tag:blogger.com,1999:blog-68548472024-03-13T10:05:35.806+08:00八克里這是巴克里的布拉格(mtchang's blog)!!記錄雖是零散但卻是最真實的呈現。Unknownnoreply@blogger.comBlogger530125tag:blogger.com,1999:blog-6854847.post-35830414138226693952022-02-11T11:12:00.002+08:002022-08-31T01:58:45.613+08:00VMWARE VM linux 擴充硬碟空間<p>可以參考 AWS 上面的文章</p><p> https://docs.aws.amazon.com/zh_tw/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html </p><p>但 EC2 流程更簡單, 你在EC2調整後他自動幫你最佳化到好. Linux 內部他幫你處理了.</p><p>VMWARE ESXi 就自己動手流程是</p><p></p><ol style="text-align: left;"><li>先調整 VMWARE 的VM硬碟空間</li><li>再去 LINUX 擴大硬碟分割區</li><li>然後把</li><li> FileSystem 放大</li></ol><p></p><p>就好了...XD</p><p><span style="color: red;">but 很重要的是, 因為這些有風險建議先備份免得出意外!!! </span></p><p><br /></p><p>VMWARE ESXi Ubuntu Linux 放大VM硬碟</p><p>ESXi 把要放大硬碟的VM主機關機, 調整外部的硬碟容量設定大小(增大)</p><p>重開機, 從 ESXi console 登入 root 調整</p><p>可以先檢查目前的 disk 容量</p><p># fdisk /dev/sda -l</p><p>重新掃描磁碟, ex: /dev/sda</p><p># echo 1 | sudo tee -a /sys/block/sda/device/rescan</p><p>延伸VM磁碟配置表 , 延伸後可以再檢查看看VM硬碟容量是否已經改變</p><p># growpart /dev/sda 3</p><p>重新讀取磁碟配置表</p><p># partprobe -s /dev/sda</p><p>延伸 LVM 的 Physical Extent (PE) , pvdisplay 可以檢查pv容量是否變化</p><p># pvresize -v /dev/sda3</p><p>延伸 LVM 的 Logical Volume (LV)</p><p>* 完全延展</p><p># lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv</p><p>* 指定容量延展</p><p># lvextend -L +100G /dev/ubuntu-vg/ubuntu-lv</p><p>延伸檔案系統 size , 可以用 df -lh 檢查容量</p><p># resize2fs /dev/ubuntu-vg/ubuntu-lv</p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-55466732062598752592021-03-05T20:06:00.005+08:002021-03-05T20:06:44.169+08:00NGINX 沒有 index.html 預設顯示目錄索引<p>可以參考這一篇</p><p><a href=" https://serverfault.com/questions/312796/custom-autoindex-pages-with-nginx" target="_blank"> https://serverfault.com/questions/312796/custom-autoindex-pages-with-nginx</a></p><p>設定 nginx 沒有 index.html 有索引檔案</p><pre style="border-radius: 5px; border: 0px; box-sizing: inherit; color: var(--highlight-color); font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.30769; margin-bottom: calc(var(--s-prose-spacing) + 0.4em); margin-top: 0px; max-height: 600px; overflow-wrap: normal; overflow: auto; padding: 12px; vertical-align: baseline; width: auto;"><code style="border-radius: 0px; border: 0px; box-sizing: inherit; color: var(--black-800); font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><blockquote>location / {
autoindex on;
autoindex_format xml;
xslt_stylesheet /path/to/custom.xslt
}</blockquote><p><br /></p><p>但是設定好不是很美觀, 沒有 CSS 的排版及顏色 </p></code></pre><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-Y9rVxp4fyOw/YEId738qi1I/AAAAAAAAfR0/VizIyerqxEsuhadyXugGDQhID01DKpv8gCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="340" data-original-width="397" height="240" src="https://lh3.googleusercontent.com/-Y9rVxp4fyOw/YEId738qi1I/AAAAAAAAfR0/VizIyerqxEsuhadyXugGDQhID01DKpv8gCLcBGAsYHQ/image.png" width="280" /></a></div><a href="https://github.com/gibatronic/ngx-superbindex " target="_blank">https://github.com/gibatronic/ngx-superbindex </a><p></p><p>再參考這個專案, 改成 xslt 檔案來配顏色及排版.<br /><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-tqQM9tbBfzE/YEId9ha7kTI/AAAAAAAAfR4/xzrsYfkVbFQCSizm2VfSIe4F6Gcc21nUwCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="193" data-original-width="804" height="154" src="https://lh3.googleusercontent.com/-tqQM9tbBfzE/YEId9ha7kTI/AAAAAAAAfR4/xzrsYfkVbFQCSizm2VfSIe4F6Gcc21nUwCLcBGAsYHQ/w640-h154/image.png" width="640" /></a></div><br /><br /><p></p><p>大功告成!!</p><p><br /></p><p><br /></p><p><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-55102577132182576152021-02-03T15:23:00.002+08:002021-02-03T16:07:24.239+08:00買個 HTTP SSL 憑證自從 sslforfree 及 letsencrypt 有提供免費憑證後, 就很少參與付費買憑證這種事 <div><br /></div><div>
<a href="https://www.sslforfree.com/" target="_blank">https://www.sslforfree.com/</a> </div><div>
<a href="https://letsencrypt.org/zh-tw/%20" target="_blank">https://letsencrypt.org/zh-tw/ </a></div><div><br /></div><div>
後來連 wildcard 也跟著免費了 </div><div><a href="https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578" target="_blank">https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578</a></div><div><br /></div><div>但, 在商業應用上, 為了某些因素還是得買個有效長一點的憑證, 才不會拿出來感覺像是詐騙網站</div><div><br /></div><div>搜尋一下網路上賣憑證的廠商超級多的, 實在不知道該如何比較..<br />
<div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-NS6SJWmA1kA/YBpJIOk-GwI/AAAAAAAAO9Y/snKSAX07mSg4BaambewztzXVZjYyDQEswCLcBGAsYHQ/s1368/2021-02-03144155.png" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="904" data-original-width="1368" height="264" src="https://1.bp.blogspot.com/-NS6SJWmA1kA/YBpJIOk-GwI/AAAAAAAAO9Y/snKSAX07mSg4BaambewztzXVZjYyDQEswCLcBGAsYHQ/w400-h264/2021-02-03144155.png" width="400" /></a></div><div class="separator" style="clear: both;"><br />後來我只能稍微檢查一下, 看看瀏覽器內的內建憑證商, 有哪些憑證有效期間比較長來選擇<br /><a href="https://1.bp.blogspot.com/-kmx-TYpCWHo/YBpJIS9dyhI/AAAAAAAAO9c/6IzQfCP9XBI8Q8QNEutQ5y20r7jLC9WtgCLcBGAsYHQ/s1083/2021-02-03144746.png" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="912" data-original-width="1083" height="336" src="https://1.bp.blogspot.com/-kmx-TYpCWHo/YBpJIS9dyhI/AAAAAAAAO9c/6IzQfCP9XBI8Q8QNEutQ5y20r7jLC9WtgCLcBGAsYHQ/w400-h336/2021-02-03144746.png" width="400" /></a></div><div class="separator" style="clear: both;"><a href="https://www.blogger.com/#"><br /></a>這裡有些基本的憑證資訊要先理解一下, 買起來才會順利</div><div class="separator" style="clear: both;"><u style="color: #0000ee;">https://haway.30cm.gg/ssl-key-csr-crt-pem/</u></div><div class="separator" style="clear: both;"><u style="color: #0000ee;"><br /></u></div>申請的流程<br /><br />1.需要先有個私鑰 Private Key</div><div>2.還需要有簽署憑證須求檔 CSR</div><div>3.再來提交到網站上, 他就會給你生成的 CRT 憑證, 及 PEM or CRT 中繼憑證</div><div><br />以 <a href="https://cheapsslsecurity.com/">https://cheapsslsecurity.com/</a> 為例, 你先選擇 SSL 憑證廠牌後, 在選擇需要的憑證格式</div><div>付款後就會進入生成憑證的流程. </div><div>但還是需要先生成 Private Key 才可以</div><div><br /></div><div>可以用 openssl 工具產生KEY and CSR</div><div><blockquote>ubuntu@hk:~/csr$ openssl req -new -newkey rsa:2048 -sha256 -nodes -out wildcard.apptest.com.csr -keyout wildcard.apptest.com.key -subj "/C=HK/ST=Queenswat/L=Admiralty/O=Topplayer/OU=IT/CN=*.apptest.com"</blockquote></div><div><br /></div><div>這裡我生成的是一個 Wildcard 的萬用字元憑證, 網站會依據 csr 生成簽署過後的 CRT 給你, 通常會是一個 ZIP 壓縮檔. </div><div>因為商業銷售與代理機制的關係, 所以通常不會是由 ROOT 根憑證商直接銷售, 所以會有個中間商憑證, 有人也稱他為 chain 或是 Intermediate Certificates </div><div><br /></div><div>取得後記得要先區分 CRT , CHAIN , KEY , 後面比較容易理解設定在 Server 上</div><div><div>* CRT - Server Certificate</div><div>STAR_申請的網域名稱_com.crt </div><div><br /></div><div>* chain - Intermediate Certificates</div><div>合併好幾個CA_Bundle.ca-bundle </div><div><br /></div><div>* key - Private Key </div><div>產生CSR時的.key</div></div><div><br /></div><div><div>* 在 Linux Nginx 上面要使用 , 可以使用合併 CRT</div><div><blockquote>cat STAR_申請的網域名稱_com.crt 合併好幾個CA_Bundle.ca-bundle > nginx.crt </blockquote></div></div><div><br /></div><div><div>* nginx 設定, 修改設定檔加入 SSL 相關憑證設定</div><div># 合併的 crt</div><div>ssl_certificate /etc/nginx/ssl/nginx.crt;</div><div># Private Key </div><div>ssl_certificate_key /etc/nginx/ssl/nginx.key;</div></div><div><br /></div><div>這就可以大功告成了, 接下來去瀏覽器檢查看看, 憑證顯示是否正確.</div><div><br /></div><div><div class="separator" style="clear: both;"><a href="https://www.blogger.com/#"></a><a href="https://www.blogger.com/#"></a><a href="https://1.bp.blogspot.com/-7Gkdq4Zpou8/YBpJItvzQgI/AAAAAAAAO9g/8NuJc1iOOsY7i_A-pbtLaw-QSyYZgpV6wCLcBGAsYHQ/s683/2021-02-03144843.png" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="683" data-original-width="617" height="400" src="https://1.bp.blogspot.com/-7Gkdq4Zpou8/YBpJItvzQgI/AAAAAAAAO9g/8NuJc1iOOsY7i_A-pbtLaw-QSyYZgpV6wCLcBGAsYHQ/w361-h400/2021-02-03144843.png" width="361" /></a></div><div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-FUntKn-n0nc/YBpJIzfqfQI/AAAAAAAAO9k/5FCS_uRT-wUVcpqnv7MET7P7GomHKKW9ACLcBGAsYHQ/s675/2021-02-03144903.png" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="675" data-original-width="605" height="400" src="https://1.bp.blogspot.com/-FUntKn-n0nc/YBpJIzfqfQI/AAAAAAAAO9k/5FCS_uRT-wUVcpqnv7MET7P7GomHKKW9ACLcBGAsYHQ/w359-h400/2021-02-03144903.png" width="359" /></a></div><div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-uBa6VRMBVuU/YBpJJfMrlUI/AAAAAAAAO9o/93zWCJathckueyQOu41fLQJsSDg8g_3rACLcBGAsYHQ/s672/2021-02-03144914.png" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="672" data-original-width="603" height="400" src="https://1.bp.blogspot.com/-uBa6VRMBVuU/YBpJJfMrlUI/AAAAAAAAO9o/93zWCJathckueyQOu41fLQJsSDg8g_3rACLcBGAsYHQ/w359-h400/2021-02-03144914.png" width="359" /></a><a href="https://1.bp.blogspot.com/-uBa6VRMBVuU/YBpJJfMrlUI/AAAAAAAAO9o/93zWCJathckueyQOu41fLQJsSDg8g_3rACLcBGAsYHQ/s672/2021-02-03144914.png" style="display: block; padding: 1em 0px; text-align: center;"><br /></a><a href="https://1.bp.blogspot.com/-uBa6VRMBVuU/YBpJJfMrlUI/AAAAAAAAO9o/93zWCJathckueyQOu41fLQJsSDg8g_3rACLcBGAsYHQ/s672/2021-02-03144914.png" style="display: block; padding: 1em 0px; text-align: center;"><br /></a><a href="https://1.bp.blogspot.com/-uBa6VRMBVuU/YBpJJfMrlUI/AAAAAAAAO9o/93zWCJathckueyQOu41fLQJsSDg8g_3rACLcBGAsYHQ/s672/2021-02-03144914.png" style="display: block; padding: 1em 0px; text-align: center;"><br /></a></div>
</div>jangmthttp://www.blogger.com/profile/14681248745428358728noreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-48506633269856702592020-12-28T08:54:00.001+08:002020-12-28T08:54:06.065+08:00LibreOffice Draw 可以編輯PDF<p> 昨天最驚訝的事, 一直有再用的 LibreOffice 的軟體, <b><span style="color: red;">LibreOffice Draw 可以編輯PDF</span></b></p><p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://lh3.googleusercontent.com/-lZgeqJ5DRec/X-krlVQJdNI/AAAAAAAAOPc/MZi9UO8SULsq4Z9L4omV8UZOG2VL2CWPgCLcBGAsYHQ/image.png" style="margin-left: auto; margin-right: auto;"><img alt="" data-original-height="675" data-original-width="918" height="294" src="https://lh3.googleusercontent.com/-lZgeqJ5DRec/X-krlVQJdNI/AAAAAAAAOPc/MZi9UO8SULsq4Z9L4omV8UZOG2VL2CWPgCLcBGAsYHQ/w400-h294/image.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">LibreOffice Office 編輯PDF</td></tr></tbody></table><br /></p><p>原來在 WIKI 都有寫了, 沒遇到還真的不知道.</p><p>這樣 Adobe Acrobat 難怪要轉往雲端發展了. XDXD</p><p>馬上下載來玩玩吧!!!</p><p><a href="https://zh-tw.libreoffice.org/">https://zh-tw.libreoffice.org/</a> </p><p><br /></p>jangmthttp://www.blogger.com/profile/14681248745428358728noreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-15435399496243647502020-04-24T21:50:00.001+08:002020-04-24T21:50:32.800+08:00xshell 3.0 無法登入 ubuntu 2004 LTS 版本<br />
<b><div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ElKg98PLW0Y/XqLujU_MikI/AAAAAAAAJUc/P150hJxx-78UlVTx2BUxa74sYtKQ59S5gCLcBGAsYHQ/s1600/IMG_0327.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://1.bp.blogspot.com/-ElKg98PLW0Y/XqLujU_MikI/AAAAAAAAJUc/P150hJxx-78UlVTx2BUxa74sYtKQ59S5gCLcBGAsYHQ/s320/IMG_0327.jpg" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
當你的 xshell or ssh client 無法登入新版的ssh server...</div>
no matching key exchange method found. Their of offer: diffie-hellman-group1-sha1.</b><br />
* 錯誤訊息應該長得雷同<br />
# <span style="color: blue;"><b>tail /var/log/auth.log</b></span><br />
Apr 24 13:43:45 mtchang sshd[1537]: <span style="color: red;">Unable to negotiate with 172.24.0.201 port 61949: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se [preauth]</span><br />
<div>
<br /></div>
* 降版本應該可以好<br />
<br />
root@mtchang:~# <b><span style="color: blue;">tail -n 5 /etc/ssh/sshd_config</span></b><br />
<br />
<span style="color: blue;">Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com</span><br />
<br />
<span style="color: blue;">KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1</span><br />
<div>
<br /></div>
<br />
root@jutainet:~# <b>/etc/init.d/ssh restart</b><br />
Restarting ssh (via systemctl): ssh.service.<br />
<div>
<br /></div>
<div>
<br /></div>
參考:<br />
<a href="https://blog.csdn.net/qq_33201718/article/details/105433835">https://blog.csdn.net/qq_33201718/article/details/105433835</a>jangmthttp://www.blogger.com/profile/14681248745428358728noreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-26954802025467102302020-03-29T19:30:00.000+08:002020-03-29T19:30:01.066+08:00Ubuntu 19.10 LTS Mini. install 調整Linux內部預設時區Ubuntu 19.10 LTS Mini. install 調整Linux內部預設時區<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-4NUf2dORHPw/XoCGkyy84SI/AAAAAAAAd0k/vVG4nZKF55Agp7GFX17jx9pE2uIs7a_NgCLcBGAsYHQ/s1600/68cc4aeaafcf47b88d7c02a39fabb7e1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="tzdata" border="0" data-original-height="393" data-original-width="600" height="209" src="https://1.bp.blogspot.com/-4NUf2dORHPw/XoCGkyy84SI/AAAAAAAAd0k/vVG4nZKF55Agp7GFX17jx9pE2uIs7a_NgCLcBGAsYHQ/s320/68cc4aeaafcf47b88d7c02a39fabb7e1.jpeg" title="亂搭的圖" width="320" /></a></div>
<br />
<br />
最小安裝 ubuntu 的時候,預設都是設定 UTC +0 的時區,有時候真的很難對時間。<br />
<br />
Ubuntu 只要透過安裝 tzdata 就可以設定預設時間了 <b style="color: red;">sudo apt-get install tzdata</b><br />
<b style="color: red;"><br /></b>
如果你已經設定過了,可以透過 <span style="color: red;"><b>sudo dpkg-reconfigure tzdata</b></span> 重新設定。<br />
<br />
詳細過程如下:<br />
<br />
<blockquote class="tr_bq">
jangmt@instance-1-tokyo:/usr/share$ <span style="color: red;"><b>sudo apt-get install tzdata</b></span><br />Reading package lists... Done<br />Building dependency tree <br />Reading state information... Done<br />The following NEW packages will be installed:<br /> tzdata<br />0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />Need to get 208 kB of archives.<br />After this operation, 3534 kB of additional disk space will be used.<br />Get:1 http://asia-northeast1.gce.archive.ubuntu.com/ubuntu eoan/main amd64 tzdata all 2019c-3 [208 kB]<br />Fetched 208 kB in 1s (171 kB/s)<br />debconf: delaying package configuration, since apt-utils is not installed<br />Selecting previously unselected package tzdata.<br />(Reading database ... 63700 files and directories currently installed.)<br />Preparing to unpack .../tzdata_2019c-3_all.deb ...<br />Unpacking tzdata (2019c-3) ...<br />Setting up tzdata (2019c-3) ...<br />debconf: unable to initialize frontend: Dialog<br />debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)<br />debconf: falling back to frontend: Readline<br />Configuring tzdata<br />------------------<br />Please select the geographic area in which you live. Subsequent configuration questions will narrow this<br />down by presenting a list of cities, representing the time zones in which they are located.<br /> 1. Africa 3. Antarctica 5. Arctic 7. Atlantic 9. Indian 11. SystemV 13. Etc<br /> 2. America 4. Australia 6. Asia 8. Europe 10. Pacific 12. US<br />Geographic area: <span style="color: red;"><b>6</b></span><br />Please select the city or region corresponding to your time zone.<br /> 1. Aden 16. Brunei 31. Hong_Kong 46. Kuala_Lumpur 61. Pyongyang 76. Tehran<br /> 2. Almaty 17. Chita 32. Hovd 47. Kuching 62. Qatar 77. Tel_Aviv<br /> 3. Amman 18. Choibalsan 33. Irkutsk 48. Kuwait 63. Qostanay 78. Thimphu<br /> 4. Anadyr 19. Chongqing 34. Istanbul 49. Macau 64. Qyzylorda 79. Tokyo<br /> 5. Aqtau 20. Colombo 35. Jakarta 50. Magadan 65. Rangoon 80. Tomsk<br /> 6. Aqtobe 21. Damascus 36. Jayapura 51. Makassar 66. Riyadh 81. Ujung_Pandang<br /> 7. Ashgabat 22. Dhaka 37. Jerusalem 52. Manila 67. Sakhalin 82. Ulaanbaatar<br /> 8. Atyrau 23. Dili 38. Kabul 53. Muscat 68. Samarkand 83. Urumqi<br /> 9. Baghdad 24. Dubai 39. Kamchatka 54. Nicosia 69. Seoul 84. Ust-Nera<br /> 10. Bahrain 25. Dushanbe 40. Karachi 55. Novokuznetsk 70. Shanghai 85. Vientiane<br /> 11. Baku 26. Famagusta 41. Kashgar 56. Novosibirsk 71. Singapore 86. Vladivostok<br /> 12. Bangkok 27. Gaza 42. Kathmandu 57. Omsk 72. Srednekolymsk 87. Yakutsk<br /> 13. Barnaul 28. Harbin 43. Khandyga 58. Oral 73. Taipei 88. Yangon<br /> 14. Beirut 29. Hebron 44. Kolkata 59. Phnom_Penh 74. Tashkent 89. Yekaterinburg<br /> 15. Bishkek 30. Ho_Chi_Minh 45. Krasnoyarsk 60. Pontianak 75. Tbilisi 90. Yerevan<br />Time zone: <span style="color: red;">73</span><br /><br />Current default time zone: 'Asia/Taipei'<br />Local time is now: Sun Mar 29 19:17:53 CST 2020.<br />Universal Time is now: Sun Mar 29 11:17:53 UTC 2020.<br />Run <span style="color: blue;"><b>'dpkg-reconfigure tzdata</b></span>' if you wish to change it.<br /><br />jangmt@instance-1-tokyo:/usr/share$ <span style="color: red;"><b>timedatectl</b></span><br /> Local time: Sun 2020-03-29 19:19:27 CST<br /> Universal time: Sun 2020-03-29 11:19:27 UTC<br /> RTC time: Sun 2020-03-29 11:19:28<br /> Time zone: Asia/Taipei (CST, +0800)<br />System clock synchronized: yes<br /> NTP service: inactive<br /> RTC in local TZ: no</blockquote>
<br />
<blockquote class="tr_bq">
<br /></blockquote>
<br />
<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-60812723586717214312019-09-08T11:52:00.001+08:002019-09-15T16:11:03.656+08:00xshell 舊版無法登入新版的ubuntu ssh 問題<br />
ssh 使用加密演算法報錯unknown cipher type<br />
<br />
找出目前這個版本的 ssh 支援的加密演算法<br />
<br />
<pre class="highlight" style="background-color: whitesmoke; border-radius: 3px; border: 1px solid rgba(0, 0, 0, 0.15); color: #404040; font-family: "PT Mono", Monaco, "Andale Mono", "Courier New", monospace; font-size: 12px; line-height: 18px; margin-bottom: 18px; overflow: auto; padding: 8.5px; width: 580px;"><code style="background: rgb(240, 240, 240); border-radius: 3px; border: 0px; font-family: "PT Mono", Monaco, "Andale Mono", "Courier New", monospace; font-size: 14px; line-height: 1; margin: 0px; padding: 0px;">ssh -Q cipher localhost | paste -d , -s -</code></pre>
<br />
* 到 /etc/ssh/sshd_config 加到最後面,重新啟動 sshd 就可以了...!!<br />
<br />
* 把生成的變數參考,可能長的類似下面的,把它貼入 config 。<br />
<br />
Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com<br />
<br />
Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com<br />
<br />
ref: <a href="http://mgalgs.github.io/2014/10/22/enable-arcfour-and-other-fast-ciphers-on-recent-versions-of-openssh.html">http://mgalgs.github.io/2014/10/22/enable-arcfour-and-other-fast-ciphers-on-recent-versions-of-openssh.html</a><br />
<div>
<br /></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-OpYSxXnt9Ic/XXR67m58pTI/AAAAAAAAcNs/vJBKpDhkp1AM3vBFMHUfMgthzXCMosxpACKgBGAs/s1600/IMG_20190802_190947.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="900" height="640" src="https://1.bp.blogspot.com/-OpYSxXnt9Ic/XXR67m58pTI/AAAAAAAAcNs/vJBKpDhkp1AM3vBFMHUfMgthzXCMosxpACKgBGAs/s640/IMG_20190802_190947.jpg" width="360" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖文不相關</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-h5uBqppkNiw/XXR67o7H7AI/AAAAAAAAcNs/-hPW8Rzt49ozSnYixgLOsX1tqqpOh6VygCKgBGAs/s1600/IMG_20190613_102422.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="900" height="640" src="https://1.bp.blogspot.com/-h5uBqppkNiw/XXR67o7H7AI/AAAAAAAAcNs/-hPW8Rzt49ozSnYixgLOsX1tqqpOh6VygCKgBGAs/s640/IMG_20190613_102422.jpg" width="360" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: 12.8px;">圖文不相關-東京塔</span></td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/--qIn1Yimwa4/XXR67v3tIHI/AAAAAAAAcNs/aNGwhYEK3Qgn-pm_rerm2ueSSYDAtNeTACKgBGAs/s1600/IMG_20190612_195501.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="900" height="640" src="https://1.bp.blogspot.com/--qIn1Yimwa4/XXR67v3tIHI/AAAAAAAAcNs/aNGwhYEK3Qgn-pm_rerm2ueSSYDAtNeTACKgBGAs/s640/IMG_20190612_195501.jpg" width="360" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">HERMES 圖文不相關</td></tr>
</tbody></table>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-64646495536445368442018-09-08T09:28:00.000+08:002018-09-09T20:58:33.023+08:00新手工程師練習實作參考<pre style="white-space: pre-wrap; word-wrap: break-word;">### 新手工程師練習實作參考</pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-SsCaSeUYc4Q/W5UY579XD4I/AAAAAAAAXq4/FbZtxGOtDsg1aHdVRbP-7LMu49qMukmsACLcBGAs/s1600/buddhist-1793421_1920.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="" border="0" data-original-height="1023" data-original-width="1600" height="255" src="https://3.bp.blogspot.com/-SsCaSeUYc4Q/W5UY579XD4I/AAAAAAAAXq4/FbZtxGOtDsg1aHdVRbP-7LMu49qMukmsACLcBGAs/s400/buddhist-1793421_1920.jpg" title="新手村示意圖" width="400" /></a></div>
<pre style="white-space: pre-wrap; word-wrap: break-word;">
* 因為要學習WEB寫程式的範圍很廣泛,所以這裡提供一個快速的實作目標,讓你快速通過新手村。
* 詳細可以參考這篇:<a href="https://github.com/goodjack/developer-roadmap-chinese%20web%20developer" target="_blank">https://github.com/goodjack/developer-roadmap-chinese web developer</a> 但是看完後,多數人會直接放棄。
* 底下提供比較簡單開始的新手村,讓開發者可以自己練習。
* 指說明需要完成的元素,內容請自行想像與設計。當成一個屬於自己的作品呈現空間。
### 使用純文字編輯器操作系統
* Sublime <a href="https://www.sublimetext.com/">https://www.sublimetext.com/</a>
* VSCODE <a href="https://code.visualstudio.com/">https://code.visualstudio.com/</a>
* ATOM <a href="https://atom.io/">https://atom.io/</a>
* NotePAD++ <a href="https://notepad-plus-plus.org/zh/">https://notepad-plus-plus.org/zh/</a>
* 熟悉上面至少 2 套文字編輯器,並且可以使用他的外掛。
### 使用 github 建立一個屬於自己的網站。
* 選一個 GIT 工具, <a href="https://git-scm.com/download/gui/windows">https://git-scm.com/download/gui/windows</a> , 可以選 SourceTree 或 https://git-scm.com/download/win
* 需要能夠透過 git 工具上傳及維護網站。
* 了解 git 的 pull , clone , merge, getch, commit, push, add 功能與用法
* 了解 branch, master, orign 使用上的意義
* 參考:<a href="https://gitbook.tw/chapters/github/using-github-pages.html">https://gitbook.tw/chapters/github/using-github-pages.html</a>
### 使用 bootstrap 4 規劃你的網站版面
* 參考:<a href="https://getbootstrap.com/docs/4.1/examples/">https://getbootstrap.com/docs/4.1/examples/</a>
* 使用 Grid 排版,編排出一個可以放作品的網站版型。
* 可以善用 bootstrap 的各種元件,完成你的目標。
* 調整你的版面, 讓他在 Mobile 環境下,也可以不會太糟糕。
* 使用自訂的 CSS 讓你的 Bootstrap 4 看起來和別人不一樣。
### 使用 Jquery 的 API
* 使用 Jquery 的 fadein 及 fadeout 建立一個頁面的浮動視窗,並且可以透過 click button 開啟或關閉。
* 浮動視窗,需要有資訊內容的呈現。
* 參考: <a href="http://api.jquery.com/fadein/">http://api.jquery.com/fadein/</a>
### 透過 ES6 的 fetch 功能取得 json 文字檔
* 檔案: fetch.html 此檔案可以透過 button 點擊後取得 fetch.json 檔案的內容, 內容動態放在 fetch.html 頁面上。
* 檔案: fetch.json 產生一個可以展示用的 json 格式檔案
* 參考:<a href="https://developer.mozilla.org/zh-CN/docs/Web/API/Fetch_API/Using_Fetch">https://developer.mozilla.org/zh-CN/docs/Web/API/Fetch_API/Using_Fetch</a>
### 上面 getch 的動作,使用 Jquery 函式做一次
* 參考:<a href="https://www.w3schools.com/jquery/jquery_ajax_get_post.asp">https://www.w3schools.com/jquery/jquery_ajax_get_post.asp</a>
### 使用 DataTables 元件
* 參考 <a href="https://datatables.net/examples/server_side/simple.html">https://datatables.net/examples/server_side/simple.html</a> 使用 HTML (DOM) sourced data 方式顯示並控制表格內容。
* 參考 <a href="https://datatables.net/examples/server_side/simple.html">https://datatables.net/examples/server_side/simple.html</a> 方法,使用 Server-side processing 方式呈現表格內容。
### 在 JSBIN、Codepen 及 JSFIDDLE 建立帳號,並測試程式
* <a href="https://jsbin.com/">https://jsbin.com/</a>
* <a href="https://jsfiddle.net/">https://jsfiddle.net/</a>
* <a href="https://codepen.io/">https://codepen.io/</a>
### 簡易PHP 程式編寫測試
* 沙箱測試網站 <a href="http://sandbox.onlinephpfunctions.com/">http://sandbox.onlinephpfunctions.com/</a>
* 參考文件 <a href="https://www.w3schools.com/pHP/default.asp">https://www.w3schools.com/pHP/default.asp</a>
#### 申請免費的空間來放PHP程式
* <a href="https://infinityfree.net/">https://infinityfree.net/</a>
----
update: 20180908 by mtchang</pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"></pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-6999959360330372582018-06-25T21:33:00.006+08:002018-06-25T21:33:55.866+08:00保證瀏覽器連到 https 的功能 (HSTS)因為最近遇到一個特殊的 TLD 最上層的網域, 「.app」 ,這個網域預設 HSTS Preload 功能。<br />
這功能一旦被開啟後,歡樂的時光就來臨了......<br />
<br />
<span style="color: red;">網域的擁有者也可以自己設定,HSTS Preload 設定下去,所有連線都需要 SSL 的功能</span>,於是它就有了<br />
1. 無論是否有設定 HTTPS ,瀏覽器都會轉向 HTTPS<br />
2. 可以抵禦SSL剝離攻擊,防網站劫持。<br />
3. 不能隨意關掉 HTTPS,萬一憑證不見或過期,只好被 BROWSER 檔掉或警告。<br />
4. HSTS會在一定時間後失效(有效期由max-age指定) ,但是沒有人會只設定一天過期。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-KEG3m4K62v8/WzDu1mRkfGI/AAAAAAAAWs0/SHZX3MLKx54d3wRVGnyyNSTs_1vQYq_MgCEwYBhgL/s1600/hsts_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="853" data-original-width="1131" height="241" src="https://2.bp.blogspot.com/-KEG3m4K62v8/WzDu1mRkfGI/AAAAAAAAWs0/SHZX3MLKx54d3wRVGnyyNSTs_1vQYq_MgCEwYBhgL/s320/hsts_2.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
* 你可以到這裡檢查,網址是否被 HSTS Preload 了....<br />
* <a href="https://hstspreload.org/">https://hstspreload.org</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-HYOMTYHzbh0/WzDu1Sizl6I/AAAAAAAAWsw/Mtn6xK7sNx8EC0EpsTv6XotC3Xyx7UOSACEwYBhgL/s1600/hsts_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="917" data-original-width="1294" height="226" src="https://2.bp.blogspot.com/-HYOMTYHzbh0/WzDu1Sizl6I/AAAAAAAAWsw/Mtn6xK7sNx8EC0EpsTv6XotC3Xyx7UOSACEwYBhgL/s320/hsts_1.png" width="320" /></a></div>
<br />
* 如果設定了,但是時間還沒有過期你可以參考這裡暫時移除<br />
* <a href="https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/">https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/</a><br />
* <a href="https://ephrain.net/chrome-%E5%B0%87%E7%B6%B2%E7%AB%99%E5%BE%9E-hsts-%E6%B8%85%E5%96%AE%E4%B8%AD%E7%A7%BB%E9%99%A4/">https://ephrain.net/chrome-%E5%B0%87%E7%B6%B2%E7%AB%99%E5%BE%9E-hsts-%E6%B8%85%E5%96%AE%E4%B8%AD%E7%A7%BB%E9%99%A4/</a><br />
* <a href="https://blog.bennyling.cc/362/clear-google-chrome-hsts-setting">https://blog.bennyling.cc/362/clear-google-chrome-hsts-setting</a>/ <br />
<br />
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security 目前已經支援的瀏覽器<br />
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-gGABdU1bzHo/WzDu1l4aH0I/AAAAAAAAWs4/_3BuUI0QASgURHETbXYUo8RBvdM57dEKACEwYBhgL/s1600/hsts_3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="655" data-original-width="1242" height="168" src="https://3.bp.blogspot.com/-gGABdU1bzHo/WzDu1l4aH0I/AAAAAAAAWs4/_3BuUI0QASgURHETbXYUo8RBvdM57dEKACEwYBhgL/s320/hsts_3.png" width="320" /></a></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-44434824988113939172018-05-15T13:03:00.000+08:002018-05-15T13:03:06.052+08:00MQTT 的文件<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://swf.com.tw/images/books/IoT/MQTT/mqtt_tcp_ip.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="https://swf.com.tw/?p=1002" border="0" data-original-height="316" data-original-width="714" height="282" src="https://swf.com.tw/images/books/IoT/MQTT/mqtt_tcp_ip.png" title="圖片來源: MQTT教學(一):認識MQTT" width="640" /></a></div>
<br />
<br />
幾個重點整理:<br />
<br />
<span style="color: red;">提供三種訊息傳送服務的QoS</span><br />
QoS0:At most once 最多一次<br />
QoS1:At least once 至少一次<br />
QoS2:Exactly once 確保一次<br />
<br />
<span style="color: red;">減少封包傳送時的負擔,同時減少網路所需之頻寬</span><br />
<br />
<span style="color: red;">Last Will and Testament(最後遺囑) 機制</span><br />
主題萬用字元(Topic Wildcard Characters)<br />
<br />
<br />
<span style="color: red;">CONNECT</span><br />
當Client(客戶端)對Broker建立起TCP/IP socket連線時,需傳送Message Type為CONNECT的訊息,Broker端會回傳Message Type為CONNACK的確認訊息。<br />
<br />
<span style="color: red;">DISCONNECT</span><br />
DISCONNECT訊息被傳送至Broker,表示需要關閉TCP/IP連線,若在連線時設置Clean Session,Broker清除此Client連線時所有的設定,包括訂閱的主題。<br />
<span style="color: red;"><br /></span>
<span style="color: red;">PUBLISH</span><br />
Publish訊息會因為所使用的QoS有不同的工作流程。若QoS設置為0,訊息會透過底層的TCP/IP連線傳輸訊息,並不預期有任何的回應,也不會重新傳送,故訊息可能傳送至Broker 一次,或是沒有傳送成功。<br />
<br />
<span style="color: red;">PING</span><br />
在TCP/IP的連線中會在一固定時間傳送一心跳值確保其連線的暢通,MQTT通訊協議中以PINGREQ訊息傳送至Broker確保連線狀態,Broker回傳PINGRESP訊息回覆Client此連線是否正常。<br />
<br />
<br />
<br />
ref:<br />
https://zh.wikipedia.org/wiki/MQTT<br />
https://swf.com.tw/?p=1002<br />
<a href="http://designer.mech.yzu.edu.tw/articlesystem/article/compressedfile/(2016-07-15)%20%E7%AC%AC%E4%B8%89%E7%AB%A0%20MQTT%E9%80%9A%E8%A8%8A%E5%8D%94%E8%AD%B0.aspx?ArchID=2621">http://designer.mech.yzu.edu.tw/articlesystem/article/compressedfile/(2016-07-15)%20%E7%AC%AC%E4%B8%89%E7%AB%A0%20MQTT%E9%80%9A%E8%A8%8A%E5%8D%94%E8%AD%B0.aspx?ArchID=2621</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-81993721223105548782018-04-29T06:14:00.000+08:002018-04-29T06:14:08.747+08:00VPN 目前還可以用的翻牆技術及歷史技術手段<br />
<br />
* VPN部份可用<br />
AnyConnect<br />
OpenVPN<br />
<br />
* CDN方式 Lantern、FireFly、Tor Browser – Meek<br />
<br />
* 新的主流<br />
<a href="https://toutyrater.github.io/prep/install.html" target="_blank">https://toutyrater.github.io/prep/install.html </a> V2Ray<br />
Shadowsocks、V2Ray、ShadowsocksR、ShadowsocksRR<br />
<br />
* 之前翻牆的歷史技術篇<br />
<a href="https://blog.yandere.moe/moe/gfw-vs-proxy/97.html">https://blog.yandere.moe/moe/gfw-vs-proxy/97.html</a> 墙与梯的较量——那些年我们一起用过的翻墙手段<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://upload.wikimedia.org/wikipedia/commons/c/c9/How_to_vpn_work.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="202" data-original-width="350" height="184" src="https://upload.wikimedia.org/wikipedia/commons/c/c9/How_to_vpn_work.png" width="320" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-61975621218780932072018-04-24T00:21:00.002+08:002018-04-24T00:21:14.698+08:00[案例]BUG經過時間的演化,它就成為了功能<br />
講一個程序員在1970年左右犯的錯誤 ,<br />
它把 Unix 的 system call 拼成 creat() 以至於<br />
到現在只要用的 file 的 creat 都會用到這個函式<br />
然後有人問它, 如果有機會重新系統你想要有哪些不一樣,它回答「I'd spell creat with an e.」<br />
然後2009.11.10 的時候 Ken Thompson 在 go-lang 的上面, 修正了這個錯誤. 足足經過了約 40 年<br />
<br />
#標準美東時間是UTC -05 夏令美東時間是UTC -04<br />
#系統使用 UTC -04 那冬天的時候帳務就會出錯了呀!!!<br />
#我其實是要講美東時間當算帳基準這個ISSUE,所以這個 ISSUE 就成為了功能的一環<br />
<br />
ref:<br />
https://en.wikiquote.org/wiki/Ken_Thompson wiki 有記載<br />
http://www.di.uevora.pt/~lmr/syscalls.html unix system call<br />
https://coolshell.cn/articles/1761.html 故事完整的始末<br />
kevinwatt.net 參考來源(人還在,blog已消失因為老闆太忙沒更新)<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-hPvNs_3R8HE/Wt4H2MjKlaI/AAAAAAAAV2Y/UYcscw81Tps4TBi03u5aXmISzKL6Mz6KwCLcBGAs/s1600/creat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="608" data-original-width="1554" height="250" src="https://1.bp.blogspot.com/-hPvNs_3R8HE/Wt4H2MjKlaI/AAAAAAAAV2Y/UYcscw81Tps4TBi03u5aXmISzKL6Mz6KwCLcBGAs/s640/creat.png" width="640" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-30183974573112914962018-03-01T12:05:00.001+08:002018-03-01T12:05:23.667+08:00memcached UDP 放大攻擊之亂--Centos7 關閉UDP及只綁定127.0.0.1<br />
昨晚機器流量異常....爆增流量<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-ZC3Rse5cUQA/Wpd6huVfKbI/AAAAAAAAUnw/ZTQOOQIv0FgQuQEI06tMqAcEK5JM_wGMgCLcBGAs/s1600/clip_20180301_114750.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="1027" height="438" src="https://2.bp.blogspot.com/-ZC3Rse5cUQA/Wpd6huVfKbI/AAAAAAAAUnw/ZTQOOQIv0FgQuQEI06tMqAcEK5JM_wGMgCLcBGAs/s640/clip_20180301_114750.png" width="640" /></a></div>
<br />
<br />
* 十小時前的新聞<br />
<a href="https://www.ithome.com.tw/news/121543">https://www.ithome.com.tw/news/121543</a><br />
"Majkowski建議不使用UDP的Memcached用戶應直接關閉該通訊埠,或確保自己的Memcached伺服器受到防火牆的保護,也提醒開發人員最好不要使用UDP,就算不得不用,也不應預設為啟用狀態,並應嚴格限制回應封包的大小,以免成為駭客執行DDoS攻擊的幫兇。"<br />
<br />
* 七小時前的新聞<br />
<a href="https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html">https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html</a><br />
<br />
* memcached 伺服器參數 ConfiguringServer<br />
<a href="https://github.com/memcached/memcached/wiki/ConfiguringServer#commandline-arguments">https://github.com/memcached/memcached/wiki/ConfiguringServer#commandline-arguments</a><br />
<br />
* 看一下啟動程序怎麼寫的<br />
[root@dev ~]# more /usr/lib/systemd/system/memcached.service<br />
...SKIP 略...<br />
[Service]<br />
Type=simple<br />
EnvironmentFile=-/etc/sysconfig/memcached<br />
<span style="color: blue;">ExecStart=/usr/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS</span><br />
...SKIP 略...<br />
<br />
<span style="color: blue;">* 看來改一下 memcached 的 OPTIONS 就可以</span><br />
* -l 參數可以指定接收的 interface<br />
* -U 可以關閉 UDP port<br />
[root@dev ~]# cat /etc/sysconfig/memcached<br />
PORT="11211"<br />
USER="memcached"<br />
MAXCONN="1024"<br />
CACHESIZE="64"<br />
<span style="background-color: white;"><span style="color: red;">OPTIONS="-l 127.0.0.1 -U 0"</span></span><br />
<br />
* 重新啟動<br />
[root@dev ~]# <span style="color: blue;">systemctl restart memcached.service</span><br />
<br />
* 檢查 netstat 看看是否只剩下 127.0.0.1:11211 的<br />
[root@dev ~]# <span style="color: blue;">netstat -tnulp | grep mem</span><br />
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 12810/memcached<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-59689692445183481912017-11-15T16:34:00.001+08:002017-11-15T16:34:29.046+08:00樹狀結構的 UI 界面<br />
* 官方網站 <a href="https://www.jeasyui.com/documentation/tree.php">https://www.jeasyui.com/documentation/tree.php</a><br />
<br />
* 測試DEMO頁面 <a href="http://mtchang.github.io/code/easyui_tree.html">http://mtchang.github.io/code/easyui_tree.html</a> and source code<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-2oAqWEbMUNM/Wgv8AuwO0rI/AAAAAAAARUo/cnoEqpnajgA6P5wA8rlsohS0HxhetGZggCLcBGAs/s1600/easyui_tree.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="714" data-original-width="491" height="640" src="https://1.bp.blogspot.com/-2oAqWEbMUNM/Wgv8AuwO0rI/AAAAAAAARUo/cnoEqpnajgA6P5wA8rlsohS0HxhetGZggCLcBGAs/s640/easyui_tree.png" width="440" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-75033651689070567692017-09-17T23:00:00.003+08:002017-09-17T23:00:43.998+08:00和人月神話一樣, 經過 10 年後來看還是一樣的貼切<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/zh_TW/sdk.js#xfbml=1&version=v2.10&appId=291818224253358";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<div class="fb-post" data-href="https://www.facebook.com/jangmtcom/posts/127023261201167" data-width="500" data-show-text="true"><blockquote cite="https://www.facebook.com/jangmtcom/posts/127023261201167" class="fb-xfbml-parse-ignore"><p>和人月神話一樣, 經過 10 年後來看還是一樣的貼切。
「你進入狀況後, 要繼續維持並不算太難. 我的一天通常都是這樣子的: (1) 上班 (2) 看信看網頁等等 (3) 決定應該吃過午飯後再做事 (4) 吃完午飯回來 (5) 看信看網頁...</p>由<a href="https://www.facebook.com/jangmtcom/">巴克里</a>貼上了 <a href="https://www.facebook.com/jangmtcom/posts/127023261201167">2017年9月14日</a></blockquote></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-1610052070586258252017-09-17T18:35:00.000+08:002017-09-20T00:23:05.006+08:00使用AWS EC2當OpenVPN Server使用AWS EC2當OpenVPN Server<br />
<br />
* 透過 AWS 設定 OpenVPN server<br />
* 先看一下 EC2 價格 https://aws.amazon.com/tw/ec2/pricing/<br />
<br />
* 首先去申請一台乾淨的 AWS EC2 server , 新使用者可以免費使用 750HR .<br />
<br />
* 可以參考網路上的教學文章,把 OpenVPN 安裝設定好。<br />
* How to Setup and Configure an OpenVPN Server on CentOS 6<br />
https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-6<br />
<br />
* 在 CentOS 6 架設 OpenVPN Server<br />
http://jamyy.us.to/blog/2013/09/5220.html<br />
<br />
* How To Set Up an OpenVPN Server on Ubuntu 16.04<br />
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04<br />
<br />
* 本人推薦官方的說明, 比較準確<br />
<a href="https://help.ubuntu.com/lts/serverguide/openvpn.html">https://help.ubuntu.com/lts/serverguide/openvpn.html</a><br />
<br />
* 將設定檔及憑證全部設定在設定檔內 , 因為手機 IPHONE 才可安裝<br />
<a href="https://community.openvpn.net/openvpn/wiki/IOSinline">https://community.openvpn.net/openvpn/wiki/IOSinline</a><br />
<br />
* 設定主機的 NAT 轉換 IP , 讓 IP 有可以出去。<br />
root@ip-172-31-10-225:~# cat fire.sh<br />
# --------------------------------------------------------------<br />
#!/bin/bash<br />
# linux firewall rule sample<br />
EXTIF="eth0" <span style="white-space: pre;"> </span># 這個是可以連上 Public IP 的網路介面<br />
INNET="192.168.20.0/24"<br />
export EXTIF INNET<br />
<br />
# cleaner rule and set default<br />
iptables -F<br />
iptables -X<br />
iptables -Z<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -P FORWARD ACCEPT<br />
<br />
iptables -A INPUT -i lo -j ACCEPT<br />
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
<br />
# clean NAT table rule<br />
iptables -F -t nat<br />
iptables -X -t nat<br />
iptables -Z -t nat<br />
iptables -t nat -P PREROUTING ACCEPT<br />
iptables -t nat -P POSTROUTING ACCEPT<br />
iptables -t nat -P OUTPUT ACCEPT<br />
<br />
# nat<br />
iptables -t nat -A POSTROUTING -s $INNET -o $EXTIF -j MASQUERADE<br />
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1300:1536 -j TCPMSS --clamp-mss-to-pmtu<br />
# --------------------------------------------------------------<br />
<br />
* 設定好的這台主機, 可以跟 AWS 租用固定IP ,也可以使用 IP2DNS 寫入成為 DNS<br />
* awsopenvpn.jangmt.com 這個是我的例子用的 domain name<br />
* AWS 的設定請參考網路上的教學文件, 無法在這裡簡單的說明。<br />
<br />
# OpenVPN 設定檔 server.conf<br />
# --------------------------------------------------------------<br />
root@ip-172-31-10-225:/etc/openvpn# grep -v "#" server.conf | grep -v '^$'| grep -v ';'<br />
port 443<br />
proto tcp<br />
dev tun<br />
ca ca.crt<br />
cert server.crt<br />
dh dh2048.pem<br />
server 192.168.20.0 255.255.255.0<br />
ifconfig-pool-persist ipp.txt<br />
push "redirect-gateway def1 bypass-dhcp"<br />
push "dhcp-option DNS 8.8.8.8"<br />
keepalive 10 120<br />
tls-auth ta.key 0<br />
comp-lzo<br />
user nobody<br />
group nogroup<br />
persist-key<br />
persist-tun<br />
status openvpn-status.log<br />
verb 3<br />
mode server<br />
tls-server<br />
#Enable multiple client to connect with same key<br />
duplicate-cn<br />
# --------------------------------------------------------------<br />
<br />
<br />
<br />
# OpenVPN Client 端的 inline 設定檔案, IPHONE 可以使用<br />
# --------------------------------------------------------------<br />
# 參考: https://community.openvpn.net/openvpn/wiki/IOSinline<br />
client<br />
dev tun<br />
remote awsopenvpn.jangmt.com 443<br />
proto tcp<br />
resolv-retry infinite<br />
nobind<br />
comp-lzo<br />
mute 3<br />
persist-key<br />
persist-tun<br />
ns-cert-type server<br />
verb 3<br />
#tls-client<br />
#tls-auth ta.key 1<br />
key-direction 1<br />
<ca></ca><br />
-----BEGIN CERTIFICATE-----<br />
...<br />
-----END CERTIFICATE-----<br />
<br />
<cert></cert><br />
-----BEGIN CERTIFICATE-----<br />
...<br />
-----END CERTIFICATE-----<br />
<br />
<key></key><br />
-----BEGIN RSA PRIVATE KEY-----<br />
...<br />
-----END RSA PRIVATE KEY-----<br />
<br />
<tls-auth></tls-auth><br />
-----BEGIN OpenVPN Static key V1-----<br />
...<br />
-----END OpenVPN Static key V1-----<br />
<br />
# --------------------------------------------------------------<br />
<br />
* 使用 OpenVPN 最大的原因是 Iphone , MAC OS 新版的有支援, 且用了一陣子後,發現還滿好用的。<br />
<br />
* OpenVPN 客戶端工具<br />
<a href="https://openvpn.net/index.php/open-source/downloads.html">https://openvpn.net/index.php/open-source/downloads.html</a><br />
<br />
* Iphone OpenVPN<br />
<a href="https://itunes.apple.com/tw/app/openvpn-connect/id590379981?mt=8">https://itunes.apple.com/tw/app/openvpn-connect/id590379981?mt=8</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-nd8anxpODVc/Wb5OOiCguQI/AAAAAAAAQp8/FyKOsQUBIrkJx0GJAQFgaa86HvBTgSOhwCLcBGAs/s1600/openvpn.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="827" data-original-width="1064" height="248" src="https://4.bp.blogspot.com/-nd8anxpODVc/Wb5OOiCguQI/AAAAAAAAQp8/FyKOsQUBIrkJx0GJAQFgaa86HvBTgSOhwCLcBGAs/s320/openvpn.jpg" width="320" /></a></div>
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-57963580382126844782017-09-17T17:49:00.001+08:002017-09-17T17:49:19.267+08:00NGINX的status狀態NGINX的status狀態<br />
<br />
# 在 nginx config server 段加入<br />
<br />
<span style="color: blue;">location /nginx_status {</span><br />
<span style="color: blue;"><span style="white-space: pre;"> </span> # Turn on stats</span><br />
<span style="color: blue;"><span style="white-space: pre;"> </span> stub_status on;</span><br />
<span style="color: blue;"><span style="white-space: pre;"> </span> # only allow access from 192.168.1.5 #</span><br />
<span style="color: blue;"><span style="white-space: pre;"> </span> allow 192.168.211.112;</span><br />
<span style="color: blue;"><span style="white-space: pre;"> </span> deny all;</span><br />
<span style="color: blue;">}</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-D_5Cs4C_rf8/Wb5E8VYDrjI/AAAAAAAAQps/B1JOv-VcLdcUrDk4bjdH0wrSaMNMWZLmwCLcBGAs/s1600/nginx_status.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="304" data-original-width="882" height="219" src="https://1.bp.blogspot.com/-D_5Cs4C_rf8/Wb5E8VYDrjI/AAAAAAAAQps/B1JOv-VcLdcUrDk4bjdH0wrSaMNMWZLmwCLcBGAs/s640/nginx_status.jpg" width="640" /></a></div>
<br />
<br />
<br />
* Active connections 1:<br />
目前連線數,包含 Waiting 量<br />
* server accepts handled requests 20 20 12<br />
第1個值是伺服器接受的連線數<br />
第2個值是伺服器已經處理的連線數<br />
第3個值則是伺服器已經處理的請求數<br />
若將第3個數值除以第2個數值,就會得到平均每個連線的請求數<br />
* Reading 正在讀取的請求數<br />
* Writing 正在讀取主體、處理與回應的請求數<br />
* Waiting keep-alive 的連線數這個值跟 keepalive_timeout 有關<br />
<br />
<br />
REF:<br />
<a href="https://www.cyberciti.biz/faq/nginx-see-active-connections-connections-per-seconds/">https://www.cyberciti.biz/faq/nginx-see-active-connections-connections-per-seconds/</a><br />
<a href="https://blog.gtwang.org/linux/nginx-enable-stub_status-module-to-collect-metrics/">https://blog.gtwang.org/linux/nginx-enable-stub_status-module-to-collect-metrics/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-87870311978240760262017-09-17T17:40:00.003+08:002017-09-17T17:40:38.461+08:00CENTOS7 安裝 NGINX 並請申請 Letsencrypt SSL憑證使用CENTOS7 安裝 NGINX 並請申請 Letsencrypt SSL憑證使用<br />
<br />
# 首先先看看網路上的教學安裝文章, 照著作把 nginx 安裝起來<br />
<a href="https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7">https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7</a><br />
<br />
# 然後安裝憑證, 這個 Letsencrypt 目前用程式安裝憑證<br />
<a href="https://letsencrypt.org/">https://letsencrypt.org/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gmQhw30grbk/Wb5Cy4eU0pI/AAAAAAAAQpg/-ko2d6jQ-FsEgt-od6gvPP0HujOESuHFwCEwYBhgL/s1600/nginx_ssl_2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1058" height="226" src="https://1.bp.blogspot.com/-gmQhw30grbk/Wb5Cy4eU0pI/AAAAAAAAQpg/-ko2d6jQ-FsEgt-od6gvPP0HujOESuHFwCEwYBhgL/s320/nginx_ssl_2.jpg" width="320" /></a></div>
<br />
<br />
# 請依據制這裡的說明, 安裝程式及工具<br />
<a href="https://certbot.eff.org/#centosrhel7-nginx">https://certbot.eff.org/#centosrhel7-nginx</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/--dgedTACgXI/Wb5Cy1YsvTI/AAAAAAAAQpc/4dRqXntrOPodFkrO2tE7OgRwBjm5YBxDgCEwYBhgL/s1600/nginx_ssl_1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1058" height="226" src="https://4.bp.blogspot.com/--dgedTACgXI/Wb5Cy1YsvTI/AAAAAAAAQpc/4dRqXntrOPodFkrO2tE7OgRwBjm5YBxDgCEwYBhgL/s320/nginx_ssl_1.jpg" width="320" /></a></div>
<br />
<br />
# 先把 domain FQDN 對應 IP 設定好<br />
# 執行憑證申請及安裝, 因為 Letsencrypt 有縣市 IP 及 Domain 所以申請盡可能一次就成功。<br />
# 依據說明執行<br />
[root@dev letsencrypt]# <b><span style="color: blue;">certbot --nginx</span></b><br />
Saving debug log to /var/log/letsencrypt/letsencrypt.log<br />
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org<br />
<br />
Which names would you like to activate HTTPS for?<br />
-------------------------------------------------------------------------------<br />
1: api.jangmt.com<br />
2: dev.jangmt.com<br />
-------------------------------------------------------------------------------<br />
Select the appropriate numbers separated by commas and/or spaces, or leave input<br />
blank to select all options shown (Enter 'c' to cancel):<span style="color: blue;">2</span><br />
Obtaining a new certificate<br />
Performing the following challenges:<br />
tls-sni-01 challenge for dev.jangmt.com<br />
Waiting for verification...<br />
Cleaning up challenges<br />
<span style="color: red;">Cannot find a cert or key directive in /etc/nginx/conf.d/dev_jangmt_com.conf for set(['dev.jangmt.com']). VirtualHost was not modified.</span><br />
<br />
IMPORTANT NOTES:<br />
- Unable to install the certificate<br />
- Congratulations! Your certificate and chain have been saved at<br />
/etc/letsencrypt/live/dev.jangmt.com/fullchain.pem. Your cert will<br />
expire on 2017-12-16. To obtain a new or tweaked version of this<br />
certificate in the future, simply run certbot again with the<br />
"certonly" option. To non-interactively renew *all* of your<br />
certificates, run "certbot renew"<br />
<br />
<br />
# 失敗了, 因為還沒有設定好 cert or key directive 我們可以手動設定.<br />
# 檢查一下 /etc/letsencrypt/ 應該有可以使用的憑證在 live 目錄內<br />
[root@dev conf.d]# ls /etc/letsencrypt/ -la<br />
total 20<br />
drwxr-xr-x. 8 root root 4096 Sep 17 04:48 .<br />
drwxr-xr-x. 143 root root 8192 Sep 17 05:03 ..<br />
drwx------. 3 root root 49 Sep 17 04:03 accounts<br />
drwx------. 4 root root 60 Sep 17 04:07 archive<br />
drwxr-xr-x. 2 root root 72 Sep 17 04:07 csr<br />
drwx------. 2 root root 72 Sep 17 04:07 keys<br />
drwx------. 4 root root 60 Sep 17 04:07 live<br />
-rw-r--r--. 1 root root 822 Sep 17 04:03 options-ssl-nginx.conf<br />
drwxr-xr-x. 2 root root 70 Sep 17 04:07 renewal<br />
<br />
<br />
# 然後設定一個初始的 NGINX 設定 /etc/nginx/conf.d/default.conf<br />
# -----------------------------------------------------------<br />
# http<br />
server {<br />
<span style="white-space: pre;"> </span>server_name _;<br />
<span style="white-space: pre;"> </span>listen *:80 default_server deferred;<br />
# return 301 https://$server_name$request_uri;<br />
<br />
access_log /var/log/nginx/access.log main;<br />
error_log /var/log/nginx/error.log warn;<br />
<br />
location / {<br />
root /usr/share/nginx/html;<br />
index index.php index.html index.htm;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /usr/share/nginx/html;<br />
try_files $uri = 404;<br />
fastcgi_pass 127.0.0.1:9000;<br />
#fastcgi_pass unix:/var/opt/remi/php70/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br />
include /etc/nginx/fastcgi_params;<br />
}<br />
<br />
location ~ /\.ht {<br />
deny all;<br />
}<br />
}<br />
<br />
<br />
# https<br />
server {<br />
listen 443 ssl default_server;<br />
server_name _;<br />
<br />
<span style="color: blue;"> ssl_certificate /etc/letsencrypt/live/dev.jangmt.com/cert.pem;</span><br />
<span style="color: blue;"> ssl_certificate_key /etc/letsencrypt/live/dev.jangmt.com/privkey.pem;</span><br />
<br />
access_log /var/log/nginx/access.log main;<br />
error_log /var/log/nginx/error.log warn;<br />
server_tokens off;<br />
<br />
location / {<br />
root /usr/share/nginx/html;<br />
index index.php index.html index.htm;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /usr/share/nginx/html;<br />
try_files $uri = 404;<br />
fastcgi_pass 127.0.0.1:9000;<br />
#fastcgi_pass unix:/var/opt/remi/php70/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br />
include /etc/nginx/fastcgi_params;<br />
}<br />
<br />
location ~ /\.ht {<br />
deny all;<br />
}<br />
<br />
#return 301 http://$server_name$request_uri;<br />
}<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-2F1GBFEkgQk/Wb5Cy8CnheI/AAAAAAAAQpY/cv1UtgBSzlUBps0aBLUmhlGdmCJBvRP2wCLcBGAs/s1600/nginx_ssl_3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="341" data-original-width="668" height="163" src="https://1.bp.blogspot.com/-2F1GBFEkgQk/Wb5Cy8CnheI/AAAAAAAAQpY/cv1UtgBSzlUBps0aBLUmhlGdmCJBvRP2wCLcBGAs/s320/nginx_ssl_3.jpg" width="320" /></a></div>
<br />
<br />
# 然後, 就設定好了....XDXD<br />
# 我知道跳過很多步驟, 因為我看得懂就好.<br />
# 有錯誤隨時檢查 /var/log/nginx/error.log 紀錄檔<br />
[root@dev conf.d]# tail /var/log/nginx/error.log<br />
2017/09/17 05:06:08 [error] 4159#0: *11 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 59.127.16.209, server: 0.0.0.0:443<br />
2017/09/17 05:06:09 [error] 4159#0: *12 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 59.127.16.209, server: 0.0.0.0:443<br />
<br />
# 上面這個錯誤, 是我憑證沒有設定好造成的.<br />
基本上如果有多個網站在同一個 NGINX 上的時候, default site conf 要先設定好, 才可以正常工作.<br />
# Good Luck !!<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-25507298502465329712017-08-29T12:20:00.000+08:002017-08-29T12:20:03.943+08:00PHP彷JWT打包產生需要的資料,把回傳回來的資料驗證解碼<script src="https://gist.github.com/mtchang/08f7e74924470554c8c0a378113ae885.js"></script>
執行:<br />
<a href="http://sandbox.onlinephpfunctions.com/code/8349c158d68cdf644dd07d802f3782384fb4e7b7">http://sandbox.onlinephpfunctions.com/code/8349c158d68cdf644dd07d802f3782384fb4e7b7</a><br />
<br />
使用範例:<br />
<br />
加密的密碼<br />
$salt = '11223344';<br />
// 需要傳遞的陣列<br />
$codevalue_array = array(<br />
'Amt' <span style="white-space: pre;"> </span>=> '111',<br />
'MerchantOrderNo' => 'ertgyhujioiuytre'<br />
);<br />
// 打包產生需要的資料<br />
$send_code = jwtenc($salt,$codevalue_array);<br />
var_dump($send_code);<br />
<br />
// 把回傳回來的資料驗證解碼<br />
$codevalue = jwtdec($salt,$send_code);<br />
var_dump($codevalue);Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-29760547590095544272017-08-18T11:51:00.000+08:002017-08-18T11:53:01.642+08:00JS 產生亂數(前2碼英文小寫,後6碼數字)<br /> 程式碼
<br />
<script src="https://gist.github.com/mtchang/757d20f1008da5ab65a55dc5a6b8af05.js"></script>
<br />
RUN test:<br />
<a href="https://jsbin.com/moqusix/3/edit?html,js,output">https://jsbin.com/moqusix/3/edit?html,js,output</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-hBeSQuPrQMg/WZZkJQQZizI/AAAAAAAAPKk/cTQwqg5VF7ExZms9wgZyBOnvNoukUfoqgCLcBGAs/s1600/myrandomstring.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="909" data-original-width="1509" height="385" src="https://3.bp.blogspot.com/-hBeSQuPrQMg/WZZkJQQZizI/AAAAAAAAPKk/cTQwqg5VF7ExZms9wgZyBOnvNoukUfoqgCLcBGAs/s640/myrandomstring.png" width="640" /></a></div>
<br />
ref:<br />
<a href="https://www.w3schools.com/jsref/prop_html_innerhtml.asp">https://www.w3schools.com/jsref/prop_html_innerhtml.asp</a><br />
<a href="https://github.com/mtchang/code/blob/master/myrandomstring.html">https://github.com/mtchang/code/blob/master/myrandomstring.html</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-60697115652057247012017-07-23T02:16:00.001+08:002017-07-23T02:16:20.461+08:00OpenCart2 的密碼編碼方式OpenCart2 的密碼編碼方式<br />
<script src="https://gist.github.com/mtchang/fc8af8cb2c5a62b4c9a8afa0fbf39fa0.js"></script>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-44268283674807719592017-07-09T22:57:00.002+08:002017-07-09T22:57:39.603+08:00Web App Manifest把 WEB APP 圖示放到桌面, 啟動時候有各轉場的動作。<br />
<br />
這篇寫得很清楚<br />
https://developer.mozilla.org/en-US/Apps/Progressive<br />
<br />
https://developers.google.com/web/updates/2014/11/Support-for-installable-web-apps-with-webapp-manifest-in-chrome-38-for-Android<br />
<br />
https://w3c.github.io/manifest/<br />
<br />
最常見的應用<br />
https://makeappicon.com/webclip<br />
<br />
https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html<br />
<br />
<br />
<br />Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-35132198316381251982017-07-05T23:14:00.001+08:002017-07-05T23:14:27.067+08:00Nginx Ip Whitelist (白名單快速轉成 nginx 使用的清單)Nginx Ip Whitelist<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-pAGTrbNa8MQ/WV0B-uU3kxI/AAAAAAAAPHE/iW2ApY1HVDYK1JyIs-aECDk7kkHv6NpcgCLcBGAs/s1600/bypass-firewall.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="367" data-original-width="940" height="248" src="https://3.bp.blogspot.com/-pAGTrbNa8MQ/WV0B-uU3kxI/AAAAAAAAPHE/iW2ApY1HVDYK1JyIs-aECDk7kkHv6NpcgCLcBGAs/s640/bypass-firewall.jpg" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">by pass whitelist ref: http://www.kitploit.com/2016/11/fireaway-next-generation-firewall-audit.html</td></tr>
</tbody></table>
<br />
<br />
# 白名單設定方式可以參考 stackoverflow 這一篇<br />
<a href="https://stackoverflow.com/questions/13917866/nginx-ip-whitelist">https://stackoverflow.com/questions/13917866/nginx-ip-whitelist</a><br />
<br />
# 中文可以參考這一篇<br />
<a href="https://www.centos.bz/question/nginx-ip-whitelist/">https://www.centos.bz/question/nginx-ip-whitelist/</a><br />
<br />
<br />
想把白名單快速轉成 nginx 使用的清單, 但是又不想寫太多程式。<br />
所以直接用 google spreadsheets 轉成 csv 功能<br />
透過 linux shell script 轉換成為 nginx 可以使用的清單<br />
<br />
在實際工作動作:<br />
客服人員:編輯 spreadsheets 檔案<br />
系統人員:白名單轉成檔案驗證,並 reload nginx 生效.<br />
<br />
## ----------------------------------------------------<br />
## linux script<br />
## ----------------------------------------------------<br />
#!/bin/bash<br />
# 編輯網址 , google doc 權限設定控制<br />
# 將 google doc 白名單取出成為 csv<br />
URL="https://docs.google.com/spreadsheets/d/{請改成你的網址}/pub?gid=0&single=true&output=csv"<br />
echo "w3m -dump '${URL}' > whitelist.csv" | sh<br />
<br />
# 備份原本的白名單<br />
mv -f customer_ip customer_ip.bak<br />
echo "# $(date -R) update." > customer_ip<br />
# 去除註解<br />
grep -v '#' "whitelist.csv" > tmp_file<br />
# 取行數<br />
max=$(wc -l tmp_file | cut -f1 -d" ")<br />
for i in `seq 1 $max`<br />
do<br />
line=$(awk "NR==${i}" tmp_file)<br />
action=$(echo $line | cut -d, -f1)<br />
cidr=$(echo $line | cut -d, -f2)<br />
echo "${action} ${cidr};" >> customer_ip<br />
done<br />
rm -f tmp_file<br />
#rm -f whitelist.csv<br />
<br />
# nginx 重新啟動<br />
# run in /etc/nginx/conf.d<br />
echo "restart NGINX service"<br />
systemctl reload nginx<br />
# return<br />
echo "OK! Done. csv URL in ${URL} ";<br />
## ----------------------------------------------------<br />
<br />
<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-58258138525180203952017-07-01T10:56:00.002+08:002017-07-01T10:56:30.524+08:00推力(Nudge):決定你的健康、財富與快樂 推力:決定你的健康、財富與快樂<br />
<br />
此書的作者<br />
<a href="http://www.books.com.tw/exep/prod/booksfile.php?item=0010445555">http://www.books.com.tw/exep/prod/booksfile.php?item=0010445555</a><br />
<br />
推力:決定你的健康、財富與快樂<br />
Nudge: Improving Decisions About Health, Wealth, and Happiness<br />
<br />
演講內容: 作者:Richard Thaler 在Google的演講<br />
<a href="http://www.youtube.com/watch?v=Dz9K25ECIpU">http://www.youtube.com/watch?v=Dz9K25ECIpU</a>
<br />
<br />
泛科學有一篇寫得很清楚, 可以快速的了解這本書要傳達的概念。<br />
<a href="http://pansci.asia/archives/69875">http://pansci.asia/archives/69875</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-FZTpJ9Ci4U4/WVcOw0qwwXI/AAAAAAAAPF4/S1z6fVYCRoAhw3qsTtDcBPodwXt-c7FTwCLcBGAs/s1600/20160504005616.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="551" data-original-width="656" height="268" src="https://3.bp.blogspot.com/-FZTpJ9Ci4U4/WVcOw0qwwXI/AAAAAAAAPF4/S1z6fVYCRoAhw3qsTtDcBPodwXt-c7FTwCLcBGAs/s320/20160504005616.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">傳統的文字激勵法</td></tr>
</tbody></table>
<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-L3cL3yOpqgM/WVcOvKBmB4I/AAAAAAAAPF0/gxwvMUEKecYk_XeKcVyZHrclKPjQk1v6gCEwYBhgL/s1600/58631588_e1484359ca_o.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="640" data-original-width="427" height="320" src="https://3.bp.blogspot.com/-L3cL3yOpqgM/WVcOvKBmB4I/AAAAAAAAPF0/gxwvMUEKecYk_XeKcVyZHrclKPjQk1v6gCEwYBhgL/s320/58631588_e1484359ca_o.jpg" width="213" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">荷蘭機場的蒼蠅便斗</td></tr>
</tbody></table>
<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/Dz9K25ECIpU" width="560"></iframe>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6854847.post-49603804040287191202017-07-01T10:43:00.001+08:002017-07-01T10:43:08.418+08:00Linux Performance 效能評估工具<br />
這個文章說明了系統個連接點的效能評估工具與方式。<br />
<a href="http://www.brendangregg.com/linuxperf.html">http://www.brendangregg.com/linuxperf.html</a><br />
<br />
netflix 工程師先透過 10 個工具在 60 秒告訴你,系統的效能摘要狀況...<br />
<a href="http://techblog.netflix.com/2015/11/linux-performance-analysis-in-60s.html">http://techblog.netflix.com/2015/11/linux-performance-analysis-in-60s.html</a><br />
<br />
接下來要仔細的分析效能上面的問題,透過 Brendan’s <a href="http://techblog.netflix.com/2015/08/netflix-at-velocity-2015-linux.html">Linux Performance Tools tutorial</a> 的這一篇文章來解釋。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.brendangregg.com/Perf/linux_observability_tools.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.brendangregg.com/Perf/linux_observability_tools.png" height="448" width="640" /></a></div>
<br />
<br />
每個指令都是獨有專精的效能評估工具<br />
例如 : perf <br />
<a href="https://perf.wiki.kernel.org/index.php/Main_Page">https://perf.wiki.kernel.org/index.php/Main_Page</a><br />
他是可以顯示CPU 上面資訊的計數器 及分析軟體、硬體的性能。<br />
<a href="http://wiki.csie.ncku.edu.tw/embedded/perf-tutorial">http://wiki.csie.ncku.edu.tw/embedded/perf-tutorial</a> 成大資工WIKI<br />
<br />
看起來就是折磨研究生的工具,但是工程師的好朋友。(泣...)<br />
<br />
其他就慢慢研究,遇到再來使用了。<br />
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0