在 Centos 7 上搭建 strongSwan VPN IKEv2 整合 FreeRadius 用户认证系统


2019-06-26 17:47
zpq
24

第一步

安装strongSwan

yum -y install epel-release
yum -y install strongswan openssl
strongswan pki --gen --type rsa --size 4096 --outform pem > ca.key.pem
strongswan pki --self --in ca.key.pem --dn "C=CN, O=Linux strongSwan, CN=VPN CA" --ca --lifetime 3650  --type rsa --outform pem > ca.cert.pem
  • –self 表示自签证书
  • –in 是输入的私钥
  • –dn 是判别名
  • –ca 表示生成 CA 根证书
  • –lifetime 为有效期, 单位是天
  • C 表示国家名,同样还有 ST 州/省名,L 地区名,STREET(全大写) 街道名
  • O 组织名称
  • CN 友好显示的通用名

服务器外网IP : 10.1.1.2

strongswan pki --gen --type rsa --size 4096 --outform pem > server.key.pem
strongswan pki --pub --in server.key.pem --outform pem > server.pub.pem
strongswan pki --pub --in server.key.pem | strongswan pki --issue --lifetime 3650 --cacert ca.cert.pem \
--cakey ca.key.pem --dn "C=CN, O=Linux strongSwan, CN=10.1.1.2" \
--san="10.1.1.2" --san="10.1.1.2" --flag serverAuth --flag ikeIntermediate \
--outform pem > server.cert.pem

Linux下mysql的自动补全工具mycli


2019-06-21 16:32
zpq
1

在linux 终端下编写mysql命令时没有在windows下方便
找到一个自动补全的工具记录下

# yum -y install epel-release python-pip python-devel
# pip install mycli
# mycli -u root -p root // 用户名密码都是root

QQ截图20190621162638.png

OpenWrt 基本配置


2019-06-19 20:54
zpq
7

ssh 192.168.1.1 root 默认密码为空

# === Set up the WAN (eth0) interface ==================
# Default is DHCP, this sets it to PPPoE (typical for DSL/ADSL) 
# From http://wiki.openwrt.org/doc/howto/internet.connection
# Supply values for DSLUSERNAME and DSLPASSWORD 
# and uncomment ten lines
#
# echo 'Configuring WAN link for PPPoE'
# DSLUSERNAME=YOUR-DSL-USERNAME
# DSLPASSWORD=YOUR-DSL-PASSWORD
# uci set network.wan.proto=pppoe
# uci set network.wan.username=$DSLUSERNAME
# uci set network.wan.password=$DSLPASSWORD
# uci commit network
# ifup wan
# echo 'Waiting for link to initialize'
# sleep 20
# === Update the software packages =============
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no harm in
# updating/installing them a second time.
# echo 'Updating software packages'
# opkg update                # retrieve updated packages
# opkg install luci          # install the web GUI
# opkg install luci-i18n-base-zh-cn # web GUI 中文界面
# opkg install luci-i18n-firewall-zh-cn 防火墙中文
# opkg install snmpd fprobe  # install snmpd & fprobe
# opkg install luci-app-sqm  # install the SQM modules to get fq_codel etc
# opkg install ppp-mod-pppoe # install PPPoE module
# opkg install avahi-daemon  # install the mDNS daemon
# opkg install netperf	     # install the netperf module for speed testing

https://github.com/richb-hanover/OpenWrtScripts/blob/master/config-openwrt.sh

使用 firewalld 构建 Linux 动态防火墙


2019-04-28 16:06
zpq
5

前言

防火墙是 Linux 系统的主要的安全工具,可以提供基本的安全防护,在 Linux 历史上已经使用过的防火墙工具包括:ipfwadm、ipchains、iptables。在 Firewalld 中新引入了区域(Zones)这个概念。本文介绍一下使用最新版本的 firewalld 构建动态防火墙的方法和使用技巧,本文使用的 Linux 发行版本是 RHEL 7.0。

firewalld 简介

firewalld 提供了支持网络 / 防火墙区域 (zone) 定义网络链接以及接口安全等级的动态防火墙管理工具。它支持 IPv4, IPv6 防火墙设置以及以太网桥接,并且拥有运行时配置和永久配置选项。它也支持允许服务或者应用程序直接添加防火墙规则的接口。以前的 iptables 防火墙是静态的,每次修改都要求防火墙完全重启。这个过程包括内核 netfilter 防火墙模块的卸载和新配置所需模块的装载等。而模块的卸载将会破坏状态防火墙和确立的连接。现在 firewalld 可以动态管理防火墙,firewalld 把 Netfilter 的过滤功能于一身见图 1。

图 1 内核中的防火墙 firewalld 守护进程
img001.jpg

Laravel 中优雅的跨域


2019-02-15 10:38
zpq
7

其实要想跨域网上教程多的是.
举例:

  1. Google搜索出来的结果就是在 web.php 或 api.php 文件加上
header('Access-Control-Allow-Origin : *');
header('Access-Control-Allow-Headers : Content-Type,X-Auth-Token,Authorization,Origin');
header('Access-Control-Allow-Methods :GET, POST, PUT, DELETE, OPTIONS');

说实话真是简单粗暴! 既然我们选择了laravel 那当然一定要优雅 : )

  1. 还有一种就是用开源包 barryvdh/laravel-cors也是方便的,当然我们在使用的时候也应该知其然而所以然

这边记录下我自己写的方法,

How to Install and Configure VNC Server in CentOS 7


2018-10-26 11:07
zpq
17

In this guide we’ll explain how to install and configureVNC Remote Access in latest release of CentOS 7 and RHEL 7 Desktop edition via tigervnc-server program.

VNC (Virtual Network Computing) is a server-client protocol which allows user accounts to remotely connect and control a distant system by using the resources provided by the Graphical User Interface.

Unlike other VNC servers available which connects directly to the runtime desktop, such as VNC X or Vino, tigervnc-vncserver uses a different mechanism that configures a standalone virtual desktop for each user.

Install and Configure VNC in CentOS 7

  1. Tigervnc-server is a program which executes an Xvnc server and starts parallel sessions of Gnome or other Desktop Environment on the VNC desktop.
    A started VNC user session can be accessed by same user from multiple VNC clients. In order to install TigerVNC server in CentOS 7, open a Terminal session and issue the following command with root privileges.
# yum install tigervnc-server
  1. After, you’ve installed the program, login with the user you want to run the VNC program and issue the below command in terminal in order to configure a password for the VNC server.
    Be aware that the password must be at least six characters length.
$ su - your_user  # If you want to configure VNC server to run under this user directly from CLI without switching users from GUI
$ vncpasswd
  1. Next, add a VNC service configuration file for your user via a daemon configuration file placed in systemd directory tree. In order to copy the VNC template file you need to run the following command with root privileges.
    If your user is not granted with sudo privileges, either switch directly to root account or run the command from an account with root privileges.
# cp /lib/systemd/system/vncserver@.service  /etc/systemd/system/vncserver@:1.service
  1. On the next step edit the copied VNC template configuration file from /etc/systemd/system/ directory and replace the values to reflect your user as shown in the below sample.
    The value of 1 after @ sign represents the display number (port 5900+display). Also, for each started VNC server, the port 5900 will be incremented by 1.
# vi /etc/systemd/system/vncserver@\:1.service

CentOS7开启BBR拥塞控制算法


2018-10-20 15:06
zpq
38

升级内核

首先查看你的Linux内核版本

uname -a

开启BBR拥塞控制算法的要求是Linux内核4.9以上版本,现在主流的Linux发行版内核还停留在2.x,我们需要先升级Linux内核版本。
首先,我们需要增加一个 ELRepo 源。
首先,让我们添加 ELRepo GPG key:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 

添加源:

rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

安装 fastestmirror

yum install yum-plugin-fastestmirror

安装最新Kernel

yum --enablerepo=elrepo-kernel install kernel-ml

切换到刚刚下载的新内核

grub2-set-default 0

重启后,通过 uname -a 查看内核是否成功切换到最新的版本,确认后我们进入下一步开启BBR

Unicode 空白字符 \u00a0


2018-07-18 22:41
zpq
72

最近在做网页抓取数据这块遇到一个神奇的问题

php 中的 trim 函数一直不能去空,也差了很多资料,说是空白字符。
就索性用 json_encode 一下,果然发现问题,会有一个\u00a0 字符
搜了下意思是 不换行空格。。

其他的空格描述

永远不要在MySQL中使用utf8,改用utf8mb4


2018-06-26 15:36
zpq
46

最近我遇到了一个bug,我试着通过csv 导入数据到mysql 里 然后出现了一个离奇的错误:

Incorrect string value: ‘\xF0\x9F\x98\x83 <…’ for column ‘summary’ at row 1

我用的是UTF-8编码的客户端,服务器也是UTF-8编码的,数据库也是,csv文件也是UTF-8

问题的症结在于,MySQL的“utf8”实际上不是真正的UTF-8。

“utf8”只支持每个字符最多三个字节,而真正的UTF-8是每个字符最多四个字节。

MySQL一直没有修复这个bug,他们在2010年发布了一个叫作“utf8mb4”的字符集,绕过了这个问题。

当然,他们并没有对新的字符集广而告之(可能是因为这个bug让他们觉得很尴尬),以致于现在网络上仍然在建议开发者使用“utf8”,但这些建议都是错误的。

简单概括如下:

  1. MySQL的“utf8mb4”是真正的“UTF-8”。
  2. MySQL的“utf8”是一种“专属的编码”,它能够编码的Unicode字符并不多。

我要在这里澄清一下:所有在使用“utf8”的MySQL和MariaDB用户都应该改用“utf8mb4”,永远都不要再使用“utf8”。

swoole 整合 laravel


2018-05-04 15:28
zpq
137

php常见运行方式

  1. php + module + apache
  2. php + php-fpm + nginx

传统运行方式优点

  1. 每次都是新的请求,运行完即释放,不占用内存

传统运行方式缺点

  1. 每次都需要composer 引入文件
  2. DB contention 开销大,每次运行都要建立连接和执行查询,大多数性能消耗在连接上

基于swoole http 容器

swoole 有一个优点就是他可以常驻内存,不需要反复引用,类似于JAVA里的Spring Boot
DB contention 也可以有连接池不需要每次执行完就断开连接,减少连接次数。

整合代码

关于MySql列别名做查询条件的问题


2018-05-02 10:36
zpq
27

假如有这样一条sql语句

select name as name1 from table1 where name1='aaa'

mysql 中不可以这样使用别名,那可不可以用其他什么方式来代替 ?

首先 字段别名不能直接在谓词部分引用
这个查询可以改成这样:

select name as name1 from table1 having (name1='aaa')

12306 抢票脚本 基于laravel console


2018-01-18 17:37
zpq
578

主要接口

  1. POST https://kyfw.12306.cn/otn/login/checkUser 验证用户是否登录
  2. GET https://kyfw.12306.cn/otn/login/init 登录页面初始化
  3. GET https://kyfw.12306.cn/passport/captcha/captcha-image?login_site=E&module=login&rand=sjrand&0.123456789 获取验证码图像接口 末尾是随机数
  4. POST https://kyfw.12306.cn/passport/captcha/captcha-check 验证码验证
  5. POST https://kyfw.12306.cn/passport/web/login 登录请求
  6. POST https://kyfw.12306.cn/passport/web/auth/uamtk 获取uamtk 我也不知道是什么玩意
  7. POST https://kyfw.12306.cn/otn/uamauthclient 最后登录成功
  8. POST https://kyfw.12306.cn/otn/passengers/init 获取乘车人 其实乘车人可以在请求提交订单接口时通过html 正则匹配可以获取,作为抢票工具来说,当然先确定好,后面就只顾抢票就行了。
  9. GET https://kyfw.12306.cn/otn/leftTicket/query 车次查询
  10. POST https://kyfw.12306.cn/otn/leftTicket/submitOrderRequest 请求提交订单
  11. POST https://kyfw.12306.cn/otn/confirmPassenger/initDc 请求订单初始化
  12. POST https://kyfw.12306.cn/otn/confirmPassenger/checkOrderInfo 请求验证订单信息
  13. POSThttps://kyfw.12306.cn/otn/confirmPassenger/confirmSingleForQueue 确认订单信息

eureka注册中心设置用户名密码


2018-01-04 17:20
zpq
233
  1. 加入安全认证依赖
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
  1. 在application.properties加入认证的用户名和密码
security.user.name=你的用户名
security.user.password=你的密码
  1. 修改url注册
eureka.client.serviceUrl.defaultZone=http://${security.user.name}:${security.user.password}@127.0.0.1:${server.port}/eureka/

Http Content-Type 对照表


2017-11-10 11:32
zpq
32
文件扩展名Content-Type(Mime-Type)文件扩展名Content-Type(Mime-Type)
.*( 二进制流,不知道下载文件类型)application/octet-stream.tifimage/tiff
.001application/x-001.301application/x-301
.323text/h323.906application/x-906
.907drawing/907.a11application/x-a11
.acpaudio/x-mei-aac.aiapplication/postscript
.aifaudio/aiff.aifcaudio/aiff
.aiffaudio/aiff.anvapplication/x-anv
.asatext/asa.asfvideo/x-ms-asf
.asptext/asp.asxvideo/x-ms-asf
.auaudio/basic.avivideo/avi
.awfapplication/vnd.adobe.workflow.biztext/xml
.bmpapplication/x-bmp.botapplication/x-bot
.c4tapplication/x-c4t.c90application/x-c90
.calapplication/x-cals.catapplication/vnd.ms-pki.seccat
.cdfapplication/x-netcdf.cdrapplication/x-cdr
.celapplication/x-cel.cerapplication/x-x509-ca-cert
.cg4application/x-g4.cgmapplication/x-cgm
.citapplication/x-cit.classjava/*
.cmltext/xml.cmpapplication/x-cmp
.cmxapplication/x-cmx.cotapplication/x-cot
.crlapplication/pkix-crl.crtapplication/x-x509-ca-cert
.csiapplication/x-csi.csstext/css
.cutapplication/x-cut.dbfapplication/x-dbf
.dbmapplication/x-dbm.dbxapplication/x-dbx
.dcdtext/xml.dcxapplication/x-dcx
.derapplication/x-x509-ca-cert.dgnapplication/x-dgn
.dibapplication/x-dib.dllapplication/x-msdownload
.docapplication/msword.dotapplication/msword
.drwapplication/x-drw.dtdtext/xml
.dwfModel/vnd.dwf.dwfapplication/x-dwf
.dwgapplication/x-dwg.dxbapplication/x-dxb
.dxfapplication/x-dxf.ednapplication/vnd.adobe.edn
.emfapplication/x-emf.emlmessage/rfc822
.enttext/xml.epiapplication/x-epi
.epsapplication/x-ps.epsapplication/postscript
.etdapplication/x-ebx.exeapplication/x-msdownload
.faximage/fax.fdfapplication/vnd.fdf
.fifapplication/fractals.fotext/xml
.frmapplication/x-frm.g4application/x-g4
.gbrapplication/x-gbr.application/x-
.gifimage/gif.gl2application/x-gl2
.gp4application/x-gp4.hglapplication/x-hgl
.hmrapplication/x-hmr.hpgapplication/x-hpgl
.hplapplication/x-hpl.hqxapplication/mac-binhex40
.hrfapplication/x-hrf.htaapplication/hta
.htctext/x-component.htmtext/html
.htmltext/html.htttext/webviewhtml
.htxtext/html.icbapplication/x-icb
.icoimage/x-icon.icoapplication/x-ico
.iffapplication/x-iff.ig4application/x-g4
.igsapplication/x-igs.iiiapplication/x-iphone
.imgapplication/x-img.insapplication/x-internet-signup
.ispapplication/x-internet-signup.IVFvideo/x-ivf
.javajava/*.jfifimage/jpeg
.jpeimage/jpeg.jpeapplication/x-jpe
.jpegimage/jpeg.jpgimage/jpeg
.jpgapplication/x-jpg.jsapplication/x-javascript
.jsptext/html.la1audio/x-liquid-file
.larapplication/x-laplayer-reg.latexapplication/x-latex
.lavsaudio/x-liquid-secure.lbmapplication/x-lbm
.lmsffaudio/x-la-lms.lsapplication/x-javascript
.ltrapplication/x-ltr.m1vvideo/x-mpeg
.m2vvideo/x-mpeg.m3uaudio/mpegurl
.m4evideo/mpeg4.macapplication/x-mac
.manapplication/x-troff-man.mathtext/xml
.mdbapplication/msaccess.mdbapplication/x-mdb
.mfpapplication/x-shockwave-flash.mhtmessage/rfc822
.mhtmlmessage/rfc822.miapplication/x-mi
.midaudio/mid.midiaudio/mid
.milapplication/x-mil.mmltext/xml
.mndaudio/x-musicnet-download.mnsaudio/x-musicnet-stream
.mochaapplication/x-javascript.movievideo/x-sgi-movie
.mp1audio/mp1.mp2audio/mp2
.mp2vvideo/mpeg.mp3audio/mp3
.mp4video/mpeg4.mpavideo/x-mpg
.mpdapplication/vnd.ms-project.mpevideo/x-mpeg
.mpegvideo/mpg.mpgvideo/mpg
.mpgaaudio/rn-mpeg.mppapplication/vnd.ms-project
.mpsvideo/x-mpeg.mptapplication/vnd.ms-project
.mpvvideo/mpg.mpv2video/mpeg
.mpwapplication/vnd.ms-project.mpxapplication/vnd.ms-project
.mtxtext/xml.mxpapplication/x-mmxp
.netimage/pnetvue.nrfapplication/x-nrf
.nwsmessage/rfc822.odctext/x-ms-odc
.outapplication/x-out.p10application/pkcs10
.p12application/x-pkcs12.p7bapplication/x-pkcs7-certificates
.p7capplication/pkcs7-mime.p7mapplication/pkcs7-mime
.p7rapplication/x-pkcs7-certreqresp.p7sapplication/pkcs7-signature
.pc5application/x-pc5.pciapplication/x-pci
.pclapplication/x-pcl.pcxapplication/x-pcx
.pdfapplication/pdf.pdfapplication/pdf
.pdxapplication/vnd.adobe.pdx.pfxapplication/x-pkcs12
.pglapplication/x-pgl.picapplication/x-pic
.pkoapplication/vnd.ms-pki.pko.plapplication/x-perl
.plgtext/html.plsaudio/scpls
.pltapplication/x-plt.pngimage/png
.pngapplication/x-png.potapplication/vnd.ms-powerpoint
.ppaapplication/vnd.ms-powerpoint.ppmapplication/x-ppm
.ppsapplication/vnd.ms-powerpoint.pptapplication/vnd.ms-powerpoint
.pptapplication/x-ppt.prapplication/x-pr
.prfapplication/pics-rules.prnapplication/x-prn
.prtapplication/x-prt.psapplication/x-ps
.psapplication/postscript.ptnapplication/x-ptn
.pwzapplication/vnd.ms-powerpoint.r3ttext/vnd.rn-realtext3d
.raaudio/vnd.rn-realaudio.ramaudio/x-pn-realaudio
.rasapplication/x-ras.ratapplication/rat-file
.rdftext/xml.recapplication/vnd.rn-recording
.redapplication/x-red.rgbapplication/x-rgb
.rjsapplication/vnd.rn-realsystem-rjs.rjtapplication/vnd.rn-realsystem-rjt
.rlcapplication/x-rlc.rleapplication/x-rle
.rmapplication/vnd.rn-realmedia.rmfapplication/vnd.adobe.rmf
.rmiaudio/mid.rmjapplication/vnd.rn-realsystem-rmj
.rmmaudio/x-pn-realaudio.rmpapplication/vnd.rn-rn_music_package
.rmsapplication/vnd.rn-realmedia-secure.rmvbapplication/vnd.rn-realmedia-vbr
.rmxapplication/vnd.rn-realsystem-rmx.rnxapplication/vnd.rn-realplayer
.rpimage/vnd.rn-realpix.rpmaudio/x-pn-realaudio-plugin
.rsmlapplication/vnd.rn-rsml.rttext/vnd.rn-realtext
.rtfapplication/msword.rtfapplication/x-rtf
.rvvideo/vnd.rn-realvideo.samapplication/x-sam
.satapplication/x-sat.sdpapplication/sdp
.sdwapplication/x-sdw.sitapplication/x-stuffit
.slbapplication/x-slb.sldapplication/x-sld
.slkdrawing/x-slk.smiapplication/smil
.smilapplication/smil.smkapplication/x-smk
.sndaudio/basic.soltext/plain
.sortext/plain.spcapplication/x-pkcs7-certificates
.splapplication/futuresplash.spptext/xml
.ssmapplication/streamingmedia.sstapplication/vnd.ms-pki.certstore
.stlapplication/vnd.ms-pki.stl.stmtext/html
.styapplication/x-sty.svgtext/xml
.swfapplication/x-shockwave-flash.tdfapplication/x-tdf
.tg4application/x-tg4.tgaapplication/x-tga
.tifimage/tiff.tifapplication/x-tif
.tiffimage/tiff.tldtext/xml
.topdrawing/x-top.torrentapplication/x-bittorrent
.tsdtext/xml.txttext/plain
.uinapplication/x-icq.ulstext/iuls
.vcftext/x-vcard.vdaapplication/x-vda
.vdxapplication/vnd.visio.vmltext/xml
.vpgapplication/x-vpeg005.vsdapplication/vnd.visio
.vsdapplication/x-vsd.vssapplication/vnd.visio
.vstapplication/vnd.visio.vstapplication/x-vst
.vswapplication/vnd.visio.vsxapplication/vnd.visio
.vtxapplication/vnd.visio.vxmltext/xml
.wavaudio/wav.waxaudio/x-ms-wax
.wb1application/x-wb1.wb2application/x-wb2
.wb3application/x-wb3.wbmpimage/vnd.wap.wbmp
.wizapplication/msword.wk3application/x-wk3
.wk4application/x-wk4.wkqapplication/x-wkq
.wksapplication/x-wks.wmvideo/x-ms-wm
.wmaaudio/x-ms-wma.wmdapplication/x-ms-wmd
.wmfapplication/x-wmf.wmltext/vnd.wap.wml
.wmvvideo/x-ms-wmv.wmxvideo/x-ms-wmx
.wmzapplication/x-ms-wmz.wp6application/x-wp6
.wpdapplication/x-wpd.wpgapplication/x-wpg
.wplapplication/vnd.ms-wpl.wq1application/x-wq1
.wr1application/x-wr1.wriapplication/x-wri
.wrkapplication/x-wrk.wsapplication/x-ws
.ws2application/x-ws.wsctext/scriptlet
.wsdltext/xml.wvxvideo/x-ms-wvx
.xdpapplication/vnd.adobe.xdp.xdrtext/xml
.xfdapplication/vnd.adobe.xfd.xfdfapplication/vnd.adobe.xfdf
.xhtmltext/html.xlsapplication/vnd.ms-excel
.xlsapplication/x-xls.xlwapplication/x-xlw
.xmltext/xml.xplaudio/scpls
.xqtext/xml.xqltext/xml
.xquerytext/xml.xsdtext/xml
.xsltext/xml.xslttext/xml
.xwdapplication/x-xwd.x_bapplication/x-x_b
.sisapplication/vnd.symbian.install.sisxapplication/vnd.symbian.install
.x_tapplication/x-x_t.ipaapplication/vnd.iphone
.apkapplication/vnd.android.package-archive.xapapplication/x-silverlight-app