Forum Index


Board index » All Posts




kubernetes k8s halo blog
#31
Just can't stay away
Just can't stay away


kubernetes halo blog demo

halo.dep.yaml

apiVersionapps/v1 # for versions before 1.9.0 use apps/v1beta2
kindDeployment
metadata
:
  
namehalo-blog
spec
:
  
selector:
    
matchLabels:
      
apphalo-blog
  replicas
# tells deployment to run 2 pods matching the template
  
template:
    
metadata:
      
labels:
        
apphalo-blog
    spec
:
      
containers:
      - 
namehalo-blog
        image
halohub/halo:1.6.0
        volumeMounts
:
        - 
namehalo-storage
          mountPath
: /root/.halo
      volumes
:
      - 
namehalo-storage
        hostPath
:
          
path: ~/k8s.storage/halo
          type
DirectoryOrCreate



halo.svc.yaml

apiVersionv1
kind
Service
metadata
:
  
namehalo-blog
  labels
:
    
apphalo-blog
spec
:
  
typeNodePort
  ports
:
    - 
port8090 # 集群内部通信的端口
      
targetPort8090 # 指向pods端口
      
nodePort30089 # 对外暴露的工作节点端口
  
selector:
    
apphalo-blog


halo.ingress.yaml

apiVersionnetworking.k8s.io/v1
kind
Ingress
metadata
:
  
namehalo-ingress
spec
:
  
rules:
  - 
hosthalo.16.9.8.16.nip.io
    http
:
      
paths:
      - 
path: /
        
pathTypePrefix
        backend
:
          
service:
            
namehalo-blog
            port
:
              
number8090

Posted on: 2022/10/13 14:37

Edited by eyex on 2022/10/24 16:40:19
Top


debian /etc/apt/sources.list
#32
Just can't stay away
Just can't stay away


debian /etc/apt/sources.list

# See http://www.debian.org/releases/stable ... e-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ bullseye-security main
deb-src http://security.debian.org/ bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main

## Uncomment the following two lines to add software from the 'backports'
## repository.
## 
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian bullseye-backports main
deb-src http://deb.debian.org/debian bullseye-backports main

Posted on: 2022/10/9 15:44
Top


linux split 分割文件
#33
Just can't stay away
Just can't stay away




split -l 2000 urls.txt --a 2    prefix_


-l:按行分割,上面表示将urls.txt文件按2000行一个文件分割为多个文件

-d:添加数字后缀,比如上图中的00,01,02

-a 2:表示用两位数据来顺序命名

prefix_:看上图就应该明白了,用来定义分割后的文件名前面的部分。

Posted on: 2022/9/4 18:29
Top


openssl aes256 加密一个文件
#34
Just can't stay away
Just can't stay away


用openssl加密一个文件

-aes256是加密方式 -in 表示指定原文件 -out 表示加密之后生成的文件 enc 表示对文件进行对称加密或解密

[root@common ~]# openssl enc -e -aes256 -in 1.sh -out 1.sh.bak
enter aes-256-cbc encryption password:
Verifying enter aes-256-cbc encryption password:


解密一个openssl加密的文件
-d 表示对文件进行解密操作。

[root@common ~]# openssl enc -d -aes256 -in 1.sh.bak -out new_1.sh
enter aes-256-cbc decryption password:


Posted on: 2022/7/25 15:39
Top


PostgreSQL 入门
#35
Just can't stay away
Just can't stay away


创建用户并授权

sudo -u postgres psql
psql
CREATE DATABASE 数据库名;
CREATE USER 用户名 WITH ENCRYPTED PASSWORD '密码';
GRANT ALL PRIVILEGES ON DATABASE 数据库名 TO 用户名;


更改用户密码


psql
ALTER USER 用户名 WITH PASSWORD '新密码';


允许远程访问
编辑 /etc/postgresql/13/main/pg_hba.conf, 当然如果你的版本不是13,那么路径里的版本号就要对应替换,在最后添加一行
host all all 0.0.0.0/0 md5

此外还需要更改配置文件 /etc/postgresql/13/main/postgresql.conf,将 #listen_addresses = 'localhost' 取消注释,改为:
listen_addresses '*'


设置 postgres 用户密码

连接上去之后,执行 \password 命令。

备份 PostgreSQL


30 3 * * * /usr/bin/pg_dumpall gzip -> /data/backup/postgres/full-backup-$(date +%F).sql.gz


常用命令
psql
l 列出数据库
c dbname 切换数据库
d 列出当前数据库所有表
d tablename 列出当前数据库中tablename表的表结构
du 列出所有用户






Posted on: 2022/7/22 12:04
Top


nginx php 安全配置
#36
Just can't stay away
Just can't stay away


/etc/nginx/sites-available/yii.test.conf

#  server configuration

server {
    
listen 80;
    
listen [::]:80;


     
access_log /var/log/nginx/yii.access.log;
     
error_log  /var/log/nginx/yii.error.log;

    include 
security_web.conf;

    
root /var/www/html/yii/web;

    
# Add index.php to the list if you are using PHP
    
index index.html index.htm index.nginx-debian.html index.php;

    
server_name yii.test;

    
location / {
        
# First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        # try_files $uri $uri/  /index.php$uri;

        
try_files $uri  @phpok;

    }


    
# pass PHP scripts to FastCGI server

    
location @phpok {
        
fastcgi_pass 127.0.0.1:9000;
             include      
fastcgi_params;

        
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        
fastcgi_param SCRIPT_NAME /index.php;
        
fastcgi_param PATH_INFO $uri;
    }





    
# deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /.ht {
    #    deny all;
    #}
}


/etc/nginx/security_web.conf





if ( $request_method !~ ^(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH)$ ) {
return 
500;
}



#禁特殊请求工具
if ($http_user_agent ~* "Wget|Curl|seo|sql|python|crawler|Crawler|mj12bot|AhrefsBot|SemrushBot|DotBot" ) {
return 
500;
break;
}

#过滤url参数
set $URL $request_uri;
if (
$URL ~* "root|x0|\[|\]|\$|eval|passthru|exec|system|chroot|chgrp|chown|shell_exec|proc_open|proc_get_status|ini_alter|ini_restore|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|fsocket|popen"){
return 
500;
break;
}


#禁特殊后缀
if ($URL ~* "\.\.|.asp|.xml|.jsp|.php|.aspx|.dev|.aspx|ewebeditor|.sql|.xsl|.asmx|.htaccess|.ini|.env|.git|.project|.cgi|.md5|ajax.js|.swf") {
return 
500;
break;
}

  
#禁空 UA
if ($http_user_agent ~* ^$) {
return 
500;
break;
}

Posted on: 2022/7/18 12:05

Edited by eyex on 2022/7/18 16:31:59
Edited by eyex on 2022/8/5 9:46:26
Edited by eyex on 2022/9/26 11:19:00
Edited by eyex on 2022/9/26 11:19:38
Top


xmpp 推送服务器报警
#37
Just can't stay away
Just can't stay away


#!/usr/bin/env python3


import os

MAX_LOAD  
0.2

def topmsg
():
    
topmsg os.popen("top -b -n 1").readlines()[0:5]
    return 
topmsg

def osload
(loadstr):
    
load_num loadstr.split('load average: ')[1].split(", ")[0]
    return 
floatload_num ) > MAX_LOAD

def sendmsg
(msg_list):
    
msg_list.insert(0"cpu load alert rnrn")
    return 
"".join(msg_list)



def sendtoxmpp(msg):
    
command_str " xmpp-message    --jabberid  ryi@jabber.fr  --password  psdpsd  --receiver rayzhitch.org --message '" msg.replace("'""'") + "'"
    
tomsg os.popen(command_str).read()
    return 
tomsg



if __name__ == '__main__':
    
msg topmsg()
    if 
osload(msg[0]) :
       print( 
sendtoxmppsendmsg(msg) ))
    else :
        print(
"it's nothing")

Posted on: 2022/7/6 18:10
Top


ubuntu 交换Esc和CapsLock按键
#38
Just can't stay away
Just can't stay away


ubuntu 交换Esc和CapsLock按键

sudo vim /etc/default/keyboard


There you will see the line:
XKBOPTIONS=""


Change it to:
XKBOPTIONS="caps:swapescape"


and reboot

Posted on: 2022/3/26 22:42
Top


ubuntu xrdp authentication is required to create a color profile
#39
Just can't stay away
Just can't stay away


Create /etc/polkit-1/localauthority/50-local.d/color.pkla (note: .pkla extension is required) with the following contents:

[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile;org.freedesktop.packagekit.system-sources-refresh
ResultAny
=yes
ResultInactive
=yes
ResultActive
=yes

Posted on: 2022/3/25 11:48
Top


SSH 免密码登陆 密钥登录
#40
Just can't stay away
Just can't stay away


1. ssh-keygen命令生成密钥
ssh-keygen


2. 上传ssh公钥
2.1 手动上传 (不推荐)
cat ~/.ssh/id_rsa.pub ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"


chmod 644 ~/.ssh/authorized_keys

2.2 ssh-copy-id 自动上传公钥
ssh-copy-id -i id_rsa  xlxz@xlxz.org


3. ssh-agent ssh-add 命令

3.1 ssh-agent命令它让用户在整个 Bash 对话(session)之中,只在第一次使用 SSH 命令时输入密码,然后将私钥保存在内存中,后面都不需要再输入私钥的密码了
ssh-agent bash


3.2 使用ssh-add命令添加私钥
ssh-add  id_rsa


4 使用 ssh 命令正常登录远程服务器。

ssh  xlxz@xlxz.org


5 关闭密码登录
对于 OpenSSH,具体方法就是打开服务器 sshd 的配置文件/etc/ssh/sshd_config,将PasswordAuthentication这一项设为no。
$  vim /etc/ssh/sshd_config

PasswordAuthentication no








Posted on: 2022/2/17 15:07
Top



TopTop
« 1 2 3 4 5 6 7 ... 11 »



friend links
Themes

(2 themes)
Login
Username:

Password:


Lost Password?
Register now!
Categories
Xoops (11)
--Modules (2)
--Themes (0)
Article (8)