安装完 OpenWrt 23.05.0 后,扩展ROOT分区 

OP一直有这个问题,就是把镜像写入到SD卡或者本地磁盘后,默认只使用了100多M的空间,导致SD卡有大量存储空间限制。

之前一直使用的方法是 fdisk 删除,重建分区大法,不过这方法会导致分区UUID变更,需要更新GRUB.CFG文件才行。

今天刚安装了OP最新稳定版 OpenWrt 23.05.0,就按照官方最新的DOC试试新方法。

ssh 登录系统,可见磁盘mmcblk0p2 需要扩容。

BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.0, r23497-6637af95aa
-----------------------------------------------------
root@OpenWrt:~# uname -a
Linux OpenWrt 5.15.134 #0 SMP Mon Oct 9 21:45:35 2023 aarch64 GNU/Linux
root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 102.3M 16.8M 83.5M 17% /
tmpfs 245.2M 92.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 104M 0 part /


更新OPKG源,安装需要用到工具 parted losetup resize2fs.

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.0/targets/sunxi/cortexa53/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/23.05.0/targets/sunxi/cortexa53/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# opkg install parted losetup resize2fs
Installing parted (3.6-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/parted_3.6-1_aarch64_cortex-a53.ipk
Installing libparted (3.6-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/libparted_3.6-1_aarch64_cortex-a53.ipk
Installing libreadline8 (8.2-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/libreadline8_8.2-1_aarch64_cortex-a53.ipk
Installing losetup (2.39-2) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/losetup_2.39-2_aarch64_cortex-a53.ipk
Installing resize2fs (1.47.0-2) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/resize2fs_1.47.0-2_aarch64_cortex-a53.ipk
Configuring resize2fs.
Configuring losetup.
Configuring libparted.
Configuring libreadline8.
Configuring parted.


扩容磁盘mmcblk0 分区2,第一次重启。

root@OpenWrt:~# echo -e "ok\nfix" | parted -l ---pretend-input-tty
Model: SD SD16G (sd/mmc)
Disk /dev/mmcblk0: 15.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number Start End Size Type File system Flags
1 1049kB 22.0MB 21.0MB primary fat16 boot, lba
2 23.1MB 132MB 109MB primary ext2


root@OpenWrt:~# parted -s /dev/mmcblk0 resizepart 2 100%
root@OpenWrt:~# reboot


扩容分区 mmcblk0p2 对应的ext文件系统 /,第二次重启。

root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 14.4G 0 part / #这里可以看到分区2已经被扩容了
root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 102.3M 20.0M 80.3M 20% /
tmpfs 245.2M 88.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# losetup /dev/loop1 /dev/mmcblk0p2
root@OpenWrt:~# resize2fs -f /dev/loop1
resize2fs 1.47.0 (5-Feb-2023)
Resizing the filesystem on /dev/loop1 to 3779072 (4k) blocks.
The filesystem on /dev/loop1 is now 3779072 (4k) blocks long.

root@OpenWrt:~# reboot


2次重启完成后,进入系统,扩容已经完成。

root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 14.2G 20.0M 14.2G 0% / #文件也已经被扩容
tmpfs 245.2M 84.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 14.4G 0 part /


相对于fdisk,这个还是比较方便的。

参考文档:
https://openwrt.org/docs/guide-user/installation/openwrt_x86#expanding_root_partition
https://openwrt.org/docs/guide-user/installation/openwrt_x86#expanding_root_filesystem
https://openwrt.org/docs/guide-user/installation/installation_methods/sd_card
https://openwrt.org/docs/guide-user/advanced/expand_root
[ ] ( 563 次浏览 ) 永久链接 ( 3 / 1742 )
搭建带WEB用户管理的openvpn 

前段时间老大给了任务,要搭建一个供内部同事使用的openvpn,为了方便管理需要支持网页管理UI,故而折腾了一下。

1.下载开源的一键部署脚本,使用这位大佬的项目 https://github.com/Nyr/openvpn-install


wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

执行 下载,安装 就完事了。

如果是个人使用的话,到这里就结束了。缺点是添加、删除用户需要反复的执行该脚本,有点麻烦。

2.编辑 /lib/systemd/system/[email protected] 服务文件,在执行命令后面追加 --management 127.0.0.1 8989 开启管理端口。
如下:

[Unit]
Description=OpenVPN service for %I
After=network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf --management 127.0.0.1 8989
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target


3.重载服务列表,重启openvpn服务,使配置生效。并查看端口情况。

root@ip:~# systemctl daemon-reload
root@ip:~# systemctl restart [email protected]e
root@ip:~# netstat -nlp | grep openvpn
tcp 0 0 172.31.35.111:12345 0.0.0.0:* LISTEN 19285/openvpn
tcp 0 0 127.0.0.1:8989 0.0.0.0:* LISTEN 19285/openvpn


4.确认管理端口开启后,下载ovpn-admin 用户管理服务,解压便可得到可执行的二进制文件。

root@ip:~# wget https://github.com/sharljimhtsin/ovpn-admin/releases/download/v3/ovpn-admin-linux-amd64.tar.gz


5.复制easyrsa 可执行文件 到 $PATH 目录下,ovpn-admin 需要用到。

root@ip:~# cp /etc/openvpn/server/easy-rsa/easyrsa /usr/local/bin/
root@ip:~# ls -lh /usr/local/bin/
total 172K
-rwxr-xr-x 1 root root 170K Jul 14 02:45 easyrsa


6.启动ovpn-admin.命令如下:

root@ip:~# EASYRSA_BATCH=1 ./ovpn-admin --listen.host="0.0.0.0" --listen.port="8080" --ovpn.network="TUN网卡IP/24" --ovpn.server=WANIP:12345:tcp --easyrsa.path=/etc/openvpn/server/easy-rsa/ --easyrsa.index-path=/etc/openvpn/server/easy-rsa/pki/index.txt --log.level=trace
--web.basic-auth.user=admin --web.basic-auth.password=12345
DEBU[0000] mgmtStatusTimeFormat: 2006-01-02 15:04:05
DEBU[0000] mgmtSetTimeFormat: successful connection to main/127.0.0.1:8989
TRAC[0000] OpenVPN Version: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Management Version: 3
ND
INFO[0000] Bind: http://0.0.0.0:8080


比较关键的参数就是 --web.basic-auth.user=admin --web.basic-auth.password=12345 这2个是用于webui 管理的登录认证。
由于该进程需要常驻,我是用的是 screen,也可以用 nohup 之类的。或者使用 https://mysystemd.talos.sh/ 生成一个 systemd 服务。

7.检查服务端口情况。

root@ip:~# netstat -nlp | grep vpn
tcp 0 0 172.31.35.111:12345 0.0.0.0:* LISTEN 19285/openvpn
tcp 0 0 127.0.0.1:8989 0.0.0.0:* LISTEN 19285/openvpn
tcp6 0 0 :::8080 :::* LISTEN 19300/./ovpn-admin


8.确认一切OK后,就可以使用 http://wanip:8080 + 之前配置的用户名密码 访问openvpn 的用户管理后台了。
[ ] ( 443 次浏览 ) 永久链接 ( 3 / 1739 )
caddy2 域名站点禁用 http to https 自动跳转 

caddy 这个web server 不用多说了,auto TLS 是它的最大卖点。

但是有时候确实会有一些奇葩需求,

比如我就是要访问http 版本,我不需要自动跳转到 https.但是同时我需要https 也可以用。

只需要http 的场景,直接 tls off 就完事了。(caddy 1 是这么配置的,caddy 2 不清楚)

所以我需要的情况是 http 和 https 共存,两者都可以独立访问。

通过查阅资料,看到了 caddy 2 有个auto_https 的全局选项,可以选择off、disable_redirects、ignore_loaded_certs三个选项。
先不说这玩意有用没用,这是全局开关,我不可能为了一个站点,影响其他正常的站点。故不考虑。

继续查。。。

终于找到了解决方案,就是在 hostname 上做手脚。。。。

http://debug.xzx.im:80 https://debug.xzx.im {
root * /var/www
file_server
}

这就完事了。查看效果:

[root@VM-4-3-centos ~]# curl http://debug.xzx.im -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 6841
Content-Type: text/html; charset=utf-8
Etag: "qz7q685a1"
Last-Modified: Fri, 10 Sep 2021 09:54:08 GMT
Server: Caddy
Date: Sat, 11 Sep 2021 13:44:55 GMT

[root@VM-4-3-centos ~]# curl https://debug.xzx.im -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 6841
Content-Type: text/html; charset=utf-8
Etag: "qz7q685a1"
Last-Modified: Fri, 10 Sep 2021 09:54:08 GMT
Server: Caddy
Date: Sat, 11 Sep 2021 13:45:00 GMT


再看个同一个CADDY下没改的站点的:

[root@VM-4-3-centos ~]# curl http://us.xzx.im -I
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://us.xzx.im/
Server: Caddy
Date: Sat, 11 Sep 2021 13:46:55 GMT

[root@VM-4-3-centos ~]# curl https://us.xzx.im -I
HTTP/1.1 200 OK
Content-Length: 5514
Content-Type: text/html; charset=utf-8
Date: Sat, 11 Sep 2021 13:46:58 GMT
Server: Caddy
Server: swoole-http-server
Set-Cookie: SWOFT_SESSION_ID=eo0e72sbt0kqiqvco1kkflfqc6; expires=Sun, 12-Sep-2021 01:46:58 GMT; path=/; httponly


效果十分明显,没有了不想要http to https redirect. good!!!!

查阅了以下文档:
https://caddyserver.com/docs/automatic-https
https://caddyserver.com/docs/caddyfile/options#auto-https
https://caddy.community/t/making-sense-of-auto-https-and-why-disabling-it-still-serves-https-instead-of-http/9761
[ ] ( 1032 次浏览 ) 永久链接 ( 2.8 / 2955 )
Quantumult X 下使用SS + v2ray-plugin 配置容易踩的坑 

在 Quantumult X 下添加自己的ss + v2ray-plugin 服务器节点相较与小火箭本身就有一点麻烦,因为不提供GUI方式添加,只能自己编辑CONF文件。

之前就是照着官方的SAMPLE格式加了自己的VMESS节点,不过还行,添加一次就成功了。

这次添加ss + v2ray-plugin 死活测试延迟失败。。。结果仔仔细细的看了文档,才发现显式需要设置 mux=0 ,默认值是1.

文档里有说明:

# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core.


修正后的go-shadowsocks2 服务端启动命令:

nohup go-shadowsocks2 -password ****** -plugin v2ray-plugin -plugin-opts "server;tls;host=kr.xzx.im;key=/path/to/kr.xzx.im.key;cert=/path/to/kr.xzx.im.crt;mux=0" -s ":####" -verbose &


对应的Quantumult X 本地配置文件的server_local 节点配置:

shadowsocks=kr.xzx.im:####,method=chacha20-ietf-poly1305,password=******,obfs=wss,obfs-uri=/,obfs-host=kr.xzx.im,tls13=false,fast-open=false,udp-relay=false,tag=ss-v2ray-plugin


折腾了好久,结果还是吃了没仔细看文档的亏,所以以后文档还得看啊~

参考了:https://github.com/crossutility/Quantumult-X/blob/master/sample.conf
[ ] ( 1186 次浏览 ) 永久链接 ( 2.9 / 3035 )
Caddy 1 迁移到 Caddy 2 配置文件改动 

之前一直用的是CADDY 1,最近随着CADDY 2 越来越接近生产环境,故而借由查看服务器情况下载升级了一下。

升级BIN 很简单,直接下载官方提供的BIN 包解压即可。如果要自己编译得话,GOLANG 的版本需要Go 1.14 以上了。 v1的话 1.13 版本就行。

这里不赘述。主要讲讲配置文件格式的变化。改动还是蛮大的,v1的CaddyFile 直接无法启动。需要自己根据官方迁移文档挨个修改。。。。。

这里是我V1 和 V2 的区别.

v1 版本:

sgp.xzx.im
root /home/admin/http
proxy /caonima 127.0.0.1:9700 {
websocket
header_upstream -Origin
}
browse /
status 403 /forbidden
basicauth "username" password{
realm "password plz"
/pdf
/rinima
}
rewrite {
# if {file} starts_with .
r ^/\..*
to /forbidden
}
fastcgi / /run/php-fpm/www.sock php


v2 版本:

sgp.xzx.im {
root * /home/admin/http
reverse_proxy /caonima 127.0.0.1:9700
respond /forbidden 403
basicauth /pdf/* {
username JDJhJDEwJEhrMGVjT2s1ZWNoSnM1VUFhUThnV090dUttU3ZYc1kyZGVTLmhoNGVVZUVtY0lwcXRuRG1T
}
basicauth /rinima/* {
username JDJhJDEwJEhrMGVjT2s1ZWNoSnM1VUFhUThnV090dUttU3ZYc1kyZGVTLmhoNGVVZUVtY0lwcXRuRG1T
}
@dotFiles {
path_regexp ^/\..*
}
rewrite @dotFiles /forbidden
# Proxy PHP files to the FastCGI responder
@phpFiles {
path *.php
}
reverse_proxy @phpFiles unix//var/run/php-fpm-www.sock {
transport fastcgi {
split .php
}
}
#php_fastcgi unix//var/run/php-fpm-www.sock #这个应该是有用的,之前忘了加 unix:// 前缀,还以为没作用
file_server /* browse
}


基本一目了然。要注意的是
1.HTTP 认证密码不在存放明文,跟NGINX、APACHE HTTPD 学了,通过密码工具生成密文。具体看

root@iZt4nbvac3vpa6uqd0l17kZ:~ # caddy help hash-password
Convenient way to hash a plaintext password. The resulting
hash is written to stdout as a base64 string.

--algorithm may be bcrypt or scrypt. If script, the default
parameters are used.

Use the --salt flag for algorithms which require a salt to
be provided (scrypt).

usage:
caddy hash-password --plaintext <password> [--salt <string>] [--algorithm <name>]

flags:
-algorithm string
Name of the hash algorithm (default "bcrypt")
-plaintext string
The plaintext password
-salt string
The password salt

Full documentation is available at:
https://caddyserver.com/docs/command-line
root@iZt4nbvac3vpa6uqd0l17kZ:~ # caddy hash-password --plaintext "caonima"
JDJhJDEwJEV1VTFDbk94WnJFaEZJZndMb0tob081U01JOEtVTEpuMW1tbGZRNW16QXJFb3gubm8yM2RX #生成的密文


2.其次就是 php_fastcgi 其实 reverse_proxy 包装了一下,算是个“存储过程”吧。。。。
负责的事情比v1 版本的 fastcgi 多了很多,因为是专门为PHP 解释器转发设计的。
更方便你部署PHP站点了,特别是lumen 这类bootstrap 单一入口,控制器做转发的框架。
可以省去 try_files 等很多逻辑。一键集成PHP....

具体看:https://caddyserver.com/docs/caddyfile/directives/php_fastcgi#expanded-form


除了配置之外,启动方式也变了。
之前:

echo "start caddy"
nohup go/bin/caddy -agree -log log/web.log -conf cfg/Caddyfile >& log/caddy.log &


现在:

\--- 17397 root caddy run --pingback 127.0.0.1:26860 --config cfg/Caddyfile
# start Starts the Caddy process in the background and then returns
默认后台运行,不需要再用 nohup 了


注:本文在实践&撰写时参考了以下文档:
https://caddyserver.com/docs/v2-upgrade
https://caddyserver.com/docs/caddyfile/directives
https://caddyserver.com/docs/caddyfile/matchers
https://caddyserver.com/docs/caddyfile-tutorial
[ ] ( 1335 次浏览 ) 永久链接 ( 2.9 / 2170 )

<上一页 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 下一页> >>