-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
1454 lines (993 loc) · 99 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" name="theme-color" content="#171714">
<meta name="google-site-verification" content="fTlRYC4_eug8Q64ZK4Lzdv8mcunvs7S0Ec-39TBokv4">
<!-- Google Analytics -->
<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-132384849-1', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-8SFVJTQFBY"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-8SFVJTQFBY');
</script>
<!-- Google AdSense -->
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<script>
(adsbygoogle = window.adsbygoogle || []).push({
google_ad_client: "ca-pub-9920928489161252",
enable_page_level_ads: true
});
</script>
<!-- End Google AdSense -->
<link rel="alternative" href="/atom.xml" title="Shintaku's Blog" type="application/atom+xml">
<link rel="manifest" href="manifest.json">
<link rel="shortcut icon" href="/images/icon.png">
<title>Shintaku's Blog</title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta property="og:type" content="website">
<meta property="og:title" content="Shintaku's Blog">
<meta property="og:url" content="https://www.shintaku.xyz/index.html">
<meta property="og:site_name" content="Shintaku's Blog">
<meta property="og:locale">
<meta property="article:author" content="Shintaku">
<meta name="twitter:card" content="summary">
<link href="//fonts.googleapis.com/css?family=Source+Code+Pro" rel="stylesheet" type="text/css">
<script src="/js/jquery-3.3.1.min.js"></script>
<script src="/js/nprogress.js"></script>
<link href="/css/nprogress.css" rel="stylesheet">
<link rel="stylesheet" href="/css/style.css">
<meta name="generator" content="Hexo 6.2.0"></head>
<body>
<div id="container">
<div id="wrap">
<header id="header">
<div id="banner"><div id="banner-right"></div></div>
<div id="header-outer" class="outer">
<div id="header-title" class="inner">
<h1 id="logo-wrap">
<a href="/" id="logo">Shintaku's Blog</a>
</h1>
</div>
<div id="header-inner" class="inner">
<nav id="main-nav">
<a id="main-nav-toggle" class="nav-icon"></a>
<a class="main-nav-link" href="/"><i class=fa-home title='Home'></i> Home</a>
<a class="main-nav-link" href="/archives"><i class=fa-archive title='Archives'></i> Archives</a>
<a class="main-nav-link" href="/tags"><i class=fa-tags title='Tags'></i> Tags</a>
</nav>
<nav id="sub-nav">
<a id="nav-rss-link" class="nav-icon" href="/atom.xml" title="RSS Feed"></a>
<a id="nav-search-btn" class="nav-icon" title="Search"></a>
</nav>
<div id="search-form-wrap">
<form action="//google.com/search" method="get" accept-charset="UTF-8" class="search-form"><input type="search" name="q" class="search-form-input" placeholder="Search"><button type="submit" class="search-form-submit"></button><input type="hidden" name="sitesearch" value="https://www.shintaku.xyz"></form>
</div>
</div>
</div>
</header>
<div class="outer">
<section id="main" class='pjax'>
<article id="post-certbot-ssl" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/certbot-ssl/" class="article-date">
<time datetime="2022-10-01T14:22:22.000Z" itemprop="datePublished">2022-10-01</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/">网络</a>►<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/%E7%BD%91%E7%AB%99%E9%83%A8%E7%BD%B2/">网站部署</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/certbotsslbanner.png" rel="gallery_cl9153kvo000ho4h8a4xx7o29">
<img src="/img/certbotsslbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/certbot-ssl/">Certbot配置SSL证书获得A+</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/certbot-ssl/" data-id="cl9153kvo000ho4h8a4xx7o29" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/certbot-ssl/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Nginx/" rel="tag">Nginx</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/SSL/" rel="tag">SSL</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/VPS/" rel="tag">VPS</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/%E6%9C%8D%E5%8A%A1%E5%99%A8/" rel="tag">服务器</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<h1 id="安装Certbot"><a href="#安装Certbot" class="headerlink" title="安装Certbot"></a>安装Certbot</h1><p><a target="_blank" rel="noopener" href="https://certbot.eff.org/">Certbot</a>是一个自动生成<a target="_blank" rel="noopener" href="https://letsencrypt.org/">Let’s Encrypt</a>免费SSL证书的自由开源工具。CentOS可以通过yum直接安装:</p>
<figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install certbot</span><br></pre></td></tr></table></figure>
<h1 id="获取Cloudflare-API-Key"><a href="#获取Cloudflare-API-Key" class="headerlink" title="获取Cloudflare API Key"></a>获取Cloudflare API Key</h1><p>因为DNS解析是托管在CloudFlare上,通过DNS API去验证域名所有权并申请/更新证书操作起来更简单。</p>
<p>在<a target="_blank" rel="noopener" href="https://dash.cloudflare.com/profile/api-tokens">CloudFlare个人资料</a>里获取Global API Key,在VPS上创建<code>cf.ini</code>文件填入帐号和Key:</p>
<figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># Cloudflare API credentials used by Certbot</span></span><br><span class="line"><span class="attr">dns_cloudflare_email</span> = cloudflare@example.com</span><br><span class="line"><span class="attr">dns_cloudflare_api_key</span> = <span class="number">0123456789</span>abcdef0123456789abcdef0123</span><br></pre></td></tr></table></figure>
<h1 id="申请证书"><a href="#申请证书" class="headerlink" title="申请证书"></a>申请证书</h1><p>用DNS插件申请域名和二级域名的证书:</p>
<figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">certbot certonly -d <span class="string">'yourdomain.com'</span> -d <span class="string">'*.yourdomain.com'</span> \</span><br><span class="line"> --dns-cloudflare \</span><br><span class="line"> --dns-cloudflare-credentials /etc/nginx/cf.ini \</span><br><span class="line"> --dns-cloudflare-propagation-seconds 60</span><br></pre></td></tr></table></figure>
<p>证书默认会保存在<code>/etc/letsencrypt/live/yourdomain.com</code>目录下面。</p>
<h1 id="配置Nginx"><a href="#配置Nginx" class="headerlink" title="配置Nginx"></a>配置Nginx</h1><p>配置<code>/etc/nginx/nginx.conf</code>:</p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> ssl http2;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl http2;</span><br><span class="line"> <span class="attribute">server_name</span> _;</span><br><span class="line"> <span class="attribute">root</span> /usr/share/nginx/html;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">ssl_certificate</span> /etc/letsencrypt/live/yourdomain.com/fullchain.pem;</span><br><span class="line"> <span class="attribute">ssl_certificate_key</span> /etc/letsencrypt/live/yourdomain.com/privkey.pem;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">ssl_session_cache</span> shared:le_nginx_SSL:<span class="number">1m</span>;</span><br><span class="line"> <span class="attribute">ssl_session_timeout</span> <span class="number">1440m</span>;</span><br><span class="line"> <span class="attribute">ssl_session_tickets</span> <span class="literal">off</span>;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">ssl_dhparam</span> /etc/nginx/dhparam.pem;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">ssl_protocols</span> TLSv1.<span class="number">2</span> TLSv1.<span class="number">3</span>;</span><br><span class="line"> <span class="attribute">ssl_prefer_server_ciphers</span> <span class="literal">on</span>;</span><br><span class="line"> <span class="attribute">ssl_ciphers</span> HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA;</span><br><span class="line">}</span><br></pre></td></tr></table></figure>
<p>重启Nginx就对所有二级域名都生效了。可以到<a target="_blank" rel="noopener" href="https://www.ssllabs.com/">SSL Labs</a>检测一下SSL评分是不是A+。</p>
<h1 id="证书续期"><a href="#证书续期" class="headerlink" title="证书续期"></a>证书续期</h1><p>证书有效期为90天,所以需要定期更新,离过期30天以内可以续期,续期命令(可以加<code>--dry-run</code>试一下):</p>
<figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">certbot renew \</span><br><span class="line"> --dns-cloudflare \</span><br><span class="line"> --dns-cloudflare-credentials /etc/nginx/cf.ini \</span><br><span class="line"> --dns-cloudflare-propagation-seconds 60</span><br></pre></td></tr></table></figure>
<p>可以写个crontab定时任务每个月执行一次:</p>
<figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">55 7 1 * * /usr/bin/certbot renew --dns-cloudflare --dns-cloudflare-credentials /etc/nginx/cf.ini --dns-cloudflare-propagation-seconds 60 >> ~/cert.log && systemctl restart nginx</span><br></pre></td></tr></table></figure>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-openwrt-onu" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/openwrt-onu/" class="article-date">
<time datetime="2021-09-15T13:11:11.000Z" itemprop="datePublished">2021-09-15</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/%E8%B7%AF%E7%94%B1%E5%99%A8/">路由器</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/onubanner.png" rel="gallery_cl9153kw4002go4h86eup78bq">
<img src="/img/onubanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/openwrt-onu/">OpenWrt访问桥接光猫</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/openwrt-onu/" data-id="cl9153kw4002go4h86eup78bq" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/openwrt-onu/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/N1%E7%9B%92%E5%AD%90/" rel="tag">N1盒子</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/OpenWrt/" rel="tag">OpenWrt</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>主路由使用N1盒子OpenWrt系统进行拨号以后,由于和光猫不在一个网段,下级设备无法直接通过<a target="_blank" rel="noopener" href="http://192.168.1.1/">192.168.1.1</a>访问桥接过来的光猫了。之前使用Padavan的时候wan口接光猫时会作为光猫的DHCP客户端自动获取一个192.168.1.*的ip地址,下级设备都可以直接访问到光猫的地址;而OpenWrt却没有分配到光猫网段的地址,所以需要手动创建一个接口。</p>
<p>在<strong>网络-接口</strong>中创建一个新接口,名字可以叫<strong>man</strong>,协议选DHCP客户端,接口选择和<strong>wan</strong>口相同的接口,我这里是<strong>eth0.2</strong>。</p>
<p><img src="/img/onuinterface.png" alt="创建新接口"></p>
<p>创建后修改高级设置,禁用<strong>使用默认网关</strong>选项;在防火墙设置里,将防火墙区域选到<strong>wan</strong>上。</p>
<p><img src="/img/onuadvanced.png" alt="高级设置"></p>
<p><img src="/img/onufirewall.png" alt="防火墙设置"></p>
<p>最后保存后去接口里连接<strong>MAN</strong>就会发现可以获取到192.168.1.*网段下的地址了,然后光猫就可以访问了。</p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-n1-openwrt" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/n1-openwrt/" class="article-date">
<time datetime="2021-08-30T13:11:11.000Z" itemprop="datePublished">2021-08-30</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/%E8%B7%AF%E7%94%B1%E5%99%A8/">路由器</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/n1openwrtbanner.png" rel="gallery_cl9153kw20024o4h81jcx32gn">
<img src="/img/n1openwrtbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/n1-openwrt/">N1盒子刷入OpenWrt做主路由</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/n1-openwrt/" data-id="cl9153kw20024o4h81jcx32gn" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/n1-openwrt/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/N1%E7%9B%92%E5%AD%90/" rel="tag">N1盒子</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/OpenWrt/" rel="tag">OpenWrt</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<h1 id="获取固件"><a href="#获取固件" class="headerlink" title="获取固件"></a>获取固件</h1><p>首先从<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-4076037-1-1.html">恩山论坛</a>上获取最新的flippy大神的固件,从网盘下载一般文件名为<strong>openwrt_s905d_n1_Rxx.xx.xx_kxx.xx.xx-flippy-xx+o.7z</strong>。</p>
<p>关于<strong>+</strong>和<strong>+o</strong>版本的区别请看作者的<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-4017145-1-1.html">帖子</a>。</p>
<p>解压后得到img文件,用<a target="_blank" rel="noopener" href="https://www.balena.io/etcher/">Etcher</a>或<a target="_blank" rel="noopener" href="https://rufus.ie/zh/">Rufus</a>等工具烧录到U盘中。</p>
<h1 id="U盘启动"><a href="#U盘启动" class="headerlink" title="U盘启动"></a>U盘启动</h1><p>U盘插到N1盒子上电,就应该能直接进入OpenWrt系统。</p>
<p>如果之前刷过电视盒子系统进不去U盘启动,可以先在原系统下连上局域网并查到ip,电脑上adb连接并重启:</p>
<pre><code>adb connect 192.168.xxx.xxx
adb shell reboot update
</code></pre><p>应该就可以进入U盘系统了。</p>
<h1 id="修改ip地址"><a href="#修改ip地址" class="headerlink" title="修改ip地址"></a>修改ip地址</h1><p>有两种方法:</p>
<h2 id="HDMI连接显示器"><a href="#HDMI连接显示器" class="headerlink" title="HDMI连接显示器"></a>HDMI连接显示器</h2><p>如果hdmi无信号有可能是4K显示器不支持换一台试试。<br>在显示的终端里编辑<strong>/etc/config/network</strong>,将<strong>lan</strong>的<strong>ipaddr</strong>改成想要的地址(如<em>192.168.0.1</em>)并保存。<br>执行<code>/etc/init.d/network restart</code>重启网络生效。</p>
<h2 id="连接N1已开启的WiFi"><a href="#连接N1已开启的WiFi" class="headerlink" title="连接N1已开启的WiFi"></a>连接N1已开启的WiFi</h2><p>接入盒子自带的无线网(SSID:Phicomm_n1 密码:password),浏览器访问<a target="_blank" rel="noopener" href="http://openwrt/">openwrt/</a>,修改<strong>网络-接口-LAN</strong>里的ip地址即可。</p>
<h1 id="常规设置"><a href="#常规设置" class="headerlink" title="常规设置"></a>常规设置</h1><h2 id="刷入EMMC"><a href="#刷入EMMC" class="headerlink" title="刷入EMMC"></a>刷入EMMC</h2><p>可以选择继续用U盘启动,也可以执行<code>sh /root/install-to-emmc.sh</code>选择刷入盒子的内置闪存,刷入之前最好用<code>ddbr</code>命令备份一下。</p>
<h2 id="配置WAN口"><a href="#配置WAN口" class="headerlink" title="配置WAN口"></a>配置WAN口</h2><p>在<strong>网络-接口</strong>里设置<strong>WAN</strong>接口(没有就添加一个),宽带拨号就用PPPoE协议;物理设置的接口自定义成<strong>eth0.2</strong>,因为只有一个网口,连到了交换机上的VLAN2上和光猫进行桥接;最后给wan配置防火墙。</p>
<h2 id="配置LAN口"><a href="#配置LAN口" class="headerlink" title="配置LAN口"></a>配置LAN口</h2><p>协议就是上面设置的静态地址;物理设置指定桥接接口,选中<strong>eth0</strong>和无线网络;给lan配置防火墙。</p>
<p>下面的DHCP服务器高级设置中选中<strong>动态DHCP</strong>和<strong>强制</strong>作为局域网内唯一的DHCP服务器。</p>
<h2 id="禁用IPv6-DNS"><a href="#禁用IPv6-DNS" class="headerlink" title="禁用IPv6 DNS"></a>禁用IPv6 DNS</h2><p>在<strong>网络-DHCP/DNS</strong>中的高级设置中<strong>禁止解析 IPv6 DNS 记录</strong>,防止在科学上网时梯子只支持IPv4的情况。</p>
<h2 id="其他"><a href="#其他" class="headerlink" title="其他"></a>其他</h2><h3 id="开启UPnP"><a href="#开启UPnP" class="headerlink" title="开启UPnP"></a>开启UPnP</h3><p>在<strong>服务-UPnP</strong>里开启,当在局域网里挂一些PCDN服务时会用到。</p>
<h3 id="网络加速"><a href="#网络加速" class="headerlink" title="网络加速"></a>网络加速</h3><p>在<strong>网络-Turbo ACC 网络加速</strong>里可以适当打开流量分载和BBR。</p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-docker-openwrt" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/docker-openwrt/" class="article-date">
<time datetime="2020-11-16T16:00:00.000Z" itemprop="datePublished">2020-11-17</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/%EF%BC%8Anix/">*nix</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/dockeropenwrtbanner.png" rel="gallery_cl9153kvt0012o4h8b7iw82ff">
<img src="/img/dockeropenwrtbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/docker-openwrt/">N1盒子Docker安装OpenWrt旁路由</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/docker-openwrt/" data-id="cl9153kvt0012o4h8b7iw82ff" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/docker-openwrt/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Linux/" rel="tag">Linux</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/N1%E7%9B%92%E5%AD%90/" rel="tag">N1盒子</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/OpenWrt/" rel="tag">OpenWrt</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>N1盒子装上Armbian以后就可以当作一台低功耗的小主机使用,配合各种docker可以集各种功能于一体。</p>
<h1 id="刷入Armbian"><a href="#刷入Armbian" class="headerlink" title="刷入Armbian"></a>刷入Armbian</h1><p>Armbian固件使用的是恩山flippy大神的49+o(<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-981406-1-1.html">原帖地址</a>),目前已经稳定,于是在刷入u盘后顺手刷入了eMMC。</p>
<p>在刷入前先在u盘启动的系统里运行<code>ddbr</code>命令选<code>b</code>进行备份(记得选压缩),文件保存到了<code>/ddbr</code>目录,以便以后有需要时恢复原系统。<br>然后执行<code>install-to-emmc.sh</code>脚本按提示将系统拷贝到N1的闪存中。拷贝完成关机、拔U盘、再开机,就进入内置的系统了。</p>
<h1 id="安装docker"><a href="#安装docker" class="headerlink" title="安装docker"></a>安装docker</h1><p>执行<code>install-docker.sh</code>安装docker,啪的一下就安装完成了,很快啊!</p>
<p>可以接着安装一个Docker图像化管理工具<a target="_blank" rel="noopener" href="https://www.portainer.io/">Portainer</a>:<br><figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">docker volume create portainer_data</span><br><span class="line">docker run -d --name portainer --restart always -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer</span><br></pre></td></tr></table></figure><br>通过浏览器访问盒子的9000端口就能管理docker了。</p>
<h1 id="安装OpenWrt"><a href="#安装OpenWrt" class="headerlink" title="安装OpenWrt"></a>安装OpenWrt</h1><p>OpenWrt的Docker镜像使用的也是flippy大神提供的(<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-958173-1-1.html">原帖地址</a>),目前还在更新。</p>
<h2 id="启动容器"><a href="#启动容器" class="headerlink" title="启动容器"></a>启动容器</h2><p>从网盘上下载压缩包传到Armbian目录下,省去pull的步骤直接启动:<br><figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">gzip -dc docker-img-openwrt-aarch64-r20.10.20.gz | docker load</span><br><span class="line">docker network create -d macvlan --subnet=192.168.123.0/24 --gateway=192.168.123.1 -o parent=eth0 macnet</span><br><span class="line">docker run -d --name openwrt --restart always --network macnet --privileged unifreq/openwrt-aarch64:r20.10.20</span><br></pre></td></tr></table></figure><br>其中macvlan的网段按主路由的实际情况填写。</p>
<h2 id="配置OpenWrt地址"><a href="#配置OpenWrt地址" class="headerlink" title="配置OpenWrt地址"></a>配置OpenWrt地址</h2><p>执行<code>docker exec -it openwrt bash</code>进入容器里进行配置。<br>编辑容器里的<code>/etc/config/network</code>配置文件,将<code>option ipaddr</code>的值改为指定给OpenWrt的ip地址,如<code>192.168.123.2</code>。<br>保存后执行<code>/etc/init.d/network restart</code>使配置生效。<br>此时通过浏览器访问刚刚配置的地址应该就可以进入luci管理界面了(默认密码应该是<code>password</code>)。</p>
<h2 id="旁路由设置"><a href="#旁路由设置" class="headerlink" title="旁路由设置"></a>旁路由设置</h2><p>通过浏览器进入OpenWrt的管理界面,在<strong>网络</strong>-<strong>接口</strong>里修改<strong>lan</strong>的配置,将<strong>IPv4网关</strong>设置为主路由的地址,如<code>192.168.123.1</code>,在<strong>使用自定义的DNS服务器</strong>里添加几个当地最好用的公共DNS;在<strong>物理设置</strong>里关闭<strong>桥接接口</strong>;关闭<strong>DHCP服务器</strong>里的<strong>动态DHCP</strong>功能,保存并与应用设置。</p>
<h2 id="主路由设置"><a href="#主路由设置" class="headerlink" title="主路由设置"></a>主路由设置</h2><p>在主路由的<strong>内部网络(LAN)</strong>-<strong>DHCP服务器</strong>设置里将<strong>默认网关</strong>和<strong>DNS服务器</strong>设置为旁路由地址,如<code>192.168.123.2</code>。<br>如果主路由是padavan固件且<strong>外部网络(WAN)</strong>-<strong>外网设置</strong>开启了硬件加速,需要将<strong>IPv4 硬件加速</strong>设置为<code>OFFLOAD TCP/UDP for LAN</code>。</p>
<h1 id="Armbian和OpenWrt网络互通"><a href="#Armbian和OpenWrt网络互通" class="headerlink" title="Armbian和OpenWrt网络互通"></a>Armbian和OpenWrt网络互通</h1><p>按照上面设置完旁路由发现Docker的宿主机Armbian系统和OpenWrt无法互相访问。需要修改Armbian网络配置<code>/etc/network/interfaces</code>,增加如下内容:<br><figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">up ip <span class="built_in">link</span> <span class="built_in">set</span> eth0 promisc on</span><br><span class="line"></span><br><span class="line">auto macvlan</span><br><span class="line">iface macvlan inet static</span><br><span class="line"> address 192.168.123.123</span><br><span class="line"> netmask 255.255.255.0</span><br><span class="line"> gateway 192.168.123.1</span><br><span class="line"> dns-nameservers 192.168.123.1</span><br><span class="line"> pre-up ip <span class="built_in">link</span> add macvlan <span class="built_in">link</span> eth0 <span class="built_in">type</span> macvlan mode bridge</span><br><span class="line"> post-down ip <span class="built_in">link</span> del macvlan <span class="built_in">link</span> eth0 <span class="built_in">type</span> macvlan mode bridge</span><br></pre></td></tr></table></figure><br>其中<code>address</code>是要固定的Armbian的地址,<code>gateway</code>和<code>dns-nameservers</code>填主路由地址就可以了。</p>
<p>保存后执行<code>systemctl restart networking</code>使配置生效,两个地址就可以互相访问了。</p>
<p>然后在比硬路由更强大的N1盒子上就起一些留学服务了。</p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-tm-nas" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/tm-nas/" class="article-date">
<time datetime="2019-12-31T16:00:00.000Z" itemprop="datePublished">2020-01-01</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/macOS/">macOS</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/tm-nas-banner.png" rel="gallery_cl9153kwd003vo4h8559h3odw">
<img src="/img/tm-nas-banner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/tm-nas/">Time Machine通过Samba备份到NAS</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/tm-nas/" data-id="cl9153kwd003vo4h8559h3odw" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/tm-nas/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Linux/" rel="tag">Linux</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/NAS/" rel="tag">NAS</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/OMV/" rel="tag">OMV</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/macOS/" rel="tag">macOS</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>MacBook升级后去掉了USB口,插移动硬盘比较麻烦,所以就一直没有备份时间机器了。后来觉得samba挂载的硬盘也可以用来备份,于是就想起了2019年捡垃圾时在某宝买的<strong>蜗牛星际</strong>矿渣(现在挂上硬盘装了OMV系统成为了一台家用NAS),希望可以无线局域网的环境下直接备份。</p>
<h1 id="OMV设置"><a href="#OMV设置" class="headerlink" title="OMV设置"></a>OMV设置</h1><h2 id="配置共享文件夹"><a href="#配置共享文件夹" class="headerlink" title="配置共享文件夹"></a>配置共享文件夹</h2><p>首先进入OMV控制台配置一个共享文件夹用于Time Machine的备份:</p>
<p><img src="/img/tm-nas-shared-folder.png" alt="共享文件夹"></p>
<p>这里我用了单独一块磁盘用于备份,并把文件夹命名为Backup。</p>
<p>配置完成后在<code>特权</code>里给用于备份的账户授予<code>读写权限</code>,并更改<code>ACL</code>设置如下:</p>
<p><img src="/img/tm-nas-acl.png" alt="修改ACL"></p>
<h2 id="更改samba设置"><a href="#更改samba设置" class="headerlink" title="更改samba设置"></a>更改samba设置</h2><p>以root身份登入OMV,编辑samba的配置文件<code>/etc/samba/smb.conf</code>,更改备份文件夹的内容:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line">[Backup]</span><br><span class="line">comment = Time Machine</span><br><span class="line">path = /srv/dev-disk-by-label-Backup/</span><br><span class="line">guest ok = no</span><br><span class="line">guest only = no</span><br><span class="line">read only = no</span><br><span class="line">browseable = yes</span><br><span class="line">inherit acls = yes</span><br><span class="line">inherit permissions = no</span><br><span class="line">ea support = no</span><br><span class="line">store dos attributes = no</span><br><span class="line">fruit:encoding = private</span><br><span class="line">fruit:locking = none</span><br><span class="line">fruit:metadata = netatalk</span><br><span class="line">fruit:resource = file</span><br><span class="line">fruit:time machine = yes</span><br><span class="line">vfs objects = catia fruit streams_xattr</span><br><span class="line">printable = no</span><br><span class="line">create mask = 0664</span><br><span class="line">force create mode = 0664</span><br><span class="line">directory mask = 0775</span><br><span class="line">force directory mode = 0775</span><br><span class="line">hide special files = yes</span><br><span class="line">follow symlinks = yes</span><br><span class="line">hide dot files = yes</span><br><span class="line">valid users = "shintaku"</span><br><span class="line">invalid users =</span><br><span class="line">read list =</span><br><span class="line">write list = "shintaku"</span><br></pre></td></tr></table></figure>
<p>主要变化在于更改了<code>vfs objects</code>的值并增加了几个<code>fruit</code>的配置。</p>
<p>保存后运行<code>testparm</code>看一下配置是否正确,没问题就可以<code>systemctl restart smbd</code>重启服务了。</p>
<h1 id="macOS设置"><a href="#macOS设置" class="headerlink" title="macOS设置"></a>macOS设置</h1><p>将Mac和NAS放到统一局域网下,用Finder的<code>前往</code>-<code>连接服务器</code>挂载一下备份硬盘看看是否正常。</p>
<h2 id="开启文件共享"><a href="#开启文件共享" class="headerlink" title="开启文件共享"></a>开启文件共享</h2><p>进入<code>系统偏好设置</code>-<code>共享</code>,在<code>文件共享</code>的选项里将SMB共享打勾:</p>
<p><img src="/img/tm-nas-sharing.png" alt="文件共享"></p>
<h2 id="配置时间机器"><a href="#配置时间机器" class="headerlink" title="配置时间机器"></a>配置时间机器</h2><p>进入<code>系统偏好设置</code>-<code>时间机器</code>,点<code>选择磁盘</code>:</p>
<p><img src="/img/tm-nas-select-disk.png" alt="选择磁盘"></p>
<p>发现在NAS上配置的共享磁盘已经出现了,选择这个磁盘会弹出窗口认证身份,填入之前授权过的用户名密码即可:</p>
<p><img src="/img/tm-nas-access.png" alt="登录"></p>
<p>然后就连接完成,可以开始备份了:</p>
<p><img src="/img/tm-nas-backup.png" alt="备份"></p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-shadowsocks-v2ray" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/shadowsocks-v2ray/" class="article-date">
<time datetime="2019-11-10T16:00:00.000Z" itemprop="datePublished">2019-11-11</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/">网络</a>►<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/%E7%A7%91%E5%AD%A6%E4%B8%8A%E7%BD%91/">科学上网</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/shadowsocks-v2ray-banner.png" rel="gallery_cl9153kw7002zo4h8aadi9qmc">
<img src="/img/shadowsocks-v2ray-banner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/shadowsocks-v2ray/">ShadowSocks启用v2ray-plugin</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/shadowsocks-v2ray/" data-id="cl9153kw7002zo4h8aadi9qmc" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/shadowsocks-v2ray/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Linux/" rel="tag">Linux</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/ShadowSocks/" rel="tag">ShadowSocks</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/V2Ray/" rel="tag">V2Ray</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/VPS/" rel="tag">VPS</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/%E4%BB%A3%E7%90%86/" rel="tag">代理</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/%E6%9C%8D%E5%8A%A1%E5%99%A8/" rel="tag">服务器</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/%E7%A7%91%E5%AD%A6%E4%B8%8A%E7%BD%91/" rel="tag">科学上网</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>2019年6月初由于某事件发生30周年,导致某长城突然加高,将大量机场IP屏蔽,于是将梯子改成了<strong>v2ray</strong>,并通过cloudflare代理DNS解析的方式将翻墙流量伪装成对域名的tls访问流量,曲线解决了IP端口被封的问题。<br>但是路由器上使用v2ray客户端有一些性能问题,总觉得不如原来的shadowsocks流畅,于是找到一种继续使用ss,并通过v2ray-plugin插件来伪装流量的方法。</p>
<h1 id="服务端"><a href="#服务端" class="headerlink" title="服务端"></a>服务端</h1><h2 id="搭建服务"><a href="#搭建服务" class="headerlink" title="搭建服务"></a>搭建服务</h2><p>停用原来的python版,安装shadowsocks-libev:</p>
<pre><code>yum install shadowsocks-libev -y
</code></pre><p>克隆v2ray-plugin代码并编译(需要golang环境):</p>
<pre><code>git clone https://github.com/shadowsocks/v2ray-plugin.git
cd v2ray-plugin && go build
cp v2ray-plugin /usr/bin/
</code></pre><h2 id="更改配置"><a href="#更改配置" class="headerlink" title="更改配置"></a>更改配置</h2><p>编辑<code>/etc/shadowsocks-libev/config.json</code>:</p>
<figure class="highlight json"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"server"</span><span class="punctuation">:</span><span class="string">"0.0.0.0"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"server_port"</span><span class="punctuation">:</span><span class="number">23333</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"local_port"</span><span class="punctuation">:</span><span class="number">1080</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"password"</span><span class="punctuation">:</span><span class="string">"password"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"timeout"</span><span class="punctuation">:</span><span class="number">300</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"method"</span><span class="punctuation">:</span><span class="string">"rc4-md5"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"plugin"</span><span class="punctuation">:</span><span class="string">"v2ray-plugin"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"plugin_opts"</span><span class="punctuation">:</span><span class="string">"server;loglevel=none"</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure>
<p>本来这里使用v2ray插件的目的是将shadowsocks的流量伪装成tls流量,自然服务器端口应当使用443。<br>但是我的服务器同时还启用了nginx,再使用443会造成端口冲突,所以在这里使用一个其他的端口,然后再用nginx做一次端口转发。</p>
<h2 id="端口转发"><a href="#端口转发" class="headerlink" title="端口转发"></a>端口转发</h2><p>在<code>/etc/nginx/conf.d/</code>目录下新建一个配置:</p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span>;</span><br><span class="line"> <span class="attribute">server_name</span> ss.your.domain;</span><br><span class="line"></span><br><span class="line"> <span class="section">location</span> / {</span><br><span class="line"> <span class="attribute">proxy_pass</span> http://127.0.0.1:23333;</span><br><span class="line"> <span class="attribute">proxy_redirect</span> <span class="literal">off</span>;</span><br><span class="line"> <span class="attribute">proxy_http_version</span> <span class="number">1</span>.<span class="number">1</span>;</span><br><span class="line"> <span class="attribute">proxy_set_header</span> Host <span class="variable">$http_host</span>;</span><br><span class="line"> <span class="attribute">proxy_set_header</span> Upgrade <span class="variable">$http_upgrade</span>;</span><br><span class="line"> <span class="attribute">proxy_set_header</span> Connection <span class="string">"upgrade"</span>;</span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure>
<p><code>server_name</code>需要使用自己的域名,并将这个二级域名解析到vps上。</p>
<p>保存后重启nginx,启动shadowsocks并设置开机启动:</p>
<pre><code>systemctl restart nginx
systemctl start shadowsocks-libev
systemctl enable shadowsocks-libev
</code></pre><h1 id="客户端"><a href="#客户端" class="headerlink" title="客户端"></a>客户端</h1><p>主要注意以下配置:</p>
<ul>
<li><code>服务器地址</code>填上面配置的<code>二级域名</code></li>
<li><code>服务器端口</code>填<code>443</code></li>
<li><code>插件名称</code>填<code>v2ray-plugin</code></li>
<li><code>插件参数</code>填<code>tls;host=二级域名</code></li>
</ul>
<h2 id="路由器"><a href="#路由器" class="headerlink" title="路由器"></a>路由器</h2><p>此处以老毛子固件为例:</p>
<p><img src="/img/shadowsocks-v2ray-pdcn.png" alt="路由器设置"></p>
<p>打开开关应用即可。</p>
<h2 id="Windows"><a href="#Windows" class="headerlink" title="Windows"></a>Windows</h2><ul>
<li>客户端下载:<a target="_blank" rel="noopener" href="https://github.com/shadowsocks/shadowsocks-windows/releases/latest">shadowsocks-windows</a></li>
<li>插件下载:<a target="_blank" rel="noopener" href="https://github.com/shadowsocks/v2ray-plugin/releases/latest">v2ray-plugin</a></li>
</ul>
<p>下载完成将插件<code>v2ray-plugin.exe</code>解压到shadowsocks的文件夹中(使其与<code>shadowsocks.exe</code>平级),启动按如下配置:</p>
<p><img src="/img/shadowsocks-v2ray-windows.png" alt="Windows设置"></p>
<h2 id="macOS"><a href="#macOS" class="headerlink" title="macOS"></a>macOS</h2><ul>
<li>客户端下载:<a target="_blank" rel="noopener" href="https://github.com/shadowsocks/ShadowsocksX-NG/releases/latest">ShadowsocksX-NG</a></li>
</ul>
<p>将客户端解压到应用目录(客户端会自己安装插件),启动按如下配置:</p>
<p><img src="/img/shadowsocks-v2ray-macos.png" alt="macOS设置"></p>
<h2 id="Android"><a href="#Android" class="headerlink" title="Android"></a>Android</h2><ul>
<li>客户端下载:<a target="_blank" rel="noopener" href="https://github.com/shadowsocks/shadowsocks-android/releases/latest">shadowsocks-android</a></li>
<li>插件下载:<a target="_blank" rel="noopener" href="https://github.com/shadowsocks/v2ray-plugin-android/releases/latest">v2ray-plugin-android</a></li>
</ul>
<p>两个apk安装以后启动按如下配置:</p>
<p><img src="/img/shadowsocks-v2ray-android.png" alt="Android设置"><br><img src="/img/shadowsocks-v2ray-android-plugin.png" alt="插件设置"></p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-hexo-mathjax" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/hexo-mathjax/" class="article-date">
<time datetime="2019-01-20T06:14:14.000Z" itemprop="datePublished">2019-01-20</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/">网络</a>►<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/%E7%BD%91%E7%AB%99%E9%83%A8%E7%BD%B2/">网站部署</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/mathjaxbanner.png" rel="gallery_cl9153kvx001go4h85uhwhyqz">
<img src="/img/mathjaxbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/hexo-mathjax/">Hexo博客使用MathJax公式</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/hexo-mathjax/" data-id="cl9153kvx001go4h85uhwhyqz" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/hexo-mathjax/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/JavaScript/" rel="tag">JavaScript</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Node-js/" rel="tag">Node.js</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>最近手贱将Hexo的博客的版本升到了3.8.0,顺便将npm组件也都升级了。一开始没有发现什么问题,后来打开一篇带公式的文章发现里面的部分<a target="_blank" rel="noopener" href="https://www.mathjax.org/">MathJax</a>公式渲染失败了。想到之前曾经因为Markdown里面的下划线<code>_</code>表示斜体,和MathJax里的下标冲突了,之前改过的node_modules被更新覆盖了,这次索性重新搞一遍。</p>
<h1 id="更换渲染引擎"><a href="#更换渲染引擎" class="headerlink" title="更换渲染引擎"></a>更换渲染引擎</h1><p>卸载原来的<code>hexo-renderer-marked</code>,换成专门对MathJax魔改过的<code>hexo-renderer-kramed</code>(注意<code>kram</code>这个单词的拼写):</p>
<pre><code>npm uninstall hexo-renderer-marked --save
npm install hexo-renderer-kramed --save
</code></pre><p>再安装<code>hexo-renderer-mathjax</code>渲染器:</p>
<pre><code>npm install hexo-renderer-mathjax --save
</code></pre><h1 id="更改字符集"><a href="#更改字符集" class="headerlink" title="更改字符集"></a>更改字符集</h1><p>为了避免语义冲突,修改<code>node_modules/kramed/lib/rules/inline.js</code>文件的<code>escape</code>和<code>em</code>:<br><figure class="highlight js"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//escape: /^\\([\\`*{}\[\]()#$+\-.!_>])/,</span></span><br><span class="line"><span class="attr">escape</span>: <span class="regexp">/^\\([`*\[\]()#$+\-.!_>])/</span>,</span><br></pre></td></tr></table></figure></p>
<figure class="highlight js"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//em: /^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,</span></span><br><span class="line"><span class="attr">em</span>: <span class="regexp">/^\*((?:\*\*|[\s\S])+?)\*(?!\*)/</span>,</span><br></pre></td></tr></table></figure>
<h1 id="更改cdn链接"><a href="#更改cdn链接" class="headerlink" title="更改cdn链接"></a>更改cdn链接</h1><p>修改<code>node_modules/hexo-renderer-mathjax/mathjax.html</code>的最后一行,将<code>http</code>改成<code>https</code>:<br><figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"><!--script src="http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script--></span></span><br><span class="line"><span class="tag"><<span class="name">script</span> <span class="attr">src</span>=<span class="string">"https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"</span>></span><span class="tag"></<span class="name">script</span>></span></span><br></pre></td></tr></table></figure></p>
<p>这样是为了避免在网站为https协议时请求http的内容时被浏览器block。使用<code>hexo s</code>预览是否已生效。</p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-ttl" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/ttl/" class="article-date">
<time datetime="2018-12-31T16:00:00.000Z" itemprop="datePublished">2019-01-01</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/%E8%B7%AF%E7%94%B1%E5%99%A8/">路由器</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/ttlbanner.png" rel="gallery_cl9153kwe0043o4h85flhftgg">
<img src="/img/ttlbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/ttl/">路由器TTL刷机救砖</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/ttl/" data-id="cl9153kwe0043o4h85flhftgg" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/ttl/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/Linux/" rel="tag">Linux</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/ssh/" rel="tag">ssh</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/%E8%B7%AF%E7%94%B1%E5%99%A8/" rel="tag">路由器</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p><img src="/img/ttldw22d.png" alt=""></p>
<p>之前偶然拿到一台大麦DW22D路由器,应该是之前的租客办长城宽带赠送的,登入管理界面发现里面是基于长城宽带深度定制的系统。</p>
<p><img src="/img/ttldomy.png" alt=""></p>
<p>上了恩山查了一下发现这个机器的硬件还可以,并且可以无拆机刷入padavan固件,所以就开始按照教程刷机。</p>
<h1 id="无拆机刷机"><a href="#无拆机刷机" class="headerlink" title="无拆机刷机"></a>无拆机刷机</h1><p>以下步骤参考<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=313543">恩山的教程</a>。</p>
<h2 id="开启ssh"><a href="#开启ssh" class="headerlink" title="开启ssh"></a>开启ssh</h2><p>本方法主要依靠后门页面的命令注入漏洞,步骤如下:</p>
<h3 id="注入新密码"><a href="#注入新密码" class="headerlink" title="注入新密码"></a>注入新密码</h3><p>电脑连上路由器(最好有线方式),访问<a target="_blank" rel="noopener" href="http://192.168.10.1/upgrade.html">http://192.168.10.1/upgrade.html</a>,在页面上打开ssh的选项,密码框内输入:</p>
<pre><code>123 | echo 6c216b27c8c9b051106c969e2077d4e9 > /ezwrt/bin/upgrade_passwd
</code></pre><p>注意末尾有空格。<strong>这里的md5值是<code>echo dfc643 | md5</code>算出来的,里面的<code>dfc643</code>是发现这个方法大佬的用户名,此处的密码是可以随便改的。</strong>然后点<code>确定</code>提交,此时会提示密码错误,可以忽略。</p>
<h3 id="注入ssh公钥"><a href="#注入ssh公钥" class="headerlink" title="注入ssh公钥"></a>注入ssh公钥</h3><p>再次访问<a target="_blank" rel="noopener" href="http://192.168.10.1/upgrade.html">http://192.168.10.1/upgrade.html</a>,同样选择打开ssh,密码框内输入:</p>
<pre><code>123 | echo YOUR_ID_RSA_PUB > /etc/dropbear/authorized_keys
</code></pre><p>同样注意末尾有空格。<strong>其中<code>YOUR_ID_RSA_PUB</code>替换为自己的公钥,即电脑上<code>~/.ssh/id_rsa.pub</code>的内容。</strong>再次点<code>确定</code>提交,此时还会提示密码错误,也可以忽略。</p>
<h3 id="开启ssh-1"><a href="#开启ssh-1" class="headerlink" title="开启ssh"></a>开启ssh</h3><p>最后一次访问<a target="_blank" rel="noopener" href="http://192.168.10.1/upgrade.html">http://192.168.10.1/upgrade.html</a>,选择打开ssh,密码为<code>dfc643</code>(如果在第一步注入密码时用了别的密码,此处输入相应的密码),最后点确定提交,提示<code>start ssh success</code>表示已经开启ssh。</p>
<p>这样就可以<code>ssh root@192.168.10.1</code>登录路由器了。</p>
<h2 id="刷入breed"><a href="#刷入breed" class="headerlink" title="刷入breed"></a>刷入breed</h2><p><a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-161906-1-1.html">breed</a>是hackpascal独立开发的一个全新的 Bootloader。DW22D路由器对应的版本是<a target="_blank" rel="noopener" href="https://breed.hackpascal.net/breed-mt7620-reset13.bin">breed-mt7620-reset13.bin</a>。</p>
<p>下载好后将其传入路由器的<code>/tmp</code>目录下备用:</p>
<pre><code>scp breed-mt7620-reset13.bin root@192.168.10.1:/tmp
</code></pre><p>然后在路由器上执行:</p>
<pre><code>mtd_write -x mIp2osnRG3qZGdIlQPh1 -r write /tmp/breed-mt7620-reset13.bin bootloader
</code></pre><p>这样应该就能将breed刷入bootloader,然后就可以随意刷firmware了。</p>
<p>然而我手残将最后的<code>bootloader</code>打成了<code>firmware</code>,也就是将breed刷入了firmware分区,导致路由器进不去系统了,也才有了后面的ttl救砖。</p>
<h1 id="TTL刷机"><a href="#TTL刷机" class="headerlink" title="TTL刷机"></a>TTL刷机</h1><p>以下步骤参考<a target="_blank" rel="noopener" href="https://www.right.com.cn/forum/thread-190778-1-1.html">恩山的教程</a>。</p>
<h2 id="USB转TTL"><a href="#USB转TTL" class="headerlink" title="USB转TTL"></a>USB转TTL</h2><p>为了让路由器硬件和电脑相连,需要一个USB转TTL模块,随便在马云家买一个最便宜的就能用,我就买了一个<code>ch340g</code>芯片的模块。</p>
<h3 id="TTL驱动"><a href="#TTL驱动" class="headerlink" title="TTL驱动"></a>TTL驱动</h3><p>然后在github找了<a target="_blank" rel="noopener" href="https://github.com/adrianmihalko/ch340g-ch34g-ch34x-mac-os-x-driver">驱动</a>安装上(这里给的是Mac电脑的驱动,Windows的驱动一般卖家都会提供,网上找找也都有)。</p>
<p>重启后打开<code>网络偏好</code>可以看见多了一个串行接口:</p>
<p><img src="/img/ttldriver.png" alt=""></p>
<p>将USB转TTL模块插在电脑上,在<code>/dev</code>目录下会出现名字类似<code>cu.usbserial-1410</code>的设备,说明识别成功。</p>
<h3 id="TTL连接"><a href="#TTL连接" class="headerlink" title="TTL连接"></a>TTL连接</h3><p>在如图位置焊上引脚(GND那个孔不用焊):</p>
<p><img src="/img/ttlwiring.png" alt=""></p>
<p>然后用杜邦线将三个引脚和USB转TTL模块相连。</p>
<h2 id="开启TFTP"><a href="#开启TFTP" class="headerlink" title="开启TFTP"></a>开启TFTP</h2><p>将电脑用网线和路由器lan口连接,设置有线连接为手动模式,按图修改参数:</p>
<p><img src="/img/ttlnetwork.png" alt=""></p>
<p>参考<a href="/posts/mac-tftp/">macOS启用TFTP服务</a>,将<code>breed-mt7620-reset13.bin</code>放到TFTP目录下,将TFTP的地址选择有线ip(即上面设置的10.10.10.3)。</p>
<h2 id="刷机"><a href="#刷机" class="headerlink" title="刷机"></a>刷机</h2><p>一切就绪后,可以连接路由器开始刷机。</p>
<h3 id="登录路由器"><a href="#登录路由器" class="headerlink" title="登录路由器"></a>登录路由器</h3><p>使用screen连接未通电的路由器,波特率为57600:</p>
<pre><code>screen /dev/cu.usbserial-1410 57600
</code></pre><p>此时终端里什么也没有。然后给路由器通电,此时会打印出很多东西,最后出现一些选项,立刻(5秒内)按数字键<code>9</code>选择TFTP刷机。</p>
<h3 id="刷入breed-1"><a href="#刷入breed-1" class="headerlink" title="刷入breed"></a>刷入breed</h3><p>之后会让确认<code>device IP</code>(路由器地址)和<code>server IP</code>(电脑地址),确认无误后会提示输入要刷入的文件名,输入<code>breed-mt7620-reset13.bin</code>回车就开始刷入了。</p>
<p>刷完后断电按住复位键通电并长按5秒即可进入breed:</p>
<p><img src="/img/ttlbreed.png" alt=""></p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-mac-tftp" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/mac-tftp/" class="article-date">
<time datetime="2018-08-17T16:00:00.000Z" itemprop="datePublished">2018-08-18</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/">奇技淫巧</a>►<a class="article-category-link" href="/categories/%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7/macOS/">macOS</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/mactftpbanner.png" rel="gallery_cl9153kw0001vo4h8485p9mis">
<img src="/img/mactftpbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/mac-tftp/">macOS启用TFTP服务</a>
</h1>
</header>
<footer class="article-footer">
<a data-url="https://www.shintaku.xyz/posts/mac-tftp/" data-id="cl9153kw0001vo4h8485p9mis" class="article-share-link">Share</a>
<a href="https://www.shintaku.xyz/posts/mac-tftp/#disqus_thread" class="article-comment-link">Comments</a>
<ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/macOS/" rel="tag">macOS</a></li></ul>
</footer>
<div class="article-entry article-index" itemprop="articleBody">
<div class="toggle-content">
<p>TFTP在路由器刷机中被普遍使用,因为其协议简单,可以通过少量存储器实现。在PC上打开Windows功能就可启用。其实macOS也自带TFTP,只不过是没有自动启用。</p>
<p>TFTP默认使用的目录是<code>/private/tftpboot</code>,首先给其增加权限:</p>
<pre><code>sudo chmod -R 777 /private/tftpboot
</code></pre><p>然后启用服务:</p>
<pre><code>sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
sudo launchctl start com.apple.tftpd
</code></pre><p>如果觉得命令行方式不直观,macOS上也有类似Windows上的Tftpd32的应用<a target="_blank" rel="noopener" href="http://ww2.unime.it/flr/tftpserver/">TFTP Server</a>,直接下载安装即可:</p>
<p><img src="/img/mactftpserver.png" alt=""></p>
<p>TFTP的目录也可以在应用中修改。</p>
</div>
<div class="toggle-input article-more-link"><a>Read More +</a></div>
</div>
</div>
</article>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-9920928489161252"
data-ad-slot="3913131990"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<article id="post-l2tp" class="article article-type-post" itemscope itemprop="blogPost">
<div class="article-meta">
<a href="/posts/l2tp/" class="article-date">
<time datetime="2017-09-10T15:33:33.000Z" itemprop="datePublished">2017-09-10</time>
</a>
<div class="article-category">
<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/">网络</a>►<a class="article-category-link" href="/categories/%E7%BD%91%E7%BB%9C/%E7%A7%91%E5%AD%A6%E4%B8%8A%E7%BD%91/">科学上网</a>
</div>
</div>
<div class="article-inner">
<div class="article-gallery">
<div class="article-gallery-photos">
<a class="article-gallery-img fancybox" href="/img/l2tpbanner.png" rel="gallery_cl9153kvy001mo4h87wi2456r">
<img src="/img/l2tpbanner.png" itemprop="image">
</a>
</div>
</div>
<header class="article-header">
<h1 itemprop="name">
<a class="article-title" href="/posts/l2tp/">搭建L2TP/IPSec VPN</a>
</h1>