[{"content":"VSCode完全离线搭建远程开发环境，离线安装Git、SSH、vscode-server 环境背景 时间：2024年8月。 客户端：Windows_Server_2016（经试验Windows_Server_2012无法启动pycharm2024.1.6和VSCode1.92.2，这是本文完成时的最新版）。 服务端：Linux，X86_64、ARM64 均可。 完全离线环境：Windows客户端和Linux服务端均在内网，Windows客户端可以直接访问Linux服务端，两者均无法访问互联网。笔者另有一台电脑可以通过零信任访问这两台内网机器，但对两者均无法直连。 用户受限：Windows客户端无 Administrator 管理员权限，即无法执行任何需要管理员权限的动作，比如无法安装全局软件、只能使用便携版软件；无法往Windows文件夹放dll；无法执行需要管理员权限的powershell或bat脚本、当然无法启动具有管理员权限的powershell或cmd。 安装 PortableGit https://github.com/git-for-windows/git/releases/download/v2.46.0.windows.1/PortableGit-2.46.0-64-bit.7z.exe\n这是一个7z自动解压包，安装至 C:\\PortableGit\\。 SSH 客户端的路径就在 C:\\PortableGit\\usr\\bin\\ssh.exe。\n安装 VSCode 及扩展插件 安装 VSCodeUserSetup 版本 下载 VSCodeUserSetup-x64-1.92.2.exe 并传输到Windows客户端安装。\n安装扩展插件 Remote - SSH 在 VSCode marketplace 中搜索Remote - SSH Remote - SSH - Visual Studio Marketplace，在 Version History 标签页中下载0.113.2024072315 版本，也就是2024/7/23发布的版本，得到文件 ms-vscode-remote.remote-ssh-0.113.2024072315.vsix 保存以备后续在客户端上离线安装。\n打开 VSCode 侧边栏“扩展”页面，从VSIX安装，选中插件。\n配置 Remote - SSH 插件的 SSH 自定义路径 在VSCode 中使用快捷键 Ctl+Shift+P 打开命令栏，输入 Preference: Open User Settings (JSON) ，编辑文本加入以下内容：\n注意json格式，即注意逗号，注意最外层的花括号只有一个。\n{ // VSCode 自定义 Remote - ssh 插件使用的 SSH 路径 \u0026#34;remote.SSH.path\u0026#34;: \u0026#34;C:\\\\PortableGit\\\\usr\\\\bin\\\\ssh.exe\u0026#34; } VSCode 远程连接 Linux 服务端 方法1：通过 ssh 连接命令连接 在VSCode 中使用快捷键 Ctl+Shift+P 打开命令栏，输入 ssh ，点击 Remote-SSH: 连接到主机 -\u0026gt; + 添加新的ssh主机，在打开的连接命令窗口中输入命令\nssh \u0026lt;user\u0026gt;@\u0026lt;hostname\u0026gt;:[port] user: 是在远程服务器上的用户名 hostname: 远程服务器的主机名或 IP 地址 port: SSH 连接的端口号(默认为 22) 输入后按Enter键选择要更新的配置文件，一般选择第一个也就是C:\\Users\\${你的用户名}\\.ssh\\config 。\n方法2：通过更新 ssh 配置文件连接 在VSCode 中使用快捷键 Ctl+Shift+P 打开命令栏，输入 ssh ，点击 Remote-SSH: 打开SSH配置文件选择要更新的 SSH 配置文件，一般选择第一个也就是C:\\Users\\${username}\\.ssh\\config，打开后编辑并保存:\nHost xxx\rHostName xxx.xxx.xxx.xxx\rPort xx\rUser xxx\rIdentityFile \u0026#34;xxx\u0026#34; Host: 这是一个主机别名，你可以使用这个别名来代替实际的主机名进行连接. HostName: 这是指定远程主机的 IP 地址或主机名. Port: 这是指定 SSH 连接的端口号. User: 这是指定用于连接远程主机的用户名. IdentityFile: 这是免密登录时指定用于身份验证的私钥文件的路径. 如果要配置多个远程连接主机，继续在此文件追加配置即可。\n完成后点击 Remote-SSH: 连接到主机，此时会出现新配置的远程连接，根据需要选择在当前窗口连接或在新窗口中连接，此时会让你输入密码，然后会在远程端下载所需文件(需要联网)，如果无法联网，就需要离线下载 vscode-server 并安装。\n离线下载 vscode-server 并安装至服务端 如果远程端不能联网可以下载包离线安装，下载 vscode-server 的 url 需要和 vscode 客户端版本的 commit-id 对应。通过 vscode 面板的帮助-\u0026gt;关于可以获取该信息，复制信息，我当前版本如下(Commit 后面对应的就是 commit_id):\nVersion: 1.92.2 (user setup)\rCommit: fee1edb8d6d72a0ddff41e5f71a671c23ed924b9\rDate: 2024-08-14T17:29:30.058Z\rElectron: 30.1.2\rElectronBuildId: 9870757\rChromium: 124.0.6367.243\rNode.js: 20.14.0\rV8: 12.4.254.20-electron.0\rOS: Windows_NT x64 10.0.14393 旧版离线包下载【已过时】 vscode-server 下载地址如下，其中 commit_id 是上面复制的提交 id:\nx86:\rhttps://update.code.visualstudio.com/commit:${commit_id}/server-linux-x64/stable\rarm:\rhttps://update.code.visualstudio.com/commit:${commit_id}/server-linux-arm64/stable 将下载的文件 vscode-server-linux-x64.tar.gz 解压解包后名为 vscode-server-linux-x64 文件夹改名为 ${commit_id} 放在 /home/${user}/.vscode-server/bin/ 目录下.\n新版离线包下载【用这个】 在某次更新后远程端的 .vscode-server 目录结构发生变化:\n📦.vscode-server\r┣━ 📁bin # 存放旧方法下的vscode commit相关文件\r┃ ┗━ 📁${commit_id1}\r┃ ┗━ 📁${commit_id2}\r┃ ┗━ ···\r┣━ 📁cli # 存放新方法下的vscode commit相关文件\r┃ ┗━ 📁servers\r┃ ┃ ┗━ 📁Stable-${commit_id}\r┃ ┃ ┃ ┗━ 📁server\r┃ ┃ ┃ ┗━ ···\r┃ ┃ ┗━ ···\r┃ ┗━ 📜lru.json # 存放最近的vscode commit_id\r┣━ 📜code-${commit_id} # 存放vscode_cli_alpine_x64_cli.tar.gz解压后名为code的文件，并将其改名为code-${commit_id}\r┣━ 📁data\r┗━ 📁extensions 现在需要安装两个文件，两个文件的下载地址如下:\nx86:\rhttps://vscode.download.prss.microsoft.com/dbazure/download/stable/${commit_id}/vscode-server-linux-x64.tar.gz\rhttps://vscode.download.prss.microsoft.com/dbazure/download/stable/${commit_id}/vscode_cli_alpine_x64_cli.tar.gz\rarm:\rhttps://vscode.download.prss.microsoft.com/dbazure/download/stable/${commit_id}/vscode-server-linux-arm64.tar.gz\rhttps://vscode.download.prss.microsoft.com/dbazure/download/stable/${commit_id}/vscode_cli_alpine_arm64_cli.tar.gz 第一个文件 vscode-server-linux-x64.tar.gz 解压解包后名为 vscode-server-linux-x64 文件夹改名为 server 放在 /home/${user}/.vscode-server/cli/servers/Stable-${commit_id}/ 目录。\n第二个文件 vscode_cli_alpine_x64_cli.tar.gz 解压解包后名为 code 的文件改名为 code-${commit_id}放在 /home/${user}/.vscode-server/ 目录。\nQ\u0026amp;A 如果仍然连接不上，则有一些可能原因，修复后再尝试连接。\n赋予二进制文件可执行权限： chmod +x ~/.vscode-server/code-* 需要修改.vscode-server文件夹及其子目录的权限，例如权限改为755: chmod -R 755 ~/.vscode-server/ 参阅 Visual Studio Code - Code Editing. Redefined Remote - SSH - Visual Studio Marketplace Git - Downloading Package vscode 远程 linux(包括离线vscode-server安装，免密登录方法)_vscode-server-linux-CSDN博客 ","permalink":"https://leiontong.github.io/posts/vscode-offline-remote-dev-setup/","summary":"\u003ch1 id=\"vscode完全离线搭建远程开发环境离线安装gitsshvscode-server\"\u003eVSCode完全离线搭建远程开发环境，离线安装Git、SSH、vscode-server\u003c/h1\u003e\n\u003ch2 id=\"环境背景\"\u003e环境背景\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e时间：2024年8月。\u003c/li\u003e\n\u003cli\u003e客户端：Windows_Server_2016（经试验Windows_Server_2012无法启动pycharm2024.1.6和VSCode1.92.2，这是本文完成时的最新版）。\u003c/li\u003e\n\u003cli\u003e服务端：Linux，X86_64、ARM64 均可。\u003c/li\u003e\n\u003cli\u003e完全离线环境：Windows客户端和Linux服务端均在内网，Windows客户端可以直接访问Linux服务端，两者均无法访问互联网。笔者另有一台电脑可以通过零信任访问这两台内网机器，但对两者均无法直连。\u003c/li\u003e\n\u003cli\u003e用户受限：Windows客户端无 Administrator 管理员权限，即无法执行任何需要管理员权限的动作，比如无法安装全局软件、只能使用便携版软件；无法往Windows文件夹放dll；无法执行需要管理员权限的powershell或bat脚本、当然无法启动具有管理员权限的powershell或cmd。\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"安装-portablegit\"\u003e安装 PortableGit\u003c/h2\u003e","title":"vscode offline setup remote development environment"},{"content":"实验机初始化配置 Manjaro_xfce # 启动 sshd 服务 # sudo sh -c \u0026#34;echo \u0026#39;PermitRootlogin yes\u0026#39; \u0026gt;\u0026gt; /etc/ssh/sshd_config\u0026#34; sudo systemctl enable sshd sudo systemctl start sshd #设置笔记本合上盖子不黑屏 sudo sh -c \u0026#34;sed -i \u0026#39;s/IgnoreLid=false/IgnoreLid=true/\u0026#39; /etc/UPower/UPower.conf\u0026#34; sudo systemctl restart upower.service 同时：\n#设置笔记本合上盖子不休眠 sudo sh -c \u0026#34;echo \u0026#39;HandleLidSwitch=ignore\u0026#39; \u0026gt;\u0026gt; /etc/systemd/logind.conf\u0026#34; or: sudo sh -c \u0026#34;sed -i \u0026#39;s/#HandleLidSwitch=.*/HandleLidSwitch=ignore/\u0026#39; /etc/systemd/logind.conf\u0026#34; sudo systemctl restart systemd-logind 参考： [[Ubuntu实验机初始配置]] [[K.nowledge/Linux_OS/A-lINUX-BOX/SSH～Firewalliptablesufw~SELinux/SSH密钥注入远程主机]]\n","permalink":"https://leiontong.github.io/posts/manjaro-test-machine-init-config/","summary":"\u003ch1 id=\"实验机初始化配置-manjaro_xfce\"\u003e实验机初始化配置 Manjaro_xfce\u003c/h1\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-sh\" data-lang=\"sh\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# 启动 sshd 服务\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# sudo sh -c \u0026#34;echo \u0026#39;PermitRootlogin yes\u0026#39; \u0026gt;\u0026gt; /etc/ssh/sshd_config\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo systemctl enable sshd\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo systemctl start sshd\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-sh\" data-lang=\"sh\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e#设置笔记本合上盖子不黑屏\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo sh -c \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;sed -i \u0026#39;s/IgnoreLid=false/IgnoreLid=true/\u0026#39; /etc/UPower/UPower.conf\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo systemctl restart upower.service\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"实验机初始化配置 Manjaro_xfce"},{"content":"Linux上的防火墙前端 - 简单配置 ufw 允许 KDE Connect Allow KDE Connect through firewall\nFirewalld\nsudo firewall-cmd --zone=public --permanent --add-port=1714-1764/tcp\rsudo firewall-cmd --zone=public --permanent --add-port=1714-1764/udp\rsudo systemctl restart firewalld.service UFW firewall\nsudo ufw allow 1714:1764/udp\rsudo ufw allow 1714:1764/tcp\rsudo ufw reload Refer： https://www.incredigeek.com/home/allow-kde-connect-through-firewall/\n配置 ufw 允许 hotspot 首先需要在ufw中开启数据包转发。 需要调整两个配置文件，将 /etc/default/ufw 文件默认转发策略的值更改为“ACCEPT”： sudo vim /etc/default/ufw\r...\rDEFAULT_FORWARD_POLICY=\u0026#34;ACCEPT\u0026#34;\r... 然后编辑/etc/ufw/sysctl.conf并取消注释：\nsudo vim /etc/ufw/sysctl.conf\r...\rnet/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1 ... 将规则添加到 /etc/ufw/before.rules 文件中。默认规则只配置过滤表，并且启用伪装nat表需要配置。将以下内容添加到文件顶部的标题注释之后： sudo vim /etc/ufw/before.rules\r...\r# nat Table rules\r*nat\r:POSTROUTING ACCEPT [0:0]\r# Forward traffic from wlp58s0 through enp0s20f0u2u1.\r-A POSTROUTING -s 10.42.0.0/24 -o enp0s20f0u2u1 -j MASQUERADE\r# don\u0026#39;t delete the \u0026#39;COMMIT\u0026#39; line or these nat table rules won\u0026#39;t be processed\rCOMMIT\r... 最后，禁用并重新启用 ufw 以应用更改： sudo ufw disable \u0026amp;\u0026amp; sudo ufw enable Refer： https://ubuntu.com/server/docs/security-firewall\n","permalink":"https://leiontong.github.io/posts/ufw-allow-kde-connect/","summary":"\u003ch1 id=\"linux上的防火墙前端---简单配置-ufw-允许-kde-connect\"\u003eLinux上的防火墙前端 - 简单配置 ufw 允许 KDE Connect\u003c/h1\u003e\n\u003cp\u003eAllow KDE Connect through firewall\u003c/p\u003e\n\u003cp\u003eFirewalld\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esudo firewall-cmd --zone=public --permanent --add-port=1714-1764/tcp\r\nsudo firewall-cmd --zone=public --permanent --add-port=1714-1764/udp\r\nsudo systemctl restart firewalld.service\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003eUFW firewall\u003c/p\u003e","title":"Linux上的防火墙前端 - 配置 ufw 允许 KDE Connect"},{"content":"onedrive_app_on_Linux sudo pacman -S archlinuxcn/onedrive-abraunegg\ryay -S aur/insync ","permalink":"https://leiontong.github.io/posts/onedrive_app_on_linux/","summary":"\u003ch1 id=\"onedrive_app_on_linux\"\u003eonedrive_app_on_Linux\u003c/h1\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esudo pacman -S archlinuxcn/onedrive-abraunegg\r\n\r\nyay -S aur/insync\n\u003c/code\u003e\u003c/pre\u003e","title":"onedrive app on ArchLinux"},{"content":"ClamAV - Linux上的杀毒软件 安装 安装ClamAV软件包。\nsudo pacman -S clamav clamtk 更新数据库 更新病毒定义库：\nsudo freshclam 如果使用代理，请编辑/etc/clamav/freshclam.conf，更新 HTTPProxyServer、HTTPProxyPort、HTTPProxyUsername 和 HTTPProxyPassword。\n数据库文件保存在：\n/var/lib/clamav/daily.cvd\r/var/lib/clamav/main.cvd\r/var/lib/clamav/bytecode.cvd 启动/启用 clamav-freshclam.service以使病毒定义保持最新。\nsudo systemctl start clamav-freshclam.service\rsudo systemctl enable clamav-freshclam.service\rsystemctl status clamav-freshclam.service 启动守护进程 注释：\n需要freshclam在第一次启动服务之前运行，否则会遇到问题/错误，这将阻止 ClamAV 正确启动。 如果只想执行独立扫描，则不需要守护程序。请参阅下面的扫描病毒。 该服务叫做clamav-daemon.service。启动它并使其在系统启动时自动启动。\nsudo systemctl start clamav-daemon.service\rsudo systemctl enable clamav-daemon.service\rsystemctl status clamav-daemon.service 测试软件 为了确保 ClamAV 和定义安装正确，请使用 clamscan扫描EICAR 测试文件（一个不含病毒代码的无害签名）。\ncurl https://secure.eicar.org/eicar.com.txt | clamscan - 输出 必须 包含：\nstdin: Win.Test.EICAR_HDB-1 FOUND Option #1: Set up Fangfrisch yay -S aur/python-fangfrisch sudo -u clamav /usr/bin/fangfrisch --conf /etc/fangfrisch/fangfrisch.conf initdb\rsudo systemctl enable fangfrisch.timer\rsudo systemctl start fangfrisch.timer\rsystemctl status fangfrisch.timer Option #2: Set up clamav-unofficial-sigs yay -S aur/clamav-unofficial-sigs sudo clamav-unofficial-sigs.sh\rsudo less /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log sudo systemctl enable clamav-unofficial-sigs.timer\rsudo systemctl start clamav-unofficial-sigs.timer\rsystemctl status clamav-unofficial-sigs.timer 要更改任何默认设置，请参阅并修改/etc/clamav-unofficial-sigs/user.conf。\n扫描病毒 按需扫描有两种选择：\n使用独立扫描器 clamscan 可用于扫描指定文件、家目录或整个系统：\n$ clamscan myfile\r$ clamscan --recursive --infected $HOME\r$ sudo clamscan -r -i / -l /var/log/clamscan.log\r# clamscan --recursive --infected --exclude-dir=\u0026#39;^/sys|^/dev\u0026#39; / 如果想要clamscan删除受感染的文件，请在命令中添加该--remove选项，或者可以使用它--move=/dir来隔离它们。\n可能还想要clamscan扫描较大的文件。在这种情况下，将选项--max-filesize=4000M和--max-scansize=4000M附加到命令中。\u0026lsquo;4000M\u0026rsquo; 是最大的可能值，可以根据需要降低。\n使用该-l /path/to/file选项会将clamscan日志打印到文本文件中，以定位报告的感染情况。\n使用守护进程 clamdscan与上述用法类似，但要用到守护程序，守护程序必须运行才能使用该命令。多数选项都会被忽略，因为守护进程读取指定在/etc/clamav/clamd.conf中的设置。\n技巧和窍门 多线程运行 使用 clamscan 当从命令行使用clamscan扫描文件或目录时仅会用到单个 CPU 线程。在时间不关键或不希望计算机变得迟钝的情况下，这可能没问题。如果需要快速扫描大文件夹或 USB 驱动器，可能想要使用所有可用的 CPU 来加速该过程。\nclamscan被设计为单线程，而xargs可用于并行运行扫描：\n$ find $HOME -type f -print0 | xargs -0 -P $(nproc) clamscan 在这个例子中，-P参数 for在与 CPU 一样多的进程中xargs同时运行clamscan（由nproc）报告。--max-lines和--max-args选项允许更精细地控制跨线程批量处理工作负载。\n使用 clamdscan 如果clamd守护程序正在运行，则可以使用clamdscan来替代 (查阅 Starting the daemon):。\n$ clamdscan --multiscan --fdpass $HOME 这里的--multiscan参数允许clamd使用可用线程并行扫描目录的内容。当守护进程在clamav用户和组下运行时，--fdpass参数被用来传递文件描述符权限给 clamd。\nclamdscan可用的线程数在/etc/clamav/clamd.conf clamd.conf(5) 通过MaxThreads参数定义。即使可能会看到MaxThreads指定的数量超过 1（当前默认为 10），但当使用clamdscan命令行启动扫描而不指定--multiscan选项时，只会有一个有效的 CPU 线程用于进行扫描。\n参阅 Wikipedia:ClamAV https://en.wikipedia.org/wiki/ClamAV http://www.clamav.net file:///usr/share/doc/ClamAV/html/index.html https://www.jianshu.com/p/5235b4972442 ","permalink":"https://leiontong.github.io/posts/clamav/","summary":"\u003ch1 id=\"clamav---linux上的杀毒软件\"\u003eClamAV - Linux上的杀毒软件\u003c/h1\u003e\n\u003ch2 id=\"安装\"\u003e安装\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://wiki.archlinux.org/title/Install\"\u003e安装\u003c/a\u003e\u003ca href=\"https://archlinux.org/packages/?name=clamav\"\u003eClamAV\u003c/a\u003e软件包。\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esudo pacman -S clamav clamtk\n\u003c/code\u003e\u003c/pre\u003e\u003ch2 id=\"更新数据库\"\u003e更新数据库\u003c/h2\u003e\n\u003cp\u003e更新病毒定义库：\u003c/p\u003e","title":"ClamAV - Linux上的杀毒软件"},{"content":"Obsidian_设置_文件与链接 Obsidian 支持双向链接，再配合 Pandoc 导出功能。问题是插入图片路径默认会寻找Vault库的根路径，就会报错找不到插入的图片导致导出失败。 那么需要修改 Obsidian 的配置： 设置 -\u0026gt; 文件与链接：\n始终更新内部链接：开启\r内部链接类型：插入基于库的绝对路径\r使用 Wiki 链接：开启\r检测所有类型文件：开启\r新附件的默认位置：下方指定的文件夹\r子文件夹名称：β-Sources Obsidian 支持双向链接，Typora 导出功能很强大，在 Obsidian 中粘贴了图片又想要 Typora 能打开，那么需要修改 Obsidian 的配置： 设置 -\u0026gt; 文件与链接： 始终更新内部链接：开启 内部链接类型：插入基于当前笔记的相对路径 使用 Wiki 链接：关闭 检测所有类型文件：开启 新附件的默认位置：当前文件夹下指定的子文件夹中 子文件夹名称：assets END\n","permalink":"https://leiontong.github.io/posts/obsidian-settings-files-and-links/","summary":"\u003ch1 id=\"obsidian_设置_文件与链接\"\u003eObsidian_设置_文件与链接\u003c/h1\u003e\n\u003cp\u003eObsidian 支持双向链接，再配合 Pandoc 导出功能。问题是插入图片路径默认会寻找Vault库的根路径，就会报错找不到插入的图片导致导出失败。\n那么需要修改 Obsidian 的配置：\n设置 -\u0026gt; 文件与链接：\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e始终更新内部链接：开启\r\n内部链接类型：插入基于库的绝对路径\r\n使用 Wiki 链接：开启\r\n检测所有类型文件：开启\r\n新附件的默认位置：下方指定的文件夹\r\n子文件夹名称：β-Sources\n\u003c/code\u003e\u003c/pre\u003e","title":"Obsidian_设置_文件与链接"},{"content":"KDE-Plasma panel widget config customization configuration file location ~/.config/plasma-org.kde.plasma.desktop-appletsrc\nPanel and widget list Panel 1:\nApplication Lancher Global Menu Panel 2:\nLatte Tasks Analog Clock Digital Colck Weather Report Panel 3:\nMinimize all Windows Pager Network Speed Memory Usage System Tray Lock/Logout ","permalink":"https://leiontong.github.io/posts/kde-plasma-panel-widget/","summary":"\u003ch1 id=\"kde-plasma-panel-widget-config-customization\"\u003eKDE-Plasma panel widget config customization\u003c/h1\u003e\n\u003ch2 id=\"configuration-file-location\"\u003econfiguration file location\u003c/h2\u003e\n\u003cp\u003e~/.config/plasma-org.kde.plasma.desktop-appletsrc\u003c/p\u003e\n\u003ch2 id=\"panel-and-widget-list\"\u003ePanel and widget list\u003c/h2\u003e\n\u003cp\u003ePanel 1:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApplication Lancher\u003c/li\u003e\n\u003cli\u003eGlobal Menu\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePanel 2:\u003c/p\u003e","title":"KDE-Plasma panel widget config customization"},{"content":"Run OP-TEE from scratch OP-TEE的编译及运行\nReference_\u0026amp;_Useful_URL: https://www.op-tee.org/ https://github.com/OP-TEE https://optee.readthedocs.io https://blog.csdn.net/thanksgining/article/details/108848825 https://blog.csdn.net/zhuyong006/article/details/85282624\n宿主环境 OS: Ubuntu 20.04 LTS Desktop Disk_Size: 50GB Get and build the solution Refer：https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution\n前置条件(Prerequisites) Refer：https://optee.readthedocs.io/en/latest/building/prerequisites.html#prerequisites\nUbuntu-based distributions\nFirst enable installation of i386 architecture packages and update the package managers database.\n$ sudo dpkg --add-architecture i386\r$ sudo apt-get update Install the following packages regardless of what target you will use in the end.\n$ sudo apt-get install android-tools-adb android-tools-fastboot autoconf \\\rautomake bc bison build-essential ccache cscope curl device-tree-compiler \\\rexpect flex ftp-upload gdisk iasl libattr1-dev libcap-dev \\\rlibfdt-dev libftdi-dev libglib2.0-dev libgmp-dev libhidapi-dev \\\rlibmpc-dev libncurses5-dev libpixman-1-dev libssl-dev libtool make \\\rmtools netcat ninja-build python-crypto python3-crypto python-pyelftools \\\rpython3-pycryptodome python3-pyelftools python-serial python3-serial \\\rrsync unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev Git 配置 sudo apt install git -y\rgit config --global user.email \u0026#34;you@example.com\u0026#34;\rgit config --global user.name \u0026#34;Your Name\u0026#34; 安装repo Refer：https://mirrors.tuna.tsinghua.edu.cn/help/git-repo/\ncurl https://mirrors.tuna.tsinghua.edu.cn/git/git-repo -o repo\rchmod +x repo\rsudo mv repo /usr/local/bin/\rcat \u0026gt;\u0026gt; ~/.bashrc \u0026lt;\u0026lt; \u0026#34;EOF\u0026#34;\rexport REPO_URL=\u0026#39;https://mirrors.tuna.tsinghua.edu.cn/git/git-repo\u0026#39;\rEOF\r\u0026gt; 并重启终端模拟器。 获取OP-TEE源代码 Refer：https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution\nmkdir -p optee-project\rcd optee-project\rrepo init -u git://github.com/OP-TEE/manifest.git -m qemu_v8.xml --repo-url=https://mirrors.tuna.tsinghua.edu.cn/git/git-repo -b 3.8.0\rrepo sync -j4 由于github仓库网络问题，中间多次重新同步，还辅助以proxychains工具代理外网。 最终，同步了20+GB的数据回来。 获取工具链(toolchain) cd optee-project/build\rmake -j2 toolchains 查看 toolchain.mk 文件可知，执行 make 指令之后，系统会去下载 toolchains 的tar包，包括32位和64位的编译链接工具，下载完成后会进行解压操作。\n如果执行 make 指令后，一直卡在“Downloading xxx \u0026hellip;”那。\n手动到https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads下载指定toolchain（toolchain.mk指定了AARCH32_GCC_VERSION和AARCH64_GCC_VERSION）。\n这里下载的是gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf.tar.xz和gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu.tar.xz\n将下载的toolchain的tar包放到op-tee源代码的根目录下的toolchains目录，并进行解压：\ntar xf gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf.tar.xz -C aarch32 --strip-components=1\rtar xf gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu.tar.xz -C aarch64 --strip-components=1 编译(Build the solution) cd optee-project/build\rmake -j `nproc`\r#或者将上述命令写完整些:\rmake -j `nproc` -f qemu_v8.mk all 编译完成： 如果编译有问题，可以通过管道将日志导入文件，方便排查（查找 ERROR 字符串）：\nmake -j `nproc` 2\u0026gt;\u0026amp;1 | tee build.log 注：\n如果 Make 命令运行时没有指定目标，默认会执行 Makefile 文件的第一个目标。 Makefile 文件在 repo 初始化时自动生成，且指向 qemu_v8.mk，因此本例中可只需执行 make 命令： 启动设备 Refer：https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8\ncd optee-project/build\rmake run-only 查看 qemu_v8.mk 文件如下代码块可知，由于运行 make run 会强制执行 make all ，如果没有更新过仓库且只需要单纯启动设备而不需要更新文件系统可以通过执行 make run-only 略过从头再编译一遍的过程。\n.PHONY: run\r# This target enforces updating root fs etc\rrun: all\r$(MAKE) run-only Terminal: qemu Terminal: Normal World Terminal: Secure World 继续运行 在 qemu 的终端 Terminal 里输入 c（小写）然后按 \u0026lt;Enter\u0026gt; 键，让系统继续运行。\nTerminal: qemu Terminal: Normal World Terminal: Secure World 执行测试(Run xtest) https://optee.readthedocs.io/en/latest/building/gits/build.html#step-9-run-xtest\nxtest If there are no regressions / issues found, xtest should end with something like this:\n...\r+-----------------------------------------------------\r24537 subtests of which 0 failed\r96 test cases of which 0 failed\r0 test case was skipped\rTEE test application done! 至此，完成。\nTODO Tips and Tricks - Reference existing project to speed up repo sync https://optee.readthedocs.io/en/latest/building/gits/build.html#reference-existing-project-to-speed-up-repo-sync\nQ\u0026amp;A： repo sync 获取源代码时遇到网络问题 error: Cannot fetch linaro-swg/linux.git from https://github.com/linaro-swg/linux.git Fetching: 7% (1/13), done in 4m19.092s Garbage collecting: 100% (13/13), done in 0.089s Fetching: 100% (13/13), done in 2h21m29.800s Garbage collecting: 100% (13/13), done in 0.221s error: Exited sync due to fetch errors. Local checkouts *not* updated. Resolve network issues \u0026amp; retry. `repo sync -l` will update some local checkouts. 解决方法：\n使用代理 或者： 使用从 URL 导入 - Gitee.com 问题是仓库 https://github.com/linaro-swg/linux.git 太大无法导入。 部分仓库已有前人在2021年1月份时同步过了，可以借用（未验证，也不清楚是否过时）：https://gitee.com/fastsource/projects make 编译过程的 buildroot 阶段由于网络问题下载 patchelf 失败 在别处下载好后放到 optee-project/buildroot/dl/patchelf 目录下。因为可能遇到多个包下载失败的问题这里可以单独执行 make buildroot 编译此部分以节省时间，等此部分编译通过后再执行一遍 make 命令。 该阶段其他包如果下载失败也可同理解决。\nmake run 启动两个终端报错，找不到可执行文件 soc_term 报错信息如下：\nError: Failed to execute child process “optee-project/build/../soc_term/soc_term” (No such file or directory) 原因是 make all 过程出现问题，没有编译出来 soc_term ，重新执行编译操作：\ncd optee-project/build\rmake soc-term 或者手动进入soc_term文件夹进行编译：\ncd optee-project/build/soc_term/\rmake 然而，一般情况下肯定是编译到 soc_term 之前就出错了，所以才没有继续编译 soc_term，此时最好根据终端输出往上查错。\n","permalink":"https://leiontong.github.io/posts/run_op-tee_from_scratch/","summary":"\u003ch1 id=\"run-op-tee-from-scratch\"\u003eRun OP-TEE from scratch\u003c/h1\u003e\n\u003cp\u003eOP-TEE的编译及运行\u003c/p\u003e\n\u003cp\u003eReference_\u0026amp;_Useful_URL:\n\u003ca href=\"https://www.op-tee.org/\"\u003ehttps://www.op-tee.org/\u003c/a\u003e\n\u003ca href=\"https://github.com/OP-TEE\"\u003ehttps://github.com/OP-TEE\u003c/a\u003e\n\u003ca href=\"https://optee.readthedocs.io\"\u003ehttps://optee.readthedocs.io\u003c/a\u003e\n\u003ca href=\"https://blog.csdn.net/thanksgining/article/details/108848825\"\u003ehttps://blog.csdn.net/thanksgining/article/details/108848825\u003c/a\u003e\n\u003ca href=\"https://blog.csdn.net/zhuyong006/article/details/85282624\"\u003ehttps://blog.csdn.net/zhuyong006/article/details/85282624\u003c/a\u003e\u003c/p\u003e\n\u003ch2 id=\"宿主环境\"\u003e宿主环境\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOS: Ubuntu 20.04 LTS Desktop\u003c/li\u003e\n\u003cli\u003eDisk_Size: 50GB\u003c/li\u003e\n\u003c/ul\u003e","title":"Run OP-TEE from scratch"},{"content":"GRUB2引导启动项手动修复实战 Pre 注意如果开机进入的是grub-rescue命令行需要先使用救急控制台修复到 normal 模式，具体修复方式参见https://wiki.archlinux.org/title/GRUB_(简体中文)#使用救急控制台，操作摘录如下：\nGRUB 应急控制台里可用的命令有 insmod，ls，set 和 unset。这个例子里用了 set 和 insmod。set 用来修改变量，insmod 用来载入模组以添加功能。\n首先，用户必须知道启动分区 (/boot) 所在位置（是一个独立的分区或者是根目录下的子目录），然后设置：\ngrub rescue\u0026gt; set prefix=(hdX,Y)/boot/grub 其中 X 是物理驱动器的编号，而 Y 是分区的编号。 注意： 如果启动分区是个独立的分区，要在路径中省略 /boot（例如键入 set prefix=(hdX,Y)/grub）。\n通过加载 linux 模组来扩展命令行的功能：\ngrub rescue\u0026gt; insmod i386-pc/linux.mod 或者直接\ngrub rescue\u0026gt; insmod linux 这个模组会启动对我们熟悉的 linux 和 initrd 命令的支持。\n/boot未单独分区，CentOS 7 系统为例： 1. 进入到 GRUB2 命令行，手动引导启动： grub \u0026gt; search --file /boot/grub2/grub.cfg hd0,msdos6 grub \u0026gt; search --file /etc/centos-release hod0,msdos6 grub \u0026gt; set root=(hd0,6) grub \u0026gt; linux /boot/vmlinuz-3.10.0-1127.el7.x86_64 root=/dev/sda6 #可用TAB键补全目录和文件名 grub \u0026gt; initrd /boot/initramfs-3.10.0-1127.el7.x86_64.img grub \u0026gt; boot 可通过ls和cat等grub内置命令帮助辨识OS类型：\nls (hd0,6)/etc/sysconfig/network-scripts/\ncat ifcfg-* \u0026hellip;\n/boot是单独分区，lfs 系统为例： 1. 进入到 GRUB2 命令行，手动引导启动： grub \u0026gt; search --file /grub/grub.cfg hd0,msdos4 grub \u0026gt; search --file /etc/lfs-release hd0,msdos8 hd0,msdos7 grub \u0026gt; cat (hd0,7)/etc/lsb-release DISTRIB_RELEASE=9.0 DISTRIB_DESCRIPTION=Linux From Scratch grub \u0026gt; set root=(hd0,4) grub \u0026gt; linux (hd0,4)/vmlinuz-5.2.8-lfs-9.0 root=/dev/sda7 #此处需要单独指明/boot所在分区，而且注意内核文件在该分区的根目录下，因此不能写成`linux (hd0,4)/boot/vmlinuz...`。 grub \u0026gt; boot 2. 进入到 lfs 系统，修正 GRUB2 配置文件： vi /boot/grub/grub.cfg ... set root=(hd0,4) linux /vmlinuz-5.2.8-lfs-9.0 root=/dev/sda7 .... ... /boot未单独分区，Ubuntu 18.04 系统为例： 1. 进入到 GRUB2 命令行，手动引导启动： grub \u0026gt; search --file /boot/grub/grub.cfg hd0,msdos8 grub \u0026gt; search --file /etc/lsb-release hod0,msdos8 hd0,msdos7 grub \u0026gt; cat (hd0,8)/etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.4 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION=\u0026#34;Ubuntu 20.04.3 LTS\u0026#34; grub \u0026gt; set root=(hd0,8) grub \u0026gt; linux /boot/vmlinuz-5.11.0-27-generic root=/dev/sda8 #可用TAB键补全目录和文件名 grub \u0026gt; initrd /boot/initrd.img-5.11.0-27-generic grub \u0026gt; boot 2. 进入到 CentOS 系统，修正 GRUB2 引导记录和配置文件： sudo grub-install /dev/sda sudo grub-mkconfig -o /boot/grub/grub.cfg Refer： GNU GRUB Manual 2.06 章节：5.4.2 GNU/Linux； 章节：6.4 Multi-boot manual config https://wiki.archlinux.org/title/GRUB 章节：使用 GRUB 命令行 章节：使用救急控制台 Note: 实验环境分区状况： hd0,msdos6\tCentOS hd0,msdos7\tLFS hd0,msdos8\tUbuntu hd0,msdos4\tLFS-boot\n","permalink":"https://leiontong.github.io/posts/grub2-boot-entry-manual-repair/","summary":"\u003ch1 id=\"grub2引导启动项手动修复实战\"\u003eGRUB2引导启动项手动修复实战\u003c/h1\u003e\n\u003ch3 id=\"pre\"\u003ePre\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e注意如果开机进入的是\u003ccode\u003egrub-rescue\u003c/code\u003e命令行需要先使用救急控制台修复到 normal 模式，具体修复方式参见\u003ca href=\"https://wiki.archlinux.org/title/GRUB_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)#%E4%BD%BF%E7%94%A8%E6%95%91%E6%80%A5%E6%8E%A7%E5%88%B6%E5%8F%B0\"\u003ehttps://wiki.archlinux.org/title/GRUB_(简体中文)#使用救急控制台\u003c/a\u003e，操作摘录如下：\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eGRUB 应急控制台里可用的命令有 \u003ccode\u003einsmod\u003c/code\u003e，\u003ccode\u003els\u003c/code\u003e，\u003ccode\u003eset\u003c/code\u003e 和 \u003ccode\u003eunset\u003c/code\u003e。这个例子里用了 \u003ccode\u003eset\u003c/code\u003e 和 \u003ccode\u003einsmod\u003c/code\u003e。\u003ccode\u003eset\u003c/code\u003e 用来修改变量，\u003ccode\u003einsmod\u003c/code\u003e 用来载入模组以添加功能。\u003c/p\u003e\n\u003cp\u003e首先，用户必须知道启动分区 (\u003ccode\u003e/boot\u003c/code\u003e) 所在位置（是一个独立的分区或者是根目录下的子目录），然后设置：\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-sh\" data-lang=\"sh\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003egrub rescue\u0026gt; set prefix\u003cspan style=\"color:#f92672\"\u003e=(\u003c/span\u003ehdX,Y\u003cspan style=\"color:#f92672\"\u003e)\u003c/span\u003e/boot/grub\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003e其中 X 是物理驱动器的编号，而 Y 是分区的编号。\n\u003cstrong\u003e注意：\u003c/strong\u003e 如果启动分区是个独立的分区，要在路径中省略 \u003ccode\u003e/boot\u003c/code\u003e（例如键入 \u003ccode\u003eset prefix=(hdX,Y)/grub\u003c/code\u003e）。\u003c/p\u003e","title":"GRUB2引导启动项手动修复实战"},{"content":"如何正确使用 sudo 调用多重命令 问题现状(Problem) 执行命令 sudo echo xxx \u0026gt; txt 时 Permission denied\nsudo echo \u0026#39;some_strings\u0026#39; \u0026gt; test.txt\r-bash: test.txt: Permission denied bash 拒绝这么做，说是权限不够. 这是因为重定向符号 \u0026gt; 也是 bash 的命令。sudo 只是让 echo 命令具有了 root 权限， 但是没有让 \u0026gt; 命令也具有 root 权限，所以 bash 会认为这个命令没有写入信息的权限。\n解决办法(Solution) 利用 sh -c 命令，它可以让 bash 将一个字串作为完整的命令来执行，这样就可以将 sudo 的影响范围扩展到整条命令。 具体用法如下： sudo sh -c \u0026#34;echo \u0026#39;some_strings\u0026#39; \u0026gt; test.txt\u0026#34; 利用管道和 tee 命令，该命令可以从标准输入中读取信息并将其同时写入标准输出和文件中， 具体用法如下： echo \u0026#39;some_strings\u0026#39; | sudo tee test.txt\recho \u0026#39;some_strings\u0026#39; | sudo tee -a test.txt // -a 是追加的意思，等同于 \u0026gt;\u0026gt; tee 命令很好用，它从管道接收信息，一边向屏幕输出，一边向文件写入。\n提升 shell 权限。 sudo -s //提到root 权限。提示符为# 当你觉得该退回到普通权限时： sudo su \u0026lt;username\u0026gt; //退回到 username 权限，提示符为$ exit 退出当前用户，回到上一层目录. centos 提升权限: su - ubuntu 提升权限: sudo -s，sudo su\n","permalink":"https://leiontong.github.io/posts/sudo-run-multiple-commands/","summary":"\u003ch1 id=\"如何正确使用-sudo-调用多重命令\"\u003e如何正确使用 sudo 调用多重命令\u003c/h1\u003e\n\u003ch2 id=\"问题现状problem\"\u003e问题现状(Problem)\u003c/h2\u003e\n\u003cp\u003e执行命令 \u003cdel\u003e\u003ccode\u003esudo echo xxx \u0026gt; txt\u003c/code\u003e\u003c/del\u003e 时 \u003ccode\u003ePermission denied\u003c/code\u003e\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esudo echo \u0026#39;some_strings\u0026#39; \u0026gt; test.txt\r\n-bash: test.txt: Permission denied\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003ebash 拒绝这么做，说是权限不够.\n这是因为重定向符号 \u003ccode\u003e\u0026gt;\u003c/code\u003e 也是 bash 的命令。sudo 只是让 echo 命令具有了 root 权限，\n但是没有让 \u003ccode\u003e\u0026gt;\u003c/code\u003e 命令也具有 root 权限，所以 bash 会认为这个命令没有写入信息的权限。\u003c/p\u003e","title":"如何正确使用 sudo 调用多重命令"},{"content":"Ubuntu_Desktop实验机初始化配置 #安装 sshd 服务 sudo apt install openssh-server -y sudo sh -c \u0026#34;echo \u0026#39;PermitRootlogin yes\u0026#39; \u0026gt;\u0026gt; /etc/ssh/sshd_config\u0026#34; sudo systemctl start opensshd #设置默认启动目标\rsudo systemctl set-default multi-user.target #默认为 graphical.target #设置笔记本合上盖子不休眠 sudo sh -c \u0026#34;echo \u0026#39;HandleLidSwitch=ignore\u0026#39; \u0026gt;\u0026gt; /etc/systemd/logind.conf\u0026#34; or: sudo sh -c \u0026#34;sed -i \u0026#39;s/#HandleLidSwitch=.*/HandleLidSwitch=ignore/\u0026#39; /etc/systemd/logind.conf\u0026#34; sudo systemctl restart systemd-logind 参阅： [[K.nowledge/Linux_OS/A-lINUX-BOX/SSH～Firewalliptablesufw~SELinux/SSH密钥注入远程主机]]\n\u0026ldquo;SysV 运行级别\u0026rdquo; 与 \u0026ldquo;systemd 启动目标\u0026rdquo; 之间的映射关系 Mapping between runlevels and systemd targets：\n┌──────────────┬───────────────────────────────────────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────────┐\r│SysV Runlevel │ systemd Target │ Notes │\r├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│0 │ runlevel0.target, poweroff.target │ Halt the system. │\r├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│1, s, single │ runlevel1.target, rescue.target │ Single user mode. │\r├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│2, 4 │ runlevel2.target, runlevel4.target, multi-user.target │ User-defined/Site-specific runlevels. By default, identical to 3. │ ├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│3 │ runlevel3.target, multi-user.target │ Multi-user, non-graphical. Users can usually login via multiple consoles or via the network. │\r├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│5 │ runlevel5.target, graphical.target │ Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login. │\r├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│6 │ runlevel6.target, reboot.target │ Reboot │ ├──────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤\r│emergency │ emergency.target │ Emergency shell │\r└──────────────┴───────────────────────────────────────────────────────┴───────────────────────────────────────────────────────────────────────────────────────────────┘ Refer: https://wiki.archlinux.org/title/Systemd#Mapping_between_SysV_runlevels_and_systemd_targets\n","permalink":"https://leiontong.github.io/posts/ubuntu-test-machine-init-config/","summary":"\u003ch1 id=\"ubuntu_desktop实验机初始化配置\"\u003eUbuntu_Desktop实验机初始化配置\u003c/h1\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-sh\" data-lang=\"sh\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e#安装 sshd 服务\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo apt install openssh-server -y\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo sh -c \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;echo \u0026#39;PermitRootlogin yes\u0026#39; \u0026gt;\u0026gt; /etc/ssh/sshd_config\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esudo systemctl start opensshd\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e#设置默认启动目标\r\nsudo systemctl set-default multi-user.target  #默认为 graphical.target\n\u003c/code\u003e\u003c/pre\u003e","title":"Ubuntu_Desktop实验机初始配置"},{"content":"Hexo Theme Next Configuration 创建主题配置文件 # Installed through npm\rcp node_modules/hexo-theme-next/_config.yml _config.next.yml\r# Installed through Git\rcp themes/next/_config.yml _config.next.yml https://theme-next.js.org/docs/getting-started/configuration.html\n修改主题 https://theme-next.js.org/docs/theme-settings/\n修改主题后实时预览 hexo clean \u0026amp;\u0026amp; hexo g \u0026amp;\u0026amp; hexo s Next主题配置修改：\nvim _config.next.yml ... # Schemes #scheme: Muse #scheme: Mist #scheme: Pisces scheme: Gemini # Dark Mode darkmode: false menu: #home: / || fa fa-home #about: /about/ || fa fa-user #tags: /tags/ || fa fa-tags #categories: /categories/ || fa fa-th #archives: /archives/ || fa fa-archive #schedule: /schedule/ || fa fa-calendar #sitemap: /sitemap.xml || fa fa-sitemap #commonweal: /404/ || fa fa-heartbeat # Sidebar Avatar avatar: # Replace the default image and set the url here. url: avatar.gif #/images/avatar.gif # If true, the avatar will be displayed in circle. rounded: true # If true, the avatar will be rotated with the cursor. rotated: true social: GitHub: https://github.com/leiontong || fab fa-github E-Mail: mailto:leion.tong@outlook.com || fa fa-envelope links: Leion.co: https://www.leion.co body_scrollbar: # Place the scrollbar over the content. overlay: true # Present the scrollbar even if the content is not overflowing. stable: false # `Follow me on GitHub` banner in the top-right corner. github_banner: enable: true permalink: https://github.com/leiontong title: Follow me on GitHub # Google Analytics # See: https://analytics.google.com google_analytics: tracking_id: UA-99348322-1 # By default, NexT will load an external gtag.js script on your site. # If you only need the pageview feature, set the following option to true to get a better performance. only_pageview: false ","permalink":"https://leiontong.github.io/posts/hexo-theme-next-configuration/","summary":"\u003ch1 id=\"hexo-theme-next-configuration\"\u003eHexo Theme Next Configuration\u003c/h1\u003e\n\u003ch2 id=\"创建主题配置文件\"\u003e创建主题配置文件\u003c/h2\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e# Installed through npm\r\ncp node_modules/hexo-theme-next/_config.yml _config.next.yml\r\n# Installed through Git\r\ncp themes/next/_config.yml _config.next.yml\n\u003c/code\u003e\u003c/pre\u003e\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://theme-next.js.org/docs/getting-started/configuration.html\"\u003ehttps://theme-next.js.org/docs/getting-started/configuration.html\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e","title":"Hexo-Theme-Next-Configuration"},{"content":"记一次root用户进行秘钥登录验证失败问题 现象描述： 在一次常规给 root 用户配置秘钥登录过程中，通过命令 ssh-copy-id 正常导入秘钥到服务器端，在服务器上的 authorized_keys 文件里也能查到客户端的公钥信息，但使用秘钥登录时候仍然提示输入密码。\n问题分析： 普通用户SSH秘钥登录没问题：\nssh -vvv leion@lfs9.0 OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021\rdebug1: Reading configuration data /home/leion/.ssh/config\rdebug1: /home/leion/.ssh/config line 1: Applying options for *\rdebug1: Reading configuration data /etc/ssh/ssh_config\rdebug3: expanded UserKnownHostsFile \u0026#39;~/.ssh/known_hosts\u0026#39; -\u0026gt; \u0026#39;/home/leion/.ssh/known_hosts\u0026#39;\rdebug3: expanded UserKnownHostsFile \u0026#39;~/.ssh/known_hosts2\u0026#39; -\u0026gt; \u0026#39;/home/leion/.ssh/known_hosts2\u0026#39;\rdebug2: resolving \u0026#34;lfs9.0\u0026#34; port 22\rdebug3: ssh_connect_direct: entering\rdebug1: Connecting to lfs9.0 [172.18.253.20] port 22.\rdebug3: set_sock_tos: set socket 3 IP_TOS 0x48\rdebug1: Connection established.\rdebug1: identity file /home/leion/.ssh/id_rsa type 0\rdebug1: identity file /home/leion/.ssh/id_rsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_dsa type -1\rdebug1: identity file /home/leion/.ssh/id_dsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa_sk type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa_sk-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519 type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519_sk type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519_sk-cert type -1\rdebug1: identity file /home/leion/.ssh/id_xmss type -1\rdebug1: identity file /home/leion/.ssh/id_xmss-cert type -1\rdebug1: Local version string SSH-2.0-OpenSSH_8.6\rdebug1: Remote protocol version 2.0, remote software version OpenSSH_8.0\rdebug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000\rdebug2: fd 3 setting O_NONBLOCK\rdebug1: Authenticating to lfs9.0:22 as \u0026#39;leion\u0026#39;\rdebug3: record_hostkey: found key type ED25519 in file /home/leion/.ssh/known_hosts:16\rdebug3: record_hostkey: found key type RSA in file /home/leion/.ssh/known_hosts:17\rdebug3: record_hostkey: found key type ECDSA in file /home/leion/.ssh/known_hosts:18\rdebug3: load_hostkeys_file: loaded 3 keys from lfs9.0\rdebug1: load_hostkeys: fopen /home/leion/.ssh/known_hosts2: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\rdebug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim\rdebug3: send packet: type 20\rdebug1: SSH2_MSG_KEXINIT sent\rdebug3: receive packet: type 20\rdebug1: SSH2_MSG_KEXINIT received\rdebug2: local client KEXINIT proposal\rdebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c\rdebug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa\rdebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: compression ctos: none,zlib@openssh.com,zlib\rdebug2: compression stoc: none,zlib@openssh.com,zlib\rdebug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal\rdebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\rdebug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519\rdebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: compression ctos: none,zlib@openssh.com\rdebug2: compression stoc: none,zlib@openssh.com\rdebug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256\rdebug1: kex: host key algorithm: ssh-ed25519\rdebug1: kex: server-\u0026gt;client cipher: chacha20-poly1305@openssh.com MAC: \u0026lt;implicit\u0026gt; compression: none\rdebug1: kex: client-\u0026gt;server cipher: chacha20-poly1305@openssh.com MAC: \u0026lt;implicit\u0026gt; compression: none\rdebug3: send packet: type 30\rdebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\rdebug3: receive packet: type 31\rdebug1: SSH2_MSG_KEX_ECDH_REPLY received\rdebug1: Server host key: ssh-ed25519 SHA256:5qgDoZ2wLmGrg8sg76UjOpuT8r7ZPU86K27MzyjdoU0\rdebug3: record_hostkey: found key type ED25519 in file /home/leion/.ssh/known_hosts:16\rdebug3: record_hostkey: found key type RSA in file /home/leion/.ssh/known_hosts:17\rdebug3: record_hostkey: found key type ECDSA in file /home/leion/.ssh/known_hosts:18\rdebug3: load_hostkeys_file: loaded 3 keys from lfs9.0\rdebug1: load_hostkeys: fopen /home/leion/.ssh/known_hosts2: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\rdebug1: Host \u0026#39;lfs9.0\u0026#39; is known and matches the ED25519 host key.\rdebug1: Found key in /home/leion/.ssh/known_hosts:16\rdebug3: send packet: type 21\rdebug2: set_newkeys: mode 1\rdebug1: rekey out after 134217728 blocks\rdebug1: SSH2_MSG_NEWKEYS sent\rdebug1: expecting SSH2_MSG_NEWKEYS\rdebug3: receive packet: type 21\rdebug1: SSH2_MSG_NEWKEYS received\rdebug2: set_newkeys: mode 0\rdebug1: rekey in after 134217728 blocks\rdebug1: Will attempt key: /home/leion/.ssh/id_rsa RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug1: Will attempt key: /home/leion/.ssh/id_dsa debug1: Will attempt key: /home/leion/.ssh/id_ecdsa debug1: Will attempt key: /home/leion/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/leion/.ssh/id_ed25519 debug1: Will attempt key: /home/leion/.ssh/id_ed25519_sk debug1: Will attempt key: /home/leion/.ssh/id_xmss debug2: pubkey_prepare: done\rdebug3: send packet: type 5\rdebug3: receive packet: type 7\rdebug1: SSH2_MSG_EXT_INFO received\rdebug1: kex_input_ext_info: server-sig-algs=\u0026lt;ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\u0026gt;\rdebug3: receive packet: type 6\rdebug2: service_accept: ssh-userauth\rdebug1: SSH2_MSG_SERVICE_ACCEPT received\rdebug3: send packet: type 50\rdebug3: receive packet: type 51\rdebug1: Authentications that can continue: publickey,password,keyboard-interactive\rdebug3: start over, passed a different list publickey,password,keyboard-interactive\rdebug3: preferred publickey,keyboard-interactive,password\rdebug3: authmethod_lookup publickey\rdebug3: remaining preferred: keyboard-interactive,password\rdebug3: authmethod_is_enabled publickey\rdebug1: Next authentication method: publickey\rdebug1: Offering public key: /home/leion/.ssh/id_rsa RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug3: send packet: type 50\rdebug2: we sent a publickey packet, wait for reply\rdebug3: receive packet: type 60\rdebug1: Server accepts key: /home/leion/.ssh/id_rsa RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug3: sign_and_send_pubkey: RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug3: send packet: type 50\rdebug3: receive packet: type 52\rdebug1: Authentication succeeded (publickey).\rAuthenticated to lfs9.0 ([172.18.253.20]:22).\rdebug1: channel 0: new [client-session]\rdebug3: ssh_session2_open: channel_new: 0\rdebug2: channel 0: send open\rdebug3: send packet: type 90\rdebug1: Requesting no-more-sessions@openssh.com\rdebug3: send packet: type 80\rdebug1: Entering interactive session.\rdebug1: pledge: filesystem full\rdebug3: receive packet: type 80\rdebug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0\rdebug3: client_input_hostkeys: received RSA key SHA256:y7j2+X0eDHrJjPT3yvtphPJn96f5zdWhJHd1NCR5KgE\rdebug3: client_input_hostkeys: received ECDSA key SHA256:94uXUkX1Dtv7EfbjJ5AtoJchht5DqI+6qv+K7Zo2WX0\rdebug3: client_input_hostkeys: received ED25519 key SHA256:5qgDoZ2wLmGrg8sg76UjOpuT8r7ZPU86K27MzyjdoU0\rdebug1: client_input_hostkeys: searching /home/leion/.ssh/known_hosts for lfs9.0 / (none)\rdebug3: hostkeys_foreach: reading file \u0026#34;/home/leion/.ssh/known_hosts\u0026#34;\rdebug3: hostkeys_find: found ssh-ed25519 key at /home/leion/.ssh/known_hosts:16\rdebug3: hostkeys_find: found ssh-rsa key at /home/leion/.ssh/known_hosts:17\rdebug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/leion/.ssh/known_hosts:18\rdebug1: client_input_hostkeys: searching /home/leion/.ssh/known_hosts2 for lfs9.0 / (none)\rdebug1: client_input_hostkeys: hostkeys file /home/leion/.ssh/known_hosts2 does not exist\rdebug3: client_input_hostkeys: 3 server keys: 0 new, 3 retained, 0 incomplete match. 0 to remove\rdebug1: client_input_hostkeys: no new or deprecated keys from server\rdebug3: receive packet: type 4\rdebug1: Remote: /home/leion/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding\rdebug3: receive packet: type 4\rdebug1: Remote: /home/leion/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding\rdebug3: receive packet: type 91\rdebug2: channel_input_open_confirmation: channel 0: callback start\rdebug2: fd 3 setting TCP_NODELAY\rdebug3: set_sock_tos: set socket 3 IP_TOS 0x48\rdebug2: client_session2_setup: id 0\rdebug2: channel 0: request pty-req confirm 1\rdebug3: send packet: type 98\rdebug2: channel 0: request shell confirm 1\rdebug3: send packet: type 98\rdebug2: channel_input_open_confirmation: channel 0: callback done\rdebug2: channel 0: open confirm rwindow 0 rmax 32768\rdebug3: receive packet: type 99\rdebug2: channel_input_status_confirm: type 99 id 0\rdebug2: PTY allocation request accepted on channel 0\rdebug2: channel 0: rcvd adjust 2097152\rdebug3: receive packet: type 99\rdebug2: channel_input_status_confirm: type 99 id 0\rdebug2: shell request accepted on channel 0\rLast login: Fri Aug 13 03:25:05 2021 from 192.168.1.216\r-bash-5.0$ -bash-5.0$ -bash-5.0$ -bash-5.0$ sudo reboot^C\r-bash-5.0$ debug3: receive packet: type 98\rdebug1: client_input_channel_req: channel 0 rtype exit-status reply 0\rdebug3: receive packet: type 98\rdebug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0\rdebug2: channel 0: rcvd eow\rdebug2: chan_shutdown_read: channel 0: (i0 o0 sock -1 wfd 4 efd 6 [write])\rdebug2: channel 0: input open -\u0026gt; closed\rlogout\rdebug3: receive packet: type 96\rdebug2: channel 0: rcvd eof\rdebug2: channel 0: output open -\u0026gt; drain\rdebug2: channel 0: obuf empty\rdebug2: chan_shutdown_write: channel 0: (i3 o1 sock -1 wfd 5 efd 6 [write])\rdebug2: channel 0: output drain -\u0026gt; closed\rdebug3: receive packet: type 97\rdebug2: channel 0: rcvd close\rdebug3: channel 0: will not send data after close\rdebug2: channel 0: almost dead\rdebug2: channel 0: gc: notify user\rdebug2: channel 0: gc: user detached\rdebug2: channel 0: send close\rdebug3: send packet: type 97\rdebug2: channel 0: is dead\rdebug2: channel 0: garbage collecting\rdebug1: channel 0: free: client-session, nchannels 1\rdebug3: channel 0: status: The following connections are open:\r#0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1)\rdebug3: send packet: type 1\rdebug3: fd 1 is not O_NONBLOCK\rConnection to lfs9.0 closed.\rTransferred: sent 3300, received 3324 bytes, in 15.3 seconds\rBytes per second: sent 215.3, received 216.8\rdebug1: Exit status 130 root用户SSH秘钥登录：\nssh -vvv root@lfs9.0 OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021\rdebug1: Reading configuration data /home/leion/.ssh/config\rdebug1: /home/leion/.ssh/config line 1: Applying options for *\rdebug1: Reading configuration data /etc/ssh/ssh_config\rdebug3: expanded UserKnownHostsFile \u0026#39;~/.ssh/known_hosts\u0026#39; -\u0026gt; \u0026#39;/home/leion/.ssh/known_hosts\u0026#39;\rdebug3: expanded UserKnownHostsFile \u0026#39;~/.ssh/known_hosts2\u0026#39; -\u0026gt; \u0026#39;/home/leion/.ssh/known_hosts2\u0026#39;\rdebug2: resolving \u0026#34;lfs9.0\u0026#34; port 22\rdebug3: ssh_connect_direct: entering\rdebug1: Connecting to lfs9.0 [172.18.253.20] port 22.\rdebug3: set_sock_tos: set socket 3 IP_TOS 0x48\rdebug1: Connection established.\rdebug1: identity file /home/leion/.ssh/id_rsa type 0\rdebug1: identity file /home/leion/.ssh/id_rsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_dsa type -1\rdebug1: identity file /home/leion/.ssh/id_dsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa_sk type -1\rdebug1: identity file /home/leion/.ssh/id_ecdsa_sk-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519 type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519-cert type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519_sk type -1\rdebug1: identity file /home/leion/.ssh/id_ed25519_sk-cert type -1\rdebug1: identity file /home/leion/.ssh/id_xmss type -1\rdebug1: identity file /home/leion/.ssh/id_xmss-cert type -1\rdebug1: Local version string SSH-2.0-OpenSSH_8.6\rdebug1: Remote protocol version 2.0, remote software version OpenSSH_8.0\rdebug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000\rdebug2: fd 3 setting O_NONBLOCK\rdebug1: Authenticating to lfs9.0:22 as \u0026#39;root\u0026#39;\rdebug3: record_hostkey: found key type ED25519 in file /home/leion/.ssh/known_hosts:16\rdebug3: record_hostkey: found key type RSA in file /home/leion/.ssh/known_hosts:17\rdebug3: record_hostkey: found key type ECDSA in file /home/leion/.ssh/known_hosts:18\rdebug3: load_hostkeys_file: loaded 3 keys from lfs9.0\rdebug1: load_hostkeys: fopen /home/leion/.ssh/known_hosts2: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\rdebug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim\rdebug3: send packet: type 20\rdebug1: SSH2_MSG_KEXINIT sent\rdebug3: receive packet: type 20\rdebug1: SSH2_MSG_KEXINIT received\rdebug2: local client KEXINIT proposal\rdebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c\rdebug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa\rdebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: compression ctos: none,zlib@openssh.com,zlib\rdebug2: compression stoc: none,zlib@openssh.com,zlib\rdebug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal\rdebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\rdebug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519\rdebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\rdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\rdebug2: compression ctos: none,zlib@openssh.com\rdebug2: compression stoc: none,zlib@openssh.com\rdebug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256\rdebug1: kex: host key algorithm: ssh-ed25519\rdebug1: kex: server-\u0026gt;client cipher: chacha20-poly1305@openssh.com MAC: \u0026lt;implicit\u0026gt; compression: none\rdebug1: kex: client-\u0026gt;server cipher: chacha20-poly1305@openssh.com MAC: \u0026lt;implicit\u0026gt; compression: none\rdebug3: send packet: type 30\rdebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\rdebug3: receive packet: type 31\rdebug1: SSH2_MSG_KEX_ECDH_REPLY received\rdebug1: Server host key: ssh-ed25519 SHA256:5qgDoZ2wLmGrg8sg76UjOpuT8r7ZPU86K27MzyjdoU0\rdebug3: record_hostkey: found key type ED25519 in file /home/leion/.ssh/known_hosts:16\rdebug3: record_hostkey: found key type RSA in file /home/leion/.ssh/known_hosts:17\rdebug3: record_hostkey: found key type ECDSA in file /home/leion/.ssh/known_hosts:18\rdebug3: load_hostkeys_file: loaded 3 keys from lfs9.0\rdebug1: load_hostkeys: fopen /home/leion/.ssh/known_hosts2: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\rdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\rdebug1: Host \u0026#39;lfs9.0\u0026#39; is known and matches the ED25519 host key.\rdebug1: Found key in /home/leion/.ssh/known_hosts:16\rdebug3: send packet: type 21\rdebug2: set_newkeys: mode 1\rdebug1: rekey out after 134217728 blocks\rdebug1: SSH2_MSG_NEWKEYS sent\rdebug1: expecting SSH2_MSG_NEWKEYS\rdebug3: receive packet: type 21\rdebug1: SSH2_MSG_NEWKEYS received\rdebug2: set_newkeys: mode 0\rdebug1: rekey in after 134217728 blocks\rdebug1: Will attempt key: /home/leion/.ssh/id_rsa RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug1: Will attempt key: /home/leion/.ssh/id_dsa debug1: Will attempt key: /home/leion/.ssh/id_ecdsa debug1: Will attempt key: /home/leion/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/leion/.ssh/id_ed25519 debug1: Will attempt key: /home/leion/.ssh/id_ed25519_sk debug1: Will attempt key: /home/leion/.ssh/id_xmss debug2: pubkey_prepare: done\rdebug3: send packet: type 5\rdebug3: receive packet: type 7\rdebug1: SSH2_MSG_EXT_INFO received\rdebug1: kex_input_ext_info: server-sig-algs=\u0026lt;ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\u0026gt;\rdebug3: receive packet: type 6\rdebug2: service_accept: ssh-userauth\rdebug1: SSH2_MSG_SERVICE_ACCEPT received\rdebug3: send packet: type 50\rdebug3: receive packet: type 51\rdebug1: Authentications that can continue: publickey,password,keyboard-interactive\rdebug3: start over, passed a different list publickey,password,keyboard-interactive\rdebug3: preferred publickey,keyboard-interactive,password\rdebug3: authmethod_lookup publickey\rdebug3: remaining preferred: keyboard-interactive,password\rdebug3: authmethod_is_enabled publickey\rdebug1: Next authentication method: publickey\rdebug1: Offering public key: /home/leion/.ssh/id_rsa RSA SHA256:UXDMPHJtm3qgRkqPhOLEoGtkmpe1YeGshOPnfmLdIZU\rdebug3: send packet: type 50\rdebug2: we sent a publickey packet, wait for reply\rdebug3: receive packet: type 51\rdebug1: Authentications that can continue: publickey,password,keyboard-interactive\rdebug1: Trying private key: /home/leion/.ssh/id_dsa\rdebug3: no such identity: /home/leion/.ssh/id_dsa: No such file or directory\rdebug1: Trying private key: /home/leion/.ssh/id_ecdsa\rdebug3: no such identity: /home/leion/.ssh/id_ecdsa: No such file or directory\rdebug1: Trying private key: /home/leion/.ssh/id_ecdsa_sk\rdebug3: no such identity: /home/leion/.ssh/id_ecdsa_sk: No such file or directory\rdebug1: Trying private key: /home/leion/.ssh/id_ed25519\rdebug3: no such identity: /home/leion/.ssh/id_ed25519: No such file or directory\rdebug1: Trying private key: /home/leion/.ssh/id_ed25519_sk\rdebug3: no such identity: /home/leion/.ssh/id_ed25519_sk: No such file or directory\rdebug1: Trying private key: /home/leion/.ssh/id_xmss\rdebug3: no such identity: /home/leion/.ssh/id_xmss: No such file or directory\rdebug2: we did not send a packet, disable method\rdebug3: authmethod_lookup keyboard-interactive\rdebug3: remaining preferred: password\rdebug3: authmethod_is_enabled keyboard-interactive\rdebug1: Next authentication method: keyboard-interactive\rdebug2: userauth_kbdint\rdebug3: send packet: type 50\rdebug2: we sent a keyboard-interactive packet, wait for reply\rdebug3: receive packet: type 51\rdebug1: Authentications that can continue: publickey,password,keyboard-interactive\rdebug3: userauth_kbdint: disable: no info_req_seen\rdebug2: we did not send a packet, disable method\rdebug3: authmethod_lookup password\rdebug3: remaining preferred: debug3: authmethod_is_enabled password\rdebug1: Next authentication method: password\rroot@lfs9.0\u0026#39;s password: diff 对比两者输出注意到在使用秘钥协商的时候root用户登录过程相比普通用户登录过程的不同之处的关键点在于：\n...\rdebug3: send packet: type 50\rdebug3: receive packet: type 51\r... 原因： 使用命令 ls -alh -d /root 发现 /root 目录的属主是 nobody。\nls -alh -d /root drwxr-x--- 8 nobody root 4.0K 8月 12 15:18 /root 解决方法： 修正权限问题：\nchown -R root.root /root\rchmod 0550 /root\rchmod 0700 /root/.ssh\rchmod 0600 /root/.ssh/authorized_keys 总结： 重新梳理错误原因：客户端在用秘钥协商认证方式后，服务端由于对 root 的家目录（/root）不正确的权限问题影响无法读取 /root/.ssh/authorized_keys 文件因此无法验证公钥信息，也就是说服务器端已经接受导入了客户端的公钥，但登录认证时无法使用该公钥加密ssh通讯信道，从而无法认证客户端的登录操作。\n参考： sshd - SSH-Key authentication fails - Super User centos7 - Unable to ssh with authorized keys, password always prompted - Server Fault Linux配置使用SSH Key登录并禁用root密码登录 - alterem - 博客园\n","permalink":"https://leiontong.github.io/posts/ssh-key-authentication-fails/","summary":"\u003ch1 id=\"记一次root用户进行秘钥登录验证失败问题\"\u003e记一次root用户进行秘钥登录验证失败问题\u003c/h1\u003e\n\u003ch2 id=\"现象描述\"\u003e现象描述：\u003c/h2\u003e\n\u003cp\u003e在一次常规给 root 用户配置秘钥登录过程中，通过命令  \u003ccode\u003essh-copy-id\u003c/code\u003e 正常导入秘钥到服务器端，在服务器上的 authorized_keys 文件里也能查到客户端的公钥信息，但使用秘钥登录时候仍然提示输入密码。\u003c/p\u003e\n\u003ch2 id=\"问题分析\"\u003e问题分析：\u003c/h2\u003e","title":"SSH-Key-authentication-fails"},{"content":"Git清理删除历史提交文件 1.垃圾回收 先进行垃圾回收，并压缩一些文件\n$ git gc --prune=now Git最初向磁盘中存储对象使用松散的格式，后续会将多个对象打包为一个二进制的包文件（packfile），以节省磁盘空间\n.pack文件存储了对象的内容\n.idx文件存储了包文件的偏移信息，用于`索引具体的对象\n打包对象时，查找命名和大小相近的文件，保留文件不同版本之间的差异（最新一版保存完整内容，访问频率最高）\n2.查找大文件 使用git rev-list --objects —all显示所有commit及其所关联的所有对象：\n$ git rev-list --objects --all | grep \u0026#34;$(git verify-pack -v .git/objects/pack/*.idx | sort -k 3 -n | tail -3 | awk \u0026#39;{print$1}\u0026#39;)\u0026#34; e9461c55c3b8807351909cf7bb46eb22a8df5533 README.md b866711af76e7d7cc87d9828f8ddde8ea865d053 bigqin 8d675f2ad83219ad4ebe34fe4dcac3a7139002ea bigqin verify-pack -v *.idx：查看压缩包内容\n3.删除指定的大文件 $ git filter-branch --force --index-filter \u0026#34;git rm -rf --cached --ignore-unmatch bigqin\u0026#34; --prune-empty --tag-name-filter cat -- --all Rewrite bf551acd0ca40a5671bcf2d4cad83a999b8baf52 (10/16) (0 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite d1d31551ecb36d362fd1051152f1fc886e4df95c (11/16) (0 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite da902adff9f3f890aa4c3304c5ac6d1e14f589da (12/16) (0 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite c96090316c3600e6e190cb9f99cf14a58f6f09ca (13/16) (0 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite 9d6c9194d76c5e0aa6c9119445681c9fbdf735a3 (14/16) (1 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite b1e2f243a559547e3a0f5eaa18f6a31a35eaa57a (14/16) (1 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; Rewrite ac49fbb891648b73bbd31b4e82b56bbd71254384 (14/16) (1 seconds passed, remaining 0 predicted) rm \u0026#39;bigqin\u0026#39; ..... filter-branch 命令通过一个filter来重写历史提交，这个filter针对指定的所有分支(rev-list)运行。\n--index-filter：过滤Git仓库的index，该过滤命令作用于git rm -rf --cached --ignore-unmatch bigqin。不checkout到working directory，只修改index的文件，速度快。\n--cached会删除index中的文件\n--ignore-unmatch：如果没匹配到文件，不会报错，会继续执行命令\n最后一个参数file/directory是要被删除的文件的名字\n--prune-empty：指示git filter-branch 完全删除所有的空commit。\n-–tag-name-filter：将每个tag指向重写后的commit。\ncat命令会在收到tag时返回tag名称\n–-选项用来分割 rev-list 和 filter-branch 选项\n--all参数告诉Git我们需要重写所有分支（或引用）。\n注意：git rm 这一行命令使用双引号\u0026quot;git rm -rf --cached --ignore-unmatch bigqin\u0026quot;\n4.删除缓存 移除本地仓库中指向旧提交的剩余refs，git for-each-ref 会打印仓库中匹配refs/original的所有refs，并使用delete作为前缀，此命令通过管道传送到 git update-ref 命令，该命令会移除所有指向旧commit的引用。\n$ git for-each-ref --format=\u0026#39;delete %(refname)\u0026#39; refs/original | git update-ref --stdin 以下命令会使reflog到期，因为它依然包含着对旧commit的引用。使用--expire=now 参数，确保它在目前为止到期了。如果没有该参数，只会移除超过90天的reflog。\n$ git reflog expire --expire=now --all 现在本地仓库依然包含着所有旧commit的对象，但已经没有引用指向它们了，这些对象需要被删除掉。此时可以使用 git gc 命令，Git的垃圾回收器会删除这些没有引用指向的对象。\n$ git gc --prune=now gc使用--prune 参数来清理特定时期的对象，默认情况下为2周，指定now将删除所有这些对象而没有时期限制。\n$ du -sh .git 104K .git 此时，.git文件的大小只有104k了。\n7.提交重写的历史到远程 如果确认所做的删除大文件操作没有问题，就可以提交到远程仓库了，一旦提交，再也没有办法恢复到原来的状态，一定要小心谨慎！一定要小心谨慎！一定要小心谨慎！\n先进行备份工作，以免出现问题：\n$ cd ~/Desktop/ $ mkdir gitthin_mirror \u0026amp;\u0026amp; cd gitthin_mirror $ git clone --mirror git@gitee.com:coderhony/gitthin.git 再回到刚才做的已经瘦身的Git仓库\n$ cd ~/Desktop/gitthin/gitthin 把已瘦身的仓库同步到远程仓库，使用—mirror参数：\n$ git push --mirror git@gitee.com:coderhony/gitthin.git 为了确保都已同步，再执行以下命令：\n$ git push --all --force Everything up-to-date $ git push --tags --force Everything up-to-date 8.更新其他的clone 在过滤存储库，并重写提交历史后，将更改强制推送到远程服务器之后。现在要更新该存储库的每一份clone，仅靠常用的pull是无法做到这一点的。\n第一步是从远程服务器获取存储库，使用git reset 将存储库从 origin/master 切换到旧存储库状态。\n$ git fetch origin $ git reset --hard origin/master 和上面的一样，需要删除旧提交，清理本地仓库\n$ git for-each-ref --format=\u0026#39;delete %(refname)\u0026#39; refs/original | git update-ref --stdin $ git reflog expire --expire=now --all $ git gc --prune=now Article: https://www.jianshu.com/p/7ace3767986a ","permalink":"https://leiontong.github.io/posts/git-remove-file-from-history/","summary":"\u003ch1 id=\"git清理删除历史提交文件\"\u003eGit清理删除历史提交文件\u003c/h1\u003e\n\u003ch5 id=\"1垃圾回收\"\u003e1.垃圾回收\u003c/h5\u003e\n\u003cp\u003e先进行垃圾回收，并压缩一些文件\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$ git gc --prune\u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003enow\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eGit最初向磁盘中存储对象使用\u003ccode\u003e松散\u003c/code\u003e的格式，后续会将多个对象打包为一个二进制的\u003ccode\u003e包文件\u003c/code\u003e（\u003ccode\u003epackfile\u003c/code\u003e），以\u003ccode\u003e节省磁盘空间\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e.pack\u003c/code\u003e文件存储了\u003ccode\u003e对象的内容\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e.idx\u003c/code\u003e文件存储了\u003ccode\u003e包文件\u003c/code\u003e的\u003ccode\u003e偏移信息\u003c/code\u003e，用于`索引具体的对象\u003c/p\u003e\n\u003cp\u003e打包对象时，查找命名和大小相近的文件，保留文件\u003ccode\u003e不同版本之间的差异\u003c/code\u003e（\u003ccode\u003e最新一版保存完整内容\u003c/code\u003e，访问频率最高）\u003c/p\u003e\n\u003ch5 id=\"2查找大文件\"\u003e2.查找大文件\u003c/h5\u003e","title":"Git清理删除历史提交文件"},{"content":"sshd_config误删除如何恢复？ 方法1，拷贝默认配置文件：\ncp /usr/share/openssh/sshd_config /etc/ssh/ 记得校正配置，例如：\n#PermitRootLogin prohibit-password\rPermitRootLogin yes\rX11Forwarding yes 方法2，卸载重装软件包：\napt purge openssh-server\rapt install openssh-server ","permalink":"https://leiontong.github.io/posts/sshd-config-accidental-deletion-recovery/","summary":"\u003ch1 id=\"sshd_config误删除如何恢复\"\u003esshd_config误删除如何恢复？\u003c/h1\u003e\n\u003cp\u003e方法1，拷贝默认配置文件：\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003ecp /usr/share/openssh/sshd_config /etc/ssh/\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003e记得校正配置，例如：\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e#PermitRootLogin prohibit-password\r\nPermitRootLogin yes\r\nX11Forwarding yes\n\u003c/code\u003e\u003c/pre\u003e","title":"sshd_config误删除如何恢复？"},{"content":"SSH的X11转发\u0026ndash;在本地 Linux OS 桌面显示器上运行远程 Linux OS 的应用 原理 SSH的X11转发原理\u0026ndash;来自ssh的manpage： 如果 ForwardX11 变量设为 “yes” (或参见后面对 -X 和 -x 选项的描述), 并且用户正在使用 X11 (设置了 DISPLAY 环境变量), 和 X11 显示器的连接将自动以这种形式转发到远端: 任何用 shell 或命令启动的 X11 程序将穿过加密的通道, 从本地机器连接真正的 X 服务器. 用户不应该手动设置 DISPLAY. 可以在命令行上, 也可以在配置文件中设置 X11 连接的转发. ssh 设置的 DISPLAY 值将指向服务器, 但是显示器号大于零. 这很自然, 因为 ssh 在服务器上创建了一个 “proxy” X 服务器,把连接通过加密通道转发出去.\n从原理来讲，对于用户login来说，本地主机是客户端（SSH Client），远程主机是服务端（SSH Server）；对于X11程序来说，本地主机是服务端(X Server)，远程主机是客户端(X Client)。\n从实际使用体验来说，是用户在本地主机通过 SSH Client 登录到启用了 X11 转发功能的远程主机的 SSH Server 上执行 GUI 图形界面程序，此时本地主机的显示器(X Server DISPLAY)上会呈现远程主机的GUI程序的图形界面。\n预准备 Linux SSH协议中的角色 X协议中的角色 OS IP 本地Linux操作系统 SSH Client X Server ArchLinux 172.18.253.70 远程Linux操作系统 SSH Server X Client CentOS 172.18.253.19 本地Linux操作系统(X Server)操作 安装依赖： xauth用于授权，fonts用于字体显示。 Arch系统，执行： sudo pacman -S xorg-xauth xorg-fonts-* 其他发行版软件包名称可能是 xorg-x11-xauth 和 xorg-x11-fonts-*。 远程Linux操作系统(X Client)操作 配置sshd sudo vim /etc/ssh/sshd_config\r...\rX11Forwarding yes\t#允许X11转发\rX11UseLocalhost no\t#禁止将X11转发请求绑定到本地回环地址上\rAddressFamily inet\t#（可选）强制使用IPv4通道。\r... 重启服务：systemctl restart sshd\n安装实验用GUI程序，采用 xclock，一个简单的时钟。 CentOS系统，执行： sudo yum install xclock\n实验 本地Linux操作系统(X Server)通过ssh连接远程Linux操作系统(X Client)，注意选项 -X ssh -X 172.18.253.19 xclock 此时会直接在本地的X Server DISPLAY上（也就是本地的显示器上）打开xclock的GUI图形界面。\n当然也可以ssh -X 172.18.253.19登录后执行xclock命令，同样的效果。\n","permalink":"https://leiontong.github.io/posts/ssh-x11-forwarding-run-remote-app-on-local-display/","summary":"\u003ch1 id=\"ssh的x11转发在本地-linux-os-桌面显示器上运行远程-linux-os-的应用\"\u003eSSH的X11转发\u0026ndash;在本地 Linux OS 桌面显示器上运行远程 Linux OS 的应用\u003c/h1\u003e\n\u003ch2 id=\"原理\"\u003e原理\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSSH的X11转发原理\u0026ndash;来自ssh的manpage：\n如果 ForwardX11 变量设为 “yes” (或参见后面对 -X 和 -x 选项的描述), 并且用户正在使用 X11 (设置了 DISPLAY 环境变量), 和 X11 显示器的连接将自动以这种形式转发到远端: 任何用 shell 或命令启动的 X11 程序将穿过加密的通道, 从本地机器连接真正的 X 服务器. 用户不应该手动设置 DISPLAY.  可以在命令行上, 也可以在配置文件中设置 X11 连接的转发.\nssh 设置的 DISPLAY 值将指向服务器, 但是显示器号大于零. 这很自然, 因为 ssh 在服务器上创建了一个 “proxy” X 服务器,把连接通过加密通道转发出去.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e从原理来讲，对于用户login来说，本地主机是客户端（SSH Client），远程主机是服务端（SSH Server）；对于X11程序来说，本地主机是服务端(X Server)，远程主机是客户端(X Client)。\u003c/p\u003e\n\u003cp\u003e从实际使用体验来说，是用户在本地主机通过 SSH Client 登录到启用了 X11 转发功能的远程主机的 SSH Server 上执行 GUI 图形界面程序，此时本地主机的显示器(X Server DISPLAY)上会呈现远程主机的GUI程序的图形界面。\u003c/p\u003e\n\u003ch2 id=\"预准备\"\u003e预准备\u003c/h2\u003e","title":"SSH的X11转发--在本地 Linux OS 桌面显示器上运行远程 Linux OS 的应用"},{"content":"joplin-cli_config # 配置joplin-cli joplin-cli config joplin-cli config dateFormat YYYY-MM-DD joplin-cli config locale zh_CN joplin-cli config revisionService.enabled false joplin-cli config sync.target 2 # joplin-cli config sync.2.path /home/leion/Nextcloud/Joplin/ joplin-cli config sync.2.path /home/leion/Nextcloud-nc.nl.tab.digital-leitong1990@gmail/Joplin/ joplin-cli sync # 配置用户默认编辑器 echo \u0026#39;export EDITOR=/usr/bin/nvim\u0026#39; \u0026gt;\u0026gt; ~/.profile # 退出joplin-cli 输入\u0026#34;:exit\u0026#34;后按\u0026#34;Enter\u0026#34;键。 或者： 输入\u0026#34;:(英文冒号)\u0026#34;后，再按\u0026#34;Ctrl+d\u0026#34;键。 ","permalink":"https://leiontong.github.io/posts/joplin-cli_config/","summary":"\u003ch1 id=\"joplin-cli_config\"\u003ejoplin-cli_config\u003c/h1\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-sh\" data-lang=\"sh\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# 配置joplin-cli\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config dateFormat YYYY-MM-DD\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config locale zh_CN\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config revisionService.enabled false\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config sync.target \u003cspan style=\"color:#ae81ff\"\u003e2\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# joplin-cli config sync.2.path /home/leion/Nextcloud/Joplin/\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli config sync.2.path /home/leion/Nextcloud-nc.nl.tab.digital-leitong1990@gmail/Joplin/\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ejoplin-cli sync\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"joplin-cli_config"},{"content":"Joplin-desktop_改变编辑字体样式和调整markdown渲染效果字体大小 打开设置-\u0026gt;外观-\u0026gt;高级选项 适用于已渲染 Markdown 的自定义样式表 -\u0026gt; userstyle.css -\u0026gt; 影响展示区域字体样式。 适用于 Joplin 全域应用样式的自定义样式表 -\u0026gt; userchrome.css -\u0026gt; 影响了除展示区域的字体样式。\n从typera拷贝出来的CSS，可以直接放进userchrome.css 和 userstyle.css *{font-family: -apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;\r-webkit-font-smoothing: antialiased;\r} 调整markdown渲染字体大小，外观-\u0026gt;显示高级选项-\u0026gt;适用于已渲染 Markdown 的自定义样式表-\u0026gt;编辑。 body, th, td, .inline-code {\rfont-size: 18px;\r}\rh2 {\rbackground-color: #46515c;\rcolor:white;\r} 编辑器字体族 Cascadia Code\nReference: https://java-er.com/blog/joplin-css-font/ https://cloud.tencent.com/developer/article/1655173 https://blog.csdn.net/heimu24/article/details/81189700\n","permalink":"https://leiontong.github.io/posts/joplin-desktop-change-editor-font-and-markdown-render/","summary":"\u003ch1 id=\"joplin-desktop_改变编辑字体样式和调整markdown渲染效果字体大小\"\u003eJoplin-desktop_改变编辑字体样式和调整markdown渲染效果字体大小\u003c/h1\u003e\n\u003col\u003e\n\u003cli\u003e打开设置-\u0026gt;外观-\u0026gt;高级选项\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e适用于已渲染 Markdown 的自定义样式表 -\u0026gt; userstyle.css -\u0026gt; 影响展示区域字体样式。\n适用于 Joplin 全域应用样式的自定义样式表 -\u0026gt; userchrome.css -\u0026gt; 影响了除展示区域的字体样式。\u003c/p\u003e\n\u003col start=\"2\"\u003e\n\u003cli\u003e从typera拷贝出来的CSS，可以直接放进userchrome.css 和 userstyle.css\u003c/li\u003e\n\u003c/ol\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e*{font-family: -apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;\r\n    -webkit-font-smoothing: antialiased;\r\n}\n\u003c/code\u003e\u003c/pre\u003e","title":"Joplin-desktop_改变编辑字体样式和调整markdown渲染效果字体大小"},{"content":"KDE Beautify 外观 主题存放在哪里？\n全局主题 /usr/share/plasma/look-and-feel/\n~/.local/share/plasma/look-and-feel/\nPlasma 样式 ~/.local/share/plasma/desktoptheme/\n/usr/share/plasma/desktoptheme/\n应用程序风格 - 窗口装饰 /usr/share/aurorae/themes/\n~/.local/share/aurorae/themes/\n颜色 /usr/share/color-schemes/\n图标 /usr/share/icons/\n~/.local/share/icons/\n字体 /usr/share/fonts ~/.fonts\n光标 工作区 开机和关机 - 登录屏幕 (SDDM) /usr/share/sddm/themes/\n~/.local/share/sddm/themes/\n开机和关机 - 欢迎屏幕 壁纸 /usr/share/backgrounds/\n~/.local/share/backgrounds/\nDock sudo pacman -S plank #首选，流畅\rsudo pacman -S latte-dock 社区或AUR收录的主题/图标/登录屏幕 (SDDM)/壁纸推荐安装： AdaptaBreath\nsudo pacman -S plasma5-theme-adaptabreath maia-cursor-theme papirus-maia-icon-theme noto-fonts-compat Breath2\nsudo pacman -S breath2-icon-themes #图标\rsudo pacman -S breath2-wallpaper #壁纸\rsudo pacman -S plasma5-themes-breath2 #全局主题\rsudo pacman -S sddm-breath2-theme #登录屏幕 (SDDM) infinity\nsudo pacman -S plasma-theme-infinitybook #全局主题\rsudo pacman -S wallpapers-infinity-book #壁纸 maia\nsudo pacman -S plasma5-themes-maia\rsudo pacman -S manjaro-openbox-maia archlinux sudo pacman -S archlinuxcn/plasma-theme-archlinux #全局主题\nPapirusDevelopmentTeam/papirus-icon-theme: Papirus icon theme for Linux sudo pacman -S papirus-icon-theme #图标\nPapirusDevelopmentTeam/adapta-kde: Adapta KDE customization sudo pacman -S adapta-kde #全局主题\nPapirusDevelopmentTeam/arc-kde: Arc KDE customization sudo pacman -S arc-kde #全局主题\nPapirusDevelopmentTeam/materia-kde: Materia KDE customization sudo pacman -S materia-kde #全局主题\nChromeOS\nyay -S kvantum-theme-chromeos-git chromeos-kde-git #全局主题\ryay -S chromeos-gtk-theme #GTK主题\rsudo pacman -S archlinuxcn/tela-icon-theme-git #图标 aex yay -S plasma5-theme-aex-nomad-git plasma5-theme-aex-nomad-dark-git #全局主题\nFlat Remix ICON theme sudo pacman -S archlinuxcn/flat-remix-git #图标\nMcMojave-circle\nsudo pacman -S archlinuxcn/mcmojave-circle-icon-theme-git #图标\rsudo pacman -S archlinuxcn/numix-circle-icon-theme-git #继承自图标 Citrus icon theme sudo pacman -S aur/citrus-icon-theme-git\nAura KDE | Aura Sddm Theme\ngit clone https://github.com/yeyushengfan258/Aura-kde.git\rcd Aura-kde\r./install.sh\rcd sddm\rsudo ./install.sh Sweet KDE\nyay -S aur/sddm-theme-sugar-candy-git #登录屏幕 (SDDM)\ryay -S aur/sweet-kde-git #全局主题\ryay -S aur/candy-icons-git #图标 Chili login theme for SDDM yay -S aur/chili-sddm-theme #登录屏幕 (SDDM) Chili login theme for KDE Plasma\n自定义主题 如果对主题不满意可以使用 kvantummanager 来修改主题。 sudo pacman -S kvantum-qt5 ~/.config/Kvantum ","permalink":"https://leiontong.github.io/posts/kde-plasma-beautify-theme/","summary":"\u003ch1 id=\"kde-beautify\"\u003eKDE Beautify\u003c/h1\u003e\n\u003ch2 id=\"外观\"\u003e外观\u003c/h2\u003e\n\u003cp\u003e主题存放在哪里？\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e全局主题\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e/usr/share/plasma/look-and-feel/\u003c/p\u003e\n\u003cp\u003e~/.local/share/plasma/look-and-feel/\u003c/p\u003e","title":"KDE-Plasma-Beautify-主题美化"},{"content":"npm安装并配置国内镜像源(阿里云 npmmirror 镜像站) npm安装 官网下载nodejs安装包并安装：https://nodejs.org。nodejs自带npm，实际上npm是nodejs的包管理器。\nnpm国内镜像源(阿里云 npmmirror 镜像站) npmmirror 中国镜像站\n使用说明 你可以使用我们定制的 cnpm (gzip 压缩支持) 命令行工具代替默认的 npm:\n$ npm install -g cnpm --registry=https://registry.npmmirror.com 或者你直接通过添加 npm 参数 alias 一个新命令:\nalias cnpm=\u0026#34;npm --registry=https://registry.npmmirror.com \\ --cache=$HOME/.npm/.cache/cnpm \\ --disturl=https://npmmirror.com/mirrors/node \\ --userconfig=$HOME/.cnpmrc\u0026#34; # Or alias it in .bashrc or .zshrc $ echo \u0026#39;\\n#alias for cnpm\\nalias cnpm=\u0026#34;npm --registry=https://registry.npmmirror.com \\ --cache=$HOME/.npm/.cache/cnpm \\ --disturl=https://npmmirror.com/mirrors/node \\ --userconfig=$HOME/.cnpmrc\u0026#34;\u0026#39; \u0026gt;\u0026gt; ~/.zshrc \u0026amp;\u0026amp; source ~/.zshrc 安装模块 $ cnpm install [name] 同步模块 直接通过 sync 命令马上同步一个模块, 只有 cnpm 命令行才有此功能:\n$ cnpm sync express 当然, 你可以直接通过 web 方式来同步: /sync/express\n$ open https://npmmirror.com/sync/express 其它命令 支持 npm 除了 publish 之外的所有命令, 如:\n$ cnpm info express ","permalink":"https://leiontong.github.io/posts/npm-install-configure-taobao-mirror/","summary":"\u003ch1 id=\"npm安装并配置国内镜像源阿里云-npmmirror-镜像站\"\u003enpm安装并配置国内镜像源(阿里云 npmmirror 镜像站)\u003c/h1\u003e\n\u003ch2 id=\"npm安装\"\u003enpm安装\u003c/h2\u003e\n\u003cp\u003e官网下载nodejs安装包并安装：\u003ca href=\"https://nodejs.org\"\u003ehttps://nodejs.org\u003c/a\u003e。nodejs自带npm，实际上npm是nodejs的包管理器。\u003c/p\u003e\n\u003ch2 id=\"npm国内镜像源阿里云-npmmirror-镜像站\"\u003enpm国内镜像源(阿里云 npmmirror 镜像站)\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003ca href=\"https://npmmirror.com/\"\u003enpmmirror 中国镜像站\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3 id=\"使用说明\"\u003e使用说明\u003c/h3\u003e\n\u003cp\u003e你可以使用我们定制的 \u003ca href=\"https://github.com/cnpm/cnpm\"\u003ecnpm\u003c/a\u003e (gzip 压缩支持) 命令行工具代替默认的 \u003ccode\u003enpm\u003c/code\u003e:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$ npm install -g cnpm --registry\u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003ehttps://registry.npmmirror.com\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"npm安装并配置国内镜像源(阿里云 npmmirror 镜像站)"},{"content":"无效或已损坏的软件包 (PGP 签名) 现象 提示：无效或已损坏的软件包 (PGP 签名)。出现Keys错误，签名失败，导致 ArchLinux/Manjaro 无法正常升级或者安装软件。\n方法1：\nsud vim /etc/pacman.conf\r...\r[archlinuxcn]\rSigLevel = Never #SigLevel的值改为 Never 或 Optional TrustAll\r...\rsudo pacman -Syu 方法2： 1,移除旧的keys sudo rm -rf /etc/pacman.d/gnupg\n2,初始化pacman的keys sudo pacman-key --init 3,加载签名的keys sudo pacman-key --populate archlinux archlinuxcn manjaro 4,刷新升级已经签名的keys sudo pacman-key --refresh-keys 5,清空并且下载新数据 sudo pacman -Sc 6,更新 sudo pacman -Syu\n","permalink":"https://leiontong.github.io/posts/invalid-or-corrupted-package/","summary":"\u003ch1 id=\"无效或已损坏的软件包-pgp-签名\"\u003e无效或已损坏的软件包 (PGP 签名)\u003c/h1\u003e\n\u003ch2 id=\"现象\"\u003e现象\u003c/h2\u003e\n\u003cp\u003e提示：无效或已损坏的软件包 (PGP 签名)。出现Keys错误，签名失败，导致 ArchLinux/Manjaro 无法正常升级或者安装软件。\u003c/p\u003e\n\u003cp\u003e方法1：\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esud vim /etc/pacman.conf\r\n...\r\n[archlinuxcn]\r\nSigLevel = Never   #SigLevel的值改为 Never 或 Optional TrustAll\r\n...\r\n\r\n\r\nsudo pacman -Syu\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003e方法2：\n1,移除旧的keys\n\u003ccode\u003esudo rm -rf /etc/pacman.d/gnupg\u003c/code\u003e\u003c/p\u003e","title":"无效或已损坏的软件包 (PGP 签名)"},{"content":"Linux上的笔记软件和网盘\u0026ndash;多平台同步解决方案 支持云同步的笔记客户端 nixnote2 Nixnote2是evernote的第三方客户端通过API接口实现同步，不会占用免费用户的同步设备数量。\nwiznote 为知笔记，优良的跨平台笔记软件，支持多级目录和多标签，以及markdown，试用100天。\n有道云笔记 YNote 官方不支持Linux操作系统，Linux上只能使用第三方通过Electron封装版或者网页版。\nSimplenote 很有前途的一个软件，支持多平台同步，问题是国内同步速度太慢，导致容易弄乱笔记。\nJoplin Joplin - 跨平台开源免费 Markdown 笔记应用，配合NextCloud、WebDAV食用效果更佳。\nJoplin 的特色：\n全(跨)平台支持，提供了桌面版、手机移动版以及命令行版客户端\n网页剪藏插件 (支持 Chrome 和 FireFox)\n支持端到端加密 (End To End Encryption / E2EE)\n可完全离线使用，不上传任何数据\n也可搭配各种主流网盘同步，比如 OneDrive、NextCloud、Dropbox,、WebDAV 等\n支持导入印象笔记的 .enex 备份文件，支持导入 Markdown 文档\n可以导出：JEX （Joplin 导出格式）备份，或 MD、TXT、PDF、JASON 等格式\n支持记录笔记、待办事项，支持使用标签和笔记本进行整理\n支持中文全文搜索\n支持 Markdown 语法，可以显示出图片和排版\n支持插入附件\n支持使用外置编辑器打开和修改笔记\nGitNote 国人开发，基于Git，支持同步至Github。\n本地编辑器 atom typora neovim oni https://atom.io/\nhttps://typora.io/\nhttps://neovim.io/\nhttps://github.com/onivim/oni\nQownnotes: https://www.qownnotes.org/\n支持API同步至OwnCloud、NextCloud。\n启用深色系统图标与托盘图标 显示系统托盘图标 强制系统图标主题 VNote: https://tamlok.github.io/vnote/zh_cn/\nhttps://github.com/tamlok/vnote/blob/master/README_zh.md\n网盘： NutStore\n坚果云，全平台同步，速度快，按流量限制，支持WebDAV。\nMEGAsync\nmega.nz，国外的网盘，免费容量50g，速度还可以。\nOneDrive\n微软Win10自带，免费用户默认5G空间，同步速度很快，网页版打开速度有点儿慢，Windows、安卓、iOS有客户端。\nNextcloud\nProviders – Nextcloud\nMore \u0026hellip; https://wiki.archlinux.org/index.php/List_of_applications_(简体中文)#笔记\n基于云的解决方案，本地编辑，云端存储 atom + 各种markdown插件 + hexo + github pages\nvimwiki + Github/Gitee 私有仓库\ntypora + Gitbook\nboostnote\nturtl\n","permalink":"https://leiontong.github.io/posts/linux-note-app-and-cloud-drive-cross-platform-sync/","summary":"\u003ch1 id=\"linux上的笔记软件和网盘多平台同步解决方案\"\u003eLinux上的笔记软件和网盘\u0026ndash;多平台同步解决方案\u003c/h1\u003e\n\u003ch2 id=\"支持云同步的笔记客户端\"\u003e支持云同步的笔记客户端\u003c/h2\u003e\n\u003ch3 id=\"nixnote2\"\u003enixnote2\u003c/h3\u003e\n\u003cp\u003eNixnote2是evernote的第三方客户端通过API接口实现同步，不会占用免费用户的同步设备数量。\u003c/p\u003e\n\u003ch3 id=\"wiznote\"\u003ewiznote\u003c/h3\u003e\n\u003cp\u003e为知笔记，优良的跨平台笔记软件，支持多级目录和多标签，以及markdown，试用100天。\u003c/p\u003e\n\u003ch3 id=\"有道云笔记-ynote\"\u003e有道云笔记 YNote\u003c/h3\u003e","title":"Linux上的笔记软件和网盘--多平台同步解决方案"},{"content":"Nginx 403 forbidden 问题全面解析 2020/07/16 15:48:34 [error] 2220#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.253.20, server: _, request: \u0026#34;GET / HTTP/1.1\u0026#34;, upstream: \u0026#34;http://[::1]:8001/\u0026#34;, host: \u0026#34;172.18.253.20\u0026#34;\r2020/07/16 15:48:34 [error] 2221#0: *4 \u0026#34;/home/leion/www/nginx_server_8001/index.html\u0026#34; is forbidden (13: Permission denied), client: 127.0.0.1, server: _, request: \u0026#34;GET / HTTP/1.0\u0026#34;, host: \u0026#34;172.18.253.20\u0026#34; 上面的报错有两个问题，第一个是 nginx 负载均衡连接上游失败connect() failed (111: Connection refused)也就是本地 IPv6 地址所在端口访问不通，在 server{} 块下启用listen [::]:8001;即可。\n第二个问题是本节的重点403 forbidden (13: Permission denied)。\nSELinux 状态 安全增强型 Linux（SELinux）是一种采用安全架构的 Linux® 系统，它能够让管理员更好地管控哪些人可以访问系统。它最初是作为 Linux 内核的一系列补丁，由美国国家安全局（NSA）利用 Linux 安全模块（LSM）开发而成。\nCentOS 系统默认启用 SELINUX。\n查看 SELINUX 的状态\nsestatus\rgetenforce\rgrep \u0026#39;^SELINUX=\u0026#39; /etc/selinux/config 关闭 SELINUX（更建议掌握 SELINUX 的工作原理和配置方法）\nsed -i.bak \u0026#39;s/^SELINUX=.*/SELINUX=disabled/\u0026#39; /etc/sysconfig/selinux\rsetenforce 0 TODO：后续专门研究 SELINUX 开启状态下如何解决的办法。\nWEB 资源目录下缺少 index 索引文件或 nginx 配置未(正确)指定 index nginx 默认加载 index.html 文件作为索引，php-fpm 则默认加载 index.php，如果 WEB 资源目录下未提供该文件会报 403，如果使用 index.php，需要在 WEB 服务配置里指明，一般在 nginx.conf 或者 vhost/yourserver.conf (注意这里是你的 nginx 的 WEB 配置文件) 的 server{} 块下配置：index index.php index.html index.htm，按需配置。\n权限 一般会遇到这样的状况：把 WEB 目录放到默认位置（如 /usr/share/nginx/html）访问没问题，或者放到根目录(/)下（如 /www/webserver/）访问也没问题，而放到普通用户家目录下访问则会 403 forbidden Permission denied。\n可以查看 nginx worker process 的用户是谁：ps aux | grep nginx和grep user /path/to/nginx.conf。\n一般来说为了安全，执行 nignx 进程的用户不应该通过 login 登录，下面是 CentOS7 中 epel 源里安装 nginx 时的预安装脚本，显示了设置用于执行 nginx 进程的用户和用户组的情况：\n$ rpm -q --scripts nginx-filesystem\rpreinstall scriptlet (using /bin/sh):\rgetent group nginx \u0026gt; /dev/null || groupadd -r nginx\rgetent passwd nginx \u0026gt; /dev/null || \\\ruseradd -r -d /var/lib/nginx -g nginx \\\r-s /sbin/nologin -c \u0026#34;Nginx web server\u0026#34; nginx\rexit 0 注意到创建的 nginx 用户属于系统用户（ID 号小于 1000），家目录是/var/lib/nginx，用于存放代理和缓存数据，登录 shell 是/sbin/nologin，登录即退出，也就是不允许像普通用户一样登录。\n先分析放到家目录以外的路径的情况 一般，系统的 root 的 umask 是 022，非特权用户 umask 是 002。无论如何新建的文件(夹)默认其他用户(o)都有 x 权限，因此无论目录属于任何一个用户，nginx 进程(的执行用户)都对 WEB 资源目录具有执行(x)权限，从而才允许对最终目标文件具有读取(r)权限。\n建议这样做：单独在根下创建 WEB 资源目录并把 WEB 资源目录的属主和属组归属给普通用户 leion（sudo mkdir -p /www/webserver \u0026amp;\u0026amp; sudo chown leion.leion -R /www/webserver），这样可以使用普通用户管理 WEB 资源。\nTIPS：WEB 服务权限的关键点在于对最终目标文件有读取权限，而最容易忽视的地方是从根到最终目标文件途中的所有目录的权限设置。换句话说，ningx 进程(的执行用户)要对 WEB 资源所在目录的所有递归父目录有(x)执行权限，注意是所有递归父目录。根(/)的默认权限是 555(dr-xr-xr-x)，ugo 均有 x 权限，无妨。\n再来分析 WEB 资源放到家目录的情况 分两种情形：\n在普通用户的家目录下存放 WEB 资源，并使用普通用户运行 nginx 进程（不推荐）。 在普通用户的家目录下存放 WEB 资源，并使用系统用户运行 nginx 进程（推荐）。 如果 WEB 目录是 ~/www/webserver/。\n第 1 种情形的实现就是将 WEB 资源放到 ~/www/webserver/ 目录下，然后在 nginx.conf 里配置user leion，然后sudo nginx -s reload。\n第 2 种情形的实现就是先将 WEB 资源放到~/www/webserver/目录下\n由于 WEB 目录是 ~/www/webserver/，需要 nginx 进程的执行用户对 /home、/home/leion、/home/leion/www、/home/leion/www/webserver 这几个目录全都要有执行权限。而普通用户家目录默认权限 700，其他用户(o)无执行(x)权限。\n$namei -om ~\rf: /home/leion\rdrwxr-xr-x root root /\rdrwxr-xr-x root root home\rdrwx------ leion leion leion 方法 1. 可以这样修正：chmod o+x /home/leion，不过这样做法只能先救急，稳态 WEB 服务不建议这么做，因为如此一来所有其他用户都可以至查看家目录下的详细信息了(ls -l /home/leion)。\n方法 2. 还可以将 nginx_user 加入 普通用户的用户组 leion 里：sudo usermod -aG leion nginx，可以用getent group leion检查组内成员信息，然后让普通用户属组 leion 对 WEB 资源目录(/home/leion/www/webserver)自顶至下具有 x 权限：1.使用命令检查权限(namei -om /home/leion/www/webserver)，2.使用chmod g+x /home/leion（一般这一个命令就足够）和chmod g+x /home/leion/www和chmod g+x /home/leion/www/webserver对 WEB 资源的父目录逐层赋权，这种方法可以作为备选方案推荐。\n备注：恢复默认的属组：sudo usermod -G nginx nginx，检查：id nginx。\n其他方法. 其他方法无外乎是用户、属主、属组和文件(夹)读取(r)执行(x)权限的各种组合变体的运用，不再深入赘述。\n总结\n执行 nginx 进程的用户需要对 WEB 资源所在的目录树自顶至下所有目录全都有执行(x)权限，因此比较简单也是最建议的解决办法是把 WEB 目录独立出来，让 WEB 资源所在的目录树从除了根(/)以外的最顶端(比如/www)全都隶属于普通用户。\n如果无法做到（比如 WEB 目录在别人的家目录下/home/leion/www/webserver），那么注意到如果一开始就是使用 leion 用户创建/home/leion/www/webserver 目录（mkdir -p /www/webserver）并上传 WEB 代码的话此时 WEB 资源目录（/home/leion/www/webserver）会很自然的隶属于 leion，此时可行的做法是将 nginx_user 加入 leion 的用户组里，然后让 leion 用户组对 WEB 资源目录(/home/leion/www)自顶至下具有 x 权限。\n写在最后 可能用得到的网页测试命令： for i in {1..20}; do curl 172.18.253.20 ;done\n参考： https://stackoverflow.com/questions/6795350/nginx-403-forbidden-for-all-files\n","permalink":"https://leiontong.github.io/posts/nginx-403-forbidden-troubleshooting/","summary":"\u003ch1 id=\"nginx-403-forbidden-问题全面解析\"\u003eNginx 403 forbidden 问题全面解析\u003c/h1\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e2020/07/16 15:48:34 [error] 2220#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.253.20, server: _, request: \u0026#34;GET / HTTP/1.1\u0026#34;, upstream: \u0026#34;http://[::1]:8001/\u0026#34;, host: \u0026#34;172.18.253.20\u0026#34;\r\n2020/07/16 15:48:34 [error] 2221#0: *4 \u0026#34;/home/leion/www/nginx_server_8001/index.html\u0026#34; is forbidden (13: Permission denied), client: 127.0.0.1, server: _, request: \u0026#34;GET / HTTP/1.0\u0026#34;, host: \u0026#34;172.18.253.20\u0026#34;\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003e上面的报错有两个问题，第一个是 nginx 负载均衡连接上游失败\u003ccode\u003econnect() failed (111: Connection refused)\u003c/code\u003e也就是本地 IPv6 地址所在端口访问不通，在 server{} 块下启用\u003ccode\u003elisten [::]:8001;\u003c/code\u003e即可。\u003c/p\u003e\n\u003cp\u003e第二个问题是本节的重点\u003ccode\u003e403 forbidden (13: Permission denied)\u003c/code\u003e。\u003c/p\u003e\n\u003ch2 id=\"selinux-状态\"\u003eSELinux 状态\u003c/h2\u003e","title":"Nginx 403 forbidden 问题全面解析"},{"content":"USTC-Mirror_CentOS源\u0026amp;EPEL源\nCentOS 源 https://mirrors.ustc.edu.cn/centos/\n警告 操作前请做好相应备份。\n对于 CentOS 8，使用以下命令替换默认的配置\nsudo sed -e \u0026#39;s|^mirrorlist=|#mirrorlist=|g\u0026#39; \\\r-e \u0026#39;s|^#baseurl=http://mirror.centos.org/$contentdir|baseurl=https://mirrors.ustc.edu.cn/centos|g\u0026#39; \\\r-i.bak \\\r/etc/yum.repos.d/CentOS-Base.repo \\\r/etc/yum.repos.d/CentOS-Extras.repo \\\r/etc/yum.repos.d/CentOS-AppStream.repo 对于 CentOS 6、7，使用以下命令替换默认配置\nsudo sed -e \u0026#39;s|^mirrorlist=|#mirrorlist=|g\u0026#39; \\\r-e \u0026#39;s|^#baseurl=http://mirror.centos.org/centos|baseurl=https://mirrors.ustc.edu.cn/centos|g\u0026#39; \\\r-i.bak \\\r/etc/yum.repos.d/CentOS-Base.repo 以上命令只替换了默认启用的仓库。替换之后请运行 yum makecache 更新缓存。\nEPEL 源 https://mirrors.ustc.edu.cn/epel/\n说明 EPEL (Extra Packages for Enterprise Linux) 是由 Fedora Special Interest Group 为企业 Linux 创建、维护和管理的一个高质量附加包集合，适用于但不仅限于 Red Hat Enterprise Linux (RHEL), CentOS, Scientific Linux (SL), Oracle Linux (OL)。\nsudo yum install -y epel-release\rsudo sed -e \u0026#39;s|^metalink=|#metalink=|g\u0026#39; \\\r-e \u0026#39;s|^#baseurl=https\\?://download.fedoraproject.org/pub/epel/|baseurl=https://mirrors.ustc.edu.cn/epel/|g\u0026#39; \\\r-i.bak \\\r/etc/yum.repos.d/epel.repo ","permalink":"https://leiontong.github.io/posts/ustc-mirror-centos-epel/","summary":"\u003cp\u003eUSTC-Mirror_CentOS源\u0026amp;EPEL源\u003c/p\u003e\n\u003cp\u003eCentOS 源\n\u003ca href=\"https://mirrors.ustc.edu.cn/centos/\"\u003ehttps://mirrors.ustc.edu.cn/centos/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e警告\n操作前请做好相应备份。\u003c/p\u003e\n\u003cp\u003e对于 CentOS 8，使用以下命令替换默认的配置\u003c/p\u003e","title":"USTC-Mirror_CentOS源\u0026EPEL源"},{"content":"准备好deploy APP二进制包文件： curl -L -O https//artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.tar.gz\rcurl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.tar.gz\rcurl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86_64.tar.gz\rcurl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-linux-x86_64.tar.gz 创建普通用户： id deploy \u0026amp;\u0026gt;/dev/null; if [[ $? != \u0026#34;0\u0026#34; ]]; then useradd deploy; fi 切换用户： su - deploy 创建 APP目录和数据目录： cd ~\rmkdir -pv ./{elasticsearch,logstash,kibana}\rmkdir -pv ./{elasticsearch,logstash,kibana}/{data,logs} # （建议）可以放到单独分区的目录里：/data/{elasticsearch,logstash}/{data,logs} 更改deploy目录和数据目录权限： chown -R deploy:deploy /home/deploy/{elasticsearch,logstash,kibana} #如果是放到单独分区的目录里注意赋权： chown -R deploy:deploy /deploy 安装： tar xvf elasticsearch-6.3.0.tar.gz -C /home/deploy/elasticsearch\rtar xvf logstash-6.3.0.tar.gz -C /home/deploy/logstash/\rtar xvf kibana-6.3.0.tar.gz -C /home/deploy/kibana/ 修改配置文件： cp /home/deploy/elasticsearch/elasticsearch-6.3.0/config/elasticsearch.yml{,.ori}\rvim /home/deploy/elasticsearch/elasticsearch-6.3.0/config/elasticsearch.yml cluster.name: es-cluster #自定义，集群内统一\rnode.name: es-node-1 #自定义，集群内唯一\rnode.master: true # 可选值：true|false\rnode.data: true\rpath.data: /home/deploy/elasticsearch/data/\rpath.logs: /home/deploy/elasticsearch/logs\r#bootstrap.memory_lock: true\rnetwork.host: 10.0.0.11\rhttp.port: 9200\rdiscovery.zen.ping.unicast.hosts: [\u0026#34;10.0.0.11\u0026#34;, \u0026#34;10.0.0.12\u0026#34;]\rdiscovery.zen.minimum_master_nodes: 1\r#gateway.recover_after_nodes: 3 后台启动elasticsearch集群 su - deploy -c \u0026#39;/home/deploy/elasticsearch/elasticsearch-6.3.0/bin/elasticsearch -d\u0026#39; 使用 ansible 将配置好的配置文件分发到各节点主机上 ansible elasticsearch_servers -i elasticsearch_hosts -m file -a \u0026#34;path=/home/deploy/elasticsearch state=directory\u0026#34; ansible elasticsearch_servers -i elasticsearch_hosts -m copy -a \u0026#34;src=/home/deploy/elasticsearch-6.3.0.tar.gz dest=/home/deploy/ owner=root group=root mode=0644\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m user -a \u0026#34;name=deploy password=deploy\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m file -a \u0026#34;path=/home/deploy/elasticsearch state=directory owner=deploy group=deploy mode=0755\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m file -a \u0026#34;path=/home/deploy/elasticsearch/data state=directory owner=deploy group=deploy mode=0755\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m file -a \u0026#34;path=/home/deploy/elasticsearch/logs state=directory owner=deploy group=deploy mode=0755\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m unarhchive -a \u0026#34;src=/home/deploy/elasticsearch-6.3.0.tar.gz dest=/home/deploy/elasticsearch\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m copy -a \u0026#34;src=/home/deploy/elasticsearch/elasticsearch-6.3.0/config/elasticsearch.yml dest=/home/deploy/elasticsearch/elasticsearch-6.3.0/config owner=deploy group=deploy mode=0644\u0026#34; 使用 unarchlive 模块解压 zip 文件前需要先在目标主机上安装 unzip 包 ansible elasticsearch_servers -i elasticsearch_hosts -m yum -a \u0026#34;name=unzip state=present\u0026#34;\ransible elasticsearch_servers -i elasticsearch_hosts -m yum -a \u0026#34;list=unzip\u0026#34; #等同于命令yum list unzip 安装 elasticsearch-analysis-ik 插件 ansible elasticsearch_servers -i elasticsearch_hosts -m unarchive -a \u0026#34;src=elasticsearch-analysis-ik-6.3.0.zip dest=/home/deploy/elasticsearch/elasticsearch-6.3.0/plugins/ik\u0026#34; 最后再赋权一遍，以防万一： ansible elasticsearch_servers -i elasticsearch_hosts -m command -a \u0026#34;chown -R deploy:deploy /home/deploy/deploy\u0026#34; elasticsearch服务启停操作： ansible elasticsearch_servers -i elasticsearch_hosts -m command -a \u0026#34;su - deploy -c /home/deploy/elasticsearch/elasticsearch-6.3.0/bin/elasticsearch -d\u0026#34; 查看集群健康状态： curl http:/10.0.0.11:9200/_cluster/health\n如果返回status=green表示正常，返回结果类似如下：\n{\u0026#34;cluster_name\u0026#34;:\u0026#34;es-cluster\u0026#34;,\u0026#34;status\u0026#34;:\u0026#34;green\u0026#34;,\u0026#34;timed_out\u0026#34;:false,\u0026#34;number_of_nodes\u0026#34;:2,\u0026#34;number_of_data_nodes\u0026#34;:2,\u0026#34;active_primary_shards\u0026#34;:0,\u0026#34;active_shards\u0026#34;:0,\u0026#34;relocating_shards\u0026#34;:0,\u0026#34;initializing_shards\u0026#34;:0,\u0026#34;unassigned_shards\u0026#34;:0,\u0026#34;delayed_unassigned_shards\u0026#34;:0,\u0026#34;number_of_pending_tasks\u0026#34;:0,\u0026#34;number_of_in_flight_fetch\u0026#34;:0,\u0026#34;task_max_waiting_in_queue_millis\u0026#34;:0,\u0026#34;active_shards_percent_as_number\u0026#34;:100.0} 查看集群状态： http://10.0.0.11:9200/_cluster/state\nhttp://10.0.0.11:9200/_cluster/state?pretty\nFAQ： Q:\n报错：org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root\nA: 不能以root账号执行，要以普通用户执行： su - deploy -c '/home/deploy/elasticsearch/elasticsearch-6.3.0/bin/elasticsearch -d'\nQ： elasticsearch java.nio.file.AccessDeniedException A： 出现这个异常的原因是当前用户没权限，解决办法，为普通用户deploy授权：\nchown -R deploy:deploy /usr/local/elasticsearch\n=======================================================\nQ:\nERROR: [3] bootstrap checks failed\r[1]\u0026amp;#x3A; max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536][2]: max number of threads [3892] for user [deploy] is too low, increase to at least [4096][3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] A:\ndeploy环境准备 由于Elasticsearch、Logstash、Kibana均不能以root账号运行。 但是Linux对非root账号可并发操作的文件、线程都有限制。 所以，部署deploy相关的机器都要调整：\n修改文件限制 修改系统文件 vi /etc/security/limits.conf\n增加的内容 soft nofile 65536\rhard nofile 65536\rsoft nproc 2048\rhard nproc 4096\rdeploy soft memlock unlimited\rdeploy hard memlock unlimited 调整进程数： 修改系统文件 vi /etc/security/limits.d/20-nproc.conf\n调整成以下配置 soft nproc 4096\rroot soft nproc unlimited 调整虚拟内存\u0026amp;最大并发连接： 修改系统文件 vi /etc/sysctl.conf\n增加的内容，执行 \u0026ldquo;sudo sysctl -p\u0026rdquo; 生效： vm.max_map_count=655360\rfs.file-max=655360\rvm.swappiness=0 以上操作重启系统后生效: reboot\n=======================================================\nQ:\nfatal: [10.0.0.12]\u0026amp;#x3A; FAILED! =\u0026gt; {\u0026#34;changed\u0026#34;: false, \u0026#34;msg\u0026#34;: \u0026#34;Failed to find handler for \u0026#34;/root/.ansible/tmp/ansible-tmp-1530157101.0-36263796351235/source\u0026#34;. Make sure the required command to extract the file is installed. Command \u0026#34;unzip\u0026#34; not found. Command \u0026#34;/usr/bin/gtar\u0026#34; could not handle archive.\u0026#34;} A: 目标主机缺少unzip命令。 Solution：在远程目标主机上执行安装命令：\nsudo yum install unzip\nansible remote_servers -i \\_etc_ansible_hosts -m yum -a \u0026quot;list=unzip\u0026quot;\n","permalink":"https://leiontong.github.io/posts/elasticsearch-cluster-deploy/","summary":"\u003ch3 id=\"准备好deploy-app二进制包文件\"\u003e准备好deploy APP二进制包文件：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003ecurl -L -O https//artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.tar.gz\r\ncurl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.tar.gz\r\ncurl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86_64.tar.gz\r\ncurl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-linux-x86_64.tar.gz\n\u003c/code\u003e\u003c/pre\u003e\u003ch3 id=\"创建普通用户\"\u003e创建普通用户：\u003c/h3\u003e","title":"Elasticsearch cluster deploy"},{"content":"准备好filebeat二进制包文件： curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-linux-x86_64.tar.gz 创建启动APP的用户： id deploy \u0026amp;\u0026gt;/dev/null ; if [[ $? != \u0026#34;0\u0026#34; ]]; then useradd deploy; fi 切换用户： su - deploy 创建APP目录： cd ~\rmkdir -pv filebeat 安装filebeat APP： tar -xvf filebeat-6.3.0-linux-x86_64.tar.gz -C /home/deploy/filebeat 修改配置 filebeat.yml： cp /home/deploy/filebeat/filebeat-6.3.0-linux-x86_64/filebeat.yml{,.ori}\rvim /home/deploy/filebeat/filebeat-6.3.0-linux-x86_64/filebeat.yml ########################################################\nfilebeat服务启停操作： ansible filebeat_servers -i filebeat_hosts -m command -a \u0026#34;su - deploy -c /home/deploy/filebeat/filebeat-6.3.0-linux-x86_64/filebeat -e -c /home/deploy/filebeat/filebeat-6.3.0-linux-x86_64/filebeat.yml\u0026#34; FAQ：","permalink":"https://leiontong.github.io/posts/filebeat-deploy/","summary":"\u003ch3 id=\"准备好filebeat二进制包文件\"\u003e准备好filebeat二进制包文件：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003ecurl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-linux-x86_64.tar.gz\n\u003c/code\u003e\u003c/pre\u003e\u003ch3 id=\"创建启动app的用户\"\u003e创建启动APP的用户：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003eid deploy \u0026amp;\u0026gt;/dev/null ; if [[ $? != \u0026#34;0\u0026#34; ]]; then useradd deploy; fi\n\u003c/code\u003e\u003c/pre\u003e","title":"Filebeat deploy"},{"content":"cd ~\rmkdir -pv ~/kafka/kafka-logs\rcurl -o kafka_2.12-1.1.0.tgz \u0026lt;https://mirrors.ustc.edu.cn/apache/kafka/1.1.0/kafka_2.12-1.1.0.tgz\u0026gt;\rtar xvf kafka_2.12-1.1.0.tgz -C ~/kafka 修改配置文件： cp ~/kafka/kafka_2.12-1.1.0/config/server.properties{,.ori} vim /kafka/kafka_2.12-1.1.0/config/server.properties \u0026hellip; broker.id=0 每台服务器的broker.id不能相同 log.dirs=/kafka/kafka-logs zookeeper.connect=10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181 delete.topic.enable=true #删除topic(需要server.properties中设置delete.topic.enable=true否则只是标记删除) auto.create.topics.enable=false # 关闭自动创建topic \u0026hellip;\n后台启动Kafka集群（3台都需要启动） cd ~/kafka/kafka_2.12-1.1.0/bin ./kafka-server-start.sh -daemon ../config/server.properties\n查看kafka服务日志： tail -f ~/kafka/kafka_2.12-1.1.0/logs/server.log\n################################################################################\n创建topic： cd ~/kafka/kafka_2.12-1.1.0/bin ./kafka-topics.sh \u0026ndash;create \u0026ndash;zookeeper 10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181 \u0026ndash;replication-factor 2 \u0026ndash;partitions 1 \u0026ndash;topic test # \u0026ndash;replication-factor 2：复制两份，\u0026ndash;partitions 1：创建1个分区，\u0026ndash;topic：主题为test\n列出全部topic： ./kafka-topics.sh \u0026ndash;list \u0026ndash;zookeeper 10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181\n查看topic状态： ./kafka-topics.sh \u0026ndash;describe \u0026ndash;zookeeper 10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181 \u0026ndash;topic test\n模拟客户端发送消息 ./kafka-console-producer.sh \u0026ndash;broker-list 10.0.0.11:9092,10.0.0.12:9092,10.0.0.13:9092 \u0026ndash;topic test\n回车后 输入一些内容，然后回车\n模拟客户端接收信息（如果能正常接收到信息说明kafka部署正常） ./kafka-console-consumer.sh \u0026ndash;bootstrap-server 10.0.0.11:9092,10.0.0.12:9092,10.0.0.13:9092 \u0026ndash;topic test \u0026ndash;from-beginning\n删除topic： ./kafka-topics.sh \u0026ndash;delete \u0026ndash;zookeeper 10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181 \u0026ndash;topic test\n################################################################################\n监控： Kafka Offset Monitor https://github.com/quantifind/KafkaOffsetMonitor\njava -cp KafkaOffsetMonitor-assembly-0.2.1.jar \\\rcom.quantifind.kafka.offsetapp.OffsetGetterWeb \\\r--zk 10.0.0.11:12181,10.0.0.12:12181,10.0.0.13:12181 \\\r--port 8080 \\\r--refresh 10.seconds \\\r--retain 1.days \\\r\u0026amp;\r################################################################################\n使用 ansible 将配置好的配置文件分发到三台主机上； ansibleansible remote_servers -i \\_etc_ansible_hosts -m file -a \u0026quot;path=~/kafka state=directory\u0026quot; kafka_servers -m copy -a \u0026quot;src=~/kafka_2.12-1.1.0.tar.gz dest=~/ owner=root group=root mode=0644\u0026quot;\ransible remote_servers -i \\_etc_ansible_hosts -m file -a \u0026quot;path=~/kafka state=directory\u0026quot;\ransible remote_servers -i \\_etc_ansible_hosts -m file -a \u0026quot;path=~/kafka/kafka-logs/ state=directory\u0026quot;\ransible remote_servers -i \\_etc_ansible_hosts -m command -a \u0026quot;tar xf ~/kafka_2.12-1.1.0.tar.gz -C ~/kafka/\u0026quot;\ransible remote_servers -i \\_etc_ansible_hosts -m copy -a \u0026quot;src=~/kafka/kafka_2.12-1.1.0/config/server.properties dest=~/kafka/kafka_2.12-1.1.0/config/ owner=root group=root mode=0644\u0026quot;\rkafka服务启停操作： ansible remote_servers -i \\_etc_ansible_hosts -m command -a \u0026quot;~/kafka/kafka_2.12-1.1.0/bin/kafka-server-start.sh -daemon ~/kafka/kafka_2.12-1.1.0/config/server.properties\u0026quot;\ransible remote_servers -i \\_etc_ansible_hosts -m command -a \u0026quot;~/kafka/kafka_2.12-1.1.0/bin/kafka-server-stop.sh\u0026quot;\r################################################################################\n先停止kafka服务，后删除kafka安装目录： ansible deploy_servers -i \\_deploy_hosts -m shell -a \u0026quot;kafka/kafka_2.12-1.1.0/bin/kafka-server-stop.sh\u0026quot;\ransible deploy_servers -i \\_deploy_hosts -m file -a \u0026quot;path=kafka state=absent\u0026quot;\r################################################################################\nFAQ： Q：\nA：\n","permalink":"https://leiontong.github.io/posts/kafka-cluster-deploy/","summary":"\u003cpre tabindex=\"0\"\u003e\u003ccode\u003ecd ~\r\n\r\nmkdir -pv ~/kafka/kafka-logs\r\n\r\ncurl -o kafka_2.12-1.1.0.tgz \u0026lt;https://mirrors.ustc.edu.cn/apache/kafka/1.1.0/kafka_2.12-1.1.0.tgz\u0026gt;\r\n\r\ntar xvf kafka_2.12-1.1.0.tgz -C ~/kafka\n\u003c/code\u003e\u003c/pre\u003e\u003ch4 id=\"修改配置文件\"\u003e修改配置文件：\u003c/h4\u003e","title":"Kafka cluster deploy"},{"content":"准备好APP二进制包文件： curl -L -O \u0026lt;https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86_64.tar.gz\u0026gt;\n创建启动APP的用户： id deploy \u0026amp;\u0026gt;/dev/null ; if [[ $? != \u0026quot;0\u0026quot; ]]; then useradd deploy; fi\n切换用户： su - deploy\n创建APP目录： cd ~\rmkdir -pv ./kibana 安装kibana APP： tar -xvf kibana-6.3.0-linux-x86_64.tar.gz -C /home/deploy/kibana\n修改配置 kibana.yml： cp /home/deploy/kibana/kibana-6.3.0-linux-x86_6/config/kibana.yml{,.ori}\nvim /home/deploy/kibana/kibana-6.3.0-linux-x86_64/config/kibana.yml\r...\rserver.port: 5601\rserver.host: 10.0.0.13\rserver.name: \u0026#34;leion\u0026#39;s kibana\u0026#34;\relasticsearch.url: \u0026#34;\u0026lt;http://10.0.0.11:9200\u0026gt;\u0026#34;\r... 启动kibana： su - deploy -c '/home/deploy/kibana/kibana-6.3.0-linux-x86_64/bin/kibana \u0026amp;\u0026gt;/dev/null \u0026amp;'\n查看健康状态： curl http://10.0.0.13:5601/status\n如果返回 Status: Green 表示正常：。\n################################################################################\n使用 ansible 将配置好的配置文件分发到各节点主机上： ansible kibana_servers -i kibana_hosts -m copy -a \u0026#34;src=/home/deploy/kibana/kibana-6.3.0-linux-x86_64.tar.gz dest=/home/deploy owner=root group=root mode=0644\u0026#34;\ransible kibana_servers -i kibana_hosts -m user -a \u0026#34;name=deploy password=deploy\u0026#34;\ransible kibana_servers -i kibana_hosts -m file -a \u0026#34;path=/home/deploy/kibana state=directory owner=deploy group=deploy mode=0755\u0026#34;\ransible kibana_servers -i kibana_hosts -m unarhchive -a \u0026#34;src=/home/deploy/kibana-6.3.0-linux-x86_64.tar.gz dest=/home/deploy/kibana\u0026#34;\ransible kibana_servers -i kibana_hosts -m copy -a \u0026#34;src=/home/deploy/kibana/kibana-6.3.0-linux-x86_64/config/kibana.yml dest=/home/deploy/kibana/kibana-6.3.0-linux-x86_64/config owner=deploy group=deploy mode=0644\u0026#34; 最后再赋权一遍，以防万一： ansible kibana_servers -i kibana_hosts -m command -a \u0026quot;chown -R deploy:deploy /home/deploy/deploy\u0026quot;\nkibana服务启停操作： ansible kibana_servers -i kibana_hosts -m command -a \u0026quot;su - deploy -c /home/deploy/kibana/kibana-6.3.0-linux-x86_64/bin/kibana \u0026amp;\u0026gt;/dev/null \u0026amp;\u0026quot;\n=====================================================\nFAQ：","permalink":"https://leiontong.github.io/posts/kibana-deploy/","summary":"\u003ch3 id=\"准备好app二进制包文件\"\u003e准备好APP二进制包文件：\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003ecurl -L -O \u0026lt;https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86_64.tar.gz\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\u003ch3 id=\"创建启动app的用户\"\u003e创建启动APP的用户：\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eid deploy \u0026amp;\u0026gt;/dev/null ; if [[ $? != \u0026quot;0\u0026quot; ]]; then useradd deploy; fi\u003c/code\u003e\u003c/p\u003e\n\u003ch3 id=\"切换用户\"\u003e切换用户：\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003esu - deploy\u003c/code\u003e\u003c/p\u003e\n\u003ch3 id=\"创建app目录\"\u003e创建APP目录：\u003c/h3\u003e","title":"Kibana deploy"},{"content":"准备好ELK APP二进制包文件： curl -L -O \u0026lt;https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.tar.gz\u0026gt;\rwget \u0026lt;https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz\u0026gt; 创建普通用户： id deploy \u0026amp;\u0026gt;/dev/null ; if \\[[ $? != \u0026#34;0\u0026#34; ]]; then useradd deploy; fi 切换用户elk： su - deploy 创建APP目录和数据目录： cd ~\rmkdir -pv ./logstash\rmkdir -pv ./logstash/{data,logs} # （建议）可以放到单独分区的目录里：/data/logstash/{data,logs} 更改ELK目录和数据目录权限： chown -R deploy:deploy /home/deploy/logstash #如果是放到单独分区的目录里注意赋权： chown -R deploy:deploy /logstash 安装APP： tar xvf logstash-6.3.0.tar.gz -C /home/deploy/logstash\n修改配置 logstash.yml： cp /home/deploy/logstash/logstash-6.3.0/config/logstash.yml{,.ori}\rvim /home/deploy/logstash/logstash-6.3.0/config/logstash.yml\r...\rpath.data: /home/deploy/logstash/data\rpath.logs: /home/deploy/logstash/logs\r... logstash输入源使用log文件，输出到console： file =\u0026gt; logstash =\u0026gt; stdout 新增配置 logstash-input-file-output-stdout.conf： vim /home/deploy/logstash/logstash-6.3.0/config/logstash-input-file-output-stdout.conf\r...\rinput {\rfile {\rpath =\u0026gt; \u0026#34;/opt/logstash-tutorial.log\u0026#34;\rstart_position =\u0026gt; \u0026#34;beginning\u0026#34;\r}\r}\routput {\rstdout { codec =\u0026gt; rubydebug }\r}\r... 检查配置文件： /home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-file-output-stdout.conf --config.test_and_exit 启动logstash： su - deploy -c \u0026#39;/home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-file-output-stdout.conf --config.reload.automatic\u0026#39; ################################################################################\nfilebeat =\u0026gt; logstash =\u0026gt; stdout：logstash-input-beats-output-stdout 新增配置 logstash-input-beats-output-stdout.conf： vim /home/deploy/logstash/logstash-6.3.0/config/logstash-input-beats-output-stdout.conf\r...\rinput {\rbeats {\rport =\u0026gt; \u0026#34;5044\u0026#34;\r}\r}\routput {\rstdout { codec =\u0026gt; rubydebug }\r}\r... 启动logstash： su - deploy -c \u0026#39;/home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-beats-output-stdout.conf --config.reload.automatic\u0026#39; 在filebeat主机上模拟生成数据： cp /opt/logstash-tutorial.log{,.ori} #备份原始文件\rcat /opt/logstash-tutorial.log.ori \u0026gt;\u0026gt; /opt/logstash-tutorial.log #追加数据至log文件 观察到logstash所在主机console有输出： { \u0026#34;message\u0026#34; =\u0026gt; \u0026#34;86.1.76.62 - - [04/Jan/2015:05:30:37 +0000] \\\u0026#34;GET /style2.css HTTP/1.1\\\u0026#34; 200 4877 \\\u0026#34;http://www.semicomplete.com/projects/xdotool/\\\u0026#34; \\\u0026#34;Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140205 Firefox/24.0 Iceweasel/24.3.0\\\u0026#34;\u0026#34;, \u0026#34;prospector\u0026#34; =\u0026gt; { \u0026#34;type\u0026#34; =\u0026gt; \u0026#34;log\u0026#34; }, \u0026#34;beat\u0026#34; =\u0026gt; { \u0026#34;name\u0026#34; =\u0026gt; \u0026#34;localhost\u0026#34;, \u0026#34;hostname\u0026#34; =\u0026gt; \u0026#34;localhost\u0026#34;, \u0026#34;version\u0026#34; =\u0026gt; \u0026#34;6.3.0\u0026#34; }, \u0026#34;@version\u0026#34; =\u0026gt; \u0026#34;1\u0026#34;, \u0026#34;@timestamp\u0026#34; =\u0026gt; 2018-08-04T13:47:14.926Z, \u0026#34;host\u0026#34; =\u0026gt; { \u0026#34;name\u0026#34; =\u0026gt; \u0026#34;localhost\u0026#34; }, \u0026#34;source\u0026#34; =\u0026gt; \u0026#34;/opt/logstash-tutorial.log\u0026#34;, \u0026#34;offset\u0026#34; =\u0026gt; 146784, \u0026#34;input\u0026#34; =\u0026gt; { \u0026#34;type\u0026#34; =\u0026gt; \u0026#34;log\u0026#34; }, \u0026#34;tags\u0026#34; =\u0026gt; [ [0] \u0026#34;beats_input_codec_plain_applied\u0026#34; ] } ################################################################################\nfilebeat =\u0026gt; logstash =\u0026gt; elasticsearch：logstash-input-beats-output-es 新增配置 logstash-input-beats-output-es.conf： vim /home/deploy/logstash/logstash-6.3.0/config/logstash-input-beats-output-es.conf\r...\rinput {\rbeats {\rport =\u0026gt; \u0026#34;5044\u0026#34;\r}\r}\r# filter {}\routput {\relasticsearch {\rhosts =\u0026gt; [ \u0026#34;10.0.0.11:9200\u0026#34;,\u0026#34;10.0.0.12:9200\u0026#34; ]\rmanage_template =\u0026gt; false\rindex =\u0026gt; \u0026#34;%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}\u0026#34;\r}\r}\r... 启动logstash： su - deploy -c \u0026#39;/home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-beats-output-es.conf --config.reload.automatic\u0026#39; ################################################################################\nfilebeat =\u0026gt; kafka =\u0026gt; logstash =\u0026gt; stdout： logstash-input-kafka-output-stdout 新增配置 logstash-input-kafka-output-stdout.conf： vim /home/deploy/logstash/logstash-6.3.0/config/logstash-input-kafka-output-stdout.conf\r...\rinput {\rkafka {\rbootstrap_servers =\u0026gt; \u0026#34;10.0.0.11:9092,10.0.0.12:9092,10.0.0.13:9092\u0026#34;\r}\r}\r# filter {}\routput {\rstdout { codec =\u0026gt; rubydebug }\r}\r... 启动logstash： su - deploy -c \u0026#39;/home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-kafka-output-stdout.conf --config.reload.automatic\u0026#39; ################################################################################\nfilebeat =\u0026gt; kafka =\u0026gt; logstash =\u0026gt; elasticsearch： logstash-input-kafka-output-es 新增配置 logstash-input-kafka-output-es.conf： vim /home/deploy/logstash/logstash-6.3.0/config/logstash-input-kafka-output-es.conf\r...\rinput {\rkafka {\rbootstrap_servers =\u0026gt; \u0026#34;10.0.0.11:9092,10.0.0.12:9092,10.0.0.13:9092\u0026#34;\r## Here, \u0026#34;topics\u0026#34; of kafka in logstash input section equals to \u0026#34;topic\u0026#34; of output.kafka in filebeat.yml,\r## as is \u0026#34;log_topics\u0026#34; of fileds of filebeat.inputs in filebeat.yml\rtopics =\u0026gt; \u0026#34;leion\u0026#34;\rconsumer_threads =\u0026gt; 1\rdecorate_events =\u0026gt; true\r# codec =\u0026gt; \u0026#34;json\u0026#34;\rauto_offset_reset =\u0026gt; \u0026#34;latest\u0026#34;\r}\r}\r# filter {}\routput {\relasticsearch {\rhosts =\u0026gt; [ \u0026#34;10.0.0.11:9200\u0026#34;,\u0026#34;10.0.0.12:9200\u0026#34; ]\rmanage_template =\u0026gt; false\r# index =\u0026gt; \u0026#34;%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}\u0026#34;\rindex =\u0026gt; \u0026#34;leion-%{+YYYY.MM.dd}\u0026#34;\r}\rstdout { codec =\u0026gt; rubydebug }\r}\r... 启动logstash： su - deploy -c \u0026#39;/home/deploy/logstash/logstash-6.3.0/bin/logstash -f /home/deploy/logstash/logstash-6.3.0/config/logstash-input-kafka-output-es.conf --config.reload.automatic\u0026#39; ################################################################################\nFAQ： Q: A:\n","permalink":"https://leiontong.github.io/posts/logstash-deploy/","summary":"\u003ch3 id=\"准备好elk-app二进制包文件\"\u003e准备好ELK APP二进制包文件：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003ecurl -L -O \u0026lt;https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.tar.gz\u0026gt;\r\nwget \u0026lt;https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003ch3 id=\"创建普通用户\"\u003e创建普通用户：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003eid deploy \u0026amp;\u0026gt;/dev/null ; if \\[[ $? != \u0026#34;0\u0026#34; ]]; then useradd deploy; fi\n\u003c/code\u003e\u003c/pre\u003e\u003ch3 id=\"切换用户elk\"\u003e切换用户elk：\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003esu - deploy\n\u003c/code\u003e\u003c/pre\u003e\u003ch3 id=\"创建app目录和数据目录\"\u003e创建APP目录和数据目录：\u003c/h3\u003e","title":"Logstash deploy"},{"content":"mkdir -pv /opt/zookeeper/{zkdata,zkdatalog}\rcurl -o /opt/zookeeper-3.4.12.tar.gz http://mirrors.ustc.edu.cn/apache/zookeeper/stable/zookeeper-3.4.12.tar.gz\rtar xvf /opt/zookeeper-3.4.12.tar.gz -C /opt/zookeeper/ cp /opt/zookeeper/zookeeper-3.4.12/conf/{zoo-example.cfg,zoo.cfg}\nvim /opt/zookeeper/zookeeper-3.4.12/conf/zoo.cfg\r...\rtickTime=2000\rinitLimit=10\rsyncLimit=5\rdataDir=/opt/zookeeper/zkdata\rclientPort=12181\rdataLogDir=/opt/zookeeper/zkdatalog\rserver.1=10.0.0.11:12888:13888\rserver.2=10.0.0.12:12888:13888\rserver.3=10.0.0.13:12888:13888\r... 使用 ansible 将配置好的配置文件分发到三台主机上； ansible all -i _etc_ansible_hosts -m file -a \u0026#34;path=/opt/zookeeper state=directory\u0026#34; zookeeper_servers -m copy -a \u0026#34;src=/opt/zookeeper-3.4.12.tar.gz dest=/opt/ owner=root group=root mode=0644\u0026#34;\ransible all -i _etc_ansible_hosts -m file -a \u0026#34;path=/opt/zookeeper state=directory\u0026#34;\ransible all -i _etc_ansible_hosts -m file -a \u0026#34;path=/opt/zookeeper/zkdata/ state=directory\u0026#34;\ransible all -i _etc_ansible_hosts -m file -a \u0026#34;path=/opt/zookeeper/zkdatalog/ state=directory\u0026#34;\ransible all -i _etc_ansible_hosts -m command -a \u0026#34;tar xf /opt/zookeeper-3.4.12.tar.gz -C /opt/zookeeper/\u0026#34;\ransible all -i _etc_ansible_hosts -m copy -a \u0026#34;src=/opt/zookeeper/zookeeper-3.4.12/conf/zoo.cfg dest=/opt/zookeeper/zookeeper-3.4.12/conf/ owner=root group=root mode=0644\u0026#34; 在zookeeper-server1上： echo \u0026ldquo;1\u0026rdquo; \u0026gt; /opt/zookeeper/zkdata/myid\n在zookeeper-server2上： echo \u0026ldquo;2\u0026rdquo; \u0026gt; /opt/zookeeper/zkdata/myid\n在zookeeper-server3上： echo \u0026ldquo;3\u0026rdquo; \u0026gt; /opt/zookeeper/zkdata/myid\nzookeeper服务启停操作： ansible all -i _etc_ansible_hosts -m command -a \u0026#34;/opt/zookeeper/zookeeper-3.4.12/bin/zkServer.sh start\u0026#34;\ransible all -i _etc_ansible_hosts -m command -a \u0026#34;/opt/zookeeper/zookeeper-3.4.12/bin/zkServer.sh status\u0026#34;\ransible all -i _etc_ansible_hosts -m command -a \u0026#34;/opt/zookeeper/zookeeper-3.4.12/bin/zkServer.sh stop\u0026#34; FAQ： Q： Error contacting service. It is probably not running. A：\nsystemctl stop firewalld.service\ransible zookeeper_servers -m command -a \u0026#34;systemctl disable firewalld.service\u0026#34; ","permalink":"https://leiontong.github.io/posts/zookeeper-cluster-deploy/","summary":"\u003cpre tabindex=\"0\"\u003e\u003ccode\u003emkdir -pv /opt/zookeeper/{zkdata,zkdatalog}\r\ncurl -o /opt/zookeeper-3.4.12.tar.gz http://mirrors.ustc.edu.cn/apache/zookeeper/stable/zookeeper-3.4.12.tar.gz\r\ntar xvf /opt/zookeeper-3.4.12.tar.gz -C /opt/zookeeper/\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003e\u003ccode\u003ecp /opt/zookeeper/zookeeper-3.4.12/conf/{zoo-example.cfg,zoo.cfg}\u003c/code\u003e\u003c/p\u003e","title":"Zookeeper cluster deploy"},{"content":"installation guide for apache-airflow install requisitions yum install python python-pip python-setuptools python-dev\nor if you use python34:\nyum install python34 python34-pip python34-setuptools python34-dev\nor python36:\nyum install python36 python36-pip python36-setuptools python36-dev\ninstall airflow su - deploy #切换到普通用户\n# airflow needs a home, ~/airflow is the default,\r# but you can lay foundation somewhere else if you prefer\r# (optional)\rexport AIRFLOW_HOME=~/airflow\r# install from pypi using pip\rpip install apache-airflow\r# initialize the database\rairflow initdb\r# start the web server, default port is 8080\rairflow webserver -p 8080 Problem： $ airflow webserver -p 8080\r[2018-08-15 14:45:46,337] {__init__.py:45} INFO - Using executor SequentialExecutor\r____________ _____________\r____ |__( )_________ __/__ /________ __\r____ /| |_ /__ ___/_ /_ __ /_ __ \\_ | /| / /\r___ ___ | / _ / _ __/ _ / / /_/ /_ |/ |/ /\r_/_/ |_/_/ /_/ /_/ /_/ \\____/____/|__/\r/usr/lib64/python2.7/site-packages/flask/exthook.py:71: ExtDeprecationWarning: Importing flask.ext.cache is deprecated, use flask_cache instead.\r.format(x=modname), ExtDeprecationWarning\rTraceback (most recent call last):\rFile \u0026#34;/bin/airflow\u0026#34;, line 27, in \u0026lt;module\u0026gt;\rargs.func(args)\rFile \u0026#34;/usr/lib/python2.7/site-packages/airflow/bin/cli.py\u0026#34;, line 678, in webserver\rapp = cached_app(conf)\rFile \u0026#34;/usr/lib/python2.7/site-packages/airflow/www/app.py\u0026#34;, line 161, in cached_app\rapp = create_app(config)\rFile \u0026#34;/usr/lib/python2.7/site-packages/airflow/www/app.py\u0026#34;, line 59, in create_app\rfrom airflow.www import views\rFile \u0026#34;/usr/lib/python2.7/site-packages/airflow/www/views.py\u0026#34;, line 49, in \u0026lt;module\u0026gt;\rfrom jinja2.sandbox import ImmutableSandboxedEnvironment\rFile \u0026#34;/usr/lib64/python2.7/site-packages/jinja2/sandbox.py\u0026#34;, line 25, in \u0026lt;module\u0026gt;\rfrom markupsafe import EscapeFormatter\rImportError: cannot import name EscapeFormatter Solution： sudo pip install -U markupsafe\n","permalink":"https://leiontong.github.io/posts/apache-airflow_install-guide/","summary":"\u003ch1 id=\"installation-guide-for-apache-airflow\"\u003einstallation guide for apache-airflow\u003c/h1\u003e\n\u003ch2 id=\"install-requisitions\"\u003einstall requisitions\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eyum install python python-pip python-setuptools python-dev\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eor if you use python34:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eyum install python34 python34-pip python34-setuptools python34-dev\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eor python36:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eyum install python36 python36-pip python36-setuptools python36-dev\u003c/code\u003e\u003c/p\u003e","title":"installation guide for apache-airflow"},{"content":"oneplus6解锁并root教程 1. 打开开发者模式，允许解锁设备 版本号连续点好多次，可以打开开发者模式，进入开发者模式，选中“允许OEM解锁设备”。\n2. 解锁 fastboot oem unlock\n3. 启动 twrp-3.2.1-0-enchilada.img 临时recovery镜像 fastboot boot twrp-3.2.1-0-enchilada.img\n4. 推送 TWRP 安装包 adb push twrp-installer-enchilada-3.2.1-0.zip /sdcard\n5.刷入 twrp-installer-enchilada-3.2.1-0.zip 永久recovery 安装包 点击按钮 Install，选中 /sdcard/twrp-installer-enchilada-3.2.1-0.zip，滑动滑块进行安装。\n6. 进入 TWRP recovery 模式 执行命令fastboot reboot recovery，或者点击按钮 Reboot，Recovery，重启至recovery模式。\n7. 推送 Magisk 安装包 adb push {Magisk-v16.0.zip,MagiskManager-v5.7.0.apk} /sdcard\n8. 刷入 Magisk 安装包 点击按钮 Install，选中 /sdcard/Magisk-v16.0.zip，滑动滑块进行安装。\n9. 重启系统","permalink":"https://leiontong.github.io/posts/oneplus6-unlockroot-manual/","summary":"\u003ch1 id=\"oneplus6解锁并root教程\"\u003eoneplus6解锁并root教程\u003c/h1\u003e\n\u003ch2 id=\"1-打开开发者模式允许解锁设备\"\u003e1. 打开开发者模式，允许解锁设备\u003c/h2\u003e\n\u003cp\u003e版本号连续点好多次，可以打开开发者模式，进入开发者模式，选中“允许OEM解锁设备”。\u003c/p\u003e\n\u003ch2 id=\"2-解锁\"\u003e2. 解锁\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003efastboot oem unlock\u003c/code\u003e\u003c/p\u003e\n\u003ch2 id=\"3-启动-twrp-321-0-enchiladaimg-临时recovery镜像\"\u003e3. 启动 twrp-3.2.1-0-enchilada.img 临时recovery镜像\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003efastboot boot twrp-3.2.1-0-enchilada.img\u003c/code\u003e\u003c/p\u003e","title":"oneplus6解锁并root教程"},{"content":"Ubuntu 16.04 LTS themes \u0026amp; icons tweak First of all, install \u0026lsquo;ubuntu tweak tool\u0026rsquo; or \u0026lsquo;unity tweak tool\u0026rsquo;. If your Desktop Environment is Gnome: sudo apt-get install gnome-tweak-tool.\nor\nIf your Desktop Environment is Unity: sudo apt-get install unity-tweak-tool.\nFavoriate Themes, icons Arc http://www.noobslab.com/2017/01/arc-theme-light-dark-versions-and-arc.html\nsudo add-apt-repository ppa:noobslab/themes\rsudo apt-get update\rsudo apt-get install arc-theme\rsudo add-apt-repository ppa:noobslab/icons\rsudo apt-get update\rsudo apt-get install arc-icons Flatabulous https://github.com/anmoljagetia/Flatabulous\nhttps://blog.anmoljagetia.me/flatabulous-ubuntu-theme/\nhttp://www.noobslab.com/2016/07/flatabulous-theme-makes-your-desktop.html\nsudo add-apt-repository ppa:noobslab/themes\rsudo apt-get update\rsudo apt-get install flatabulous-theme\rsudo add-apt-repository ppa:noobslab/icons\rsudo apt-get update\rsudo apt-get install ultra-flat-icons MacBuntu http://www.noobslab.com/2016/04/macbuntu-1604-transformation-pack-for.html\nInstall themes, icons and cursors. sudo add-apt-repository ppa:noobslab/macbuntu\rsudo apt-get update\rsudo apt-get install macbuntu-os-icons-lts-v7 macbuntu-os-ithemes-lts-v7 After installation choose theme, icons and mac cursor from tweak tool.\nTo Uninstall themes, icons and cursors. cd /usr/share/icons/mac-cursors \u0026amp;\u0026amp; sudo ./uninstall-mac-cursors.sh\rsudo apt-get remove macbuntu-os-icons-lts-v7 macbuntu-os-ithemes-lts-v7 Equilux https://www.opendesktop.org/p/1182169/\nDescription: The Equilux themes provide a neutral dark-balanced color-scheme not designed to be fancy, but to be useful for a few specific goals.\nMinimize eye strain: when you pass many hours in front of the screen or you are hyper-sensitive to light, saturation and contrast, your eyes will benefit from a dull UI\nAvoid disrupting your circadian rhythms: a neutral color-cast-free UI helps your body to produce enough melatonin at night time and sleep better, working nicely with software like f.lux, redshift, NightLight, \u0026hellip;\nProfessional use in image editing, graphic design, 3D rendering: in that fields any color cast or excessive contrast, brightness or darkness introduced by the UI would affect the overall perception of the color and balance of the images\nYou may just like it: even if the style is not the main goal, many people find that its very clean and minimalistic UI looks cool and professional\nThis theme is based on the Materia Theme.\n","permalink":"https://leiontong.github.io/posts/ubuntu-16.04-lts-themes--icons-tweak/","summary":"\u003ch1 id=\"ubuntu-1604-lts-themes--icons-tweak\"\u003eUbuntu 16.04 LTS themes \u0026amp; icons tweak\u003c/h1\u003e\n\u003ch2 id=\"first-of-all-install-ubuntu-tweak-tool-or-unity-tweak-tool\"\u003eFirst of all, install \u0026lsquo;ubuntu tweak tool\u0026rsquo; or \u0026lsquo;unity tweak tool\u0026rsquo;.\u003c/h2\u003e\n\u003cp\u003eIf your Desktop Environment is Gnome: \u003ccode\u003esudo apt-get install gnome-tweak-tool\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eor\u003c/p\u003e\n\u003cp\u003eIf your Desktop Environment is Unity: \u003ccode\u003esudo apt-get install unity-tweak-tool\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"favoriate-themes-icons\"\u003eFavoriate Themes, icons\u003c/h2\u003e\n\u003ch3 id=\"arc\"\u003eArc\u003c/h3\u003e","title":"Ubuntu-16.04-LTS-themes-\u0026-icons-tweak"},{"content":"Nginx的mod_zip模块安装和使用 Step 1： 安装Nginx 预配置必要的环境\nyum install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel gd gd-devel groupadd www\ruseradd -g www www Step 2： 编译安装nginx cd /opt\rcurl -O https://nginx.org/download/nginx-1.12.2.tar.gz\rtar xvf ./nginx-1.12.2.tar.gz ./configure \\\r--prefix=/opt/nginx \\\r--user=www \\\r--group=www \\\r--with-pcre \\\r--with-http_ssl_module \\\r--with-http_v2_module \\\r--with-http_realip_module \\\r--with-http_addition_module \\\r--with-http_sub_module \\\r--with-http_dav_module \\\r--with-http_flv_module \\\r--with-http_mp4_module \\\r--with-http_gunzip_module \\\r--with-http_gzip_static_module \\\r--with-http_random_index_module \\\r--with-http_secure_link_module \\\r--with-http_stub_status_module \\\r--with-http_auth_request_module \\\r--with-http_image_filter_module \\\r--with-http_slice_module \\\r--with-mail \\\r--with-threads \\\r--with-file-aio \\\r--with-stream \\\r--with-mail_ssl_module \\\r--with-stream_ssl_module \\\r--add-module=/opt/mod_zip \\ make -j 2 \u0026amp;\u0026amp; make install Step 3： 安装php-fpm 安装php-fpm，为节省时间使用yum安装\nyum install php-fpm -y\rvim /etc/php-fpm.d/php-fpm.conf 编写php脚本，测试PHP服务器功能\ncat \u0026lt;\u0026lt; EOF \u0026gt;\u0026gt; /opt/nginx/html/index.php\r\u0026lt;?php\rphpinfo()\r?\u0026gt;\rEOF Step 4： 验证 编写php脚本，测试mod_zip功能\ncat \u0026lt;\u0026lt; EOF \u0026gt;\u0026gt; /opt/nginx/html/testzip.php\r\u0026lt;?php\rheader(\u0026#39;X-Accel-Chareset: utf-8\u0026#39;);\rheader(\u0026#39;Content-Type: application/octet-stream\u0026#39;);\rheader(\u0026#39;Content-Disposition: attachment; filename=test.zip\u0026#39;);\rheader(\u0026#39;X-Archive-Files: zip\u0026#39;);\r$crc32 = \u0026#34;-\u0026#34;;\rprintf(\u0026#34;%s %d %s %s\\n\u0026#34;, $crc32, 346506, \u0026#39;/1.png\u0026#39;, \u0026#39;a.png\u0026#39;);\rprintf(\u0026#34;%s %d %s %s\\n\u0026#34;, $crc32, 155834, \u0026#39;/2.png\u0026#39;, \u0026#39;b.png\u0026#39;);\r?\u0026gt;\rEOF ","permalink":"https://leiontong.github.io/posts/nginx-mod_zip/","summary":"\u003ch1 id=\"nginx的mod_zip模块安装和使用\"\u003eNginx的mod_zip模块安装和使用\u003c/h1\u003e\n\u003ch2 id=\"step-1-安装nginx\"\u003eStep 1： 安装Nginx\u003c/h2\u003e\n\u003cp\u003e预配置必要的环境\u003c/p\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003eyum install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel gd gd-devel\n\u003c/code\u003e\u003c/pre\u003e\u003cpre tabindex=\"0\"\u003e\u003ccode\u003egroupadd www\r\nuseradd -g www www\n\u003c/code\u003e\u003c/pre\u003e","title":"Nginx的mod_zip模块安装和使用"},{"content":"shadowsocks的CLI客户端(sslocal)使用指南 Step1（非必需）： 服务端ssserver 安装：\nsudo apt install shadowsocks\n配置：\n启动： sudo systemctl start shadowsocks.service\nStep2： 客户端sslocal 安装：\nsudo apt install shadowsocks\n备份原配置文件：\ncp /etc/shadowsocks/config.json{,.original}\n配置：\nvim /etc/shadowsocks/config.json\n示例：\nleion@leion-sky:~$ cat /etc/shadowsocks/config.json.ori\r{\r\u0026#34;server\u0026#34;:\u0026#34;my_server_ip\u0026#34;,\r\u0026#34;server_port\u0026#34;:8388,\r\u0026#34;local_address\u0026#34;: \u0026#34;127.0.0.1\u0026#34;,\r\u0026#34;local_port\u0026#34;:1080,\r\u0026#34;password\u0026#34;:\u0026#34;mypassword\u0026#34;,\r\u0026#34;timeout\u0026#34;:300,\r\u0026#34;method\u0026#34;:\u0026#34;aes-256-cfb\u0026#34;,\r\u0026#34;fast_open\u0026#34;: false,\r\u0026#34;workers\u0026#34;: 1\r} 启动 sslocal 进程：\nsslocal -c /etc/shadowsocks/config.json \u0026amp;\u0026gt;\u0026gt;/tmp/sslocal.log \u0026amp;\n杀掉正在运行的 sslocal 进程：\nps -ef | awk '$9~/sslocal/{print $2}' | xargs kill -9\n将该命令放到 ~/.bashrc 以实现用户登录shell后自动启动：\necho 'sslocal -c /etc/shadowsocks/config.json \u0026amp;\u0026gt;\u0026gt;/tmp/sslocal.log \u0026amp;' \u0026gt;\u0026gt; ~/.bashrc\n编写 systemd 服务单元脚本：\n[Unit]\rDescription=Daemon to start Shadowsocks Client. Put this file as sslocal.service into \u0026#39;/lib/systemd/system/\u0026#39; directory.\rWants=network-online.target\rAfter=network.target\r[Service]\rType=simple\rExecStart=/usr/bin/sslocal -c /etc/shadowsocks/client.json\r[Install]\rWantedBy=multi-user.target sudo systemctl start sslocal.service\rsudo systemctl enable sslocal.service Step3： 验证 curl -x socks5://127.0.0.1:1080 google.com/ncr\n返回结果：\nleion@leion-sky:~$ curl -x socks5://127.0.0.1:1080 google.com/ncr\r\u0026lt;meta http-equiv=\u0026#34;content-type\u0026#34; content=\u0026#34;text/html;charset=utf-8\u0026#34;\u0026gt;\r\u0026lt;title\u0026gt;301 Moved\u0026lt;/title\u0026gt;\r# 301 Moved\rThe document has moved\r[here](https://www.google.com/ncr). ``` ","permalink":"https://leiontong.github.io/posts/shadowsocks-manual-for-server--client-usage/","summary":"\u003ch1 id=\"shadowsocks的cli客户端sslocal使用指南\"\u003eshadowsocks的CLI客户端(sslocal)使用指南\u003c/h1\u003e\n\u003ch2 id=\"step1非必需\"\u003eStep1（非必需）：\u003c/h2\u003e\n\u003ch3 id=\"服务端ssserver\"\u003e服务端ssserver\u003c/h3\u003e\n\u003cp\u003e安装：\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003esudo apt install shadowsocks\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e配置：\u003c/p\u003e","title":"shadowsocks-Manual-for-Server-\u0026-Client-Usage"},{"content":"How to use Hexo and deploy to GitHub Pages https://github.com/hexojs/hexo https://hexo.io/docs/ 1. Install Hexo $ sudo npm install -g hexo-cli\r$ hexo -v\rhexo-cli: 1.0.2\ros: Linux 4.9.15-x86_64-linode81 linux x64\rhttp_parser: 2.7.0\rnode: 6.10.2\rv8: 5.1.281.98\ruv: 1.10.2\rzlib: 1.2.7\rares: 1.10.1-DEV\ricu: 50.1.2\rmodules: 48\ropenssl: 1.0.1e-fips 2. Create a project for your GitHub Pages $ hexo init LeionTong.github.io\r$ cd LeionTong.github.io\r$ npm install 3. Run a test server locally $ hexo server\rINFO Hexo is running at http://localhost:4000 . Press Ctrl+C to stop. 4. Set information for your new blog https://hexo.io/docs/configuration.html\n$ vi _config.yml ~~~~~~~~~~~~~~~~~~ _config.yml ~~~~~~~~~~~~~~~~~~ # Site title: Leion-Sky subtitle: description: LeionTong\u0026#39;s personal blog! keywords: author: LeionTong language: zh-CN timezone: Asia/Shanghai ... url: https://LeionTong.github.io/ ... 5. Set information to use Git https://hexo.io/docs/one-command-deployment\nInstall hexo-deployer-git.\n$ npm install hexo-deployer-git --save Edit _config.yml (with example values shown below as comments):\n$ vi _config.yml ~~~~~~~~~~~~~~~~~~ _config.yml ~~~~~~~~~~~~~~~~~~ deploy: type: git repo: git@github.com:LeionTong/LeionTong.github.io.git branch: gh-pages message: [message] 6. Set \u0026ldquo;watch\u0026rdquo; before starting your work \u0026ldquo;watch\u0026rdquo; command can monitor your files. https://hexo.io/docs/generating.html\n$ hexo generate --watch 7. Create a new post file $ hexo new first-post INFO Created: ~/***/LeionTong.github.io/source/_posts/first-post.md 8. Edit the above file with Markdown or Hexo\u0026rsquo;s Helper Hexo\u0026rsquo;s Helper https://hexo.io/docs/helpers.html I use Atom with \u0026ldquo;shift + control + m\u0026rdquo; when I use Markdown :-) https://atom.io/\n9. Delete \u0026ldquo;source/_posts/hello-world.md\u0026rdquo; It\u0026rsquo;s not necessary to deploy.\n10. Deploy your new blog!! https://hexo.io/docs/deployment.html\n$ hexo clean \u0026amp;\u0026amp; hexo deploy After writting the above command, you can see your new blog on GitHub Pages. http://******.github.io/\n11. Change your blog theme https://github.com/hexojs/hexo/wiki/Themes\nFor instance, How to use the following theme. https://hexo.io/hexo-theme-light/ or maybe https://github.com/theme-next/hexo-theme-next ?\n## If you\u0026#39;re using Hexo 5.0 or later, the simplest way to install is through npm: $ cd LeionTong.github.io $ npm install hexo-theme-next ## Or you can clone the entire repository: $ cd LeionTong.github.io $ git clone https://github.com/next-theme/hexo-theme-next themes/next ## Set information to use the theme $ cd LeionTong.github.io $ vi _config.yml ~~~~~~~~~~~~~~~~~~ _config.yml ~~~~~~~~~~~~~~~~~~ theme: next 12. Create a new page file https://hexo.io/docs/writing.html\n$ hexo new page aboutme\rINFO Created: ~/***/LeionTong.github.io/source/aboutme/index.md Q\u0026amp;A Q：运行 hexo 提示 \u0026ldquo;/usr/bin/env: node: 没有那个文件或目录\u0026rdquo;\nA：由于 Ubuntu 下已经有一个名叫 node 的库，因此 Node.js 在 ubuntu 下默认叫 nodejs ，创建软链接：\nsudo ln -s`which nodejs` /usr/bin/node Q: 如果要将源码上传至Github，或者GitLab等云平台，.gitignore怎么写？\nA: .gitignore代码：\n# .DS_Store\r# Thumbs.db\r# db.json\r# *.log\r# node_modules/\r# public/\r# .deploy*/\r## 上面是Hexo自带的gitignore内容，我注释掉了，换成了我自己的。\r## 我这里只需要备份source文件夹下的Markdown笔记和配置信息。\r## 另外，我自定义的NexT主题配置项也在NexT官方指导下合并到了Hexo的_config.yml文件里。\r## 所以也不需要备份themes文件夹，如果主题改动较大建议将themes那两行取消注释。\r## 注意：这里采用排除法，先忽略所有文件，然后再排除，这样就只留下了自己需要git版本控制的文件(夹)。\r*\r!/source/\r!/source/**/*\r#!/themes/\r#!/themes/**/*\r!/_config.yml\r!/.gitignore\r!/README.md Q：Github Pages要想自定义域名怎么办？\n在 source 目录下新建 CNAME 文本文件，写入购买的域名，然后在域名供应商管理后台配置好域名解析记录。\nQ：怎么创建软链接？ 使用 WSL，MobaXterm，GitforWindows 等 terminal 工具。\nln -sv \u0026#34;/mnt/c/Users/leion/OneDrive/Obsidian Vault/H.exo/source\u0026#34; \u0026#34;/mnt/c/Users/leion/Documents/Tong-Workspaces/Git/Hexo-Blog/source\u0026#34; Q：WSL-Ubuntu安装 npm 和 hexo 后启动 hexo s 报错：vbnet TypeError: Object.fromEntries is not a function `\nhttps://hexo.io/zh-cn/docs/#Node-js-版本限制 https://blog.csdn.net/LizequaNNN/article/details/122369122\nnodejs版本太低。升级node：\nleion@DELL-XPS-WIN:/drives/c/Users/leion/Downloads/he$ node --version v10.19.0 leion@DELL-XPS-WIN:/drives/c/Users/leion/Downloads/he$ sudo npm install -g n /usr/local/bin/n -\u0026gt; /usr/local/lib/node_modules/n/bin/n + n@9.0.0 added 1 package from 2 contributors in 0.18s leion@DELL-XPS-WIN:/drives/c/Users/leion/Downloads/he$ sudo n stable installing : node-v16.17.1 mkdir : /usr/local/n/versions/node/16.17.1 fetch : https://nodejs.org/dist/v16.17.1/node-v16.17.1-linux-x64.tar.xz copying : node/16.17.1 installed : v16.17.1 (with npm 8.15.0) Note: the node command changed location and the old location may be remembered in your current shell. old : /usr/bin/node new : /usr/local/bin/node If \u0026#34;node --version\u0026#34; shows the old version then start a new shell, or reset the location hash with: hash -r (for bash, zsh, ash, dash, and ksh) rehash (for csh and tcsh) leion@DELL-XPS-WIN:/drives/c/Users/leion/Downloads/he$ hash -r leion@DELL-XPS-WIN:/drives/c/Users/leion/Downloads/he$ node -v v16.17.1 ","permalink":"https://leiontong.github.io/posts/hexo-deploy-to-github-pages/","summary":"\u003ch1 id=\"how-to-use-hexo-and-deploy-to-github-pages\"\u003eHow to use Hexo and deploy to GitHub Pages\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hexojs/hexo\"\u003ehttps://github.com/hexojs/hexo\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://hexo.io/docs/\"\u003ehttps://hexo.io/docs/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"1-install-hexo\"\u003e1. Install Hexo\u003c/h2\u003e","title":"How to use Hexo and deploy to GitHub Pages"},{"content":"SQL：DDL，DML DDL：Data Defination Language mysql\u0026gt; HELP Data Definition CREATE, ALTER, DROP\rDATABASE, TABLE\rINDEX, VIEW, USER\rFUNCTION, FUNCTION UDF, PROCEDURE, TABLESPACE, TRIGGER, SERVER DML: Data Manipulation Language mysql\u0026gt; HELP Data Manipulation INSERT/REPLACE, DELETE, SELECT, UPDATE 数据库： 对于MySQL而言，每个数据库（DATABASE）其实就是对应数据目录（datadir）下的一个目录（db_name），用于规定一个项目或者方案的集合，因此DATABASE也被称为SCHEMA；\nCREATE {DATABASE | SCHEMA} [IF NOT EXISTS] db_name CHARACTER SET [=] charset_name COLLATE [=] collation_name\rALTER {DATABASE | SCHEMA} [db_name] CHARACTER SET [=] charset_name COLLATE [=] collation_name\rDROP {DATABASE | SCHEMA} [IF EXISTS] db_name 示例： 显示当前已存在的所有数据库;\nMariaDB [(none)]\u0026gt; SHOW DATABASES;\r+--------------------+\r| Database |\r+--------------------+\r| information_schema |\r| mysql |\r| performance_schema |\r| test |\r+--------------------+\r4 rows in set (0.00 sec) 创建一个数据库 CREATE DATABASE;\nMariaDB [(none)]\u0026gt; CREATE DATABASE mydb;\rQuery OK, 1 row affected (0.00 sec) 如果要创建的数据库已存在，就会报错；如果此时是一个sql脚本的话执行到这里就中断了；\nMariaDB [(none)]\u0026gt; CREATE DATABASE mydb;\rERROR 1007 (HY000): Can\u0026#39;t create database \u0026#39;mydb\u0026#39;; database exists 创建数据库时可以加上条件判断 IF NOT EXISTS ；这样只会出现警告，而不会报错中断操作；可以使用命令 SHOW WARNINGS 查看；\nMariaDB [(none)]\u0026gt; CREATE DATABASE IF NOT EXISTS mydb;\rQuery OK, 1 row affected, 1 warning (0.00 sec)\rMariaDB [(none)]\u0026gt; CREATE DATABASE IF NOT EXISTS mydb;\rQuery OK, 1 row affected, 1 warning (0.00 sec)\rMariaDB [(none)]\u0026gt; SHOW WARNINGS;\r+-------+------+-----------------------------------------------+\r| Level | Code | Message |\r+-------+------+-----------------------------------------------+\r| Note | 1007 | Can\u0026#39;t create database \u0026#39;mydb\u0026#39;; database exists |\r+-------+------+-----------------------------------------------+\r1 row in set (0.00 sec) 创建数据库时可以指定默认字符集 CHARATER SET；\nMariaDB [(none)]\u0026gt; CREATE DATABASE IF NOT EXISTS testdb CHARACTER SET utf8;\rQuery OK, 1 row affected (0.00 sec) 如果要创建数据库时忘记指定字符集，可以使用ALTER DATABASE 修改；\nMariaDB [(none)]\u0026gt; ALTER DATABASE mydb CHARATER SET utf8;\rQuery OK, 1 row affected (0.00 sec) 删除一个数据库 DROP DATABASE;\nMariaDB [(none)]\u0026gt; DROP DATABASE testdb;\rQuery OK, 0 rows affected (0.00 sec) 同样，如果要删除的数据库不存在，就会报错；可以加上条件判断IF EXISTS 以避免报错；\nMariaDB [(none)]\u0026gt; DROP DATABASE testdb;\rERROR 1008 (HY000): Can\u0026#39;t drop database \u0026#39;testdb\u0026#39;; database doesn\u0026#39;t exist\rMariaDB [(none)]\u0026gt; DROP DATABASE IF EXISTS testdb;\rQuery OK, 0 rows affected, 1 warning (0.00 sec) 表： 表名是否区分大小写取决于文件系统，强烈建议不要使用仅仅大小写不同的表名；\nCREATE： 语法1 CREATE [TEMPORARY] TABLE [IF NOT EXISTS] tbl_name\r(create_definition,...)\r[table_options]\r[partition_options] 语法2 CREATE [TEMPORARY] TABLE [IF NOT EXISTS] tbl_name\r[(create_definition,...)]\r[table_options]\r[partition_options]\rselect_statement 通过查询语句来创建表，直接将查询语句的结果插入到新创建的表中；只能复制字段名和类型，不能复制字段定义；\n语法3 CREATE [TEMPORARY] TABLE [IF NOT EXISTS] tbl_name\r{ LIKE old_tbl_name | (LIKE old_tbl_name) } 复制某存在的表的结构来创建新的空表；\n选项 create_definition:\rcol_name column_definition column_definition:\rdata_type [NOT NULL | NULL] [DEFAULT default_value]\r[AUTO_INCREMENT] [UNIQUE [KEY] | [PRIMARY] KEY]\r[COMMENT \u0026#39;string\u0026#39;]\r[COLUMN_FORMAT {FIXED|DYNAMIC|DEFAULT}] table_options：\rENGINE [=] engine_name 查看支持的所有存储引擎： mysql\u0026gt; SHOW ENGINES; 查看指定表的存储引擎： mysql\u0026gt; SHOW TABLE STATUS LIKE clause; 查看使用指定存储引擎的表： mysql\u0026gt; SHOW TABLE STATUS WHERE Engine='InnoDB'\\G\nDROP: DROP [TEMPORARY] TABLE [IF EXISTS] tbl_name [, tbl_name]; ALTER： ALTER TABLE tbl_name\r[alter_specification [, alter_specification] ...] 可修改内容：\n* table_options\r* 添加定义：ADD\r- 字段、字段集合、索引、约束\r* 修改字段：\r- CHANGE [COLUMN] old_col_name new_col_name column_definition [FIRST|AFTER col_name]\r- MODIFY [COLUMN] col_name column_definition [FIRST | AFTER col_name]\r* 删除操作：DROP\r- 字段、索引、约束 表重命名： RENAME [TO|AS] new_tbl_name\n查看表结构定义： DESC tbl_name； 查看表定义： SHOW CREATE TABLE tbl_name 查看表属性信息： SHOW TABLE STATUS [{FROM | IN} db_name] [LIKE \u0026#39;pattern\u0026#39; | WHERE expr] 示例： 创建一张表\nCREATE TABLE tbl1;` 创建表tbl2，指定字段列数据类型、主键等信息；\nMariaDB [(none)]\u0026gt; USE mydb;\rDatabase changed\rMariaDB [mydb]\u0026gt; CREATE TABLE tbl2(id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name CHAR(20));\rQuery OK, 0 rows affected (0.00 sec)\rMariaDB [mydb]\u0026gt; DESC tbl2;\r+-------+---------------------+------+-----+---------+----------------+\r| Field | Type | Null | Key | Default | Extra |\r+-------+---------------------+------+-----+---------+----------------+\r| id | tinyint(3) unsigned | NO | PRI | NULL | auto_increment |\r| name | char(20) | YES | | NULL | |\r+-------+---------------------+------+-----+---------+----------------+\r2 rows in set (0.00 sec) 创建表tbl3，单独指定主键\nMariaDB [mydb]\u0026gt; CREATE TABLE tbl3(id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT, name CHAR(20), PRIMARY KEY(id));\rQuery OK, 0 rows affected (0.01 sec)\rMariaDB [mydb]\u0026gt; DESC tbl3;\r+-------+---------------------+------+-----+---------+----------------+\r| Field | Type | Null | Key | Default | Extra |\r+-------+---------------------+------+-----+---------+----------------+\r| id | tinyint(3) unsigned | NO | PRI | NULL | auto_increment |\r| name | char(20) | YES | | NULL | |\r+-------+---------------------+------+-----+---------+----------------+\r2 rows in set (0.00 sec) 创建表tbl4，同时给指定字段创建索引；\nMariaDB [mydb]\u0026gt; CREATE TABLE tbl4(id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT, name CHAR(20), age TINYINT UNSIGNED, PRIMARY KEY(id), index(name));\rMariaDB [mydb]\u0026gt; DESC tbl4;\r+-------+---------------------+------+-----+---------+----------------+\r| Field | Type | Null | Key | Default | Extra |\r+-------+---------------------+------+-----+---------+----------------+\r| id | tinyint(3) unsigned | NO | PRI | NULL | auto_increment |\r| name | char(20) | YES | MUL | NULL | |\r| age | tinyint(3) unsigned | YES | | NULL | |\r+-------+---------------------+------+-----+---------+----------------+\r3 rows in set (0.00 sec) 查看表tbl4的索引信息;注意到，这里有两行，第一行是主键索引 PRIMARY 针对 id 字段，第二行是自定义索引 name 针对 name 字段；由于自定义的索引未指定索引名，因此默认索引名与字段名一样；\nMariaDB [mydb]\u0026gt; SHOW INDEXES FROM tbl4;\r+-------+------------+----------+--------------+-------------+-----------+-------------+----------+--------+------+------------+---------+---------------+\r| Table | Non_unique | Key_name | Seq_in_index | Column_name | Collation | Cardinality | Sub_part | Packed | Null | Index_type | Comment | Index_comment |\r+-------+------------+----------+--------------+-------------+-----------+-------------+----------+--------+------+------------+---------+---------------+\r| tbl4 | 0 | PRIMARY | 1 | id | A | 0 | NULL | NULL | | BTREE | | |\r| tbl4 | 1 | name | 1 | name | A | 0 | NULL | NULL | YES | BTREE | | |\r+-------+------------+----------+--------------+-------------+-----------+-------------+----------+--------+------+------------+---------+---------------+\r2 rows in set (0.00 sec)\rMariaDB [mydb]\u0026gt; SHOW INDEXES FROM tbl4\\G\r*************************** 1\\. row ***************************\rTable: tbl4\rNon_unique: 0\rKey_name: PRIMARY\rSeq_in_index: 1\rColumn_name: id\rCollation: A\rCardinality: 0\rSub_part: NULL\rPacked: NULL\rNull:\rIndex_type: BTREE\rComment:\rIndex_comment:\r*************************** 2\\. row ***************************\rTable: tbl4\rNon_unique: 1\rKey_name: name\rSeq_in_index: 1\rColumn_name: name\rCollation: A\rCardinality: 0\rSub_part: NULL\rPacked: NULL\rNull: YES\rIndex_type: BTREE\rComment:\rIndex_comment:\r2 rows in set (0.00 sec) 查看表的索引信息；\nMariaDB [mydb]\u0026gt; show table status;\r+------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+\r| Name | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length | Index_length | Data_free | Auto_increment | Create_time | Update_time | Check_time | Collation | Checksum | Create_options | Comment |\r+------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+\r| tbl2 | InnoDB | 10 | Compact | 0 | 0 | 16384 | 0 | 0 | 9437184 | 1 | 2017-06-03 22:24:47 | NULL | NULL | utf8_general_ci | NULL | | |\r| tbl3 | InnoDB | 10 | Compact | 0 | 0 | 16384 | 0 | 0 | 9437184 | 1 | 2017-06-03 22:29:15 | NULL | NULL | utf8_general_ci | NULL | | |\r| tbl4 | InnoDB | 10 | Compact | 0 | 0 | 16384 | 0 | 16384 | 9437184 | 1 | 2017-06-03 22:51:45 | NULL | NULL | utf8_general_ci | NULL | | |\r+------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+\r3 rows in set (0.00 sec)\rMariaDB [mydb]\u0026gt; SHOW TABLE STATUS\\G\r*************************** 1\\. row ***************************\rName: tbl2\rEngine: InnoDB\rVersion: 10\rRow_format: Compact\rRows: 0\rAvg_row_length: 0\rData_length: 16384\rMax_data_length: 0\rIndex_length: 0\rData_free: 9437184\rAuto_increment: 1\rCreate_time: 2017-06-03 22:24:47\rUpdate_time: NULL\rCheck_time: NULL\rCollation: utf8_general_ci\rChecksum: NULL\rCreate_options:\rComment:\r*************************** 2\\. row ***************************\rName: tbl3\rEngine: InnoDB\rVersion: 10\rRow_format: Compact\rRows: 0\rAvg_row_length: 0\rData_length: 16384\rMax_data_length: 0\rIndex_length: 0\rData_free: 9437184\rAuto_increment: 1\rCreate_time: 2017-06-03 22:29:15\rUpdate_time: NULL\rCheck_time: NULL\rCollation: utf8_general_ci\rChecksum: NULL\rCreate_options:\rComment:\r*************************** 3\\. row ***************************\rName: tbl4\rEngine: InnoDB\rVersion: 10\rRow_format: Compact\rRows: 0\rAvg_row_length: 0\rData_length: 16384\rMax_data_length: 0\rIndex_length: 16384\rData_free: 9437184\rAuto_increment: 1\rCreate_time: 2017-06-03 22:51:45\rUpdate_time: NULL\rCheck_time: NULL\rCollation: utf8_general_ci\rChecksum: NULL\rCreate_options:\rComment:\r3 rows in set (0.01 sec)\rMariaDB [mydb]\u0026gt; SHOW TABLE STATUS LIKE \u0026#39;tbl4\u0026#39;\\G\r*************************** 1\\. row ***************************\rName: tbl4\rEngine: InnoDB\rVersion: 10\rRow_format: Compact\rRows: 0\rAvg_row_length: 0\rData_length: 16384\rMax_data_length: 0\rIndex_length: 16384\rData_free: 9437184\rAuto_increment: 1\rCreate_time: 2017-06-03 22:51:45\rUpdate_time: NULL\rCheck_time: NULL\rCollation: utf8_general_ci\rChecksum: NULL\rCreate_options:\rComment:\r1 row in set (0.00 sec) 创建表tbl5，表选项 table_options 指定存储引擎 ENGINE ；\nMariaDB [mydb]\u0026gt; CREATE TABLE tbl5(id INT) ENGINE MyISAM;\rQuery OK, 0 rows affected (0.00 sec)\rMariaDB [mydb]\u0026gt; DESC tbl5;\r+-------+---------+------+-----+---------+-------+\r| Field | Type | Null | Key | Default | Extra |\r+-------+---------+------+-----+---------+-------+\r| id | int(11) | YES | | NULL | |\r+-------+---------+------+-----+---------+-------+\r1 row in set (0.01 sec)\rMariaDB [mydb]\u0026gt; SHOW TABLE STATUS WHERE ENGINE=\u0026#39;MyISAM\u0026#39;\\G\r*************************** 1\\. row ***************************\rName: tbl5\rEngine: MyISAM\rVersion: 10\rRow_format: Fixed\rRows: 0\rAvg_row_length: 0\rData_length: 0\rMax_data_length: 1970324836974591\rIndex_length: 1024\rData_free: 0\rAuto_increment: NULL\rCreate_time: 2017-06-03 23:26:08\rUpdate_time: 2017-06-03 23:26:08\rCheck_time: NULL\rCollation: utf8_general_ci\rChecksum: NULL\rCreate_options:\rComment:\r1 row in set (0.00 sec) 使用SELECT语句查询获取的数据创建表tbl6；\nMariaDB [mydb]\u0026gt; CREATE TABLE tbl6 SELECT Host,User,Password From mysql.user;\rQuery OK, 8 rows affected (0.02 sec)\rRecords: 8 Duplicates: 0 Warnings: 0\rMariaDB [mydb]\u0026gt; DESC tbl6;\r+----------+----------+------+-----+---------+-------+\r| Field | Type | Null | Key | Default | Extra |\r+----------+----------+------+-----+---------+-------+\r| Host | char(60) | NO | | | |\r| User | char(16) | NO | | | |\r| Password | char(41) | NO | | | |\r+----------+----------+------+-----+---------+-------+\r3 rows in set (0.00 sec)\rMariaDB [mydb]\u0026gt; SELECT * FROM tbl6;\r+-----------+------+-------------------------------------------+\r| Host | User | Password |\r+-----------+------+-------------------------------------------+\r| localhost | root | |\r| centos7 | root | |\r| 127.0.0.1 | root | |\r| ::1 | root | |\r| localhost | | |\r| centos7 | | |\r| % | test | *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 |\r| localhost | test | *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 |\r+-----------+------+-------------------------------------------+\r8 rows in set (0.00 sec) 复制表结构；\nMariaDB [mydb]\u0026gt; CREATE TABLE tbl7 like mysql.user;\rQuery OK, 0 rows affected (0.02 sec)\rMariaDB [mydb]\u0026gt; DESC tbl7;\r+------------------------+-----------------------------------+------+-----+----------+-------+\r| Field | Type | Null | Key | Default | Extra |\r+------------------------+-----------------------------------+------+-----+----------+-------+\r| Host | char(60) | NO | PRI | | |\r| User | char(80) | NO | PRI | | |\r| Password | char(41) | NO | | | |\r| Select_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Insert_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Update_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Delete_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Drop_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Reload_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Shutdown_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Process_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| File_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Grant_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| References_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Index_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Alter_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Show_db_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Super_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_tmp_table_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Lock_tables_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Execute_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Repl_slave_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Repl_client_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_view_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Show_view_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_routine_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Alter_routine_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_user_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Event_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Trigger_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| Create_tablespace_priv | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| ssl_type | enum(\u0026#39;\u0026#39;,\u0026#39;ANY\u0026#39;,\u0026#39;X509\u0026#39;,\u0026#39;SPECIFIED\u0026#39;) | NO | | | |\r| ssl_cipher | blob | NO | | NULL | |\r| x509_issuer | blob | NO | | NULL | |\r| x509_subject | blob | NO | | NULL | |\r| max_questions | int(11) unsigned | NO | | 0 | |\r| max_updates | int(11) unsigned | NO | | 0 | |\r| max_connections | int(11) unsigned | NO | | 0 | |\r| max_user_connections | int(11) | NO | | 0 | |\r| plugin | char(64) | NO | | | |\r| authentication_string | text | NO | | NULL | |\r| password_expired | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| is_role | enum(\u0026#39;N\u0026#39;,\u0026#39;Y\u0026#39;) | NO | | N | |\r| default_role | char(80) | NO | | | |\r| max_statement_time | decimal(12,6) | NO | | 0.000000 | |\r+------------------------+-----------------------------------+------+-----+----------+-------+\r46 rows in set (0.02 sec) ","permalink":"https://leiontong.github.io/posts/mysql-ddl-dml/","summary":"\u003ch1 id=\"sqlddldml\"\u003eSQL：DDL，DML\u003c/h1\u003e\n\u003ch2 id=\"ddldata-defination-language-mysql-help-data-definition\"\u003eDDL：Data Defination Language \u003ccode\u003emysql\u0026gt; HELP Data Definition\u003c/code\u003e\u003c/h2\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003eCREATE, ALTER, DROP\r\n    DATABASE, TABLE\r\n    INDEX, VIEW, USER\r\n    FUNCTION, FUNCTION UDF, PROCEDURE, TABLESPACE, TRIGGER, SERVER\n\u003c/code\u003e\u003c/pre\u003e\u003ch2 id=\"dml-data-manipulation-language-mysql-help-data-manipulation\"\u003eDML: Data Manipulation Language \u003ccode\u003emysql\u0026gt; HELP Data Manipulation\u003c/code\u003e\u003c/h2\u003e","title":"MySQL"},{"content":"common Hexo post Steps: Server preview: hexo clean \u0026amp;\u0026amp; hexo g \u0026amp;\u0026amp; hexo server\nDeploy to Gh-pages: hexo clean \u0026amp;\u0026amp; hexo g -d \u0026amp;\u0026amp; hexo clean\nHexo insert images into Mardown Hexo 向 Mardown 中插入图片\nRefer: https://zhuanlan.zhihu.com/p/265077468\n安装插件 npm install hexo-renderer-marked 修改配置： vim _config.yaml ... post_asset_folder: true marked: prependRoot: true postAsset: true ... 编辑 Mardown 图片文件名不能存在特殊字符，文件名中的空格最好用下划线或横杠代替。 所有图片需放到与 Mardown 同名的文件夹下，然后引用。 使用 hexo deploy 发布之前需要确保引用时不加路径，因为发布后由该 Mardown 生成的 index.html和图片位于同一目录下。 两种最佳实践：\n使用 typora 编辑 Mardown： 偏好设置 -\u0026gt; 图像 -\u0026gt; 插入图片时：\n\u0026ldquo;复制到指定路径\u0026rdquo; 选择 \u0026ldquo;./$(filename)\u0026rdquo; 勾选：对本地位置的图片应用上述规则 勾选：对网络位置的图片应用上述规则 勾选：优先使用相对路径 这样，在插入图片时 typora 会在 Mardown 文件当前目录下自动新建同名的文件夹。 编辑完成后，再将引用的相对路径全部替换为空。 然后再发布。\n使用 obsidian 编辑 Mardown： 设置 -\u0026gt; 文件与链接：\n内部链接类型：\u0026ldquo;以尽可能简短的形式插入\u0026rdquo; 新附件的默认位置：当前文件夹下指定的子文件夹中 子文件夹名称：assets 这样，在插入图片时 obsidian 会在 Mardown 文件当前目录下自动新建名为 assets 的文件夹。 编辑完成后，再将之前定义的 assets 的文件夹改名为 Mardown 文件同名的文件夹。 然后再发布。\n","permalink":"https://leiontong.github.io/posts/tips-common-hexo-post-steps/","summary":"\u003ch1 id=\"common-hexo-post-steps\"\u003ecommon Hexo post Steps:\u003c/h1\u003e\n\u003ch2 id=\"server-preview\"\u003eServer preview:\u003c/h2\u003e\n\u003cp\u003ehexo clean \u0026amp;\u0026amp; hexo g \u0026amp;\u0026amp; hexo server\u003c/p\u003e\n\u003ch2 id=\"deploy-to-gh-pages\"\u003eDeploy to Gh-pages:\u003c/h2\u003e\n\u003cp\u003ehexo clean \u0026amp;\u0026amp; hexo g -d \u0026amp;\u0026amp; hexo clean\u003c/p\u003e\n\u003ch1 id=\"hexo-insert-images-into-mardown\"\u003eHexo insert images into Mardown\u003c/h1\u003e\n\u003cp\u003eHexo 向 Mardown 中插入图片\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eRefer: \u003ca href=\"https://zhuanlan.zhihu.com/p/265077468\"\u003ehttps://zhuanlan.zhihu.com/p/265077468\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e","title":"common Hexo post Steps"},{"content":"Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.\nQuick Start Create a new post $ hexo new \u0026#34;My New Post\u0026#34; More info: Writing\nRun server $ hexo server More info: Server\nGenerate static files $ hexo generate More info: Generating\nDeploy to remote sites $ hexo deploy More info: Deployment\n","permalink":"https://leiontong.github.io/posts/hello-world/","summary":"\u003cp\u003eWelcome to \u003ca href=\"https://hexo.io/\"\u003eHexo\u003c/a\u003e! This is your very first post. Check \u003ca href=\"https://hexo.io/docs/\"\u003edocumentation\u003c/a\u003e for more info. If you get any problems when using Hexo, you can find the answer in \u003ca href=\"https://hexo.io/docs/troubleshooting.html\"\u003etroubleshooting\u003c/a\u003e or you can ask me on \u003ca href=\"https://github.com/hexojs/hexo/issues\"\u003eGitHub\u003c/a\u003e.\u003c/p\u003e\n\u003ch2 id=\"quick-start\"\u003eQuick Start\u003c/h2\u003e\n\u003ch3 id=\"create-a-new-post\"\u003eCreate a new post\u003c/h3\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$ hexo new \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;My New Post\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eMore info: \u003ca href=\"https://hexo.io/docs/writing.html\"\u003eWriting\u003c/a\u003e\u003c/p\u003e\n\u003ch3 id=\"run-server\"\u003eRun server\u003c/h3\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$ hexo server\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"Hello World"}]