在Oracle Linux 9 中使用 noVNC

[MD]
dnf group install "Server with GUI"

systemctl set-default graphical

reboot

sed '/^#WaylandEnable/s/^#//g' /etc/gdm/custom.conf

# VNCServer

dnf install -y tigervnc-server tigervnc-server-module

vncpasswd

restorecon -RFv $HOME/.vnc

echo ":1=$(whoami)"| sudo tee -a /etc/tigervnc/vncserver.users > /dev/null

systemctl daemon-reload

systemctl enable --now vncserver@:1.service

systemctl restart vncserver@:1.service

firewall-cmd --zone=public --add-service=vnc-server --permanent

firewall-cmd --reload

# noVNC

yum install git

wget https://github.com/novnc/noVNC/archive/refs/tags/v1.5.0.tar.gz

tar -zxvf v1.5.0.tar.gz

mv noVNC-1.5.0 noVNC

cd noVNC/utils

firewall-cmd --add-port=6080/tcp  --permanent

firewall-cmd --reload

vi /noVNC/utils/start.sh

# --start.sh 开始--
#!/bin/bash
/noVNC/utils/novnc_proxy --vnc localhost:5901 --listen 6080 &
# --start.sh 结束--

chmod u+x /noVNC/utils/start.sh

vi /etc/systemd/system/novnc.service

# --novnc.service 开始--
[Unit]
Description= noVNC  Service(noVNC)
After=tigervnc.target

[Service]
# backend running
Type=forking

ExecStart=/noVNC/utils/start.sh
ExecStop=/bin/kill -9 $(ps -e | grep 'receive' | awk '{print $1}')
Restart=on-failure

[Install]
WantedBy=multi-user.target
# --novnc.service 结束--

systemctl daemon-reload

systemctl enable novnc.service

systemctl restart novnc.service

# 输入法

yum install ibus-libpinyin

# 重启系统,在Applications>>Settings>>Keybord>>input Source中有个加号点添加

# 搜索chinese(Intelligent Pinyin) 点Add

在docker的centos里启用systemd

[MD]

1. 拉取镜像[1]

docker pull centos

2. 创建一个DockerFile文件

vi mydockerfile
# 以下是mydockerfile文件的内容
FROM centos:7
MAINTAINER "Yourname" <[email protected]>
ENV container docker
RUN yum -y update; yum clean all
RUN yum -y install systemd; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
# mydockerfile内容结束

3. 将centos镜像打包为新的centos7-systemd镜像

docker build -t centos7-systemd - < mydockerfile

4. 创建并运行docker容器centos7[2]

docker run --name centos7 --net=host --privileged=true -d -e container=docker  -v /sys/fs/cgroup:/sys/fs/cgroup  centos7-systemd

  1. 参考资料:https://serverfault.com/questions/824975/failed-to-get-d-bus-connection-operation-not-permitted ↩︎

  2. 原文为docker run --rm --privileged -ti -e container=docker -v /sys/fs/cgroup:/sys/fs/cgroup centos7-systemd /usr/sbin/init ↩︎

acme.sh部署、续期、吊销

© Sunplace,2024 本文使用的是ZeroSSL的ECC证书
# 安装acme.sh
curl https://get.acme.sh | sh
# 设置自动更新
acme.sh --upgrade --auto-upgrade
# 设置ZeroSSL
acme.sh --set-default-ca --server zerossl
# 设置Cloudflare参数
export CF_Key="Cloudflare的Global API Key"
export CF_Email="CF账户"
# 注册用户
acme.sh --register-account -m ZeroSSL账户邮箱 --server zerossl
# 申请证书(Cloudflare DNS)
acme.sh --dns dns_cf --issue -d 域名或泛域名 --nginx
# 更新证书(强制)
acme.sh --renew -d 域名或泛域名 --force --ecc
# 域名或泛域名 is not a issued domain, skip.
# 解决方法:acme.sh --dns dns_cf --issue -d 域名或泛域名
# 吊销证书
acme.sh --revoke -d 域名或泛域名 --ecc
# Cert for 域名或泛域名 /root/.acme.sh/域名或泛域名_ecc/域名或泛域名.cer is not found, skip.
# 解决方法:acme.sh --install-cert -d 域名或泛域名 --ecc
# 删除证书
acme.sh --remove -d 域名或泛域名 --ecc
关于吊销的补充说明: 1. acme.sh无法吊销没有安装在本地的ZeroSSL证书。 3. 如遇到证书泄露,必须进行吊销的情况,可以直接申请新的证书。

非root密钥登陆ssh

ssh-keygen -t rsa -C "xxx@domain" 
# 将生成的密钥放到相应的位置
mkdir /home/username/.ssh 
touch /home/username/.ssh/authorized_keys
# Enter file in which to save the key (/root/.ssh/id_rsa):/home/username/.ssh/id_rsa
cd /home/username/.ssh
cat id_rsa.pub > authorized_keys
# 修改权限
cd ..
chown -R username:username .ssh 
chmod -R 700 .ssh
chmod 600 .ssh/authorized_keys
登陆的用户名为:username 登陆的密钥为/home/username/.ssh/id_rsa的内容