Mindblown: a blog about philosophy.

Introduction The installimage script in the Hetzner Rescue System provides an easy way to install various Linux distributions. This tutorial shows how to use installimage to install an encrypted Ubuntu 20.04 system and add remote unlocking via SSH (dropbear) in initramfs stored in a separate /boot partition. Prerequisites Hetzner account Server booted into the Rescue System RSA or ECDSA SSH public key No…

[Unit]Description=kcp serviceAfter=network.target syslog.targetWants=network.target [Service]Type=simpleExecStart=/your/path/kcptun -c /your/path/kcp.json [Install]WantedBy=multi-user.target

Certain Linux distributions that use SystemD such as Ubuntu 20.04 may not allow you to run /etc/rc.local when the system is booting. In this tutorial we will go through how to allow /etc/rc.local during system boot on Ubuntu 20.04 Focal Fossa. As of Ubuntu 16.10 Xenial, the official distribution does not contain the /etc/rc.local file. Requirements:Ubuntu 20.04VIM…

Shadowosocks-QT5 下面以 Ubuntu 64 位系统做参考，其他系统请参考 安装指南 第一步 安装 Shadowsocks-Qt5 按照下面的说明在 Ubuntu 上下载并安装 Shadowsocks-Qt5。 1. 下载客户端 【Shadowsocks-Qt5】 【历史版本】 2. 安装客户端 右键单击 “Shadowsocks-Qt5-x.x.x-x86_64.AppImage” > 选择 “Properties” > 单击 “Permissions” > 在”Allow excuting file as program” 上打勾。 第二步 获取 Shadowsocks 账号信息 详见：SS/ShadowsocksR 服务器节点 点击获取 第三步 配置 Shadowsocks 账号 在您的电脑上， 执行下列操作： 双击Shadowsocks-Qt5-x.x.x-x86_64.AppImage > “Connection” > “Add” > “Manually”。 填写…

在OpenWRT路由器上，安装和配置WireGuard AzireVPN 有一篇很好的文章讲解了安装和配置的过程，这里将要点重复一下。首先是安装OpenWRT到路由器，我使用的是小米路由器Mini，安装的是OpenWrt 18.06.1，下载地址为https://downloads.openwrt.org/releases/18.06.1/targets/ramips/mt7620/openwrt-18.06.1-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin， 官方安装教程https://openwrt.org/toh/xiaomi/mini ,刷机后默认前指示灯为红色，不是刷机失败。刷机完成后网线插入LAN口，访问192.168.1.1，默认密码为空，登陆后设置密码，然后开启WiFi功能，radio0是5G，radio1是2.4G。默认的LAN地址是192.168.1.1，如果做二级路由可能有冲突，所以我通过SSH改为192.168.31.1，通过Luci图形界面修改是不行的。 重启后就需要访问192.168.31.1来进入Luci界面和SSH到路由器了。接下来是安装WireGuard： 重启后进入Network->Interfaces，添加新的网络，Name填WG0，Protocol选择WireGuard VPN，回到Interfaces，配置新添加的接口，General Setup根据TunSafe下载的配置文件填写，如果申请了AzireVPN的WireGuard测试节点，同样可以将下载的配置填入相应的字段。需要注意的是Allowed IPs为0.0.0.0/0时外网流量才走VPN。Firewall Settings里Create / Assign firewall-zone填写wg，即新建一个名为wg的区域。若配置没有问题，可进入Status->WireGuard Status查看状态，Latest Handshake应该出现，Data Received应该不为零。接下来配置防火墙，进入Network->Firewall,Zones 编辑lan，Allow forward to destination zones: 选择wan和wg0，保存。回到防火墙，配置wg，Input->reject，outpub->accept，Forward->reject，Masquerading->yes，MSS clamping->yes。 执行opkg update测试网络。这时还不能上Google进行测试，因为还没有配置正确的DNS。在Network->Interfaces->WAN->Edit，Advanced Settings，取消Use DNS servers advertised by peer后的对勾，保存。在Network->DHCP and DNS，DNS forwardings填入8.8.8.8，滚动到最下面点击保存，进入System->Reboot，重新启动。到现在为止已经可以访问Google了，PS4的联机网络测试NAT类型为NAT2，Ping值根据地理位置和网络情况而定，并不一定有直连好，如果WireGuard服务器在国内的话应该能在实现NAT2的同时保存较好的网络延迟。最后做的优化就是PS4游戏更新的下载速度。因为PS4在国内有CDN服务器，所以下载游戏还是要走国内网络。断开路由器的连接，电脑直连ISP网络，使用nslookup 查看gs2.ww.prod.dl.playstation.net的IP地址。 也可以访问ipip.net CDN 查询 选择离自己最近的测试点，填入gs2.ww.prod.dl.playstation.net查询，Ping解析出来的CDN域名，选择延迟最低的IP，填入OpenWRT的/etc/hosts文件里： 其中gs2.ww.prod.dl.playstation.net是游戏下载服务器的域名，post.net.playstation.net是上传测试的域名，填入hosts文件后OpenWRT会将DNS解析为指定IP，再添加路由表让指定IP不走VPN。进入Network->Static Routes，添加IPv4路由表，Interface选择wan，Target为Hosts中的IP， IPv4-Netmask可为空或者填写255.255.255.255，IPv4-Gateway填写上级路由的网关地址，Route type为unicast。Hosts文件中有几个固定IP就添加几条静态路由。注意网关地址为上级路由器的网关地址，不是192.168.31.1。PS4的DNS要使用DHCP分配的路由器DNS服务器才会生效。测试可以Ping 222.138.6.98看延迟是否增加，或者tracert 222.138.6.98查看是否全部走国内地址，可以使用PS4的网络测试查看下载速度和上传速度，同时观察WireGuard Status的流量是否增加。最终效果就是获得了NAT2的网络，又不影响游戏下载速度。网络延迟和丢包可以在接入路由器的电脑上测试，接入该路由器的设备都会使用VPN作为网络出口。参考链接：AzireVPNTunSafeOpenWRTHow to configure WireGuard on OpenWrt/LEDE using LuCi———- OpenWRT路由器上，使用chnroute.sh 环境准备，将ftp.apnic.net添加到静态路由，防止通过VPN连接失败。 固定IP地址添加到…

Introduction Often web servers (or hosting subscriptions) are writing in tmp folder. Therefore, it’s good to keep the tmp folder clean and safe. A good way to secure your tmp folder on a linux machine is to disallow script execution in the tmp folder. I will show you how to check and secure your tmp…

Introduction In this tutorial I will show you how to install SolusVM with 2 nodes, 1 as master with OpenVZ virtualization and 1 as a slave with KVM virtualization. Prerequisites 2 servers with root access Step 1 – Order your servers Login to your account, for example at Hetzner from Hetzner Accounts Choose the master servers…

Introduction Before you start installing the WordPress CMS on the server, you must meet the following conditions: Prerequisites Server with Operating System Linux CentOS 7 Minimal Installation ISO LAMP Stack (Linux, Apache, MySQL, PHP), if you don’t have it installed, please follow this tutorial Root access SSH Tools Putty For Windows OpenSSH in Linux/macOS (available by default)…

Introduction In this tutorial, I explain how to install the IonCube Loader on CentOS6. IonCube was founded in 2002, and introduced tools to protect software written using the PHP programming language from being viewed, changed, and run on unlicensed computers. The encoding technology grew out of earlier work on the PHP Accelerator project, and at…

Introduction In this tutorial, I will show you how to set up a GitLab CE server on a Hetzner Cloud server using docker and docker-compose. As reverse proxy and to provide a LetsEncrypt certificate we use Traefik. Also, we provide a docker image registry with GitLab. Prerequisites A Hetzner Cloud machine (I recommend at least…