分类目录归档:服务器

Gitea删除ruuner后,再次启用

发表评论

从Gitea删除runner,你的runner会记录一个文件 data/.runner 像下面的内容

{
  "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
  "id": 1,
  "uuid": "9915f68d-7d47-4731-b329-aa53ff8ba01f",
  "name": "runner1",
  "token": "276147af85ea87c3fce5caeef0c93012e6486e89",
  "address": "http://192.168.50.117:3000",
  "labels": [
    "runner1:host"
  ]
}

这个文件在runner的容器里面,去删除掉,就会重新注册了

Gitea 非标准端口配置代理注意点

发表评论

这是官方给的例子:

server {
    ...
    location / {
        client_max_body_size 512M;
        proxy_pass http://localhost:3000;
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

你访问Gitea的域名为非标端口(80,443)时,需要在Host上加上端口

server {
    ...
    location / {
        proxy_set_header Host $host:你的端口;
        ...
    }
}

原因是源码里取访问host时,没有取 X-Forwarded-For,而是取的Header里的Host

源码文件:modules/httplib/url.go 及内容处:

func GuessCurrentHostURL(ctx context.Context) string {
	req, ok := ctx.Value(RequestContextKey).(*http.Request)
	if !ok {
		return strings.TrimSuffix(setting.AppURL, setting.AppSubURL+"/")
	}
	// If no scheme provided by reverse proxy, then do not guess the AppURL, use the configured one.
	// At the moment, if site admin doesn't configure the proxy headers correctly, then Gitea would guess wrong.
	// There are some cases:
	// 1. The reverse proxy is configured correctly, it passes "X-Forwarded-Proto/Host" headers. Perfect, Gitea can handle it correctly.
	// 2. The reverse proxy is not configured correctly, doesn't pass "X-Forwarded-Proto/Host" headers, eg: only one "proxy_pass http://gitea:3000" in Nginx.
	// 3. There is no reverse proxy.
	// Without an extra config option, Gitea is impossible to distinguish between case 2 and case 3,
	// then case 2 would result in wrong guess like guessed AppURL becomes "http://gitea:3000/", which is not accessible by end users.
	// So in the future maybe it should introduce a new config option, to let site admin decide how to guess the AppURL.
	reqScheme := getRequestScheme(req)
	if reqScheme == "" {
		return strings.TrimSuffix(setting.AppURL, setting.AppSubURL+"/")
	}
	// X-Forwarded-Host has many problems: non-standard, not well-defined (X-Forwarded-Port or not), conflicts with Host header.
	// So do not use X-Forwarded-Host, just use Host header directly.
	return reqScheme + "://" + req.Host # 就是这里
}

分析过程就不写了,官方也说了为什么要取这个值,所以注意一下就好

pve修改登录ssl证书

发表评论

修改目录

目录: 
/etc/pve/nodes/<hostname>/

需要修改的文件:
/etc/pve/nodes/<hostname>/pve-ssl.key
/etc/pve/nodes/<hostname>/pve-ssl.pem

我的证书是在Let’s encrypt申请的证书,直接替换即可

先备份:
mv /etc/pve/nodes/<hostname>/pve-ssl.key /etc/pve/nodes/<hostname>/pve-ssl.key.backup
mv /etc/pve/nodes/<hostname>/pve-ssl.pem /etc/pve/nodes/<hostname>/pve-ssl.pem.backup

重命名:
mv fullchain.pem pve-ssl.key
mv privkey.pem pve-ssl.pem

最后重启

systemctl restart pveproxy

Linux删除包含特殊字符的目录或文件

发表评论

首先使用 ls -i 查看包含特殊字符的文件/目录名

root@comet:~# ls -i -l
total 28
26222802 drwxr-xr-x 2 root root 4096 Feb  6  2024  fonts
26214522 drwxr-xr-x 2 root root 4096 Jun 27 10:12  nes
26214418 drwxr-xr-x 2 root root 4096 May 16 15:18  picoshare
26214527 -rw-r--r-- 1 root root 7033 Nov 13 01:14 ''$'\033'':Qq' # 这就是我需要删除的
26214412 drwxr-xr-x 3 root root 4096 Jun 28 04:06  sslocal
26214504 drwxrwxrwx 5 root root 4096 May 22 01:30  transmission

然后通过find后进行删除

root@comet:~# find . -inum 26214527 -exec rm -r {} \; # 后面的 ; 不能省略
root@comet:~# ls -l
total 20
drwxr-xr-x 2 root root 4096 Feb  6  2024 fonts
drwxr-xr-x 2 root root 4096 Jun 27 10:12 nes
drwxr-xr-x 2 root root 4096 May 16 15:18 picoshare
drwxr-xr-x 3 root root 4096 Jun 28 04:06 sslocal
drwxrwxrwx 5 root root 4096 May 22 01:30 transmission

nginx配置反向代理路径匹配

发表评论

四种路径匹配

访问路径固定为:http://x.x.x.x/user/index.html

location /user/ {
    proxy_pass http://127.0.0.1:8080/ => http://127.0.0.1:8080/index.html
}

location /user/ {
    proxy_pass http://127.0.0.1:8080 => http://127.0.0.1:8080/user/index.html
}

location /user/ {
    proxy_pass http://127.0.0.1:8080/admin/ => http://127.0.0.1:8080/admin/index.html
}

location /user/ {
    proxy_pass http://127.0.0.1:8080/admin => http://127.0.0.1:8080/adminindex.html
}

location模块的匹配模式

全路径匹配

进行uri的全路径精确匹配,要匹配的一模一样的uri
比如 location = /index ,那么只有路径为/index的才会匹配到

前缀模糊匹配 ^~

进行uri的前缀精确匹配
比如 location ^~ /user/ ,那么只要是路径以/user/开头的都会匹配到

无匹配符号的精确匹配

没有符号,按照路径开头精确匹配,但是匹配到后不会立即返回,
还会继续匹配其他普通匹配,如果匹配到,则会舍弃之前匹配的路径

比如 location /user/ , 当访问/user/开头时会匹配到
比如 location /user/admin,当访问/user/admin时会匹配到

模糊匹配 ~

进行uri的模糊匹配,区分大小写,匹配到后不再进行其他匹配
比如 location ~ /user/ ,当路径包含/user/时会匹配,比如/admin/user/或者/user/admin/
当然也可以用正则表达式来表示匹配路径:
比如 location ~ ^/user(.*)admin$,能够匹配以/user开头,admin结尾的路径,.*表示的是任意字符

模糊匹配 ~*

进行uri的模糊匹配,不区分大小写,匹配到后不再进行其他匹配,优先级与~相同,按照先后顺序优先
比如 location ~ /USER/,当路径包含/USER/时会匹配,如果是/user/则不会,因为区分大小写了

优先级:
由高到低:= 大于 ^~ 大于 其他,其他匹配根据先后顺序,配置在前的越优先

docker配置pull代理

发表评论

1.创建 dockerd 相关的 systemd 目录,这个目录下的配置将覆盖 dockerd 的默认配置

sudo mkdir -p /etc/systemd/system/docker.service.d

2.新建配置文件 /etc/systemd/system/docker.service.d/http-proxy.conf,这个文件中将包含环境变量

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"

3.如果你自己建了私有的镜像仓库,需要 dockerd 绕过代理服务器直连,那么配置 NO_PROXY 变量:

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
Environment="NO_PROXY=your-registry.com,10.10.10.10,*.example.com"

4.重新加载配置文件,重启 dockerd

systemctl daemon-reload
systemctl restart docker

5.检查确认环境变量已经正确配置:

systemctl show --property=Environment docker