分类 电脑 下的文章

在 virtualizor 创建 Windows系统模板

步骤:

  1. 创建VPS,磁盘至少20GB
  2. 在救援模式,通过dd的命令,安装好Windows 2022,确认可以正常远程桌面连接
  3. 关闭Windows系统。尝试通过 virtualizor 面板创建Windows模板,但长时间等待后,仅是创建了0大小的文件,操作失败
  4. 按教程里,登录到vps所在的节点,用命令 /usr/local/virtualizor/tools/windows.php 创建Windows模板,得到一个约13GB的img文件,命名为example-windows.img。再将该img文件复制到主控的 /var/virtualizor/kvm 目录里
  5. 再在 virutalizor 面板里添加模板,URL 就写文件的位置 /var/virtualizor/kvm/example-windows.img

参考:https://www.virtualizor.com/docs/admin/create-os-template/

用 grml iso 作为急救盘 dd 安装 debian 12 系统

需求:一台物理机,主板不支持EFI,有 LSI MTP 阵列卡组成 6TB 的存储。想达到不使用IPMI,在原 Debian 系统环境中,能远程重装系统。

尝试:使用 grml iso 作为急救系统,在内存中使用,再通过 dd 命令,或 grml-debootstrap 重新安装 Debian 系统。

步骤:

  1. apt install grml-rescueboot # 安装 grml急救 工具
  2. mkdir /boot/grml 和 wget -O /boot/grml/grml.iso https://download.grml.org/grml64-small_2022.11.iso # 下载 grml 的iso文件
  3. sed -i 's|additional_param=""|additional_param="ssh=mjj2023"|g' /etc/grub.d/42_grml # 添加 grml 的启动参数,即 ssh=mjj2023 。效果是自动启动 ssh 服务,且 root 的密码是 mjj2023
  4. update-grub # 更新 grub 配置
  5. grub-reboot 2 # 下次启动,选择从第二项启动,即加载 grml iso 文件
  6. reboot # 重启系统。如果顺利,机子重启后,会自动加载 grml iso 文件。 grml 会自动获取IP,然后启动 ssh 服务。机子可从远程ssh连接,即可登录到 grml 的急救系统

以下部分是具体实例,仅参考。

  1. ip addr add 66.181.33.88/32 dev eth0 和 ip route add default dev eth0 via 100.103.2.49 onlink # 如果成功通过IPv6 ssh连接到 grml 急救系统,可执行以上两条命令,为 eth0 网卡临时配置IPv4
  2. wget -O- https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-amd64.raw | dd of=/dev/sda status=progress # 这里是使用debian官方的硬盘镜像。dd 好后,需要设置root密码、允许root用户凭密码ssh登录,还需留意物理机的网卡名称可能会随环境变化
  3. cfdisk /dev/sda # dd 好后,调整分区大小。请留意,如果是使用debian官方的硬盘镜像,调整分区后,是否需要重新安装grub,否则重启后,会出现 grub rescue
  4. resize2fs /dev/sda2 # 调整文件系统大小

调整磁盘分区后,grub找不到原来的位置,转到grub-rescu了

grml iso急救系统

参考:

浪潮服务器 NF5270M4 安装 FreeBSD 9.3 遇到的问题

问题一:用 FreeBSD 9.3 的 iso 文件启动安装,报错:0xffffffff8091f91a ACPI APIC Table ALASKA AMI kernel trap 12 with interrupts disabled

freebsd93-x2apic-1.png

freebsd93_x2apic-2.png

尝试:在主板的 BIOS 里,将 extend APIC support - X2APIC 的功能禁用掉。

freebsd93-x2apic-3.png

问题二:屏幕显示 run_interrupt_driven_hooks still waiting after seconds for xpt_config ,无法进行下一步

尝试:服务器使用了 PM8060 RAID 阵列卡,FreeBSD 9.3 认不到硬盘。在 FreeBSD 9.3 的 loader prompt 里先 load kernel ,然后再加载从浪潮网站下载的阵列卡驱动 load aacu64.ko 。 安装好 FreeBSD 后,将 aacu64.ko 复制到 /boot/modules 目录中,且在 /boot/loader.conf.local 中配置该模块 aacu64_load = "YES" 。

参考:

在 nginx 里设置 acme 验证证书的目录

需求:acme.sh 建议用非root的用户运行,如果nginx里有多个站点需要验证证书,怎么做较方便呢?

尝试:如 创建一个 acme.conf 的配置文件,内容如下:

#############################################################################
# Configuration file for Let's Encrypt ACME Challenge location
# This file is already included in listen_xxx.conf files.
# Do NOT include it separately!
#############################################################################
#
# This config enables to access /.well-known/acme-challenge/xxxxxxxxxxx
# on all our sites (HTTP), including all subdomains.
# This is required by ACME Challenge (webroot authentication).
# You can check that this location is working by placing ping.txt here:
# /var/www/letsencrypt/.well-known/acme-challenge/ping.txt
# And pointing your browser to:
# http://xxx.domain.tld/.well-known/acme-challenge/ping.txt
#
# Sources:
# https://community.letsencrypt.org/t/howto-easy-cert-generation-and-renewal-with-nginx/3491
#
#############################################################################

# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
location ^~ /.well-known/acme-challenge/ {

    # Set correct content type. According to this:
    # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
    # Current specification requires "text/plain" or no content header at all.
    # It seems that "text/plain" is a safe option.
    default_type "text/plain";

    # This directory must be the same as in /etc/letsencrypt/cli.ini
    # as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
    # there to "webroot".
    # Do NOT use alias, use root! Target directory is located here:
    # /var/www/common/letsencrypt/.well-known/acme-challenge/
    root         /var/www/acme;
}

# Hide /acme-challenge subdirectory and return 404 on all requests.
# Ending slash is important!
location = /.well-known/acme-challenge/ {
    return 404;
}

然后让web用户在/var/www/acme有写入权限,再在所需站点的配置文件里引用这个acme.conf文件就可以啦。

参考:https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622/3

安装 magento 2.4.6-p1

当前,magento 官方商城使用的程序版本是 magento 2.4.6-p1 。尝试安装一下,记录遇到的问题。

问题一:debian 12系统里,默认安装的mariadb版本是10.11.3,但 magento 要求是10.6。数据库的版本过高,magento安装程序不认。

出错信息:Current version of RDBMS is not supported. Used Version: 10.11.3-MariaDB-1. Supported versions: MySQL-8, MySQL-5.7, MariaDB-(10.2-10.6)

或:

Warning: preg_match(): Compilation failed: range out of order in character class at offset 25 in magento/vendor/magento/framework/DB/Adapter/SqlVersionProvider.php on line 101

尝试:

对于第一个报错,按照网上的例子,修改 magento/app/etc/di.xml 文件内容,如:
<item name="MariaDB-(10.2-10.11)" xsi:type="string">^10\.[2-11]\.</item> 直接修改版本号。

第二个报错,修改 magento/vendor/magento/framework/DB/Adapter/SqlVersionProvider.php 文件内容,如:

        $pattern = sprintf('/(%s)/', implode('|', $this->supportedVersionPatterns));
        $pattern = '/10.11/';
        $sqlVersionOutput = '10.11.3-MariaDB-1';
        preg_match($pattern, $sqlVersionOutput, $match);

问题二:magento 安装程序,连接不上刚刚安装的 opensearch ,提示:Could not validate a connection to the opensearch, no alive nodes found in your cluster

尝试:在 /etc/opensearch/opensearch.yml 文件中,添加一行 plugins.security.disabled: true ,即将opensearch的https和用户访问的安全设置禁用。

问题三:使用 nginx 的反向代理 apache 上的 magento 站点后,https 访问异常,如不断地循环跳转。

magento 的站点网址设置等,和平时的差不多,如下例:

catalog/search/engine - opensearch
catalog/search/opensearch_server_hostname - localhost
catalog/search/opensearch_server_port - 9200
catalog/search/opensearch_index_prefix - magento2
catalog/search/opensearch_server_timeout - 15
catalog/category/root_id - 2
web/seo/use_rewrites - 1
web/unsecure/base_url - http://magento.anqun.org/
web/unsecure/base_static_url -
web/unsecure/base_media_url -
web/secure/base_url - https://magento.anqun.org/
web/secure/base_static_url -
web/secure/base_media_url -
web/secure/enable_hsts - 0
web/secure/enable_upgrade_insecure - 0
web/secure/use_in_frontend - 1
web/secure/use_in_adminhtml - 1
web/secure/offloader_header -
web/default_layouts/default_product_layout - product-full-width
web/default_layouts/default_category_layout - category-full-width
web/default_layouts/default_cms_layout - cms-full-width
web/cookie/cookie_path -
web/cookie/cookie_domain -
web/cookie/cookie_httponly - 1
general/locale/code - zh_Hans_CN
general/locale/timezone - Asia/Shanghai
general/region/display_all - 1
general/region/state_required - AL,AR,AU,BG,BO,BR,BY,CA,CH,CL,CN,CO,CZ,DK,EC,EE,ES,GR,GY,HR,IN,IS,IT,LT,LV,MX,PE,PL,PT,PY,RO,SE,SR,US,UY,VE
currency/options/base - CNY
currency/options/default - CNY
currency/options/allow - CNY
analytics/subscription/enabled - 1
crontab/default/jobs/analytics_subscribe/schedule/cron_expr - 0 * * * *
crontab/default/jobs/analytics_collect_data/schedule/cron_expr - 00 02 * * *

关键应该是设置 https 的环境参数,如通过 .htaccess 添加以下内容:

setenv HTTPS on
SetEnv HTTP_X_FORWARDED_PROTO "https"

如果nginx反代配置中使用了 X-Real-IP 头,那么 apache 中的访问日志,可以使用 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Real-IP}i\"" proxycombined 来记录访客IP。

nginx站点例子:

server {
        listen       443 ssl;  
        server_name  magento.anqun.org; 

        ssl_certificate          fullchain.cer;
        ssl_certificate_key      magento.anqun.org.key;

        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;

        location / {
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_pass         http://192.168.1.9:8001;
        }
}

参考: