0%

1.win键+R 进入cmd

输入regedit 回车

2.在注册表里找到如下项目并更改

安全中心
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
start值 2开启 4关闭
Windows Denfender
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware值 0或者删除值开启 1关闭

阅读全文 »

目标:nginx配置多个https域名

查看nginx是否支持支持TLS协议的SNI扩展
1
2
3
4
5
6
7
 root@iZj6cgoyl5x6opizfwaukrZ:~# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.17.0
built by gcc 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-openssl-opt=enable-tlsext --with-pcre=./pcre-8.35
root@iZj6cgoyl5x6opizfwaukrZ:~#

 如果出现上面的TLS SNI support enabled,则略过第一步

更新nginx
1
2
3
4
5
6
[root]# wget http://nginx.org/download/nginx-1.12.0.tar.gz
[root]# tar zxvf nginx-1.12.0.tar.gz
[root]# cd nginx-1.12.0
[root]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module \
--with-openssl=./openssl-1.0.2k \
--with-openssl-opt="enable-tlsext"

 其中openssl一般系统自带,可不添加
命令实行后建议,备份nginx.conf,进行重新安装,即make install

增加nginx的配置

直接增加server级的ssl配置即可

阅读全文 »

问题

  • 今天打开自己的博客,发现二次打开时会被断开连接
    碰到这个问题第一时间觉的是nginx的ssl配置有问题
  • 随即开始对nginx的ssl进行调整,无论调整keepalive-timout
    ciphers,都没有效果,随即测试到底多久能再次打开
  • 经过测试,发现没有180s能够再次打开,然后查找有关180s的nginx配置
    发现有个proxy_timeout默认为180s,修改后无效,挠头了
  • 然后考虑是dns转换问题,使用地址访问后,每次都可以进入,然后用ping命令
    结果每次地址解析都正确,证明dns解析正常
  • 最后,发觉只能是ssl的问题,因为配置没问题,nginx没问题,最后屏蔽ssl配置后
    取消跳转,问题解决,看来便宜的ssl还是不行啊…
阅读全文 »

2019-10-31 20:11

做BOC支付时,需要对文件进行RSA签名
但是正确的数据,正确的bytes,正确的秘钥
却始终无法得到正确的结果
使用的是给出的RSA工具,其中java环境运行良好,代码如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/**
* 私钥加密
*
* @param data
* @param PrivateKey
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String PrivateKey) throws Exception {
byte[] keyBytes = Base64Utils.decode(PrivateKey);
PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
if (keyFactory == null) {
initKeyFactory(KEY_ALGORITHM);
}
Key privateK = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
if (cipher == null) {
initCipher();
}
cipher.init(Cipher.ENCRYPT_MODE, privateK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}

其中cache = cipher.doFinal(data, offSet, inputLen - offSet);
返回数据错误
多方查证cipher的正确初始化方法为Cipher cipher = Cipher.getInstance(“RSA/ECB/PKCS1Padding”);

阅读全文 »

本文实例讲述了MySQL查询和修改auto_increment的方法。分享给大家供大家参考。具体如下:

查询表名为tableName的auto_increment值:

1
SELECT AUTO_INCREMENT FROM information_schema.tables WHERE table_name="tableName";

修改表名为tableName的auto_increment值:

ALTER TABLE tableName auto_increment=number ;

希望本文所述对大家的MySQL程序设计有所帮助。
https://www.jb51.net/article/60948.htm

阅读全文 »

今天打开AS,突然之间好几个文件报错,打开一个java,发现个事是xml

解决方法:
删除/user/name/AS/system 这个文件夹
阅读全文 »

com.alibaba.fastjson.JSONException: syntax error, expect }, actual ,
这种是因为没有对报文中null进行泛型转换导致的

阅读全文 »

准备篇

更新系统
  • 首先,更新软件源
    sudo apt update
  • 更新软件
    sudo apt upgrade
  • 重启
    sudo reboot
  • 删除不使用的linux镜像
    sudo dpkg --list|grep linux 红色的是我们正在使用的,不能删,所以
    OK,现在开始nginx
  • 创建文件夹存放nginx安装程序
    cd /
    mkdir -P maxexc/runtime/nginx
    发现lrzsz没有安装
    apt install lrzsz
    接下来下载和上传nginx到指定文件夹
    tar -xvf nginx-1.17.0.tar.gz
    ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
    运行之后发现缺少PCRE
    sudo apt-get install libpcre3 libpcre3-dev
    还有两个库要安装
    sudo apt-get install zlib1g-dev
    sudo apt-get install openssl libssl-dev
    如果没有安装过则使用
    make install
    加下来验证一下
    /usr/local/nginx/sbin/nginx -V
    netstat -lnp|grep nginx 可以看到,TLS已经支持
    配置开机启动服务
    在/etc/init.d/下创建nginx文件,sudo vim /etc/init.d/nginx,内容如下:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    #!/bin/sh

    ### BEGIN INIT INFO
    # Provides: nginx
    # Required-Start: $local_fs $remote_fs $network $syslog $named
    # Required-Stop: $local_fs $remote_fs $network $syslog $named
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: starts the nginx web server
    # Description: starts nginx using start-stop-daemon
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/local/nginx/sbin/nginx
    NAME=nginx
    DESC=nginx

    # Include nginx defaults if available
    if [ -r /etc/default/nginx ]; then
    . /etc/default/nginx
    fi

    STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"

    test -x $DAEMON || exit 0

    . /lib/init/vars.sh
    . /lib/lsb/init-functions

    # Try to extract nginx pidfile
    PID=$(cat /usr/local/nginx/conf/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
    if [ -z "$PID" ]; then
    PID=/run/nginx.pid
    fi

    if [ -n "$ULIMIT" ]; then
    # Set ulimit if it is set in /etc/default/nginx
    ulimit $ULIMIT
    fi

    start_nginx() {
    # Start the daemon/service
    #
    # Returns:
    # 0 if daemon has been started
    # 1 if daemon was already running
    # 2 if daemon could not be started
    start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
    || return 1
    start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
    $DAEMON_OPTS 2>/dev/null \
    || return 2
    }

    test_config() {
    # Test the nginx configuration
    $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
    }

    stop_nginx() {
    # Stops the daemon/service
    #
    # Return
    # 0 if daemon has been stopped
    # 1 if daemon was already stopped
    # 2 if daemon could not be stopped
    # other if a failure occurred
    start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
    RETVAL="$?"
    sleep 1
    return "$RETVAL"
    }

    reload_nginx() {
    # Function that sends a SIGHUP to the daemon/service
    start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
    return 0
    }

    rotate_logs() {
    # Rotate log files
    start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
    return 0
    }

    upgrade_nginx() {
    # Online upgrade nginx executable
    # http://nginx.org/en/docs/control.html
    #
    # Return
    # 0 if nginx has been successfully upgraded
    # 1 if nginx is not running
    # 2 if the pid files were not created on time
    # 3 if the old master could not be killed
    if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
    # Wait for both old and new master to write their pid file
    while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
    cnt=`expr $cnt + 1`
    if [ $cnt -gt 10 ]; then
    return 2
    fi
    sleep 1
    done
    # Everything is ready, gracefully stop the old master
    if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
    return 0
    else
    return 3
    fi
    else
    return 1
    fi
    }

    case "$1" in
    start)
    log_daemon_msg "Starting $DESC" "$NAME"
    start_nginx
    case "$?" in
    0|1) log_end_msg 0 ;;
    2) log_end_msg 1 ;;
    esac
    ;;
    stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    stop_nginx
    case "$?" in
    0|1) log_end_msg 0 ;;
    2) log_end_msg 1 ;;
    esac
    ;;
    restart)
    log_daemon_msg "Restarting $DESC" "$NAME"

    # Check configuration before stopping nginx
    if ! test_config; then
    log_end_msg 1 # Configuration error
    exit $?
    fi

    stop_nginx
    case "$?" in
    0|1)
    start_nginx
    case "$?" in
    0) log_end_msg 0 ;;
    1) log_end_msg 1 ;; # Old process is still running
    *) log_end_msg 1 ;; # Failed to start
    esac
    ;;
    *)
    # Failed to stop
    log_end_msg 1
    ;;
    esac
    ;;
    reload|force-reload)
    log_daemon_msg "Reloading $DESC configuration" "$NAME"

    # Check configuration before stopping nginx
    #
    # This is not entirely correct since the on-disk nginx binary
    # may differ from the in-memory one, but that's not common.
    # We prefer to check the configuration and return an error
    # to the administrator.
    if ! test_config; then
    log_end_msg 1 # Configuration error
    exit $?
    fi

    reload_nginx
    log_end_msg $?
    ;;
    configtest|testconfig)
    log_daemon_msg "Testing $DESC configuration"
    test_config
    log_end_msg $?
    ;;
    status)
    status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
    ;;
    upgrade)
    log_daemon_msg "Upgrading binary" "$NAME"
    upgrade_nginx
    log_end_msg $?
    ;;
    rotate)
    log_daemon_msg "Re-opening $DESC log files" "$NAME"
    rotate_logs
    log_end_msg $?
    ;;
    *)
    echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
    exit 3
    ;;
    esac
  • 设置服务脚本有执行权限
    sudo chmod +x /etc/init.d/nginx

  • 注册服务
    cd /etc/init.d/
    sudo update-rc.d nginx defaults
    现在基本上就可以开机启动了,常用的命令如下:
    sudo service nginx {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}

    自动部署

    安装和配置git
  • 安装git
    sudo apt install git

  • 新建用户,注意,密码一定要记住

    adduser git
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    Adding user `git' ... </B>
    Adding new group `git' (1000) ...
    Adding new user `git' (1000) with group `git' ...
    Creating home directory `/home/git' ...
    Copying files from `/etc/skel' ...
    Enter new UNIX password:
    Retype new UNIX password:
    Sorry, passwords do not match
    passwd: Authentication token manipulation error
    passwd: password unchanged
    Try again? [y/N] Y
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully
    Changing the user information for git
    Enter the new value, or press ENTER for the default
    Full Name []: git
    Room Number []: git
    Work Phone []: git
    Home Phone []: git
    Other []: git
    Is the information correct? [Y/n] Y
    root@iZj6cgoyl5x6opizfwaukrZ:~#
  • 然后开始配置同步key
    mkdir -P /home/git/.ssh
    创建可信的秘钥

  • 赋予git用户sudo权限
    执行:
    chmod 740 /etc/sudoers
    vim /etc/sudoers
    找到以下内容:

    1
    2
    # User privilege specification  
    root ALL=(ALL:ALL) ALL

    在root ALL=(ALL:ALL) ALL这一行下面添加git ALL=(ALL:ALL) ALL
    git
    保存退出后,修改回文件权限chmod 440 /etc/sudoers

  • 关闭git用户shell权限
    执行:vim /etc/passwd
    将最后一行的git:x:1001:1001:,,,:/home/git:/bin/bash修改为git:x:1001:1001:,,,:/home/git:/usr/bin/git-shell
    初始化git仓库
    切换到git用户su git
    然后:
    cd /home/git //切换到git用户目录
    mkdir blog.git //创建git仓库文件夹,以blog.git为例
    cd blog.git //进入仓库目录
    git init –bare //使用–
    创建网站目录
    cd /var/www/ //切换目录
    mkdir blog //创建网站目录,以blog为例
    配置SSH
    cd /home/git //切换到git用户目录
    mkdir .ssh //创建.ssh目录
    cd .ssh
    vim authorized_keys
    然后将本地的公钥复制到authorized_keys文件里(公钥即上文中本地执行cat ~/.ssh/id_rsa.pub查看的内容)
    用户组管理
    执行:
    ll /home/git/
    ll /var/www/
    确保blog.git、.ssh、blog目录的用户组权限为git:git
    若不是,执行下列命令后再查看:
    sudo chown git:git -R /var/www/blog
    sudo chown git:git -R /home/git/blog.git
    直接启用git-shell似乎有问题
    cp /usr/share/doc/git-1.7.4.4/contrib/git-shell-commands /home/git -R
    $ chown git:developers /home/git/git-shell-commands/ -R
    $ chmod +x /home/git/git-shell-commands/help
    $ chmod +x /home/git/git-shell-commands/list

    测试git

    配置Git Hooks
    创建post-receive文件
    git用户下执行:
    cd /home/git/blog.git/hooks //切换到hooks目录下
    vim post-receive //创建文件
    复制下面的内容到post-receive文件中:

    1
    2
    3
    4
    5
    6
    7
    8
    #!/bin/bash -l  
    GIT_REPO=/home/git/blog.git
    TMP_GIT_CLONE=/tmp/blog
    PUBLIC_WWW=/var/www/blog
    rm -rf ${TMP_GIT_CLONE}
    git clone $GIT_REPO $TMP_GIT_CLONE
    rm -rf ${PUBLIC_WWW}/*
    cp -rf ${TMP_GIT_CLONE}/* ${PUBLIC_WWW}

    保存退出后,执行:chmod +x post-receive赋予可执行权限。
    本地操作
    尝试连接
    在本地打开Git Bash:
    ssh git@VPS的ip

3.Git服务器打开RSA认证
/etc/ssh/sshd_config中将RSA认证打开:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
/home/git下创建.ssh目录,然后创建authorized_keys文件,把id_rsa.pub里面的内容复制到authorized_keys文件中
4.修改权限
  重要:
  修改 .ssh 目录的权限为 700
  修改 .ssh/authorized_keys 文件的权限为 600
chmod 700 .ssh
cd .ssh
chmod 600 authorized_keys

阅读全文 »