openwares.net

命令行获取macos系统相关信息

Posted on 2020-02-23 Edited on 2020-12-07 In Misc

References:
[1]Get OS X System Info from the Command Line

macos write img to usb stick

Posted on 2020-02-15 Edited on 2020-12-07 In Misc

insert usb stick, the device name of usb stick is /dev/disk2

$ diskutil list #find device name of usb stick
/dev/disk2 (external, physical):
 #: TYPE NAME SIZE IDENTIFIER
 0: GUID_partition_scheme *32.2 GB disk2
 1: EFI TAILS 8.6 GB disk2s1
$ diskutil unmountdisk /dev/disk2
$ sudo dd if=tails-amd64-4.3.img of=/dev/disk2 bs=64m
$ diskutil eject /dev/disk2

firefox使用dnscrypt-proxy内建doh服务器

Posted on 2020-02-10 Edited on 2020-12-07 In Misc

dnscrypt-proxy内建doh服务器，可以为本机或外部提供doh服务

本地使用

先生成自签证书

1	$ openssl req -x509 -nodes -newkey rsa:2048 -days 5000 -sha256 -keyout localhost.pem -out localhost.pem

编辑/usr/local/etc/dnscrypt-proxy.toml，添加

\[local_doh\]
 listen_addresses = \['127.0.0.1:3000'\]
 path = "/dns-query"
 cert_file = "localhost.pem"
 cert_key_file = "localhost.pem"

重启dnscrypt-proxy服务

1	$ sudo brew services restart dnscrypt-proxy

打开firefox浏览器，访问https://127.0.0.1:3000/dns-query并接受自签证书
然后输入about:config配置如下选项：

network.trr.custom_uri = https://127.0.0.1:3000/dns-query
network.trr.uri = https://127.0.0.1:3000/dns-query
network.trr.resolvers = \[{ "name": "local", "url": "https://127.0.0.1:3000/dns-query" }\]
network.trr.mode = 3
network.security.esni.enabled = true

重新启动firefox，访问Browsing Experience Security Check检查浏览器设置结果。

References:
[1]Local DoH

nginx启用ssl_preread时获取客户真实ip地址

Posted on 2020-02-07 Edited on 2020-12-07 In GNU/Linux

使用ssl_preread分流请求时，真正的服务程序无法获取到真实的客户ip，这时候可以借助proxy_protocol来获取真实的客户ip地址

http {
 proxy_headers_hash_bucket_size 6400; #添加此行
 include mime.types;
 default_type application/octet-stream;

 log_format main '$proxy_protocol_addr - $remote_user \[$time_local\] "$request" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" "$http_x_forwarded_for"'; #修改此行,用$proxy_protocol_addr替换$remote_addr
...

server {
 listen 8443 ssl http2 proxy_protocol default_server;#此行添加proxy_protocol指令
...
# ssl preread for request certs
stream {
 map $ssl_preread_alpn_protocols $tls_port {
 ~\\bacme-tls/1\\b 10443;
 default 8443;
 }
 server {
 listen 443;
 listen \[::\]:443;
 proxy_pass 127.0.0.1:$tls_port;
 proxy_protocol on; #添加此行
 ssl_preread on;
 }
}

这样access日志就可以获取到真实的客户ip地址($proxy_protocol_addr)了，但是nginx的error日志格式无法改变，只能更改日志级别，因此preread之后的错误日志就没办法了。

Xpra入门

Posted on 2020-02-04 Edited on 2020-12-07 In GNU/Linux

ssh x11 forward太慢了，真的。

Xpra除了很快，还可以后台运行gui应用，被称为screen for X11。还可以远程运行整个桌面。

下面使用macos远程使用debian buster系统上的gui application

安装

debian端:

1
2
3

$ wget -q https://xpra.org/gpg.asc -O- sudo apt-key add -
$ sudo add-apt-repository "deb https://xpra.org/ buster main"
$ sudo apt update && sudo apt install xpra -y

mac端：
下载Xpra.pkg安装即可。
或者

1	$ brew cask install xpra

运行

通过ssh隧道运行

linux/macos平台:

一次性运行gui应用，结束时自动关闭xpra服务

1	$ xpra start ssh://user@host --start-child=xlogo --exit-with-children=yes --speaker=off --webcam=no

启动gui应用,结束时不关闭xpra服务，可以再次附加到gui应用程序

1	$ xpra start ssh://user@host --start-child=xlogo

断开后可以重新附加到已经运行的gui应用

1	$ xpra attach ssh://user@host

windows平台：

1	cmd> xpra_cmd start ssh://user@host --ssh="C:\\\\Program Files\\\\putty\\\\Plink.exe -ssh -noagent -i c:\\\\***.ppk -P 22" --start-child=xlogo --exit-with-children=yes --speaker=off --webcam=no

其他命令

列出所有会话

1	$ xpra list

终止所有会话

1	$ xpra stop

输入法
服务器上安装ibus

1	$ sudo apt install ibus-pinyin

配置ibus

1	$ xpra start ssh://user@host --exit-with-children=yes --speaker=off --webcam=no --input-method=IBus --start-child="ibus-setup"

运行firefox，同时启动ibus输入法

1	$ xpra start ssh://user@host --start-child=firefox --exit-with-children=yes --speaker=off --webcam=no --input-method=IBus --start-child="ibus-daemon -x -d -r"

其他请参考xpra --help

References:
[1]manual
[2]FAQ
[3]GUIDE: Work remotely on a Linux server from local Mac

pgadmin4无法启动错误

Posted on 2020-02-04 Edited on 2020-12-07 In GNU/Linux

pgadmin4无法启动，有类似错误

1	AttributeError: 'module' object has no attribute 'GSSException'

是因为python3-paramiko与python3-gssapi冲突，启动python3,import paramiko会报错：

Python 3.7.3 (default, Apr 3 2019, 05:39:12) 
\[GCC 8.3.0\] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
 File "/usr/lib/python3/dist-packages/paramiko/__init__.py", line 22, in <module>
 from paramiko.transport import SecurityOptions, Transport
 File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 38, in <module>
 from paramiko.auth_handler import AuthHandler
 File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 72, in <module>
 from paramiko.ssh_gss import GSSAuth, GSS_EXCEPTIONS
 File "/usr/lib/python3/dist-packages/paramiko/ssh_gss.py", line 55, in <module>
 GSS_EXCEPTIONS = (gssapi.GSSException,)
AttributeError: module 'gssapi' has no attribute 'GSSException'

临时的解决办法就是卸载掉python3-gssapi

1	$ sudo apt remove python3-gssapi

以服务方式部署pgadmin4

Posted on 2020-02-03 Edited on 2020-12-07 In GNU/Linux

在debian buster系统上以服务方式部署pgadmin4

配置

/usr/share/pgadmin4/web目录下添加config_local.py文件，内容如下：

LOG_FILE = '/var/log/pgadmin/pgadmin4.log'
SQLITE_PATH = '/var/lib/pgadmin/pgadmin4.db'
SESSION_DB_PATH = '/var/lib/pgadmin/sessions'
STORAGE_DIR = '/var/lib/pgadmin/storage'

然后执行:

1	# python3 setup.py

配置过程中输入用户登录认证信息，email和password，访问服务时需要提供

运行

使用gunicorn来运行python服务，先安装gunicorn

1	# apt install gunicorn3

启动服务

$ sudo gunicorn3 --bind 0.0.0.0:80 \\
 --workers=1 \\
 --threads=25 \\
 --chdir /usr/share/pgadmin4/web \\
 pgAdmin4:app

然后打开浏览器，输入服务所在的ip地址即可。

References:
[1]Server Deployment

ssh x11 forward点滴

Posted on 2020-02-02 Edited on 2020-12-07 In GNU/Linux

firefox

加速X11 forward速度

1	$ ssh -XC4 user@host firefox --no-remote

chrome

直接下载chrome for linux amd64 latest

1	$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

安装

1
2
3

$ sudo dpkg -i google-chrome-stable_current_amd64.deb
$ sudo apt install -f 
$ sudo apt install upower

chrome会将自己设置为x和gnome默认的浏览器

1
2
3

update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/x-www-browser (x-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/gnome-www-browser (gnome-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/google-chrome (google-chrome) in auto mode

运行

1	$ ssh -YC4 user@host google-chrome --disable-gpu --temp-profile

但仍然无法运行成功，会不停的出现GCM通道请求失败错误

1	\[17069:17069:0202/170630.407817:ERROR:gcm_channel_status_request.cc(145)\] GCM channel request failed.

GCM是Google Cloud Messaging,google推出firebase云后，更名为FCM(Firebase Cloud Messaging)，看样子是Great Fucking Wall的锅

macos编译安装rtorrent

Posted on 2020-01-28 Edited on 2020-12-07 In Misc

确保安装xcode和brew

安装编译工具和部分依赖

1	$ brew install automake libtool boost curl lzlib libsigc++ openssl xmlrpc-c

编译安装libtorrent

$ git clone https://github.com/rakshasa/libtorrent.git
$ cd libtorrent
$ ./autogen.sh
$ CC=clang CXX=clang++ CXXFLAGS="-Wno-deprecated-declarations -O3 -std=c++11 -stdlib=libc++ -I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" ./configure
$ make
$ make install

libtorrent安装到/usr/local/lib

编译安装rtorrent

$ git clone https://github.com/rakshasa/rtorrent.git
$ cd rtorrent
$ ./autogen.sh
$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
$ CC=clang CXX=clang++ CXXFLAGS="-Wno-deprecated-declarations -O3 -std=c++11 -stdlib=libc++ -I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" ./configure --with-xmlrpc-c
$ make
$ make install

rtorrent安装到/usr/local/bin

运行

1	$ rtorrent

默认配置文件为~/.rtorrent.rc

References:
[1]libtorrent and rtorrent on mac.sh
[2]rTorrent cheatsheet
[3]Navigating

macos显示占用端口的应用程序

Posted on 2020-01-26 Edited on 2020-12-07 In GNU/Linux

macos版本的netstat并不支持-p选项以显示打开端口的应用程序，可以使用lsof(list open files)来达到同样的目的

1	$ sudo lsof -nP -iTCP -sTCP:LISTEN

References:
[1]使用 lsof 代替 Mac OS X 中的 netstat 查看占用端口的程序