docker compose迁移我的WordPress

凡叔2评论
root@lotro:/home# cat docker-compose.yml services: caddy: image: caddy:2-alpine container_name: caddy restart: unless-stopped ports: - "80:80" - "443:443" - "443:443/udp" # http3 支持(可选) volumes: - /home/caddy/Caddyfile:/etc/caddy/Caddyfile - /home/caddy/data:/data - /home/caddy/config:/config - /home/wwwroot:/srv:ro # 全部网站放在这里(只读更安全) networks: - wp-net wordpress: image: wordpress:php8.3-fpm-alpine # 2025-2026 推荐使用 php8.3 或更高 container_name: wp-lotro restart: unless-stopped depends_on: - db volumes: - /home/wwwroot/lotro.cc:/var/www/html networks: ...
阅读更多

在 Alpine Linux 上搭建一个仅用于 Windows NCSI 探测的 HTTP 文件服务

凡叔没有评论
adduser -D -H -s /sbin/nologin ncsi id ncsi mkdir -p /srv/ncsi echo "Microsoft Connect Test" > /srv/ncsi/test.txt chown -R root:ncsi /srv/ncsi chmod 755 /srv/ncsi chmod 444 /srv/ncsi/test.txt cat <<'EOF' > /etc/init.d/ncsi-http #!/sbin/openrc-run name="NCSI minimal http probe" description="Minimal HTTP server for Windows NCSI probing" command="/usr/sbin/httpd" command_args="-p 0.0.0.0:80 -h /srv/ncsi -u ncsi" depend() { need net } EOF chmod +x /etc/init.d/ncsi-http apk add busybox-extras which httpd rc-update add ncsi-http default rc-service ncsi-http start rc-service ncsi-http status ps aux | grep '[h]ttpd' apk add curl curl -i http://127.0.0.1/test.txt 1️⃣ 配置 Windows 注册表 路径:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet EnableActiveProbing = 1 ActiveWebProbeHost = <Alpine-IP> ActiveWebProbePath = /test.txt...
阅读更多

零刻ME+飞牛OS+KODI=NAS+HTPC+WIFI+Switch

凡叔没有评论
新入的零刻和飞牛联合出品ME MINI,计划使用场景是放在客厅电视下当HTPC+NAS+双口交换机+WIFI热点 第一步,装KODI,配上15元的万能遥控器,直接播放高清资源和IPTV组播。通过ssh连上飞牛OS,执行如下命令。 sudo mkdir /home/$USER sudo chown $USER -R /home/$USER sudo usermod -a -G cdrom,audio,render,video,plugdev,users,dialout,dip,input $USER groups $USER #查看所属用户组 cd /lib/firmware/i915 sudo wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/i915/bmg_dmc.bin sudo wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/i915/xe2lpd_dmc.bin sudo update-initramfs -u -k all sudo apt update sudo apt -y install flatpak sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo #flatpak remotes #验证remote sudo flatpak -y install flathub tv.kodi.Kodi #flatpak override --user tv.kodi.Kodi --device=all #给kodi添加设备(可选) #flatpak override --user tv.kodi.Kodi --filesystem=/vol1/1000 #添加本地资源访问权限 flatpak run tv.kodi.Kodi #echo "*.warning @180.167.245.234" | sudo tee -a /etc/rsyslog.conf #收集警告日志 cat <<EOF | sudo tee /etc/systemd/system/kodi.service # 此行到下方EOF连续 [Unit] Description=Kodi Flatpak After=graphical.target [Service] Type=simple ExecStartPre=-/bin/sleep 11 ExecStart=/usr/bin/flatpak run tv.kodi.Kodi User=$USER Restart=always [Install] WantedBy=default.target EOF sudo systemctl daemon-reload sudo systemctl enable kodi.service sudo reboot sudo systemctl start kodi.service #如果提示未能启动X请尝试重新连接ssh再试。 第二步:双网口+热点 1、安装必要软件 sudo apt update sudo apt install hostapd dnsmasq 2、编辑sudo nano /etc/network/interfaces配置 # Loopback auto lo iface lo inet loopback # Bridge 接口(enp1s0 + enp2s0) auto br0 iface br0 inet dhcp bridge_ports enp1s0 enp2s0 bridge_stp off bridge_fd 0 bridge_maxwait 0 # Wi-Fi 热点接口(wlo1) auto wlo1 iface wlo1 inet static address 10.42.0.1 netmask 255.255.255.0 up iptables -t nat -A POSTROUTING -o wg0 -s 10.42.0.0/24 -j MASQUERADE up iptables -A FORWARD -i wg0 -o wlo1...
阅读更多

救援模式安装AlpineLinux

凡叔没有评论
参考官方:Replacing non-Alpine Linux with Alpine remotely 一、进入救援模式: 二、在VNC界面操作下载Alpine写入硬盘 wget dl-cdn.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-virt-3.5.2-x86_64.iso 把image写入硬盘/dev/vda dd if=alpine-virt-3.5.2-x86_64.iso of=/dev/vda 重启,从本地硬盘启动,Alpine当前运行在ram里,登录root,剥离硬盘后格式硬盘并安装alpine mkdir /media/setup cp -a /media/vda/* /media/setup mkdir /lib/setup cp -a /.modloop/* /lib/setup 卸载modloop和media文件夹 rc-service modloop stop umount /dev/vda 将文件移回原位 mv /media/setup/* /media/vda/ mv /lib/setup/* /.modloop/ 最后就可以格式化硬盘,安装alpine了 setup-disk或者setup-alpine 自定义分区安装alpine 参考文章:https://docs.alpinelinux.org/user-handbook/0.1a/Installing/manual.html 参考文章:https://wiki.alpinelinux.org/wiki/Bootloaders apk add lsblk e2fsprogs cfdisk mdev -s mkfs.ext4 /dev/sda1 mkfs.ext4 /dev/sda2 mkswap /dev/sda3 mkfs.ext4 /dev/sda4 mount /dev/sda2 /mnt -t ext4 mkdir /mnt/boot mount /dev/sda1 /mnt/boot -t ext4 swapon /dev/sda3 setup-disk -m sys /mnt dd bs=440 if=/usr/share/syslinux/mbr.bin of=/dev/sda reboot...
阅读更多

手机IKEv2 VPN拨号访问内网资源

凡叔没有评论
参考文档: https://www.strongswan.org/testing/testresults/ikev2-stroke/index.html https://docs.strongswan.org/docs/5.9/install/install.html https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection 一、网络及服务器环境: 公网IP,可以是固定IP或DDNS OS: Debian 12 Kernel: 6.1.0-17-amd64  二、网络配置: 网关映射udp:500、udp:4500这些端口和协议给内网Debian12 如果需要访问的内部资源IP与Debian12不在同一个网段,需要做静态路由把rightsourceip指向Debian12 三、安装strongSwan apt安装:sudo apt install strongswan-starter 或者编译安装,两种安装方式默认的etc配置路径有所不同,注意区分。 wget https://download.strongswan.org/strongswan-5.9.14.tar.bz2 tar xjf strongswan-5.9.14.tar.bz2 cd strongswan-5.9.14 ./configure --enable-ikev2 --enable-openssl --enable-systemd --with-systemdsystemunitdir=/lib/systemd/system --enable-charon --enable-random --enable-nonce --enable-aes --enable-sha1 --enable-sha2 --enable-pem --enable-pkcs1 --enable-curve25519 --enable-gmp --enable-x509 --enable-curl --enable-revocation --enable-hmac --enable-kdf --enable-stroke --enable-kernel-netlink --enable-socket-default --enable-fips-prf --enable-eap-mschapv2 --enable-eap-identity --enable-updown --disable-defaults make sudo make install 四、acme申请证书 acme.sh --issue -d lotro.cc -k 3072 --cert-file /usr/local/etc/ipsec.d/certs/lotro.cc.cer --key-file /usr/local/etc/ipsec.d/private/lotro.cc.key --ca-file /usr/local/etc/ipsec.d/cacerts/ca.cer --reloadcmd "sudo ipsec reload" 五、配置 ipsec.conf sudo nano /usr/local/etc/ipsec.conf config setup uniqueids = never conn %default keyexchange=ike conn rw leftsubnet=192.168.55.0/24 # 需要访问的内网资源 leftcert=lotro.cc.cer # acme申请的签名ssl证书 leftid=lotro.cc # 必须等于ssl证书的主机名 leftsendcert=yes rightauth=eap-mschapv2 # 采用用户名密码验证 rightsourceip=192.168.100.128/25 # 分配给手机端的虚拟IP段 auto=add 认证密钥key sudo nano /usr/local/etc/ipsec.secrets # /usr/local/etc/ipsec.secrets - strongSwan IPsec secrets file admin : EAP "admin" # 用户名和密码 重启 sudo ipsec reload 六、移动端配置 类型:IKEv2 服务器地址:lotro.cc 远程ID「服务器ID」:lotro.cc 本地ID「IPSec标识符」:(可不填,服务端默认%any,服务端根据不同用户匹配资源) 用户名:admin 密码:admin 代理:关闭 PS:以下是swanctl.conf方式配置strongSwan具体配置,效果同上 sudo apt install build-essential pkg-config libsystemd-dev libssl-dev wget https://download.strongswan.org/strongswan-5.9.14.tar.bz2 tar xjf strongswan-5.9.14.tar.bz2 cd strongswan-5.9.14 ./configure --prefix=/usr --sysconfdir=/etc --disable-defaults --disable-charon --disable-stroke --enable-systemd --with-systemdsystemunitdir=/lib/systemd/system --enable-ikev2 --enable-swanctl --enable-openssl --enable-nonce --enable-random --enable-pem --enable-x509 --enable-kernel-netlink --enable-socket-default --enable-eap-identity...
阅读更多

免费申请Google SSL证书

凡叔没有评论
参考:https://github.com/acmesh-official/acme.shhttps://github.com/acmesh-official/acme.sh/wiki/Google-Trust-Services-CAhttps://cloud.google.com/public-certificate-authority/docs/quickstart 1、申请Google的EAB key and EAB id: 登录云平台Shell Cloud Shell 请求 EAB 密钥 ID 和 HMAC,请运行以下命令: gcloud publicca external-account-keys create 此命令会返回在公共 CA 的生产环境中有效的 EAB 密钥。在响应正文中,keyId 字段包含 EAB 密钥 ID,b64MacKey 字段包含 EAB HMAC。 您必须在获取 EAB 密钥后的 7 天内使用它。如果您不在 7 天内使用 EAB 密钥,则该密钥会失效。使用 EAB Secret 注册的 ACME 帐号没有有效期。 2、安装acme.sh curl https://get.acme.sh | sh -s email=my@example.com 3、申请证书 acme.sh --register-account -m myemail@example.com --server google \ --eab-kid xxxxxxx \ --eab-hmac-key xxxxxxx acme.sh --issue --server google \ -d example.com -d '*.example.com' --dns dns_googledomains \ --keylength ec-256 4、安装证书到nginx acme.sh --install-cert -d example.com \ --key-file /path/to/keyfile/in/nginx/key.pem \ --fullchain-file /path/to/fullchain/nginx/cert.pem \ --reloadcmd "service nginx force-reload" Windows下的 win-acme 安装https://www.win-acme.com 使用阿里云DNS的API注册example.com和其泛域名证书,并把证书安装进IIS10的第二个站点,同时保存pem和pfx证书到D:\CentralSSL里 wacs.exe --source manual --host example.com,*.example.com --validation aliyun --aliyunserver dns.aliyuncs.com --aliyunapiid ******* --aliyunapisecret ******* --store certificatestore,pemfiles,pfxfile --certificatestore My --pemfilespath D:\CentralSSL --pfxfilepath D:\CentralSSL --pfxpassword ******* --installation iis --installationsiteid 2 使用腾讯dns的API申请ecc证书并保存到D:\CentralSSL wacs.exe --source manual --host example.com,*.example.com --validation tencent --tencentapiid ******* --tencentapikey ******* --csr ec --store pemfiles,pfxfile --pemfilespath D:\CentralSSL --pfxfilepath D:\CentralSSL --pfxpassword *******...
阅读更多