手机浏览 RSS 2.0 订阅 膘叔的简单人生 , 腾讯云RDS购买 | 超便宜Qcloud , 注册 | 登陆
浏览模式: 标准 | 列表分类:Linux

vsc 跳板机 设置

 比较简单的设置,就是利用 sshconfig 。

  1. 3、如果服务器需要通过跳板机登录(跳板机需要走本地网络代理)  
  2.   
  3. 首先配置跳板机ssh  
  4.   
  5. Host jumper  
  6.   HostName yyy.yyy.yyy.yyy # 跳板机IP,跳板机~/.ssh/authorized_keys需要配置ssh公钥  
  7.   User root  
  8.   ForwardAgent yes  
  9.   IdentityFile /Users/aslinwang/.ssh/id_ecdsa  
  10.   ProxyCommand corkscrew 127.0.0.1 12679 %h %p  
  11. 然后通过跳板机访问服务器  
  12.   
  13. Host aslin  
  14.   HostName xxx.xxx.xxx.xxx # 远程服务器IP,~/.ssh/authorized_keys需要配置ssh公钥  
  15.   User root  
  16.   ForwardAgent yes  
  17.   IdentityFile /Users/aslinwang/.ssh/id_ecdsa  
  18.   ProxyCommand ssh jumper -W %h:%p 2> /dev/null  
如果你不用 公钥,那可以尝试用sshpass (即,输密码式的登录):
XML/HTML代码
  1. Host aslin  
  2.   HostName xxx.xxx.xxx.xxx # 远程服务器IP,~/.ssh/authorized_keys需要配置ssh公钥  
  3.   User root  
  4.   ForwardAgent yes  
  5.   IdentityFile /Users/aslinwang/.ssh/id_ecdsa  
  6.   ProxyCommand sshpass -p [跳板机密码] ssh -p [跳板机端口] root@[跳板机IP] -W %h:%p 2> /dev/null  
 ------EOF----
文中的aslinwang是上述网址文章中的用户,如果是你自己的,就是/Users/用户名/,相信能找到这里的人应该都明白
 
 
 
 
 
 

Tags: vsc, sshpass

我可能错怪layerstack了

 上一篇博客说了。我用vsc的ssh-remote的时候,30秒或者1分钟必断。错误信息一直就类似:

[04:30:38.608] "install" terminal command done
[04:30:38.609] Install terminal quit with output:
[04:31:18.258] SSH Resolver called for "ssh-remote+neatstudio.com", attempt 2
[04:31:18.258] SSH Resolver called for host: neatstudio.com
[04:31:18.259] Setting up SSH remote "neatstudio.com"
[04:31:18.259] Using commit id "f06011ac164ae4dc8e753a3fe7f9549844d15e35" and quality "stable" for server
[04:31:18.263] Running script with connection command: ssh -o ClearAllForwardings=true -o ConnectTimeout=15 neatstudio.com bash
[04:31:18.263] Install and start server if needed
[04:31:35.269] Connecting with SSH timed out
[04:31:35.269] TELEMETRY: {"eventName":"resolver","properties":{"outcome":"failure","reason":"Timeout"},"measures":{"resolveAttempts":2,"retries":1}}
[04:31:35.269] ------

重连后也是

[04:37:06.477] SSH Resolver called for "ssh-remote+neatstudio.com", attempt 12
[04:37:06.477] SSH Resolver called for host: neatstudio.com
[04:37:06.477] Setting up SSH remote "neatstudio.com"
[04:37:06.478] Using commit id "f06011ac164ae4dc8e753a3fe7f9549844d15e35" and quality "stable" for server
[04:37:06.479] Running script with connection command: ssh -o ClearAllForwardings=true -o ConnectTimeout=15 neatstudio.com bash
[04:37:06.480] Install and start server if needed
[04:37:21.515] > ssh: connect to host 123.176.103.247 port 22: Operation timed out
[04:37:21.515] Got some output, clearing connection timeout
[04:37:21.776] "install" terminal command done
[04:37:21.776] Install terminal quit with output: ssh: connect to host 123.176.103.247 port 22: Operation timed out
[04:37:21.776] Received install output: ssh: connect to host 123.176.103.247 port 22: Operation timed out
[04:37:21.777] The operation timed out
[04:37:21.777] TELEMETRY: {"eventName":"resolver","properties":{"outcome":"failure","reason":"OfflineError"},"measures":{"resolveAttempts":12,"retries":1}}
[04:37:21.777] ------

发了ticket给layerstack。他们测试也来没有这个问题。我开始以为是什么openfiles limit的问题。也打开到最大了。

期间调整了一下这个:echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p,因为开始有报inotify max error

直到他们给我发了一个ticket:

Thank you for your patience in this matter.

We have investigated the issue in detail and we are not able to recreate the issue from our end. We have checked the same from multiple locations and find out its working fine.

The reported issue seems to be related to your local ISP, so we suggest you to change the standard port (22) of SSH to some other non standard port like 2222 or 2244, in server and recheck the issue.

Please do have a check on our above suggestion and let us know if you still face any issues in accessing.

所以我就想了一下,直接把PORT改成了2222,2223,2244,然而仍然 失败,最后我用了一个超大端口,居然正常了

ssldocker还是不稳定

 如题。本来想切caddy的。caddy已经更新。但因为我用的是lightsail,结果又不能自动更新。而当前域名,我切到了aws 的lightsail。因为lightsail属于aws旗下,必须得由IAM等管理工具来配权限,然而lightsail却只有action没有policy。不知道怎么配了

但奇怪的是,ssldocker却可以申请证书。caddy一直报没有权限(caddy我还配置了aws_app_key.....反而不行,而ssldocker啥也不要)

再坚持几天。如果ssldocker继续 不稳定(systemd 重启失败多次),还是恢复成nginx + acme.sh (或者certbot)。。或者。。。实在不行,切回dnspod!!!NND

Tags: ssldocker, caddy, lightsail, aws

服务器迁移,采用ssldocker+apache2

 其实ssldocker的效率并不高,而且网上几乎没有啥文档

缺点:
1、不支持泛域名,比如我neatstudio.com和www.neatstudio.com,我得配两条记录
2、只能反向代理 ,不支持直接象nginx那样配一个php-fpm之类的
 
优点
1、http2https,自带
2、域名随意自动签,不需要其他软件
 
其实我本来是想用caddy的。但社区型软件就有一个很大的问题,比如这个域名ssl,到现在都不正常。应该是模块的版本号的问题。也懒得重新编译了(虽然 说性能比ssldocker好,但既然我要动手,那就先算了)
ssldocker就一个文件:ssldocker -c conf.json就完事了。
之前一直用supervisor,这回用systemd,好象也就两行代码的事情。不然我还得 ssldocker -c conf.json & 。现在两行代码解决
 
忍忍,先用着吧
 

Tags: ssldocker

vagrant up报错:Error on Vagrant Up related to Guest Permissions

尝试使用laravel的时候,看到有推荐且指定要用Homestead,其实我一直用MAMP,看博客的人都知道。用了N年了。但从更早的博客看的话,应该是会发现我是用虚拟机+NFS来进行代码和虚拟域名管理的。

那时候只要装一个hosts管理软件,然后指定127.0.0.1 为host,同时将虚拟机的端口映射出来就行了。所有的apache/nginx配置都在虚拟机里完成。好处当然有,在那个没有vagrant的年代,vmware+虚拟机文件,团队里就有统一的开发环境了,这时候不用担心他们用windows还是用mac又或者用linux。环境统统一样。

现在homestead,其实也是做了同样的事情。各种东西帮你装好(嗯,以前装虚拟机还要自己折腾)

之前弄好的时候,vagrant ssh都可以直接免密登录的(毕竟读Homestead.yaml,其实是Homestead下有一个Vagrantfile,里面的脚本让他可以读到Homestead.yaml)。

刚才修改了一下Homestead.yaml,结果登录的时候就需要输入密码了,密码当然没啥问题,不就是vagrant么。但为什么呢?报错信息是:Guest-specific operations were attempted on a machine that is not ready for guest communication. This should not happen and a bug should be reported.网上查了查,很多人出现过这个情况:有人说,删了~/.vagrant.d目录就行了。但我不行啊。这个目录下有6G,而且我下的box是支持parallels desktop的。如果重下,代价太大了。(网速太慢)

我尝试vagrant halt再vagrant up,发现一个问题,提示我有一个port从8025没法映射到mac 的8025,而改成2200了。我想了想,好象我在mac安装了mailhog,难道是因为这个原因?于是我brew services stop mailhog,再vagrant up,果然 没有报错

再回到之前的google搜索,在这里:https://github.com/hashicorp/vagrant/issues/8499,有个人也有提出:

The fix for this issue was released in the plugin. The root cause is due to the network reset after applying port forwards. It causes DHCP configured devices to drop their address and re-acquire a new lease which leads to the "Guest-specific operations..." error. The fix adds a pause after applying the forwards before continuing. If you find that the pause is not long enough, it can be configured using a provider configuration option: https://www.vagrantup.com/docs/vmware/configuration.html#port_forward_network_pause

Cheers!

 

---EOF---

好了,问题解决。安心 睡觉

 

 

 

Tags: vagrant, homestead, mailhog

Records:24612345678910»