快轉到主要內容
PolloChang 工作筆記

·1303 字·3 分鐘· 草稿
PolloChang
作者
PolloChang
我是一隻雞
目錄

027-工作電腦重新安裝
#

重新安裝原因
#

因為硬碟壞了

1
2

❯ df -h
zsh: Input/output error: df

試著逕行刪除資料出現唯讀訊息

1
2

❯ rm haproxy.log.10.gz
rm: cannot remove 'haproxy.log.10.gz': Read-only file **system**

重新安裝準備
#

紀錄重要配置
#

  • /etc/fstab
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sde3 during installation
UUID=4cccacb9-4b48-4bca-91c4-3b9c1ee5e250 /               ext4    errors=remount-ro 0       1
# /home was on /dev/nvme0n1p2 during installation
UUID=153123c7-16ae-4197-b41c-b5f469d50487 /home           ext4    defaults        0       2
# /kvm was on /dev/sdb1 during installation
UUID=3d53dd5e-1d5f-4fbd-a6e0-c5bb99651663 /kvm            ext4    defaults        0       2
# /tmp was on /dev/nvme0n1p1 during installation
UUID=d674e1b7-a235-4e85-8912-198abd64abe0 /tmp            ext4    defaults        0       2
# /var was on /dev/sde4 during installation
UUID=a8424c9a-d53f-49b7-bc2d-9630212db031 /var            ext4    defaults        0       2
# swap was on /dev/sde1 during installation
UUID=e148ca38-cf4d-4f83-a0a5-b85fad20ebe5 none            swap    sw              0       0
/dev/disk/by-uuid/445d0e99-d944-42be-b949-7e2e7a4f4d2d /home/jameschang/data auto defaults 0 0

準備安裝軟體
#

019.字型安裝
#

語系設定
#

輸入法設定
#

  1. 字典

java 環境
# 

1
2

sudo mkdir /usr/local/lib/jvm
sudo mkdir /usr/lib/jvm

/etc/profile.d/java-home.sh

1
2
3
4

JAVA_HOME=/usr/lib/jvm/jdk-11
CLASSPATH=$JAVA_HOME/lib/
PATH=$PATH:$JAVA_HOME/bin
export PATH JAVA_HOME CLASSPATH

maven 安裝
# 

1
2
3

wget https://archive.apache.org/dist/maven/maven-3/3.8.5/binaries/apache-maven-3.8.5-bin.tar.gz
tar -zxf apache-maven-3.8.5-bin.tar.gz
sudo cp apache-maven-3.8.5 /usr/local/lib

/etc/profile.d/mvn.sh

1
2
3

MAVEN_HOME=/usr/local/lib/apache-maven-3.8.5
PATH=$PATH:$MAVEN_HOME/bin
export PATH MAVEN_HOME

netbeans-6.7
# 

1

sudo sh netbeans-6.7-ml-java-linux.sh --javahome /usr/lib/jvm/jdk1.5.0_22

執行安裝
# 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

mkdir -p ~/Downloads/reinstall && cd ~/Downloads/reinstall
sudo apt remove libreoffice
sudo apt remove fcitx*
sudo dpkg-reconfigure locales
sudo apt install ibus-chewing

wget -O - https://dbeaver.io/debs/dbeaver.gpg.key | sudo apt-key add - &&\
echo "deb https://dbeaver.io/debs/dbeaver-ce /" | sudo tee /etc/apt/sources.list.d/dbeaver.list

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg &&\
sudo install -o root -g root -m 644 packages.microsoft.gpg /etc/apt/trusted.gpg.d/ &&\
sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/trusted.gpg.d/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list' &&\
rm -f packages.microsoft.gpg

sudo apt install -y apt-transport-https curl vim net-tools

sudo apt install net-tools

sudo apt update

sudo apt install -y \
"libgtk2.0-0:i386" "libgdk-pixbuf2.0-0:i386" \
"libatk-adaptor:i386" "libgail-common:i386"

sudo apt install -y \
git flameshot remmina nmon dbeaver-ce code firewalld haproxy rsync samba ibus-chewing \
libreoffice-calc libreoffice-writer \
solaar \
qemu-system libvirt-clients libvirt-daemon-system qemu-kvm libvirt-daemon  bridge-utils virtinst virt-manager

curl -s https://packagecloud.io/install/repositories/eugeny/tabby/script.deb.sh | sudo bash
sudo apt install tabby-terminal


wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb  &&\
wget https://github.com/variar/klogg/releases/download/continuous-linux/klogg-22.03.0.1211-Linux.deb  &&\
wget ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i386linux_enu.deb  &&\
wget https://github.com/jgraph/drawio-desktop/releases/download/v17.2.4/drawio-amd64-17.2.4.deb  &&\
wget https://github.com/Eugeny/tabby/releases/download/v1.0.174/tabby-1.0.174-linux.deb &&\
wget https://github.com/Peltoche/lsd/releases/download/0.21.0/lsd-musl_0.21.0_amd64.deb &&\
sudo apt install ./*.deb

sudo systemctl enable haproxy

sudo firewall-cmd --permanent --zone=public --add-port=7788/tcp &&\
sudo firewall-cmd --permanent --zone=public --add-port=8315/tcp &&\
sudo firewall-cmd --reload

KVM 設定
# 

1
2
3
4

sudo modprobe vhost_net
sudo adduser jameschang libvirt
sudo virsh net-start default
sudo virsh net-autostart default
  • 192.168.56.0/24

將非安裝軟體新增到程式清單
# 

1
2
3

sudo tee /usr/share/applications/iReport-5.6.0.desktop <<EOF

EOF

恢復文件
#

/etc/haproxy/haproxy.cfg

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

global
        #log /dev/log   local0
        #log /dev/log   local1 notice
        log 127.0.0.1 len 8096 local2
        log-send-hostname
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        # log-format {\"haproxy_clientIP\":\"%ci\",\"haproxy_clientPort\":\"%cp\",\"haproxy_dateTime\":\"%t\",\"haproxy_frontendNameTransport\":\"%ft\",\"haproxy_backend\":\"%b\",\"haproxy_serverName\":\"%s\",\"haproxy_Tw\":\"%Tw\",\"haproxy_Tc\":\"%Tc\",\"haproxy_Tt\":\"%Tt\",\"haproxy_bytesRead\":\"%B\",\"haproxy_terminationState\":\"%ts\",\"haproxy_actconn\":%ac,\"haproxy_FrontendCurrentConn\":%fc,\"haproxy_backendCurrentConn\":%bc,\"haproxy_serverConcurrentConn\":%sc,\"haproxy_retries\":%rc,\"haproxy_srvQueue\":%sq,\"haproxy_backendQueue\":%bq,\"haproxy_backendSourceIP\":\"%bi\",\"haproxy_backendSourcePort\":\"%bp\",\"haproxy_statusCode\":\"%ST\",\"haproxy_serverIP\":\"%si\",\"haproxy_serverPort\":\"%sp\",\"haproxy_frontendIP\":\"%fi\",\"haproxy_frontendPort\":\"%fp\",\"haproxy_capturedRequestHeaders\":\"%hr\",\"haproxy_httpRequest\":\"%r\"}
        mode    http
        # option        httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


frontend http-in
        bind *:80
        mode http

        # acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
        # http-request deny if is-blocked-ip

        # acl is-allowed-ip src -f /etc/haproxy/allowed.ips
        # tcp-request content accept if is-allowed-ip
        # tcp-request content reject

        acl gitlab url_beg /gitlab
        use_backend servers_gitlab if gitlab

        acl swjEqGender url_beg /swjEqGender
        use_backend servers_swjEqGender if swjEqGender
        
        acl pwntpcbs url_beg /pwntpcbs
        use_backend servers_pwntpcbs if pwntpcbs

        acl pwntpc url_beg /pwntpc
        use_backend servers_pwntpc if pwntpc

        acl centos url_beg /centos
        use_backend servers_centos if centos
        
        acl phpipam url_beg /phpipam
        use_backend servers_phpipam if phpipam

        acl sonarqube path_beg /sonarqube
        use_backend servers_sonarqube  if sonarqube


frontend rdp
        mode tcp
        bind *:7788
        tcp-request inspect-delay 2s
        tcp-request content accept if RDP_COOKIE
        default_backend rdp_jameschang

frontend fe_ssh
        mode tcp
        bind *:22
        default_backend ssh_gitlab 
        timeout client 1h

backend ssh_gitlab
        mode tcp
        server Server 192.168.56.5:22
         

backend servers_centos
        mode http
        server Server 192.168.56.228:80

backend rdp_jameschang
        mode tcp
        server Server 192.168.56.2:3389 check

backend servers_swjEqGender
        
        http-response set-header Content-Security-Policy "script-src 'unsafe-inline' 'strict-dynamic' 'nonce-15d6c15b0f00a08' 'unsafe-inline' http: https:";"object-src 'none'";"base-uri 'none'";
        balance     source
        server server1 127.0.0.1:8889

backend servers_pwntpcbs
        
         http-response set-header Content-Security-Policy "script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-2fa40fcd2b12e' https://cdn.datatables.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com https://www.youtube.com https://www.facebook.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://apis.google.com https://static.xx.fbcdn.net https://static.xx.fbcdn.net ;object-src 'none';base-uri 'none';";
        balance     source
        server server1 127.0.0.1:8892

backend servers_pwntpc
        
         http-response set-header Content-Security-Policy "script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-2fa40fcd2b12e' https://cdn.datatables.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com https://www.youtube.com https://www.facebook.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://apis.google.com https://static.xx.fbcdn.net https://static.xx.fbcdn.net ;object-src 'none';base-uri 'none';";
        balance     source
        server server1 127.0.0.1:8893



backend servers_gitlab
        mode http 
        server server1 192.168.56.5:81 check

backend servers_phpipam
        mode http 
        server server1 192.168.56.1:8802 check

backend servers_sonarqube
    
        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        server server1 127.0.0.1:9000 check

listen stats
        bind 0.0.0.0:1936
        stats enable
        stats hide-version
        stats refresh 10s
        stats show-node
        stats auth admin:admin
        stats uri  /stats
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

sudo apt install -y ttf-wqy-microhei ttf-wqy-zenhei ttf-mscorefonts-installer 
cd ~/下載
sudo mkdir -p /usr/share/fonts/custom &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Regular.ttf &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Regular.ttf &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf &&\
sudo wget -P /usr/share/fonts/custom https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf &&\
sudo fc-cache -v -f

安裝 nVidia 驅動程式

1
2
3

sudo apt install nvidia-detect
sudo nvidia-detect
sudo install [nvidia-driver-name]
  • 更新後有可能會需要舊的
1
2
3
4

❯ sudo apt remove nvidia-driver
E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. 
❯ sudo dpkg --configure -a
❯ sudo apt autoremove

關閉自動休眠
#

sudo rsync -vruptl -e “ssh -p 8315” [email protected]:/home/jameschang/usr/etc/SoapUI-5.6.0 /usr/local/etc &&
rsync -vruptl -e “ssh -p 8315” [email protected]:/home/jameschang/usr/etc/SUNWappserver /home/jameschang/usr/etc &&
rsync -vruptl -e “ssh -p 8315” [email protected]:/home/jameschang/Documents/gitContent/wezoom /home/jameschang/Documents/gitContent