海运的博客

使用frp映射本地3389远程桌面到远程服务器

发布时间:February 22, 2020 // 分类: // No Comments

go build:

git clone https://github.com/fatedier/frp.git
#windows客户端
frp/cmd/frpc
GOARCH=amd64 GOOS=windows CGO_ENABLED=0 go build -ldflags "-s -w"
#linux服务端
frp/cmd/frps
go build -ldflags "-s -w"

服务端配置文件:

[common]
bind_addr = 0.0.0.0
bind_port = 7000

dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin

log_file = /run/log/frp/frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false

token = password
pool_count = 5
tcp_mux = false
allow_ports = 2000-3000,3001,3003,4000-50000
max_ports_per_client = 0

客户端配置文件:

[common]
server_addr = www.haiyun.me
server_port = 7000

log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false

login_fail_exit = false
token = password
pool_count = 5
protocol = tcp
tcp_mux = false
tls_enable = false
dns_server = 114.114.114.114

admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389
use_encryption = true
use_compression = false

windows下使用winsw将frpc安装为系统服务开机自动启动,将winsw放到frp目录,并新建winsw.xml配置文件:

<service>
    <id>frp</id>
    <name>frp client</name>
    <description>frp client</description>
    <executable>C:\test\frpc.exe</executable>
    <arguments>-c frpc.ini</arguments>
    <onfailure action="restart" delay="60 sec"/>
    <logmode>append</logmode>
    <logpath>logs</logpath>
</service>

以管理员启动cmd进入frp目录,安装frp为系统服务并启动:

cd C:\test\
winsw install
winsw start frp

ubuntu下使用7zip aes-256加密压缩zip文件

发布时间:February 20, 2020 // 分类: // No Comments

安装7zip:

apt install p7zip-full

加密压缩为7zip格式:

7z a -t7z -p123456 -mhe -spf file.7z file/
#-mhe加密文件名
#-spf被压缩目录包含完整的路径

加密压缩为zip格式:

 7z a -tzip -p123456 -mem=AES256 -spf file.zip file/
#-mem使用aes256加密

查看加密压缩文件信息:

7z l -slt file.zip 
7z l -slt file.7z

解压文件:

7z x -p123456 file.zip 
7z x -p123456 file.7z

https://sevenzip.osdn.jp/chm/cmdline/switches/index.htm

此内容被密码保护

发布时间:February 19, 2020 // 分类: // No Comments

请输入密码访问

go get/build和git clone使用socks5

发布时间:February 19, 2020 // 分类: // No Comments

go:

export http_proxy=socks5://127.0.0.1:7070
go get ...

git:

git config --global http.proxy socks5://127.0.0.1:7070

https://blog.csdn.net/idwtwt/article/details/84842361

ubuntu编译安装bitwarden_rs和web-vault

发布时间:February 17, 2020 // 分类: // 7 Comments

安装rust环境:

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

编译安装bitwarden_rs:

git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/  

交叉编译arm64/aarch64版本bitwarden_rs:

wget https://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz 
export PATH=$PATH:/root/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
rustup target install aarch64-unknown-linux-gnu
mkdir .cargo
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml 
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"

编译安装web-vault,内存需4G以上,不然可能会出错。已编译版本:https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.11.0
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.11.0.patch
git apply v2.11.0.patch
npm run sub:init
npm install
npm run dist
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动:

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

systemd:

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

添加运行用户:

useradd -r bitwarden  -s /usr/sbin/nologin

/etc/bitwarden/config.env文件:

WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
DOMAIN="https://www.haiyun.me"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"

nginx配置:

server {
  listen       0.0.0.0:443 ssl http2;
  server_name www.haiyun.me;

  ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
  ssl_protocols      TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
  ssl_prefer_server_ciphers   off; 

  ssl_early_data on;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;

  root   /var/www/html;
  index  index.html index.htm;

  location / {
    proxy_redirect off;
    #proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  access_log /run/log/nginx/www.haiyun.me.log ssl;
  error_log  /run/log/nginx/www.haiyun.me_error.log;
}

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

分类
最新文章
最近回复
  • K: 好的,谢谢,我去试试!
  • 海运: 可以试试3proxy
  • daha: PHP的怎么使用???
  • 海运: 换回了5.3内核,5.8用5.3 dtb虽然能开机且负载正常,但也有其它问题,不建议使用。
  • shangyatsen: 后面的内核高精度计时器的问题使用5.4或者5.3的dtb会正常吗?我也发现有这个日志出现。感觉...
  • 海运: 缺少相应模块?
  • lee: 你好,我执行这条语句 iptables -t mangle -A PREROUTING -m ...
  • 海运: 只更新rootfs,不更新内核,我在用5.3配19.10,懒得再升最新版了,很稳定。 注意:更...
  • lyly168: 这是手动挂载吧,请问自动挂载要怎么弄?
  • swswsw1: 请问升级后,内核更新了吗?听说N1只有在5.0.2的内核下才稳定,怕升级了之后功耗太高