需求
手里有一个通用节点池,就是http/https/socks4/socks5的代理集,从中找到一个速度比较快的,正好用来配置Relay协议
说明
Shadowrocket客户端,支持多种协议,可以任意协议的进行中转和落地,本文视频只示范了一个协议的链条,实际可以跨协议的链。
清单
1、 入口服务器,浙江宁波的socks5://210.83.*.4:10808,它的落地在日本linode的 172.104.*.*,这个是来自通用代理池
2、落地服务器,新加坡的OVZ便宜服务器,这个是自有的,用Gost配置了一个带用户名/密码的socks5
配置实施、Shadowrocket配置
1、常规添加入口服务器的socks5
2、常规添加落地服务器的socks5
3、点击落地服务器的右侧的圈i小标记,点击转发,选择入口服务器
完成后的样子,选择落地节点,直接连接即可。
视频
需求
各类公网的数据库,都限制了请求频次,有时候,自己需要批量的查询需求,得不到满足,于是,有了,自己掌握数据,自己搭建可供查询服务的需求
清单
1、数据库
2、基于Flask的API接口模块
配置清单
1、主程序文件
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Dasmz
# 2022-3-14
import datetime
import time
import flask
import ipaddress
import sqlite3
import ISO_3166_1
myDB = '这里是数据库的文件路径'
def getNow():
return datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
def IPIsValid(vIPv4):
try:
vBLACKIPs = ['8.8.8.8', '1.1.1.1','0.0.0.0','255.255.255.255','192.168.1.1','1.0.0.0','6.6.6.6']
if ipaddress.IPv4Address(vIPv4) != ipaddress.IPv4Address('127.0.0.1') and vIPv4 not in vBLACKIPs:
return 'Y'
else:
return 'N'
except Exception as e:
print(e)
print('Tracker.Error.82aE9F6a40E38E40.IPIsValid')
return 'N'
def getIPNetwork(aIPv4):
x = aIPv4.split('.')
x[3] = '0'
return '.'.join(x)
def getIPRangeNetwork(aIPv4):
x = aIPv4.split('.')
return ["%s.%s.%d.0" % (x[0],x[1],i) for i in range(0,256)]
def runSelectSQL(aDB, aSQL):
'''
RETURN LIST
'''
try:
conn = sqlite3.connect(aDB)
csr = conn.cursor()
csr.execute(aSQL)
vData = csr.fetchall()
conn.close()
return vData
except Exception as e:
print("Tracker.Error.82aE9F6a40E38E40.runSelectSQL")
print(e)
return []
finally:
conn.close()
def procedureIP(aIPv4):
try:
vIP = getIPNetwork(aIPv4 = aIPv4) # 202.23.99.44 -> 202.23.99.0
vSQL = "select location from ip where ip = '%s';" % vIP
print(" + SQL: %s" % vSQL)
vData = runSelectSQL(aDB = myDB, aSQL = vSQL)
if vData[0][0]:
if vData[0][0].startswith('CN-'):
return vData[0][0].split()[0].replace('CN-','')
else:
return getCountryZHName(vData[0][0].split()[0])
else:
return '404'
except Exception as e:
print("Tracker.Error.aCCbfEAaCcfEBCD7.procedureIP")
print(e)
print("\n('%s','NotFoundTag')," % (vIP))
return '404'
def procedureIP_full(aIPv4):
try:
vIP = getIPNetwork(aIPv4 = aIPv4) # 202.23.99.44 -> 202.23.99.0
vSQL = "select location from ip where ip = '%s';" % vIP
print(" + SQL: %s" % vSQL)
vData = runSelectSQL(aDB = myDB, aSQL = vSQL)
if vData[0][0]:
return vData[0][0]
else:
return '404'
except Exception as e:
print("Tracker.Error.aCCbfEAaCcfEBCD7.procedureIP")
print(e)
print("\n('%s','NotFoundTag')," % (vIP))
return '404'
def getCountryZHName(char2code):
try:
return ISO_3166_1.iso_3166_1.get(char2code)
except Exception as e:
print("Tracker.Error.D1b808762AC4dCAA.getCountryZHName")
print(e)
return '未知-%s' % char2code
app = flask.Flask(__name__)
@app.route('/ipservice', methods=['GET'])
def ipservice():
try:
aIP = flask.request.args.get("ip")
aIPOK = IPIsValid(vIPv4 = aIP)
if aIPOK == 'Y':
print("\n\n\n + Target IP Address: %s" % aIP)
vData = procedureIP(aIPv4 = aIP)
return vData
else:
return '404'
except Exception as e:
print("Tracker.Error.67daA1cB92BBBafc.ipmsg")
print(e)
return '404'
@app.route('/ipservicefull', methods=['GET'])
def ipservicefull():
try:
aIP = flask.request.args.get("ip")
aIPOK = IPIsValid(vIPv4 = aIP)
if aIPOK == 'Y':
print("\n\n\n + Target IP Address: %s" % aIP)
vData = procedureIP_full(aIPv4 = aIP)
return vData
else:
return '404'
except Exception as e:
print("Tracker.Error.67daA1cB92BBBafc.ipmsg")
print(e)
return '404'
if __name__ == "__main__":
app.run(host='0.0.0.0',port=18040)
ISO标准国家地区代码文件 ISO_3166_1.py 主要就是一个对照关系的字典,增加了一个UK英国,自己习惯用UK表示英国,这个GB才是其非标准定义。
iso_3166_1 = {
"AX":"奥兰群岛",
"AL":"阿尔巴尼亚",
"DZ":"阿尔及利亚",
"AS":"美属萨摩亚",
"AD":"安道尔",
"AO":"安哥拉",
"AI":"安圭拉",
"AQ":"南极洲",
"AG":"安提瓜和巴布达",
"AR":"阿根廷",
"AM":"亚美尼亚",
"AW":"阿鲁巴",
"AU":"澳大利亚",
"AT":"奥地利",
"AZ":"阿塞拜疆",
"BS":"巴哈马",
"BH":"巴林",
"BD":"孟加拉国",
"BB":"巴巴多斯",
"BY":"白俄罗斯",
"BE":"比利时",
"BZ":"伯利兹",
"BJ":"贝宁",
"BM":"百慕大",
"BT":"不丹",
"BO":"玻利维亚",
"BA":"波黑",
"BW":"博茨瓦纳",
"BV":"布维岛",
"BR":"巴西",
"IO":"英属印度洋领地",
"BN":"文莱",
"BG":"保加利亚",
"BF":"布基纳法索",
"BI":"布隆迪",
"KH":"柬埔寨",
"CM":"喀麦隆",
"CA":"加拿大",
"CV":"佛得角",
"KY":"开曼群岛",
"CF":"中非",
"TD":"乍得",
"CL":"智利",
"CN":"中国",
"CX":"圣诞岛",
"CC":"科科斯群岛",
"CO":"哥伦比亚",
"KM":"科摩罗",
"CG":"刚果布",
"CD":"刚果金",
"CK":"库克群岛",
"CR":"哥斯达黎加",
"CI":"科特迪瓦",
"HR":"克罗地亚",
"CU":"古巴",
"CY":"塞浦路斯",
"CZ":"捷克",
"DK":"丹麦",
"DJ":"吉布提",
"DM":"多米尼克",
"DO":"多米尼加",
"EC":"厄瓜多尔",
"EG":"埃及",
"SV":"萨尔瓦多",
"GQ":"赤道几内亚",
"ER":"厄立特里亚",
"EE":"爱沙尼亚",
"ET":"埃塞俄比亚",
"FK":"福克兰群岛",
"FO":"法罗群岛",
"FJ":"斐济",
"FI":"芬兰",
"FR":"法国",
"GF":"法属圭亚那",
"PF":"法属波利尼西亚",
"TF":"法属南部领地",
"GA":"加蓬",
"GM":"冈比亚",
"GE":"格鲁吉亚",
"DE":"德国",
"GH":"加纳",
"GI":"直布罗陀",
"GR":"希腊",
"GL":"格陵兰",
"GD":"格林纳达",
"GP":"瓜德罗普",
"GU":"关岛",
"GT":"危地马拉",
"GG":"格恩西岛",
"GN":"几内亚",
"GW":"几内亚比绍",
"GY":"圭亚那",
"HT":"海地",
"HM":"赫德岛和麦克唐纳岛",
"VA":"梵蒂冈",
"HN":"洪都拉斯",
"HK":"中国香港",
"HU":"匈牙利",
"IS":"冰岛",
"IN":"印度",
"ID":"印度尼西亚",
"IR":"伊朗",
"IQ":"伊拉克",
"IE":"爱尔兰",
"IM":"英国属地曼岛",
"IL":"以色列",
"IT":"意大利",
"JM":"牙买加",
"JP":"日本",
"JE":"泽西岛",
"JO":"约旦",
"KZ":"哈萨克斯坦",
"KE":"肯尼亚",
"KI":"基里巴斯",
"KP":"朝鲜",
"KR":"韩国",
"KW":"科威特",
"KG":"吉尔吉斯斯坦",
"LA":"老挝",
"LV":"拉脱维亚",
"LB":"黎巴嫩",
"LS":"莱索托",
"LR":"利比里亚",
"LY":"利比亚",
"LI":"列支敦士登",
"LT":"立陶宛",
"LU":"卢森堡",
"MO":"中国澳门",
"MK":"前南马其顿",
"MG":"马达加斯加",
"MW":"马拉维",
"MY":"马来西亚",
"MV":"马尔代夫",
"ML":"马里",
"MT":"马耳他",
"MH":"马绍尔群岛",
"MQ":"马提尼克",
"MR":"毛利塔尼亚",
"MU":"毛里求斯",
"YT":"马约特",
"MX":"墨西哥",
"FM":"密克罗尼西亚联邦",
"MD":"摩尔多瓦",
"MC":"摩纳哥",
"MN":"蒙古",
"ME":"黑山",
"MS":"蒙特塞拉特",
"MA":"摩洛哥",
"MZ":"莫桑比克",
"MM":"缅甸",
"NA":"纳米比亚",
"NR":"瑙鲁",
"NP":"尼泊尔",
"NL":"荷兰",
"AN":"荷属安的列斯",
"NC":"新喀里多尼亚",
"NZ":"新西兰",
"NI":"尼加拉瓜",
"NE":"尼日尔",
"NG":"尼日利亚",
"NU":"纽埃",
"NF":"诺福克岛",
"MP":"北马里亚纳",
"NO":"挪威",
"OM":"阿曼",
"PK":"巴基斯坦",
"PW":"帕劳",
"PS":"巴勒斯坦",
"PA":"巴拿马",
"PG":"巴布亚新几内亚",
"PY":"巴拉圭",
"PE":"秘鲁",
"PH":"菲律宾",
"PN":"皮特凯恩",
"PL":"波兰",
"PT":"葡萄牙",
"PR":"波多黎各",
"QA":"卡塔尔",
"RE":"留尼汪",
"RO":"罗马尼亚",
"RU":"俄罗斯联邦",
"RW":"卢旺达",
"SH":"圣赫勒拿",
"KN":"圣基茨和尼维斯",
"LC":"圣卢西亚",
"PM":"圣皮埃尔和密克隆",
"VC":"圣文森特和格林纳丁斯",
"WS":"萨摩亚",
"SM":"圣马力诺",
"ST":"圣多美和普林西比",
"SA":"沙特阿拉伯",
"SN":"塞内加尔",
"RS":"塞尔维亚",
"SC":"塞舌尔",
"SL":"塞拉利昂",
"SG":"新加坡",
"SK":"斯洛伐克",
"SI":"斯洛文尼亚",
"SB":"所罗门群岛",
"SO":"索马里",
"ZA":"南非",
"GS":"南乔治亚岛和南桑德韦奇岛",
"ES":"西班牙",
"LK":"斯里兰卡",
"SD":"苏丹",
"SR":"苏里南",
"SJ":"斯瓦尔巴岛和扬马延岛",
"SZ":"斯威士兰",
"SE":"瑞典",
"CH":"瑞士",
"SY":"叙利亚",
"TW":"台湾",
"TJ":"塔吉克斯坦",
"TZ":"坦桑尼亚",
"TH":"泰国",
"TL":"东帝汶",
"TG":"多哥",
"TK":"托克劳",
"TO":"汤加",
"TT":"特立尼达和多巴哥",
"TN":"突尼斯",
"TR":"土耳其",
"TM":"土库曼斯坦",
"TC":"特克斯和凯科斯群岛",
"TV":"图瓦卢",
"UG":"乌干达",
"UA":"乌克兰",
"AE":"阿联酋",
"GB":"英国",
"US":"美国",
"UM":"美国本土外小岛屿",
"UY":"乌拉圭",
"UZ":"乌兹别克斯坦",
"VU":"瓦努阿图",
"VE":"委内瑞拉",
"VN":"越南",
"VG":"英属维尔京群岛",
"VI":"美属维尔京群岛",
"WF":"瓦利斯和富图纳",
"EH":"西撒哈拉",
"YE":"也门",
"YU":"南斯拉夫",
"ZM":"赞比亚",
"ZW":"津巴布韦",
"UK":"英国",
}
自用的API地址,不公开地址。
需求描述
需要一些API地址,用来查询IP地址的归属国家/地区,查询IP地址的ISP信息,AS信息。
1、段落1,http://ip-api.com/YourSearchIP
获取其返回值的 countryCode as 字段的信息
curl http://ip-api.com/204.44.115.22
{
"status" : "success",
"continent" : "North America",
"continentCode": "NA",
"country" : "United States",
"countryCode" : "US",
"region" : "TX",
"regionName" : "Texas",
"city" : "Dallas",
"district" : "",
"zip" : "75247",
"lat" : 32.8137,
"lon" : -96.8704,
"timezone" : "America/Chicago",
"offset" : -18000,
"currency" : "USD",
"isp" : "QuadraNet Enterprises LLC",
"org" : "Security Frame",
"as" : "AS8100 QuadraNet Enterprises LLC",
"asname" : "ASN-QUADRANET-GLOBAL",
"mobile" : false,
"proxy" : false,
"hosting" : true,
"query" : "204.44.115.22"
}
2. 段落2、http://ipinfo.io/YourSearchIP/geo
获取其返回值的 country org 字段的信息
curl http://ipinfo.io/204.44.115.22/geo
{
"ip": "204.44.115.22",
"hostname": "geek.gonetell.com",
"city": "Dallas",
"region": "Texas",
"country": "US",
"loc": "32.8152,-96.8703",
"org": "AS8100 QuadraNet Enterprises LLC",
"postal": "75247",
"timezone": "America/Chicago",
"readme": "https://ipinfo.io/missingauth"
}
3、段落3、https://ipapi.co/YourSearchIP/json
获取其返回值的 country_code asn org 字段的信息
curl https://ipapi.co/204.44.115.22/json
{
"ip": "204.44.115.22",
"version": "IPv4",
"city": "Dallas",
"region": "Texas",
"region_code": "TX",
"country": "US",
"country_name": "United States",
"country_code": "US",
"country_code_iso3": "USA",
"country_capital": "Washington",
"country_tld": ".us",
"continent_code": "NA",
"in_eu": false,
"postal": "75247",
"latitude": 32.8137,
"longitude": -96.8704,
"timezone": "America/Chicago",
"utc_offset": "-0500",
"country_calling_code": "+1",
"currency": "USD",
"currency_name": "Dollar",
"languages": "en-US,es-US,haw,fr",
"country_area": 9629091.0,
"country_population": 327167434,
"asn": "AS8100",
"org": "ASN-QUADRANET-GLOBAL"
}
需求
下载一些电子书PDF,供自己阅读,这个网站收录最多,可供下载的类型非常多。
网站地址
Z-library官网地址 https://zh.z-lib.org/
Z-libraray的维基信息地址 https://zh.wikipedia.org/wiki/Z-Library
可选,
1、无需注册,更换IP,进行下载文件
2、注册,登录,捐赠1美元,无限制下载
段落1、需求
本地的环境是Debian / Ubuntu的Linux环境,需要安装openvpn3客户端,并连接到已有的服务端上。
客户端项目地址 https://github.com/OpenVPN/openvpn3-linux
段落2、openvpn3客户端安装
参考 https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux
登录本地的Debian / Ubuntu客户端的Linux环境,编辑文件 /etc/apt/sources.list.d/openvpn3.list
添加内容
# OpenVPN3 Official Apt Repository for openvpn3. deb https://swupdate.openvpn.net/community/openvpn3/repos stretch main
// 执行更新 root@client:~# apt-get update // 安装必要的组件 root@client:~# apt install apt-transport-https build-essential libssl-dev // 添加密钥 root@client:~# wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub root@client:~# apt-key add openvpn-repo-pkg-key.pub // 再次更新 root@client:~# apt-get update root@client:~# apt-get upgrade // 安装客户端 root@client:~# apt install openvpn3
// 正常安装的提示信息 Setting up libjsoncpp1:amd64 (1.7.4-3) ... Setting up python3-dbus (1.2.4-1+b1) ... Setting up python3-gi (3.22.0-2) ... Setting up openvpn3 (16~beta+stretch) ... openvpn3-autoload.service is a disabled or a static unit, not starting it.
段落3、欢快使用openvpn3客户端
附录、报错记录1,如果,安装时候的报错信息如下
The following packages have unmet dependencies:
openvpn3 : Depends: libcap-ng0 (>= 0.7.9) but 0.7.7-3+b1 is to be installed
Depends: libgcc-s1 (>= 3.0) but it is not installable
Depends: libprotobuf17 but it is not installable
Depends: libssl1.1 (>= 1.1.1) but 1.1.0l-1~deb9u4 is to be installed
Depends: libstdc++6 (>= 9) but 6.3.0-18+deb9u1 is to be installed
Depends: libtinyxml2-6a (>= 6.0.0) but it is not installable
E: Unable to correct problems, you have held broken packages.
此报错,大概率,是你编辑文件 /etc/apt/sources.list.d/openvpn3.list 文件中,你当前的Debian/Ubuntu发型版本的名称写错了。
问题描述
上次刷机的迅雷赚钱包ARM机器,armbian里面没有iptables,其基于Debian 10的,那安装即可,但是,安装后出现报错
查看系统版本
lsb_release -a
Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster
uname -a
Linux ARMXLII 3.10.36 #52 SMP PREEMPT Mon Mar 15 14:14:47 CST 2021 armv7l GNU/Linux
安装过程
apt-get update apt-get install iptables iptables-persistent
查看防火墙的状态
iptables -L -v
执行上面查看防火墙状态的命令,出现的报错提示
iptables v1.8.2 (nf_tables): TABLE_ADD failed (Invalid argument): table filter
报错的原因,其实就是预设的nf_tables,没有加载到对应的模块,把iptables-legacy启用即可,感谢留言解决此问题。
执行命令
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
本篇章博客介绍,如何给你的服务器,增加IPv6地址
网络配置,有一定的风险,请勿直接在生产环境进行,请先用虚拟机测试OK,再进行生产实践。
网络配置,有一定的风险,请勿直接在生产环境进行,请先用虚拟机测试OK,再进行生产实践。
网络配置,有一定的风险,请勿直接在生产环境进行,请先用虚拟机测试OK,再进行生产实践。
假设你公网网卡名称为 eth0,本文以此名称示例,请修改到你自己的网卡名称
假设你的公网IPv6地址为 address 20a1:0db1:0021:0008:0000:0000:6115:eb3f
假设你的公网IPv6网关为 gateway 20a1:0db1:0021:0008:0000:0000:0000:0001
假设你的公网IPv6掩码为 netmask 64
段落1、如果系统为Debian / Ubuntu 16.04
修改
/etc/network/interfaces.d/90-ipv6
iface eth0 inet6 static
accept_ra 0
address 20a1:0db1:0021:0008:0000:0000:6115:eb3f
netmask 64
mtu 1500
gateway 20a1:0db1:0021:0008:0000:0000:0000:0001
重启网络服务
systemctl restart networking
段落2、如果系统为Ubuntu 18.04 / 20.04
修改
/etc/netplan/90-ipv6.yaml
network:
ethernets:
eth0:
addresses:
- 20a1:0db1:0021:0008:0000:0000:6115:eb3f/64
gateway6: 20a1:0db1:0021:0008:0000:0000:0000:0001
version: 2
应用到网络
netplan apply
段落3、如果系统为CentOS / AlmaLinux
修改 /etc/sysconfig/network-scripts/ifcfg-eth0 增加 IPV6ADDR=20a1:0db1:0021:0008:0000:0000:6115:eb3f/64 IPV6INIT=yes IPV6_DEFAULTGW=20a1:0db1:0021:0008:0000:0000:0000:0001%eth0 重启网络服务 systemctl restart network
上面任意系统修改后,记得查看一下网络状况
ip -6 addr
附录、如果商家给你的是一个/64透传的地址,则可能优先按照商家的教程配置,网络复杂,根据实际的配置
比如下面的配置,增加在 /etc/network/interfaces
iface ens3 inet6 static
address 2a06:af81:1:8682::1/64
gateway fe80::1
网络配置文件 /etc/network/interfaces的典型IPv6配置
# The primary network interface auto eth0 iface eth0 inet static address 15.12.178.81 netmask 255.255.255.0 gateway 15.12.178.1 iface eth0 inet6 static accept_ra 0 address 2a04:ac0d:101:84e:: netmask 64 gateway 2a04:ac0d:0101:0000:0000:0000:0000:0001 post-up /sbin/ip -r route add 2a04:ac0d:0101:0000:0000:0000:0000:0001 dev eth0 post-up /sbin/ip -r route add default via 2a04:ac0d:0101:0000:0000:0000:0000:0001
# OVZ Debian 9 iface venet0 inet6 static address ::2 netmask 128 up ip -6 r a default dev venet0 up ip addr add 210b:5100:60:370f:d3::5cb4/80 dev venet0
参数示意
1、 eth0为网卡 名称
2、 static静态地址
3、address为IP地址
4、netmask掩码
5、gateway网关
6、ip命令增加路由
段落1、需求
服务器的IPv4看Netflix,没希望,被Netflix的IP地址库封的死死的,手里有一台服务器,它的IPv6地址是英国的原生IPv6,可以支持观看Netflix
那么,就简单了,我们通过配置让Netflix的流量走到IPv6出口即可
入站的流量通过服务器的IPv4地址进入,出站的Netflix流量通过原生IPv6出站,其余非Netflix流媒体的流量,还是通过IPv4出站
通过 基于sjlleo/netflix-verify,检测VPS服务器IP地址或节点IP是否支持Netflix流媒体 2022-2-28
段落2、部署操作
操作1-3
// 在routing的rules列表中增加Netflix的相关域名,指定它走IPv6的路由
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"netflix.com",
"netflix.net",
"netflixdnstest1.com",
"netflixdnstest2.com",
"netflixdnstest3.com",
"netflixdnstest4.com",
"netflixdnstest5.com",
"netflixdnstest6.com",
"netflixdnstest7.com",
"netflixdnstest8.com",
"netflixdnstest9.com",
"netflixdnstest10.com",
"netflixinvestor.com",
"netflixtechblog.com",
"nflxext.com",
"nflximg.com",
"nflximg.net",
"nflxsearch.net",
"nflxso.net",
"nflxvideo.net",
"geosite:netflix"
],
"outboundTag": "IPv6_OUT"
},
{
"type": "field",
"outboundTag": "IPv4_OUT",
"network": "udp,tcp"
}
]
},
操作2-3
// 在入站的inbounds中增加"sniffing"的参数
"inbounds": [
{
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"clients": [
{
"id": "dc0d52a2-c6c3-44e4-85cf-b479f736c378",
"alterId": 0
}
]
},
"port": 8080,
"protocol": "vmess"
}
],
操作3-3
// 在outbounds出站中区分开IPv4/IPv6两项内容
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "IPv4_OUT"
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv6"
},
"tag": "IPv6_OUT"
},
{
"settings": {},
"protocol": "blackhole",
"tag": "blocked"
}
]
段落9、额外信息
同理,一些主流的支持IPv6的网站,也可以根据这个办法,进行IPv6分流
"geosite:netflix" "geosite:google" "geosite:youtube"
还有一种方式备用,sni+dnsmasq 分流
搭建完后,修改配置/etc/sniproxy.conf,设置ipv6优先,完重启机器
resolver {
nameserver 8.8.8.8
nameserver 8.8.4.4 # local dns should be better
mode ipv6_first
}
段落1、需求
在Ubuntu 20.04 LTS环境上,编译安装MySQL数据库
段落2、部署实施
更新包索引
apt-get update
安装MySQL Server
apt install mysql-server
安装的一些包信息如下
The following NEW packages will be installed: libcgi-fast-perl libcgi-pm-perl libencode-locale-perl libevent-core-2.1-7 libevent-pthreads-2.1-7 libfcgi-perl libhtml-parser-perl libhtml-tagset-perl libhtml-template-perl libhttp-date-perl libhttp-message-perl libio-html-perl liblwp-mediatypes-perl libmecab2 libtimedate-perl liburi-perl mecab-ipadic mecab-ipadic-utf8 mecab-utils mysql-client-8.0 mysql-client-core-8.0 mysql-common mysql-server mysql-server-8.0 mysql-server-core-8.0 0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded. Need to get 31.4 MB of archives. After this operation, 262 MB of additional disk space will be used. Do you want to continue? [Y/n] Y
段落3、MySQL的安全加固
mysql_secure_installation
Press y|Y for Yes, any other key for No: y LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2 // 数据MySQL数据库root用户的密码,密码可自定义,假设密码为,CbA5_eaC8_b0d4_Ff0a_2b76,输入密码时候,密码不显示,直接输入按回车 New password: CbA5_eaC8_b0d4_Ff0a_2b76 Re-enter new password: CbA5_eaC8_b0d4_Ff0a_2b76 Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y // 移除匿名用户 Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y // 禁止root远程登录 Disallow root login remotely? (Press y|Y for Yes, any other key for No) : N // 移除测试库实例 Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y // 重载一下权限 Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
段落4、创建数据库的普通帐号
root@UK-d68b93f1d5:~# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10 Server version: 8.0.28-0ubuntu0.20.04.3 (Ubuntu) Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
// 数据库的版本信息 Server version: 8.0.28-0ubuntu0.20.04.3 (Ubuntu) // 进入数据库,需要输入刚刚的密码 root@server:~# mysql -u root -p // 创建数据库的普通用户 wordpress,看你本地版本,选择创建普通用户的命令,二选一执行 // MySQL 8.0, caching_sha2_password is the default authentication plugin // MySQL 5.7, mysql_native_password is the default mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'wordpress_57AADFEF668Ae2E8E6285858'; mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED WITH mysql_native_password BY 'wordpress_57AADFEF668Ae2E8E6285858'; // 如果是删除普通用户 wordpress mysql> DROP USER 'wordpress'@'localhost'; // 如果是删除普通的数据库实例 wordpress mysql> drop database wordpress; // 查看数据库中的用户 mysql> select User from mysql.user; // 查看数据库中的数据库实例 mysql> show databases; // 创建一个数据库实例 wordpress // MySQL 8.0比较推荐使用 utf8mb4 // MySQL 5.5比较推荐使用 utf8 // MySQL supports two kinds of UTF8 character sets: utf8 and utf8mb4 // MySQL's utf8mb4 character table is a superset of BMP and contains also 4-bytes characters. This character tables is supported since MySQL 5.5.3 // MySQL version 5.5.3 or later, use the utf8mb4 character set mysql> create database wordpress character set utf8mb4 collate utf8mb4_bin; mysql> create database wordpress character set utf8 collate utf8_bin; // 把普通数据库账号和数据库实例关联起来 mysql> GRANT ALL privileges ON wordpress.* to wordpress@localhost; // 也可以只把某个表的权限给到数据库用户 mysql> GRANT PRIVILEGE ON wordpress.tablename TO 'wordpress'@'host'; // 如果是单项权限的修改,可参考命令 mysql> GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES, RELOAD on wordpress.* TO 'wordpress'@'localhost' WITH GRANT OPTION; // 权限生效 mysql> flush privileges; // 推出交互 mysql> exit // 查看MySQL服务状态 systemctl status mysql.service systemctl restart mysql.service