Nolan's Blog

a PHP JS UI APP developer

家庭服务器svn向服务器提交更新的方案

本机 Win10
家庭服务器 Win10
远程服务器 CentOS

最近在家里搞了一台闲置主机作为HomeServer,原装正版Win10就懒得折腾了,毕竟只是用来存放文件以及SVN及DB备份用而已,顺道跑跑一些计划任务。

首先因为家里路由设置是每天重启一次,所以IP会变动,影响阿里云白名单,这个可以用过阿里云API来处理(后面也会用到),具体见阿里云各APISDK

然后就想着通过本地的SVN可以向第三天机器提交代码,这么做目的有2个

1.可是实现代码版本本地化,降低服务器放svn服务的风险,以及客户风险。

2.可以作为中继,利用hook再次作为子机,向其他svn主机提交更新,控制本地组频繁提交导致版本过多问题。

设置方案:

  1. 设置一个域名解析到家庭IP(会变)
  2. 利用IP查询接口查询当前外网IP,如变更则提交阿里云云解析API,更新解析地址。
  3. 利用Win自带的计划任务定时执行IP检测任务
  4. HomeServ安装VisualSVN,提供本地SVN服务
  5. 提交版本库等等(不累述
  6. 在远程服务端SVN CO本地版本库,记得这里要使用域名(当然,如果这里做一个计划任务获取最新IP也是可以的,方法很多)
  7. 设置HOOK
    • 下载 putty 完整包
    • 生成公钥密钥(不累述
    • 利用 puttygen 工具讲 openssh 的私钥转成 putty 的密钥
      • 选择 Import key 引入文件
      • 按 Save private key 保存ppk格式密钥
    • 公钥文件上传到远程服务器 ~/.ssh 下,权限文件夹700 / 文件600
    • 利用命令plink -v -batch host获取密指码 aa:bb:cc:xxxx
    • hook 编辑:plink.exe -hostkey "aa:bb:cc:dd.....ee:ff" -i "..\serv.ppk" root@IP地址 "export LANG=zh_CN.UTF-8; svn update /html/repo; exit;"
  8. 测试完成

第7步遇到的坑比较多,记录一下,因为不想给远程环境追加可执行SHELL的能力,所以采用了SSH链接,刚开始使用了自带的OPENSSL,单独执行完全没有问题,但是用HOOK执行,总是没有结果,会卡住。

所以怀疑是用户问题(事实也确实是),但因为Adminstrator无法登录(家庭版没有组策略,但是如果再去折腾组策略,似乎就是不断地挖坑了)所以看不到问题点,输出也没有内容。于是换了Plink,Plink给了正确的反馈,发现原来是提示是否保存服务端证书的提示卡住了,用命令行输入Y。。。?!#¥#@¥

输入Y是不可能的了。。。也没有-y的参数,就很尴尬了。

翻了一下plink参数,发现了 -hostkey 参数,所以,我只要有了那段密指码就能解决问题了,谷歌一下就找到了这个命令 plink -v -batch host,利用它就能获取到完整密指码了,就是上面的 aa:bb:cc:dd…

到此就可以顺利的让hook利用ssh连接到远程,做任何事情了。可扩展的功能就很多了 23333

继续阅读》

, , ,

Java new byte[16] same as str_repeat(“\0”, 16) in PHP

Java new byte[16] same as str_repeat(“\0”, 16) in PHP!



class CryptAES
{
    protected $cipher = MCRYPT_RIJNDAEL_128;
    protected $mode   = MCRYPT_MODE_CBC;
    protected $pad_method = NULL;
    protected $secret_key = '';
    protected $iv = '';

    public function set_cipher($cipher)
    {
        $this -> cipher = $cipher;
    }

    public function set_mode($mode)
    {
        $this -> mode = $mode;
    }

    public function set_iv($iv)
    {
        $this -> iv = $iv;
    }

    public function set_key($key)
    {
        $this -> secret_key = $key;
    }

    public function require_pkcs5()
    {
        $this -> pad_method = 'pkcs5';
    }

    protected function pad_or_unpad($str, $ext)
    {
        if ( is_null($this -> pad_method) )
        {
            return $str;
        }
        else
        {
            $func_name = __CLASS__ . '::' . $this->pad_method . '_' . $ext . 'pad';
            if ( is_callable($func_name) )
            {
                $size = mcrypt_get_block_size($this->cipher, $this->mode);
                return call_user_func($func_name, $str, $size);
            }
        }
        return $str;
    }

    protected function pad($str)
    {
        return $this->pad_or_unpad($str, '');
    }

    protected function unpad($str)
    {
        return $this->pad_or_unpad($str, 'un');
    }

    public function encrypt($str)
    {
        $str = $this -> pad($str);
        $td = mcrypt_module_open($this->cipher, '', $this->mode, '');

        if ( empty($this->iv) )
        {
            //$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
            $iv = str_repeat("\0", mcrypt_enc_get_iv_size($td));                // < << like here
        }
        else
        {
            $iv = $this->iv;
        }

        mcrypt_generic_init($td, $this->secret_key, $iv);
        $cyper_text = mcrypt_generic($td, $str);
        $rt = base64_encode($cyper_text);
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);

        return $rt;
    }

    public function decrypt($str)
    {
        $td = mcrypt_module_open($this->cipher, '', $this->mode, '');

        if ( empty($this->iv) )
        {
            //$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
            $iv = str_repeat("\0", mcrypt_enc_get_iv_size($td));
        }
        else
        {
            $iv = $this->iv;
        }

        mcrypt_generic_init($td, $this->secret_key, $iv);
        $decrypted_text = mdecrypt_generic($td, base64_decode($str));
        $rt = $decrypted_text;
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);

        return $this -> unpad($rt);
    }

    public static function pkcs5_pad($text, $blocksize)
    {
        $pad = $blocksize - (strlen($text) % $blocksize);
        $text .= str_repeat(chr($pad), $pad);
        return $text;
    }

    public static function pkcs5_unpad($text)
    {
        $pad = ord($text{strlen($text) - 1});
        if ($pad > strlen($text)) return false;
        if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
        return substr($text, 0, -1 * $pad);
    }

}

继续阅读》

, , ,

PHP Socket with multiple clients


error_reporting(E_ALL);

/* Allow the script to hang around waiting for connections. */
set_time_limit(0);

/* Turn on implicit output flushing so we see what we're getting as it comes in. */
ob_implicit_flush();

$address = '127.0.0.1';

$port = 10000;

// create a streaming socket, of type TCP/IP
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);

socket_set_option($sock, SOL_SOCKET, SO_REUSEADDR, 1);

socket_bind($sock, $address, $port);

socket_listen($sock);

// create a list of all the clients that will be connected to us..
// add the listening socket to this list
$clients = array($sock);

while (true)
{
    // create a copy, so $clients doesn't get modified by socket_select()
    $read = $clients;
    $write = null;
    $except = null;

    // get a list of all the clients that have data to be read from
    // if there are no clients with data, go to next iteration
    if (socket_select($read, $write, $except, 0) < 1)
        continue;

    // check if there is a client trying to connect
    if (in_array($sock, $read))
    {
        $clients[] = $newsock = socket_accept($sock);

        socket_write($newsock, "There are ".(count($clients) - 1)." client(s) connected to the server\n");

        socket_getpeername($newsock, $ip, $port);
        echo "New client connected: {$ip}\n";

        $key = array_search($sock, $read);
        unset($read[$key]);
    }

    // loop through all the clients that have data to read from
    foreach ($read as $read_sock)
    {
        // read until newline or 1024 bytes
        // socket_read while show errors when the client is disconnected, so silence the error messages
        $data = @socket_read($read_sock, 4096, PHP_BINARY_READ);

        // check if the client is disconnected
        if ($data === false)
        {
            // remove client for $clients array
            $key = array_search($read_sock, $clients);
            unset($clients[$key]);
            echo "client disconnected.\n";
            continue;
        }

        $data = trim($data);

        if (!empty($data))
        {
            echo " send {$data}\n";

            // do sth..

            // send some message to listening socket
            socket_write($read_sock, $send_data);

            // send this to all the clients in the $clients array (except the first one, which is a listening socket)
            foreach ($clients as $send_sock)
            {
                if ($send_sock == $sock)
                    continue;

                socket_write($send_sock, $data);

            } // end of broadcast foreach
        }

    } // end of reading foreach
}

// close the listening socket
socket_close($sock);

继续阅读》

,

留名火星!

如无意外的话,NASA 将会在 2016 年的 3 月发射 InSight(Interior Exploration using Seismic Investigations, Geodesy and Heat Transport)探测器前往火星,以研究火星的深处构造是如何。虽然现在距离发射仍有超过半年的时间,不过大家「名留火星」的机会快将结束了。该计划早前开始让任何网民在官网提交自己的名字、所在国家和电邮等信息,以让 InSight 载着存储了上述信息的芯片(继续阅读的图中)一起前往火星做任务;假设大家在有生之年未能前往火星,也至少能在形式上参与相关任务吧。早前 Orion 任务收集到约 130 万个名字,而目前 InSight 只收到 60 多万个,大家不妨一起对这个数目推高啊。

我已经申请~~~ 下面是我的船票! 申请地址在 http://mars.nasa.gov/participate/send-your-name/insight/?linkId=16760252

继续阅读》

CentOS 6.5 PHP Update to 5.4 5.5 5.6

A best rpm:
rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm

yum install php(54w/55w/56w) php55w-bcmath php55w-cli php55w-common php55w-devel php55w-fpm php55w-gd php55w-imap php55w-ldap php55w-mbstring php55w-mcrypt php55w-mysql php55w-odbc php55w-pdo php55w-pear php55w-pecl-igbinary php55w-xml php55w-xmlrpc php55w-opcache php55w-intl php55w-pecl-memcache

继续阅读》

Install / Setting vsftp in CentOS

1. Install
yum install vsftp

2. Config
vi vsftpd.conf


# turn off anonymous login
anonymous_enable=NO
# use userlist user for ftp
userlist_deny=NO
# open passive mode
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=10010
# login banner
ftpd_banner=Welcome to nolanchou.com

3. Create a user for ftp.
useradd –s /sbin/nologin –d /ftp/home/path vuser 
passwd vuser

in new centos. we need chmod a-w /ftp/home/path

4. Edit userlist.
vi user_list

5. Virtual user if you need.
a. create virtual user list.
touch vuser
eg:
username
password

b. build users db.
db_load –T –t hash –f /etc/vsftpd/vuser /etc/vsftpd/vuser.db

c. edit /etc/pam.d/vsftpd, add lines.


auth required pam_userdb.so db=/etc/vsftpd/vuser
account required pam_userdb.so db=/etc/vsftpd/vuser

d. edit vsftp config.


guest_enable=YES # enable guest
guest_username=vuser # user vuser db
pam_service_name=vsftpd # use pam

e. set virtual user config path.
user_config_dir=/etc/vsftpd/vuser_conf

f. config the virtual user settings accoring to your needs.
touch username.


anon_world_readable_only=NO # view ftp path
anon_upload_enable=YES # allow download
anon_mkdir_write_enable=YES # create and delete dir
anon_other_write_enable=YES # rename or delete file
local_root=/ftp/home/pash/username # define user's root

继续阅读》

, ,

福利已到~再谢白白Sama

shary

吾组福利丰厚!让组长代购的雪莉手办已经到他那里了,话说= = 好大的包装啊,里面会有啥!?
嘛~看着好爽~~~先上图感受一下 23333

追加:晚上的时候,原价7680就已经下线了,恢复原价了。。。赞赞赞!

shary2

继续阅读》

Ubuntu Install and Use Shadowsocks+privoxy

1. INSTALL Shadowsocks-qt5
The document and help on Github is here.
(Github 上有中文安装说明,但是要跳转几次。[传送门]


add-apt-repository ppa:hzwhuang/ss-qt5
apt-get update
apt-get install shadowsocks-qt5

2. Start Up
Setting server,port,username..(GUI). Not say more.

3. privoxy
INSTALL:
apt-get install privoxy
CONFIG:
vi /etc/privoxy/config
INSERT A NEW LINE
forward-socks5 / 127.0.0.1:1080 . (注意最后的点不是我失误
RESTART privoxy
service privoxy restart

继续阅读》

, , ,

Use proxychains to set up a proxy for some program in Linux

Install:
ubuntu apt-get install proxychains
Document: http://proxychains.sourceforge.net/howto.html

Settion:
Config files be loaded order by:
1) ./proxychains.conf
2) $(HOME)/.proxychains/proxychains.conf
3) /etc/proxychains.conf
So change the config in etc/ or create a new one in $home

Config:


## Order by list. auto skip the failed proxy
#dynamic_chain

## Order by list. not skip
strict_chain 

## Order by random
#random_chain

[ProxyList]
## Add the Proxy list, Eg: shadowsocks
socks5 127.0.0.1 1080

To use it:


proxychains ./sudio.sh 

继续阅读》

, ,

Ubuntu Mount the Windows’ partition

Sometime, we need share the folder for word, likes apache’s root path or any other project’s folder.
So we need mount the other partition on start-up Ubuntu.

Step:
1. CMD sudo blkid
View all the partition of disks.


/dev/sda1: LABEL="SYSTEM" UUID="6A4031254030F981" TYPE="ntfs" PARTUUID="c52dc52d-01"
/dev/sda5: LABEL="WORK" UUID="841C686D1C685C64" TYPE="ntfs" PARTUUID="c52dc52d-05"
/dev/sda6: LABEL="DOCUMENT" UUID="E604677704674A1F" TYPE="ntfs" PARTUUID="c52dc52d-06"
/dev/sda7: LABEL="OTHER" UUID="D2AC7ADBAC7ABA15" TYPE="ntfs" PARTUUID="c52dc52d-07"
/dev/sdb1: UUID="6efcb250-6c3c-4b2b-a9c5-3e3857d5c680" TYPE="ext4" PARTUUID="3051b101-01"
/dev/sdb5: UUID="6ec85b42-afc6-4e48-bee9-65c6028d514b" TYPE="swap" PARTUUID="3051b101-05"

2.Update config vim /etc/fstab
Each line need contain the following contents:
<file system> <mount point> <type> <options> <dump> <pass>
<file system> : Partition positioning, UUID or LABEL. Eg: /dev/sda2
<mount point> : Mount point, Eg: /media/C
<type> : Partition type. Eg: ntfs or fat32
<options> : default option is defaults
<dump> : Backup partition, default is 0
<pass> : Check partition, default is 0

Add your new partition:


# disk WORK
/dev/sda5 /media/nolan/WORK/ ntfs defaults 0 0

3. Test
sudo mount -a

4. Options
About the options

async / sync
(Yes/Not) Synchronous
Recommend “async” (better performance).

auto / noauto
(Yes/Not) Auto mount
Default is “auto”.

rw / ro
Read and Write / Read only

exec / noexec
(Yes/Not) Executable
This option will control the all files in partition can be execution or not.

user / nouser
(Yes/Not) Allow default user mount partition.
Generally, we choose not allow.

suid/nosuid
(Yes/Not) Have suid auth.
Allow SUID ?

defaults is same of “rw, suid, dev, exec, auto, nouser, async”.

继续阅读》

, ,

Ubuntu 14.10 mirrors

apt-get update ## update repos
apt-get dist-upgrade ## update package

sohu源:

deb http://mirrors.sohu.com/ubuntu/ utopic main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ utopic-security main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ utopic-updates main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ utopic-backports main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ utopic main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ utopic-security main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ utopic-updates main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ utopic-backports main restricted universe multiverse

aliyun源:

deb http://mirrors.aliyun.com/ubuntu/ utopic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ utopic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ utopic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ utopic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ utopic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ utopic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ utopic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ utopic-backports main restricted universe multiverse

163源:

deb http://mirrors.163.com/ubuntu/ utopic main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ utopic-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ utopic-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ utopic-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ utopic main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ utopic-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ utopic-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ utopic-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ utopic-backports main restricted universe multiverse

继续阅读》

, ,

以前的文章..

Powered by WordPress.org.