --help-policy CMP0037" for policy 54 | details. Use the cmake_policy command to set the policy and suppress this 55 | warning. 56 | 57 | The target name "test" is reserved or not valid for certain CMake features, 58 | such as generator expressions, and may result in undefined behavior. 59 | This warning is for project developers. Use -Wno-dev to suppress it. 60 | 61 | -- Configuring done 62 | -- Generating done 63 | -- Build files have been written to: /home/ubuntu/n2n 64 | 65 | $ make 66 | Scanning dependencies of target doc 67 | [ 11%] Built target doc 68 | Scanning dependencies of target n2n 69 | [ 15%] Building C object CMakeFiles/n2n.dir/n2n.c.o 70 | [ 19%] Building C object CMakeFiles/n2n.dir/n2n_keyfile.c.o 71 | [ 23%] Building C object CMakeFiles/n2n.dir/edge_utils.c.o 72 | [ 26%] Building C object CMakeFiles/n2n.dir/wire.c.o 73 | [ 30%] Building C object CMakeFiles/n2n.dir/minilzo.c.o 74 | [ 34%] Building C object CMakeFiles/n2n.dir/twofish.c.o 75 | [ 38%] Building C object CMakeFiles/n2n.dir/transform_null.c.o 76 | [ 42%] Building C object CMakeFiles/n2n.dir/transform_tf.c.o 77 | [ 46%] Building C object CMakeFiles/n2n.dir/transform_aes.c.o 78 | [ 50%] Building C object CMakeFiles/n2n.dir/tuntap_freebsd.c.o 79 | [ 53%] Building C object CMakeFiles/n2n.dir/tuntap_netbsd.c.o 80 | [ 57%] Building C object CMakeFiles/n2n.dir/tuntap_linux.c.o 81 | [ 61%] Building C object CMakeFiles/n2n.dir/tuntap_osx.c.o 82 | [ 65%] Building C object CMakeFiles/n2n.dir/version.c.o 83 | [ 69%] Linking C static library libn2n.a 84 | [ 69%] Built target n2n 85 | Scanning dependencies of target supernode 86 | [ 73%] Building C object CMakeFiles/supernode.dir/sn.c.o 87 | [ 76%] Linking C executable supernode 88 | [ 76%] Built target supernode 89 | Scanning dependencies of target edge 90 | [ 80%] Building C object CMakeFiles/edge.dir/edge.c.o 91 | [ 84%] Linking C executable edge 92 | [ 84%] Built target edge 93 | Scanning dependencies of target benchmark 94 | [ 88%] Building C object CMakeFiles/benchmark.dir/benchmark.c.o 95 | [ 92%] Linking C executable benchmark 96 | [ 92%] Built target benchmark 97 | Scanning dependencies of target test 98 | [ 96%] Building C object CMakeFiles/test.dir/test.c.o 99 | [100%] Linking C executable test 100 | [100%] Built target test 101 | ubuntu@VM-16-15-ubuntu:~/n2n$ make install 102 | [ 11%] Built target doc 103 | [ 69%] Built target n2n 104 | [ 76%] Built target supernode 105 | [ 84%] Built target edge 106 | [ 92%] Built target benchmark 107 | [100%] Built target test 108 | 109 | $ sudo make install 110 | [ 11%] Built target doc 111 | [ 69%] Built target n2n 112 | [ 76%] Built target supernode 113 | [ 84%] Built target edge 114 | [ 92%] Built target benchmark 115 | [100%] Built target test 116 | Install the project... 117 | -- Install configuration: "" 118 | -- Installing: /usr/local/sbin/edge 119 | -- Installing: /usr/local/sbin/supernode 120 | -- Installing: /usr/share/man8/edge.8.gz 121 | -- Installing: /usr/share/man1/supernode.1.gz 122 | -- Installing: /usr/share/man7/n2n.7.gz 123 | ``` 124 | 125 | ## 配置 126 | 127 | 参考: 128 | 129 | 当前有`3`台电脑 130 | 131 | 1. 实验室服务器`A` 132 | 2. 腾讯云服务器`B` 133 | 3. 自己笔记本`C` 134 | 135 | `B`作为服务器端,启动`supernode` 136 | 137 | ``` 138 | $ supernode -l 3307 -v 139 | ``` 140 | 141 | * `-l`表示`UDP`监听端口 142 | * `-v`表示详细输出 143 | 144 | `A`和`C`作为客户端,启动`edge` 145 | 146 | ``` 147 | # A操作 148 | $ sudo edge -d n2n0 -c mynetwork -k encryptme -a 172.16.0.200 -l a.b.c.d:3307 -M 1200 -m ae:e0:4f:e7:47:5c 149 | # C操作 150 | $ sudo edge -d n2n0 -c mynetwork -k encryptme -a 172.16.0.201 -l a.b.c.d:3307 -M 1200 -m ae:e0:4f:e7:47:5b 151 | ``` 152 | 153 | * `-d`表示新建虚拟网卡名 154 | * `-c`表示`n2n`社区名 155 | * `-k`表示加密键值 156 | * `-a`表示自定义`ip` 157 | * `-l`表示服务器`ip:`监听端口 158 | * `-M`表示虚拟网卡最大传输单位 159 | * `-m`表示虚拟网卡`MAC`地址 160 | 161 | ### 调试边缘节点 162 | 163 | 添加参数`-v`和`-f` 164 | 165 | * `-f`表示在前台运行`edge`而不是作为守护进程 166 | * `-v`表示详细输出 167 | 168 | ### 终止边缘节点 169 | 170 | 查询`pid`并终止 171 | 172 | ``` 173 | $ ps aux | grep edge 174 | root 28348 0.0 0.0 10888 316 ? Ss 15:50 0:00 edge -d n2n0 -c xxx 175 | zj 29947 0.0 0.0 15964 1016 pts/23 S+ 16:09 0:00 grep --color=auto edge 176 | $ sudo kill -9 28348 177 | ``` 178 | 179 | ### 稳定性 180 | 181 | 隔一段时间`ping`内网服务器会发现无法连接 182 | 183 | ``` 184 | PING 172.16.0.200 (172.16.0.200) 56(84) bytes of data. 185 | From 172.16.0.201 icmp_seq=1 Destination Host Unreachable 186 | ``` 187 | 188 | 参考[搜集整理N2N使用中的一些经验](http://www.lucktu.com/archives/767.html),是因为`edge`休眠了,持续一段时间就能够`ping`通了 189 | 190 | ``` 191 | $ ping 172.16.0.200 192 | PING 172.16.0.200 (172.16.0.200) 56(84) bytes of data. 193 | From 172.16.0.201 icmp_seq=1 Destination Host Unreachable 194 | From 172.16.0.201 icmp_seq=2 Destination Host Unreachable 195 | From 172.16.0.201 icmp_seq=3 Destination Host Unreachable 196 | From 172.16.0.201 icmp_seq=4 Destination Host Unreachable 197 | From 172.16.0.201 icmp_seq=5 Destination Host Unreachable 198 | From 172.16.0.201 icmp_seq=6 Destination Host Unreachable 199 | From 172.16.0.201 icmp_seq=7 Destination Host Unreachable 200 | From 172.16.0.201 icmp_seq=8 Destination Host Unreachable 201 | From 172.16.0.201 icmp_seq=9 Destination Host Unreachable 202 | From 172.16.0.201 icmp_seq=10 Destination Host Unreachable 203 | From 172.16.0.201 icmp_seq=11 Destination Host Unreachable 204 | From 172.16.0.201 icmp_seq=12 Destination Host Unreachable 205 | From 172.16.0.201 icmp_seq=13 Destination Host Unreachable 206 | 64 bytes from 172.16.0.200: icmp_seq=14 ttl=64 time=1200 ms 207 | 64 bytes from 172.16.0.200: icmp_seq=15 ttl=64 time=176 ms 208 | 64 bytes from 172.16.0.200: icmp_seq=16 ttl=64 time=87.6 ms 209 | 64 bytes from 172.16.0.200: icmp_seq=17 ttl=64 time=99.2 ms 210 | 64 bytes from 172.16.0.200: icmp_seq=18 ttl=64 time=87.2 ms 211 | 64 bytes from 172.16.0.200: icmp_seq=19 ttl=64 time=88.7 ms 212 | 64 bytes from 172.16.0.200: icmp_seq=20 ttl=64 time=88.6 ms 213 | ^C 214 | --- 172.16.0.200 ping statistics --- 215 | 20 packets transmitted, 7 received, +13 errors, 65% packet loss, time 19311ms 216 | rtt min/avg/max/mdev = 87.257/261.182/1200.246/384.543 ms, pipe 4 217 | ``` -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /docs/nginx/[译]NGINX Reverse Proxy.md: -------------------------------------------------------------------------------- 1 | 2 | # [译]NGINX Reverse Proxy 3 | 4 | 原文地址:[NGINX Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) 5 | 6 | >This article describes the basic configuration of a proxy server. You will learn how to pass a request from NGINX to proxied servers over different protocols, modify client request headers that are sent to the proxied server, and configure buffering of responses coming from the proxied servers. 7 | 8 | 本文描述了代理服务器的基本配置。您将学习如何通过不同的协议将请求从NGINX传递到目的服务器,修改发送到目的服务器的客户端请求头,以及配置来自目的服务器的响应的缓存 9 | 10 | ## 内容列表 11 | 12 | >Table of Contents 13 | 14 | >* Introduction 15 | >* Passing a Request to a Proxied Server 16 | >* Passing Request Headers 17 | >* Configuring Buffers 18 | >* Choosing an Outgoing IP Address 19 | 20 | * 引用 21 | * 将请求传递给目的服务器 22 | * 传递请求头 23 | * 配置缓存区 24 | * 选择传出的IP地址 25 | 26 | ## 引言 27 | 28 | >Introduction 29 | 30 | >Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP. 31 | 32 | 代理通常用于在几个服务器之间分配负载,无缝显示来自不同网站的内容,或者通过不同于HTTP的协议将处理请求传递给应用服务器 33 | 34 | ## 将请求传递给目的服务器 35 | 36 | >Passing a Request to a Proxied Server 37 | 38 | >When NGINX proxies a request, it sends the request to a specified proxied server, fetches the response, and sends it back to the client. It is possible to proxy requests to an HTTP server (another NGINX server or any other server) or a non-HTTP server (which can run an application developed with a specific framework, such as PHP or Python) using a specified protocol. Supported protocols include `FastCGI, uwsgi, SCGI, and memcached`. 39 | 40 | 当NGINX代理一个请求时,它将该请求发送到指定的目的服务器,获取响应,并将其发送回客户端。可以使用指定的协议将请求代理到一个HTTP服务器(另一个NGINX服务器或任何其他服务器)或非HTTP服务器(可以运行用特定框架开发的应用程序,如PHP或Python)。支持的协议包括[FastCGI](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html?_ga=2.211916566.387393077.1583909280-1052863427.1583909280)、[uwsgi](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html?_ga=2.211916566.387393077.1583909280-1052863427.1583909280)、[SCGI](https://nginx.org/en/docs/http/ngx_http_scgi_module.html?_ga=2.211916566.387393077.1583909280-1052863427.1583909280)和[memcached](https://nginx.org/en/docs/http/ngx_http_memcached_module.html?_ga=2.179983398.387393077.1583909280-1052863427.1583909280) 41 | 42 | >To pass a request to an HTTP proxied server, the `proxy_pass` directive is specified inside a `location`. For example: 43 | 44 | 为了将请求传递给一个HTTP目的服务器,[proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.179983398.387393077.1583909280-1052863427.1583909280#proxy_pass)指令是在一个[location](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.179983398.387393077.1583909280-1052863427.1583909280#location)内指定的。例如: 45 | 46 | ``` 47 | location /some/path/ { 48 | proxy_pass http://www.example.com/link/; 49 | } 50 | ``` 51 | 52 | >This example configuration results in passing all requests processed in this location to the proxied server at the specified address. This address can be specified as a domain name or an IP address. The address may also include a port: 53 | 54 | 这个示例配置将符合这个location处理的所有请求传递到指定地址。该地址可以指定为域名或IP地址。该地址还可以包括一个端口号: 55 | 56 | ``` 57 | location ~ \.php { 58 | proxy_pass http://127.0.0.1:8000; 59 | } 60 | ``` 61 | 62 | >Note that in the first example above, the address of the proxied server is followed by a URI, `/link/`. If the URI is specified along with the address, it replaces the part of the request URI that matches the location parameter. For example, here the request with the `/some/path/page.html` URI will be proxied to `http://www.example.com/link/page.html`. If the address is specified without a URI, or it is not possible to determine the part of URI to be replaced, the full request URI is passed (possibly, modified). 63 | 64 | 请注意,在上面的第一个示例中,目的服务器的地址后跟一个URI,`/link/`。如果URI与地址一起指定,它将替换请求中与location参数匹配的URI部分。例如,此处带有`/some/path/page.html `URI的请求将被代理到`http://www.example.com/link/page.html`。如果指定的地址没有URI,或者无法确定要替换的URI部分,则完整的请求URI将被传递(可能被修改) 65 | 66 | >To pass a request to a non-HTTP proxied server, the appropriate `**_pass` directive should be used: 67 | >* `fastcgi_pass` passes a request to a FastCGI server 68 | >* `uwsgi_pass` passes a request to a uwsgi server 69 | >* `scgi_pass` passes a request to an SCGI server 70 | >* `memcached_pass` passes a request to a memcached server 71 | 72 | 要将请求传递给非HTTP目的服务器,应该使用适当的`**_pass`指令: 73 | 74 | * `fastcgi_pass`将请求传递给FastCGI服务器 75 | * `uwsgi_pass`将请求传递给uwsgi服务器 76 | * `scgi_pass`将请求转递给SCGI服务器 77 | * `memcached_pass`将请求传递给memcached服务器 78 | 79 | >Note that in these cases, the rules for specifying addresses may be different. You may also need to pass additional parameters to the server (see the `reference documentation` for more detail). 80 | 81 | 请注意,在这些情况下,指定地址的规则可能不同。您可能还需要向服务器传递额外的参数(有关更多详细信息,请参见[参考文档](https://nginx.org/en/docs/?_ga=2.187269034.387393077.1583909280-1052863427.1583909280)) 82 | 83 | >The `proxy_pass` directive can also point to a `named group` of servers. In this case, requests are distributed among the servers in the group according to the specified method. 84 | 85 | [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.183054500.387393077.1583909280-1052863427.1583909280#proxy_pass)指令还可以指向一组服务器的[命名组](https://nginx.org/en/docs/http/load_balancing.html?&_ga=2.183054500.387393077.1583909280-1052863427.1583909280#algorithms)。在这种情况下,请求根据指定的方法分布在组中的服务器之间 86 | 87 | ## 传递请求头 88 | 89 | >Passing Request Headers 90 | 91 | >By default, NGINX redefines two header fields in proxied requests, `Host` and `Connection`, and eliminates the header fields whose values are empty strings. `Host` is set to the `$proxy_host` variable, and `Connection` is set to `close`. 92 | 93 | 默认情况下,NGINX在代理请求中重新定义了两个头字段,`Host`和`Connection`,并删除了值为空字符串的头字段。`Host`设置为`$proxy_host`变量,`Connection`设置为`close` 94 | 95 | >To change these setting, as well as modify other header fields, use the `proxy_set_header` directive. This directive can be specified in a `location` or higher. It can also be specified in a particular `server` context or in the `http` block. For example: 96 | 97 | 要更改这些设置以及修改其他标题字段,请使用[proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.23288888.387393077.1583909280-1052863427.1583909280#proxy_set_header)指令。该指令可以在一个`location`或更高的[location](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.220363546.387393077.1583909280-1052863427.1583909280#location)中指定。它也可以在特定的[服务器](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.220363546.387393077.1583909280-1052863427.1583909280#server)上下文或[http](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.220363546.387393077.1583909280-1052863427.1583909280#http)块中指定。例如: 98 | 99 | ``` 100 | location /some/path/ { 101 | proxy_set_header Host $host; 102 | proxy_set_header X-Real-IP $remote_addr; 103 | proxy_pass http://localhost:8000; 104 | } 105 | ``` 106 | 107 | >In this configuration the `Host` field is set to the `$host` variable. 108 | 109 | 在此配置中,`Host`字段被设置为[$host](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.216112148.387393077.1583909280-1052863427.1583909280#variables)变量 110 | 111 | >To prevent a `header` field from being passed to the proxied server, set it to an empty string as follows: 112 | 113 | 为了防止`header`字段传递给目的服务器,请将其设置为空字符串,如下所示: 114 | 115 | ``` 116 | location /some/path/ { 117 | proxy_set_header Accept-Encoding ""; 118 | proxy_pass http://localhost:8000; 119 | } 120 | ``` 121 | 122 | ## 配置缓存区 123 | 124 | >Configuring Buffers 125 | 126 | >By default NGINX buffers responses from proxied servers. A response is stored in the internal buffers and is not sent to the client until the whole response is received. Buffering helps to optimize performance with slow clients, which can waste proxied server time if the response is passed from NGINX to the client synchronously. However, when buffering is enabled NGINX allows the proxied server to process responses quickly, while NGINX stores the responses for as much time as the clients need to download them. 127 | 128 | 默认情况下,NGINX缓存来自目的服务器的响应。响应存储在内部缓存区中,在收到整个响应之前不会发送给客户端。缓存有助于优化慢速客户端的性能,如果响应从NGINX同步传递到客户端,这会浪费目的服务器时间。但是,当启用缓存时,NGINX允许目的服务器快速处理响应,而NGINX存储响应的时间与客户端下载响应的时间一样长 129 | 130 | >The directive that is responsible for enabling and disabling buffering is `proxy_buffering`. By default it is set to on and buffering is enabled. 131 | 132 | 负责启用和禁用缓存的指令是[proxy_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.20617402.387393077.1583909280-1052863427.1583909280#proxy_buffering)。默认情况下,它设置为on,表示启用缓存操作 133 | 134 | >The `proxy_buffers` directive controls the size and the number of buffers allocated for a request. The first part of the response from a proxied server is stored in a separate buffer, the size of which is set with the `proxy_buffer_size` directive. This part usually contains a comparatively small response header and can be made smaller than the buffers for the rest of the response. 135 | 136 | [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.258235528.387393077.1583909280-1052863427.1583909280#proxy_buffers)指令控制了为`请求`分配的缓存区的大小和数量。来自目的服务器的响应的第一部分存储在单独的缓存区中,缓存区的大小由[proxy_buffer_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.220960666.387393077.1583909280-1052863427.1583909280#proxy_buffer_size)指令设置。这部分通常包含一个相对较小的响应头,并且可以比其余响应的缓存区小 137 | 138 | >In the following example, the default number of buffers is increased and the size of the buffer for the first portion of the response is made smaller than the default. 139 | 140 | 在下面的示例中,默认缓存区数量增加,并且响应第一部分的缓存区大小小于默认值 141 | 142 | ``` 143 | location /some/path/ { 144 | proxy_buffers 16 4k; 145 | proxy_buffer_size 2k; 146 | proxy_pass http://localhost:8000; 147 | } 148 | ``` 149 | 150 | >If buffering is disabled, the response is sent to the client synchronously while it is receiving it from the proxied server. This behavior may be desirable for fast interactive clients that need to start receiving the response as soon as possible. 151 | 152 | 如果缓存被禁用,则当代理服务器从目的服务器接收响应时,该响应被同步发送到客户端。对于需要尽快开始接收响应的快速交互客户端,这种行为可能是理想的 153 | 154 | >To disable buffering in a specific location, place the `proxy_buffering` directive in the `location` with the off parameter, as follows: 155 | 156 | 要禁用特定location的缓冲,在[location](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.255565706.387393077.1583909280-1052863427.1583909280#location)中设置[proxy_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.255565706.387393077.1583909280-1052863427.1583909280#proxy_buffering)指令为off,如下所示: 157 | 158 | ``` 159 | location /some/path/ { 160 | proxy_buffering off; 161 | proxy_pass http://localhost:8000; 162 | } 163 | ``` 164 | 165 | >In this case NGINX uses only the buffer configured by `proxy_buffer_size` to store the current part of a response. 166 | 167 | 在这种情况下,NGINX只使用[proxy_buffer_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.218929179.387393077.1583909280-1052863427.1583909280#proxy_buffer_size)配置的缓冲区来存储响应的当前部分 168 | 169 | >A common use of a reverse proxy is to provide load balancing. Learn how to improve power, performance, and focus on your apps with rapid deployment in the free `Five Reasons to Choose a Software Load Balancer` ebook. 170 | 171 | 反向代理的一个常见用途是提供负载平衡。在免费的[《选择软件负载平衡器的五个理由》](https://www.nginx.com/resources/library/five-reasons-choose-software-load-balancer/?_ga=2.218929179.387393077.1583909280-1052863427.1583909280 )电子书中,了解如何通过快速部署来提高能力、性能和专注于您的应用 172 | 173 | ## 选择传出的IP地址 174 | 175 | >Choosing an Outgoing IP Address 176 | 177 | >If your proxy server has several network interfaces, sometimes you might need to choose a particular source IP address for connecting to a proxied server or an upstream. This may be useful if a proxied server behind NGINX is configured to accept connections from particular IP networks or IP address ranges 178 | 179 | 如果您的代理服务器有多个网络接口,有时您可能需要选择一个特定的源IP地址来连接到目的服务器或上游。如果NGINX后面的目的服务器被配置为接受来自特定IP网络或IP地址范围的连接,这可能会很有用 180 | 181 | >Specify the `proxy_bind` directive and the IP address of the necessary network interface: 182 | 183 | 指定[proxy_bind](https://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=2.259292040.387393077.1583909280-1052863427.1583909280#proxy_bind)指令和必要网络接口的IP地址: 184 | 185 | ``` 186 | location /app1/ { 187 | proxy_bind 127.0.0.1; 188 | proxy_pass http://example.com/app1/; 189 | } 190 | 191 | location /app2/ { 192 | proxy_bind 127.0.0.2; 193 | proxy_pass http://example.com/app2/; 194 | } 195 | ``` 196 | 197 | >The IP address can be also specified with a variable. For example, the `$server_addr` variable passes the IP address of the network interface that accepted the request: 198 | 199 | IP地址也可以用变量来指定。例如,[$server_addr](https://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=2.216626068.387393077.1583909280-1052863427.1583909280#var_server_addr)变量传递接受请求的网络接口的IP地址: 200 | 201 | ``` 202 | location /app3/ { 203 | proxy_bind $server_addr; 204 | proxy_pass http://example.com/app3/; 205 | } 206 | ``` --------------------------------------------------------------------------------