#/etc/haproxy/haproxy.cfg frontend https-in bind *:443 tcp-request inspect-delay 3s tcp-request content accept if { req.ssl_hello_type 1 } acl tls req.ssl_hello_type 1 acl has_sni req.ssl_sni -m found use_backend ocserv if tls { req.ssl_sni -i [ocserv domain] } use_backend https-out if tls { req.ssl_sni -i [domian] } backend ocserv mode tcp option ssl-hello-chk server server-vpn 127.0.0.1:999 send-proxy-v2 # ocserv工作在本地999端口 backend https-out server server-web 127.0.0.1:4443 check #https工作在本地4443端口 #/etc/ocserv/ocserv.conf listen-proxy-proto = true 参考 HAProxy forwarding to HTTPS sites How to share the same port for VPN and HTTP »
在尝试使用源码编译很多陈旧开源软件的时候会遇到该软件的源地址SSL证书失效(比如iftop). 网上流传的很多都是直接修改git全局设置: git config --global http.sslVerify false 但会造成更大的安全问题. 正确方法需要在克隆的时候手动忽略证书错误: env GIT_SSL_NO_VERIFY=true git clone https://code.blinkace.com/pdw/iftop.git cd iftop git config http.sslVerify "false" 使用e »
$ find . -name "*.swift" -or -name "*.h" | xargs wc -l 59 ./mas-cli/AppStore/Downloader.swift 62 ./mas-cli/AppStore/ISStoreAccount.swift 114 ./mas-cli/AppStore/PurchaseDownloadObserver.swift 29 ./mas-cli/AppStore/SSPurchase.swift 24 ./mas-cli/Commands/Account.swift 58 ./mas-cli/Commands/Install.swift 25 ./mas-cli/Commands/List.swift 27 ./mas-cli/Commands/Outdated.swift 85 ./mas-cli/Commands/Reset.swift 63 ./mas-cli/Commands/Search.swift 59 ./mas-cli/Commands/SignIn.swift 18 ./mas-cli/Commands/SignOut.swift 65 ./mas-cli/Commands/Upgrade.swift 21 ./mas-cli/Commands/Version.swift 64 ./mas-cli/Error.swift 34 ./mas-cli/main.swift 44 ./mas-cli/mas-cli-Bridging-Header.h 63 ./mas-cli/NSURLSession+Synchronous.swift 37 ./mas-cli/PrivateHeaders/CommerceKit/CKAccountStore.h 41 ./mas-cli/PrivateHeaders/CommerceKit/CKDownloadQueue.h 38 ./mas-cli/PrivateHeaders/CommerceKit/CKPurchaseController.h 14 ./mas-cli/PrivateHeaders/CommerceKit/CKServiceInterface.h 37 ./mas-cli/PrivateHeaders/CommerceKit/CKSoftwareMap.h 59 ./mas-cli/PrivateHeaders/CommerceKit/CKUpdateController.h 17 ./mas-cli/PrivateHeaders/CommerceKit/ISStoreURLOperationDelegate-Protocol.h 73 ./mas-cli/PrivateHeaders/StoreFoundation/CKSoftwareProduct.h 42 ./mas-cli/PrivateHeaders/StoreFoundation/CKUpdate.h 53 ./mas-cli/PrivateHeaders/StoreFoundation/ISAccountService-Protocol.h 53 ./mas-cli/PrivateHeaders/StoreFoundation/ISAuthenticationContext.h 16 ./mas-cli/PrivateHeaders/StoreFoundation/ISOperationDelegate-Protocol.h 51 ./mas-cli/PrivateHeaders/StoreFoundation/ISServiceProxy.h 13 ./mas-cli/PrivateHeaders/StoreFoundation/ISServiceRemoteObject-Protocol.h 53 ./mas-cli/PrivateHeaders/StoreFoundation/ISStoreAccount.h 74 ./mas-cli/PrivateHeaders/StoreFoundation/ISStoreClient.h 18 ./mas-cli/PrivateHeaders/StoreFoundation/ISURLOperationDelegate-Protocol.h 60 ./mas-cli/PrivateHeaders/StoreFoundation/SSDownload.h 73 ./mas-cli/PrivateHeaders/StoreFoundation/SSDownloadMetadata.h 30 ./mas-cli/PrivateHeaders/StoreFoundation/SSDownloadPhase.h 37 ./mas-cli/PrivateHeaders/StoreFoundation/SSDownloadStatus.h 67 ./mas-cli/PrivateHeaders/StoreFoundation/SSPurchase.h 26 ./mas-cli/PrivateHeaders/StoreFoundation/SSPurchaseResponse.h 51 ./mas-cli/Utilities.swift 95 ./Seeds/Commandant/Sources/Commandant/Argument.swift 191 ./Seeds/Commandant/Sources/Commandant/ArgumentParser.swift 41 ./Seeds/Commandant/Sources/Commandant/ArgumentProtocol.swift 224 ./Seeds/Commandant/Sources/Commandant/Command.swift 17 ./Seeds/Commandant/Sources/Commandant/Commandant.h 147 ./Seeds/Commandant/Sources/Commandant/Errors.swift 75 ./Seeds/Commandant/Sources/Commandant/HelpCommand.swift 14 ./Seeds/Commandant/Sources/Commandant/LinuxSupport.swift 214 ./Seeds/Commandant/Sources/Commandant/Option.swift 63 ./Seeds/Commandant/Sources/Commandant/Switch.swift 8 ./Seeds/Result/Result/Result.h 192 ./Seeds/Result/Result/Result.swift »
编译依赖 apt-get install libcurl4-gnutls-dev libexpat1-dev gettext zlib1g-dev libssl-dev 下载 到Github下载需要的版本 安装 autoconf ./configure prefix=/usr/local all make make install »
创建git用户 创建git用户并设定好密码 adduser git 限制git用户登录 修改文件/etc/passwd 找到对应git用户的列然后将/bin/bash修改为/usr/local/bin/git-shell 添加公钥 #vi /path/to/gituser/.ssh/authorized_keys #...添加公钥 创建仓库 git init --bare simple.git chown -R »
起因 临时使用QT开发了一套类似启动器的程序,开发完毕发布给同事使用以后才发现如果安装到程序目录以后很多操作都无效了. 由于以前从未从事过win32开发(我只是个跑龙套的),只能手动排除故障.. 最终发现应该是该编译出的exe文件缺少管理员权限的 »
由于在Windows上使用Git的千奇百怪解决方案造成中途需要从babun更换到cygwin..结果更换的时候将Git配置中的Email输入错误,于是寻找了一下修改多个commit中的信息. 最后在changing-author-info中看 »
自从Swift开源以后就出现了一些可以进行后端开发的框架,主要的几个有:Perfect,Vapor,Kitura和Zewo.其中Perfect最为著名,于是就打算从它入手. 环境 先跟着https://swift.org上的文档在服务器上安装好 »
编译安装 strongSwan.使用了5.5.1版本,最新是5.6.1不过不知道为什么无法连接 wget https://download.strongswan.org/strongswan-5.5.1.tar.gz tar zxvf strongswan-5.5.1tar.gz cd strongswan-5.5.1 ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --enable-openssl \ --enable-nat-transport \ --disable-mysql \ --disable-ldap \ --disable-static \ --enable-shared \ --enable-md4 \ --enable-eap-mschapv2 \ --enable-eap-aka \ --enable-eap-aka-3gpp2 \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-peap \ --enable-eap-radius \ --enable-eap-sim \ --enable-eap-sim-file \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ --enable-eap-simaka-sql \ --enable-eap-tls \ --enable-eap-tnc \ --enable-eap-ttls make make install ==如果提示==confi »
更新:Debian9都发布好久了,用Debian9吧 不需要折腾内核就能直接开启BBR 上个月网友发现Google在GitHub上的项目Google/BBR. 前几天发现在几个Linux发行版中的候选版内核已经实装,而里面刚好也有Debian. 在 »