海运的博客

开启telnet/ssh后登入查看mtd分区信息：

cat /proc/mtd 
dev:    size   erasesize  name
mtd0: 08000000 00020000 "spi0.1"
mtd1: 00100000 00020000 "BL2"
mtd2: 00040000 00020000 "Nvram"
mtd3: 00040000 00020000 "Bdata"
mtd4: 00200000 00020000 "Factory"
mtd5: 00200000 00020000 "FIP"
mtd6: 00040000 00020000 "crash"
mtd7: 00040000 00020000 "crash_log"
mtd8: 01e00000 00020000 "ubi"
mtd9: 01e00000 00020000 "ubi1"
mtd10: 03200000 00020000 "overlay"

备份固件并使用scp或sftp下载：

dd if=/dev/mtd0 of=/tmp/mtd0_spi0.bin
dd if=/dev/mtd1 of=/tmp/mtd1_BL2.bin
dd if=/dev/mtd2 of=/tmp/mtd2_Nvram.bin
dd if=/dev/mtd3 of=/tmp/mtd3_Bdata.bin
dd if=/dev/mtd4 of=/tmp/mtd4_Factory.bin
dd if=/dev/mtd5 of=/tmp/mtd5_FIP.bin

刷入uboot：

#验证md5
md5sum mt7986_redmi_ax6000-fip-fixed-parts-multi-layout.bin 
#写入uboot
mtd write mt7986_redmi_ax6000-fip-fixed-parts-multi-layout.bin FIP
#再校验下是否完整
mtd verify mt7986_redmi_ax6000-fip-fixed-parts-multi-layout.bin FIP

断电按reset按钮启动设置固定ip段192.168.31.x，通过web刷入编译的immortalwrt固件。

后续相同固件在immortalwrt系统内通过sysupgrade升级：

编译环境：

apt install gcc g++ binutils patch bzip2 flex bison make autoconf gettext texinfo unzip sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk

使用普通用户编译，编译成功的文件位于bin/target目录下。

useradd -m -s /bin/bash openwrt
su -l openwrt
git clone --single-branch --depth=1 https://github.com/hanwckf/immortalwrt-mt798x.git
cd immortalwrt-mt798x
./scripts/feeds update -a
./scripts/feeds install -a
cp defconfig/mt7986-ax6000.config .config
#t7
#cp defconfig/mt7981-ax3000.config .config
make menuconfig
make -j 2

远程更新后本地更新并二次编译：

git pull
./scripts/feeds update -a
./scripts/feeds install -a
#有增减base system内置命令需clean
make clean
make -j 2

替换iproute2及添加mdns-repeater：

cd
git clone --single-branch --depth=1 https://github.com/immortalwrt/immortalwrt.git
git clone --single-branch --depth=1 https://github.com/immortalwrt/packages.git
mv immortalwrt-mt798x/package/network/utils/iproute2 ./
mv immortalwrt/package/network/utils/iproute2 immortalwrt-mt798x/package/network/utils/
mv packages/net/mdns-repeater immortalwrt-mt798x/package/network/

docker run -i -t -d -p 80:80 --name onlyoffice --restart=always -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice  onlyoffice/documentserver
docker exec onlyoffice sudo supervisorctl start ds:example
docker exec onlyoffice sudo sed 's,autostart=false,autostart=true,' -i /etc/supervisor/conf.d/ds-example.conf
docker stop onlyoffice 
docker start onlyoffice 

nginx前端：

upstream docservice {
  server 192.168.1.2:80;
}
map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

server {
  listen 0.0.0.0:80;
  listen [::]:80;
  server_name office.haiyun.me;
  server_tokens off;
  return 301 https://$server_name$request_uri;
}

server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ssl;
  server_name office.haiyun.me;
  server_tokens off;
  root /usr/share/nginx/html;

  ssl_certificate /var/acme/haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /var/acme/haiyun.me_ecc/haiyun.me.key;
  ssl_trusted_certificate /var/acme/haiyun.me_ecc/ca.cer;
  ssl_verify_client off;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_prefer_server_ciphers   on;

  add_header X-Content-Type-Options nosniff;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $proxy_connection;
  proxy_set_header X-Forwarded-Host $http_host;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  location ~ ^/$ {
    return 301 https://$server_name/example/?lang=zh;
  }
  location / {
    proxy_pass http://docservice;
    proxy_http_version 1.1;
  }
  access_log /run/log/nginx/office.haiyun.me.log ssl;
  error_log  /run/log/nginx/office.haiyun.me_error.log;
}

ssh生成私钥格式可选择PKCS8/PEM/SSH2，使用ssh-keygen生成PEM格式私钥：

ssh-keygen -t rsa -P "passwd" -b 4096 -C Haiyun -m PEM -f ~/.ssh/id_rsa

转换私钥格式为PKCS8或SSH2：

ssh-keygen -P "passwd" -N "passwd" -e -p -m PKCS8 -f ~/.ssh/id_rsa
ssh-keygen -P "passwd" -N "passwd" -e -p -m SSH2 -f ~/.ssh/id_rsa

从ssh私钥生成openssl可识别的公钥：

ssh-keygen -e -m PKCS8 -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub.pkcs8
openssl rsa -in ~/.ssh/id_rsa -pubout -outform PEM > ~/.ssh/id_rsa.pub.pkcs8

openssl使用公私钥加解密：

openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pub.pkcs8 -ssl -in test.txt -out test.enc
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.enc -out test.dec