add the following line in the nginx config then restart
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';标签: linux
Build a customized iPXE firmware and deploy a chain loading environment
As the number of devices in my network has increased, so has the workload of performing maintenance on these systems. From time to time I need to use some rescue systems, such as WinPE and Linux LiveCD. Mounting boot images for them often requires the use of a corresponding management tool or out-of-band management, such as IPMI or BMC manager. The physical machine even needs to burn a USB boot disk.
Preboot eXecution Environment, the abbreviation is PXE, provides a mechanism for booting a computer using the NIC. This mechanism allows the computer to boot without relying on a local data storage device (such as a hard disk) or a locally installed operating system.
So I noticed that there is an open-source PXE firmware called iPXE. Building a customized iPXE firmware is simple according to the wiki page of iPXE.
sudo apt update
sudo apt install git gcc binutils make perl liblzma-dev mtools
git clone git://git.ipxe.org/ipxe.git
cd ipxe/src
make
I need the chain loading function, so I need to add some parameters during the building process like this.
make bin/nm-undionly-20211002-1a.kpxe EMBED=nmboot.ipxe
make bin-x86_64-efi/nm-ipxe-20211002-1a.efi EMBED=nmboot.ipxe
Now I get both legacy BIOS and UEFI PXE firmware embedded my own chain loading script nmboot.ipxe. The script is quiet simple, just chaining the entry point from my HTTP server.
#!ipxe
dhcp
chain http://172.16.0.11/pxe/ipxe/boot.php
The advantage of this is that it minimizes the size of iPXE firmware for the NIC PXE to be downloaded from the TFTP Server, i.e., the Next Server that has been given by DHCP server. Because of the slow loading speed over TFTP.
My home lab use pfSense as my gateway and DHCP server, the DHCP server config is quite simple.
The next step is just to prepare the file on the http server. Refer here.
It’s done!
阅读更多:Build a customized iPXE firmware and deploy a chain loading environmentReference:
Note: How to reverse proxy with socat
socat tcp-listen:[LISTENING PORT],fork,reuseaddr tcp-connect:[TARGET ADDRESS]:[TARGET PORT]
Note: Add swap file to ubuntu
Check swap file
# swapon -s
Create swap file
# dd if=/dev/zero of=/swap.img bs=1G count=8
Set swap file right
chmod 600 /swap.img
Check swap file right
# ll /swap.img
Format swap file
# mkswap /swap.img
Activate swap file
# swapon /swap.img
Deactivate swap file
# swapoff /swap.img
Check swap
# swapon -s
# free -h
Auto mount swap fs
# echo "/swap.img none swap sw 0 0" >> /etc/fstab
Note: How to use rsync without SSH
Server config: /etc/rsyncd.conf
uid = www-data
gid = www-data
max connections = 4
use chroot = no
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
#hosts allow = 0.0.0.0
#hosts deny = 192.168.100.0/24
[rsync]
path = /var/www/html
comment = rsync
auth users = rsync
ignore errors
read only = yes
list = yes
auth users = rsync
secrets file = /etc/rsyncd.pwd
Secret: /etc/rsyncd.pwd
rsync:rsync
Server run:
$ rsync --daemon --config=/etc/rsyncd.conf
Client connect:
$ rsync --list-only -rsh=rsh --port=873 rsync@YOUR_TARGET_ADDRESS::rsync
Note: How to reverse proxy a Minecraft server with Nginx
Check your kernel version >= 4.9
uname -a
Enable BBR
sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_notsent_lowat=16384
sysctl -p
Add stream config to /etc/nginx/nginx.conf
stream {
include /etc/nginx/tcp.d/*.conf;
}
Create a new config for Minecraft server
upstream [YOUR_MINECRAFT_SERVER] {
server [YOUR_MINECRAFT_SERVER]:[PORT];
}
server {
listen [PORT];
proxy_pass [YOUR_MINECRAFT_SERVER];
}
Test Nginx config
nginx -t
Reload Nginx
nginx -s reload
Optional: Add DNS SRV record
Name _minecraft._tcp.[YOUR_MINECRAFT_SERVER].tld
Priority [0-65535]
Weight [0-65535]
Port [PORT]
Value [YOUR_MINECRAFT_SERVER]
How to boot BPI-M2U/M2B up from SATA device
BPI-M2 Ultra is a powerful Quad-Core ARMv7 based SBC (Single Board Computer) with a powerful Allwinner R40 SoC and 2 GiB DDR3 RAM. BPI-M2 Berry is a Raspberry Pi compatible version of M2U with V40 SoC, an automotive version of R40, and fewer RAM (1 GiB). They are software compatible.
For some reason we want to boot M2U from SATA device for better IO performance. The following photo shown how to connect a SATA HDD to M2U.
From design of Allwinner, the default boot devices sequence has been cured in the BOOT ROM of SoC. The priorities of boot devices from high to low are SD card > NAND > eMMC > NOR SPI Flash.
There is no SATA device right? NP, we can load and boot bootloader and U-Boot form a SD card. By setting the kernel cmdline in the uEnv of U-Boot, it will take over the right from SD card to the SATA device at the second boot stage.
So let’s start.
First prepare a bootable SD card from official released image, like this.
Then open the 256MiB FAT partition called BPI-BOOT.
Open and edit /bananapi/bpi-m2u/linux/720p/uEnv.txt. Attention: which file you need to edit depend on which bootloader you select with bpi-bootsel, the default bootloader will load the environment configuration from 720P.
Find this part of this file.
root=/dev/mmcblk0p2 rootfstype=ext4 rw rootwait bootmenutimeout=10 datadev=mmcblk0p2
console=earlyprintk=sunxi-uart,0x01c28000 console=tty1 console=ttyS0,115200n8 no_console_suspend consoleblank=0
bootopts=enforcing=1 initcall_debug=0 loglevel=4 init=/init cma=256M panic=10
volumioarg=imgpart=/dev/mmcblk0p2 imgfile=/volumio_current.sqsh rw rootwait
Change the three MMC block device to /dev/sda2, like that.
root=/dev/sda2 rootfstype=ext4 rw rootwait bootmenutimeout=10 datadev=sda2
console=earlyprintk=sunxi-uart,0x01c28000 console=tty1 console=ttyS0,115200n8 no_console_suspend consoleblank=0
bootopts=enforcing=1 initcall_debug=0 loglevel=4 init=/init cma=256M panic=10
volumioarg=imgpart=/dev/sda2 imgfile=/volumio_current.sqsh rw rootwait
Now we have a SD card to boot root file system on the SATA device.
It’s easier to prepare the root filesystem on HDD. Just need to dd the original official released image to the HDD like a SD card. Then expand or resize the root fs like normal. Then power it up.
Now enjoy.
How to adjust the CPU voltage of BPI-M2+
This article introduced how to adjust the VCC-CPUX voltage of the BPI-M2+ with replacing a register of power circuit.
———————————
WARNING!
With any hardware change or component soldering.
You will LOST all warranty of your Banana Pi!
———————————
When I did something system image build and test tasks for the BPI-M2+ with Allwinner H3 before it on stock last year, I have received a Engineer Sample (ES) form SINOVOIP, the manufacturer of Banana Pi.
The Banana Pi Community Forum have received a lot of reports of the too high VCC-CPUX voltage causing horrible heat issue from other developers.
There is a easy to measure the VCC-CPUX voltage of your BPI-M2+.
This picture shows the Test Point (TP: VCPU) of VCC-CPUX.
If you get a result like me, Congratulation! You got a ES. (R. I. P. the warranty
Okay, the next step is replace the reference register in the feedback circuit of the voltage regulator.
I have no 0402 register in my component library, so I use the 0805. (I’m sorry for that.
Before:
After:
And it works. 🙂
According to the AW’s whitepaper H3 should work at 1.008GHz max_freq, but I tested ok with the 1.2GHz sys_config. Lucky~
This is the cpuinfo_cur_freq result of running cpuburn-a7 (https://github.com/ssvb/cpuburn-arm/raw/master/cpuburn-a7.S) and corekeeper.sh.
The idle CPU temperature is about 15 degrees Celsius lower than work at 1.4 V.
Linux命令之查看文件占用空间大小-du,df
du(disk usage),顾名思义,查看目录/文件占用空间大小
#查看当前目录下的所有目录以及子目录的大小
$ du -h
$ du -ah
#-h:用K、M、G的人性化形式显示
#-a:显示目录和文件
du -h tmp
du -ah tmp
#只查看当前目录下的tmp目录(包含子目录)的大小
#查看当前目录及其指定深度目录的大小
du -h –-max-depth=0
#-–max-depth=n:只深入到第n层目录,此处设置为0,即表示不深入到子目录
du命令的一些常用参数:
-a或-all 显示目录中个别文件的大小
-b或-bytes 显示目录或文件大小时,以byte为单位
-c或–total 除了显示个别目录或文件的大小外,同时也显示所有目录或文件的总和
-D或–dereference-args 显示指定符号连接的源文件大小
-h或–human-readable 以K,M,G为单位,提高信息的可读性
-k或–kilobytes 以1024 bytes为单位
-l或–count-links 重复计算硬件连接的文件
-L或–dereference 显示选项中所指定符号连接的源文件大小
-m或–megabytes 以1MB为单位
-s或–summarize 仅显示总计
-S或–separate-dirs 显示个别目录的大小时,并不含其子目录的大小
-X<文件>或–exclude-from=<文件>
–exclude=<目录或文件> 略过指定的目录或文件
–max-depth=<目录层数> 超过指定层数的目录后,予以忽略
df 用于查看设备的空间使用率
$ df -lh
#查看设备使用率
如何关闭MySQL日志并删除mysql-bin.0000*日志文件
LNMP一键安装包安装的MySQL默认是开启了日志文件的,如果数据操作比较频繁就会产生大量的日志,在/usr/local/mysql/var/下面产生mysql-bin.0000* 类似的文件,而且一般都在几十MB到几个GB,更甚会吃掉整个硬盘空间,从来导致mysql无法启动或报错。
如何关闭MySQL的日志功能:
删除日志:
执行:/usr/local/mysql/bin/mysql -u root -p
输入密码登录后再执行:reset master;
回车后再输入:quit 退出mysql命令模式。
彻底禁用MySQL日志:修改/etc/my.cnf 文件,找到
log-bin=mysql-bin
binlog_format=mixed
再这两行前面加上#,将其注释掉,再执行/etc/init.d/mysql restart即可。
如果实在想保留日志,可以在/etc/my.cnf里[mysqld]部分中加入expire_logs_days = 10 然后重启mysql,这样10天就会自动清理日志。
本文以LNMP一件安装包安装的环境为例除MySQL重启命令和配置文件路径可能略有不同,其他一样。
如果VPS或服务器上一点空间都没有启动不了的话可以mysql-bin.0000*删除,然后清空mysql-bin.index文件里的内容,再重启mysql,这样虽然也可以清理日志,但是有一定的分析,如采用此方法建议先备份日志及数据库文件。
———————————-
引用:
http://www.vpser.net/manage/delete-mysql-mysql-bin-0000-logs.html