#copy running-config startup-config
운영중인 설정을 시작설정으로 복사
#show arp
#clear arp-cache
arp 관련
#show running-config | include '검색할 텍스트'
#show interface status
#show vlan
Hello world
#copy running-config startup-config
운영중인 설정을 시작설정으로 복사
#show arp
#clear arp-cache
arp 관련
#show running-config | include '검색할 텍스트'
#show interface status
#show vlan
Let’s Encrypt 에서 발급하는 90일짜리 무료 인증서입니다. 3개월에 한번씩 인증을 해야하지만 자동업데이트를 이용하면 쉽게 사용할 수 있습니다.
$ snap install --classic certbot
우분투 18.04 기준 snap로 certbot를 설치합니다.
// 아파치
$ certbot --apache
// nginx
$ certbot --nginx
certbot 명령을 이용해서 SSL인증서를 발급받습니다. 옵션을 이용해서 웹서버를 지정합니다.
$ certbot --nginx --nginx-server-root /usr/local/nginx/conf/ --nginx-ctl /usr/local/nginx/sbin/nginx
nginx 설치위치를 직접지정할 경우
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):
이메일주소를 입력합니다. 인증서 만료전에 이메일로 알려줍니다.
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
(Y)es/(N)o: Y
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: Y
Account registered.
이용약관에 동의합니다.
Which names would you like to activate HTTPS for?
1: jongwan.com
2: www.jongwan.com
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
인증서를 발급받을 도메인을 선택합니다. 공백으로 엔터를 누르면 모두 발급합니다. jongwan.com, www.jongwan.com을 모두 받으므로 그냥 엔터를 입력합니다.
Requesting a certificate for jongwan.com and www.jongwan.com
Performing the following challenges:
http-01 challenge for jongwan
http-01 challenge for www.jongwan
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/jongwan_com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/jongwan_com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/jongwan_com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/jongwan_com-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/jongwan_com.conf to ssl vhost in /etc/apache2/sites-available/jongwan_com-le-ssl.conf
Congratulations! You have successfully enabled https://jongwan.com and
https://www.jongwan.com
Subscribe to the EFF mailing list (email: me@jongwan.com).
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jongwan.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jongwan.com/privkey.pem
Your certificate will expire on 2021-04-15. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew all of your certificates, run "certbot renew"
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
인증서를 발급중입니다.
$ certbot renew
renew 옵션을 이용해서 인증서를 자동갱신할 수 있습니다.
–dry-run 옵션을 추가하면 발급 테스트도 가능합니다.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/jongwan.com.conf
Cert not yet due for renewal
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/jongwan.com/fullchain.pem expires on 2021-04-15 (skipped)
No renewals were attempted.
실행해보면 아래처럼 나옵니다. 방금 인증서를 받았기 때문에 갱신이 되지는 않고 메시지만 출력됩니다.
$ crontab -e
// 매일 0시 업데이트 진행
0 0 * * * sudo certbot renew
crontab에 등록해서 자동으로 갱신하도록 합니다.
https://www.tiny.cloud/docs/quick-start/
<textarea id="note" class="note">내용을 입력하세요</textarea>
<script src="https://cdn.tiny.cloud/1/no-api-key/tinymce/5/tinymce.min.js" referrerpolicy="origin"></script>
<script>
tinymce.init({
selector: '#note',
plugins: 'print preview powerpaste casechange importcss tinydrive searchreplace autolink autosave save directionality advcode visualblocks visualchars fullscreen image link media mediaembed template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists checklist wordcount tinymcespellchecker a11ychecker imagetools textpattern noneditable help formatpainter permanentpen pageembed charmap tinycomments mentions quickbars linkchecker emoticons advtable',
menu: {
tc: {
title: 'TinyComments',
items: 'addcomment showcomments deleteallconversations'
}
},
menubar: 'file edit view insert format tools table tc help',
toolbar: 'undo redo | bold italic underline strikethrough | fontselect fontsizeselect formatselect | alignleft aligncenter alignright alignjustify | outdent indent | numlist bullist checklist | forecolor backcolor casechange permanentpen formatpainter removeformat | pagebreak | charmap emoticons | fullscreen preview save print | insertfile image media pageembed template link anchor codesample | showcomments addcomment',
autosave_ask_before_unload: true,
toolbar_mode: 'floating',
tinycomments_mode: 'embedded',
tinycomments_author: 'Author name',
height: '100%'
});
</script>
API 키는 My Account에서 가입후 발급이 가능
발급후 도메인을 등록하고 no-api-key 부분을 교체해서 사용이 가능
https://www.google.com/recaptcha/admin
<!-- recaptcha element -->
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>
<input type="hidden" id="recaptcha_response" name="recaptcha_response" value="" />
<div id="recaptcha_area"></div>
<script type="text/javascript">
var verify_value = "";
var onloadCallback = function() {
grecaptcha.render('recaptcha_area', {
'sitekey' : '{어드민 콘솔에서 발급받은 사이트키}',
'callback' : function(response) {
if (response != "") {
verify_value = response;
}
},
'theme' : 'light'
});
};
</script>
<!-- //recaptcha element -->
<script>
// 폼서브밋시
$("#recaptcha_response").val(verify_value);
</script>
<?php
// recaptcha 확인
include_once 'Snoopy.class.php';
$snoopy = new Snoopy;
$data = array(
"secret" => '어드민 콘솔에서 발급받은 시크릿키',
"response" => $recaptcha_response
);
$snoopy->submit('https://www.google.com/recaptcha/api/siteverify', $data);
$response = json_decode($snoopy->results);
if (!$response->success) {
// fail
exit;
} else {
// success
}
보안을 위해서 XCP-ng에 접근하는 아이피를 제한한다. 80, 443 포트의 경우 XCP-ng Center로 접근시 사용하기 때문에 해당 아이피만 허용해준다.
# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 694 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
아래처럼 -s {허용할 아이피} 를 추가해서 접근을 막는다
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 694 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp -s {허용할 아이피} --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp -s {허용할 아이피} --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp -s {허용할 아이피} --dport 443 -j ACCEPT
# service iptables restart
var list = new BindingList<KeyValuePair<int, string>>();
list.Add(new KeyValuePair<string, string>(0, "Select Color"));
list.Add(new KeyValuePair<string, string>(1, "Red"));
list.Add(new KeyValuePair<string, string>(2, "Blue"));
list.Add(new KeyValuePair<string, string>(3, "White"));
list.Add(new KeyValuePair<string, string>(4, "Black"));
list.Add(new KeyValuePair<string, string>(5, "Green"));
cbColor.DataSource = list;
cbColor.ValueMember = "Key";
cbColor.DisplayMember = "Value";
cbColor.SelectedIndex = 0;
cbColor.SelectedValue = 3;
cbColor.Text = "Blue";
cbColor.SelectedValue = cbColor.FindString("Red");
라즈베리파이의 HDMI에 연결된 출력장치를 켜거나 끌경우 사용하는 명령
https://www.raspberrypi.org/documentation/raspbian/applications/tvservice.md
켜기
tvservice -p
(vcgencmd display_power 1)
끄기
tvservice -o
(vcgencmd display_power 0)
모니터링
tvservice -M
-p, -o 명령의 경우 실행하면 화면이 검은색으로 변했다가 복구된다.
때문에 화면만 껐다켜는 경우는 vcgencmd display_power를 사용해야한다.
# 아이피 추가,삭제
ip addr show
ip addr add 192.168.0.10/24 dev eth0
ip addr del 192.168.0.10/24 dev eth0
# 인터페이스
ip link set eth0 up
ip link set eth0 down
# 라우팅 정보 보기
ip route show
# 게이트웨이 추가,삭제
ip route add default via 192.168.0.1
ip route del default via 192.168.0.1
# 정적 라우팅 추가,삭제
ip route add 192.168.0.0/24 via 192.168.0.1 dev eth0
ip route del 192.168.0.0/24
우분투 16버전에서 php5.6 설치하는 방법
sudo add-apt-repository -y ppa:ondrej/php
sudo apt update
sudo apt install php5.6 php5.6-mysql php5.6-curl
tcpdump -i eth0 -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
tcpdump -i eth0 -s 0 -A 'tcp dst port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'