PYTHON C++混合编程笔记(一)- VS2017 编译 python 2.7
Tricks about how Meterpreter do migration shit.
有关iCould安全性的一些文档
How to get Autoscaling group Instances IP adresses
缩减AWS根磁盘
1.创建一个与旧系统同样系统的虚拟机,选择最小化配置省钱。
2.停止新虚机,把磁盘解除挂载。
3.将磁盘挂载到老虚机上
4.建立挂载点,挂载磁盘:
mkdir /new mount /dev/nvme1n1p1 /new
4.删除/new/中除了”/dev/*”,”/proc/*”,”/sys/*”,”/tmp/*”,”/run/*”,”/mnt/*”,”/media/*”,”/lost+found”,”/new”,”/var/lock/*”,”/boot/*”, “/etc/fstab” 之外的所有文件、目录。
5.拷贝所有内容到新磁盘:
rsync -aAXv / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found","/new","/var/lock/*","/boot/*", "/etc/fstab"} /new
6.将新磁盘挂回新虚机,更新重新安装内核。
建立docker私有仓库
1.拉镜像
docker pull registry
2.建立目录,auth放账户认证信息,home用来映射到容器内存放仓库内镜像文件
mkdir /home/hd/docker_home/ mkdir /home/hd/docker_home/auth/ mkdir /home/hd/docker_home/home/
3.建立认证文件
docker run --entrypoint htpasswd registry -Bbn user pass >/home/hd/docker_home/auth/htpasswd
4.启动仓库
docker run -d -p 5000:5000 --restart=always --name brian-docker -v /home/hd/docker_home/home:/var/lib/registry -v /home/hd/docker_home/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
5.本地docker服务配置文件里添加
"insecure-registries" : [ "192.168.31.101:5000", "hub.docker.jiankunking.io:5000" ],
通过windows日志系统查找服务器重启、关闭原因
https://www.maketecheasier.com/see-pc-startup-and-shutdown-history-in-windows/
https://serverfault.com/questions/702828/windows-server-restart-shutdown-history
How to Install HAProxy 2.0+ in Amazon Linux 2/CentOS/RHEL
https://www.bantrain.com/how-to-install-haproxy-2-0-in-amazon-linux-2-centos-rhel/
First, Install dependencies needed to build HAProxy
yum install -y make gcc gcc-c++ pcre-devel openssl-devel readline-devel systemd-devel zlib-devel
Download Lua source code and then Install Lua
curl -R -O http://www.lua.org/ftp/lua-5.3.5.tar.gz tar zxf lua-5.3.5.tar.gz cd lua-5.3.5 make linux test make linux install cd ..
Download OpenSSL source code and then Install OpenSSL
curl -R -O https://www.openssl.org/source/openssl-1.1.1d.tar.gz tar xvzf openssl-1.1.1d.tar.gz cd openssl-1.1.1d ./config --prefix=/usr/local/openssl-1.1.1d shared make make install
Download HAProxy source code and then Install HAProxy
curl -R -O tar -xzf haproxy-2.0.7.tar.gz cd haproxy-2.0.7 make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 SSL_LIB=/usr/local/openssl-1.1.1d/lib SSL_INC=/usr/local/openssl-1.1.1d/include USE_ZLIB=1 USE_LUA=1 LUA_LIB=/usr/local/lib/ LUA_INC=/usr/local/include/ USE_PCRE=1 USE_SYSTEMD=1 EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o" make install cp /usr/local/sbin/haproxy /usr/sbin/haproxy useradd -M -r -s /sbin/nologin haproxy
Add Service for HAProxy
nano /etc/systemd/system/haproxy.service
Then paste in the following
[Unit] Description=HAProxy Load Balancer After=network.target [Service] Environment=LD_LIBRARY_PATH=/usr/local/openssl-1.1.1d/lib/ Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecStart=/usr/local/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS ExecReload=/usr/local/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 Type=notify [Install] WantedBy=multi-user.target
Then finish HAProxy Installation Process by running
systemctl daemon-reload mkdir -p /etc/haproxy touch /etc/haproxy/haproxy.cfg systemctl enable haproxy systemctl start haproxy cd ..
Optional remove build dependencies for haproxy
yum remove readline-devel pcre-devel openssl-devel
如果haproxy -V报错:openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
ln -s /usr/local/openssl-1.1.1d/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/openssl-1.1.1d/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
在Nginx上使用CertBot
https://segmentfault.com/a/1190000005797776
前言
自己做了一个iOS App,需要访问自己的网站获取数据,但是系统默认只能直接访问https的网站。不想让应用改用http的服务。因此,研究如何启用https,本文即是介绍如何在CentOS上配合Nginx使用CertBot。
环境
- CentOS(
CentOS Linux release 7.2.1511
) - Nginx(
nginx version: nginx/1.6.3
) - ExpressJS应用
安装CertBot
命令行,键入:
sudo yum install epel-release
sudo yum install certbot
配置Nginx
这里我不想使用CertBot的standalone
模式,这个模式虽然可以配置好服务器,但是以后Renew的时候,需要让服务停止一下,再启动。因此抛弃这个模式,我们使用Webroot
配置模式。
因为,CertBot在验证服务器域名的时候,会生成一个随机文件,然后CertBot的服务器会通过HTTP访问你的这个文件,因此要确保你的Nginx配置好,以便可以访问到这个文件。
修改你的服务器配置,在server模块
添加:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/nginx/html;
}
location = /.well-known/acme-challenge/ {
return 404;
}
可以看到,上面的root,我们让他指向了/usr/share/nginx/html
,因为我的应用是通过NodeJS
的ExpressJS
写的,如果修改源代码的话,比较麻烦。因此我就让检验的链接指向了nginx默认的文件夹下。
接着重新加载Nginx配置:
sudo service nginx reload
然后在命令行输入:
sudo certbot certonly --webroot -w /usr/share/nginx/html/ -d your.domain.com
上面记得替换your.domain.com
为你自己的域名。
如果提示:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/your.domain.com/fullchain.pem. Your cert
will expire on 20XX-09-23. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
证书生成成功!
启用443端口
同样,修改Nginx的虚拟主机配置文件,新建一个443端口的server配置:
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/chain.pem;
// ... other settings ...
}
上面记得替换your.domain.com
为你自己的域名。
接着重新加载Nginx配置:
sudo service nginx reload
现在通过浏览器访问你的网站:https://your.domain.com
试试,如果看到浏览器的绿色标志,恭喜你设置成功!
不过由于这个证书的时效只有90天,我们需要设置自动更新的功能,帮我们自动更新证书的时效。
自动更新证书
先在命令行模拟证书更新:
sudo certbot renew --dry-run
模拟更新成功的效果如下:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your.domain.com.conf
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/your.domain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
既然模拟成功,我们就使用crontab -e
的命令来启用自动任务,命令行:
sudo crontab -e
添加配置:
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
上面的执行时间为:每周一半夜2点30分执行renew任务。
你可以在命令行执行/usr/bin/certbot renew >> /var/log/le-renew.log
看看是否执行正常,如果一切OK,那么我们的配置到此结束!