跳至正文
  • 195 views
  • 4 min read

学习笔记

新浪微博 豆瓣 QQ 百度贴吧 QQ空间

R68S 升级 openwrt注意事项

自己编译的 LEDE ROM在R68S上面不能通过 web 页面进行升级,只能使用 dd命令进行升级,命令如下:

dd if=./xxx.img of=/dev/mmcblk0

Mysql 主备同步异常修复:

change master to master_host='mysql-master-svc.wordpress.svc.cluster.local',master_user='slave',master_password='xxxxxx',master_log_file='mysql_bin.000004',master_log_pos=0,master_port=3306; change master to master_log_file='mysql-bin.000007',master_log_pos=155;

openWRT socat转发 IPV6 命令:

socat TCP6-LISTEN:10000,reuseaddr,fork TCP4:192.168.10.1:80

let’s encrypt证书申请:

1.安装:
curl https://get.acme.sh | sh

2.切换加密方式
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

3.修改 account.conf,内容如下:
#LOG_FILE="/root/.acme.sh/acme.sh.log"
#LOG_LEVEL=1
#AUTO_UPGRADE="1"
#NO_TIMESTAMP=1
UPGRADE_HASH='afacdfcb95e063325d8f01ebc8daa57322307d92'
SAVED_CF_Key='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
SAVED_CF_Email='[email protected]'
USER_PATH='/usr/sbin:/usr/bin:/sbin:/bin'
DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'

4.申请命令如下:
/root/.acme.sh/acme.sh  --issue  --dns dns_cf -d ruibo.edu.eu.org -d *.ruibo.edu.eu.org

5.用 certbot命令申请,其中--dry-run 为测试,正式申请需删除
certbot certonly  -d *.opro.asia --manual --preferred-challenges dns --dry-run

编译 docker 版 ipv6 注意事项

通过加速镜像站点安装指定版本 docker

curl -fsSL https://get.docker.com | DOWNLOAD_URL=https://mirrors.ustc.edu.cn/docker-ce bash -s docker --version 24.0.5

通过加速镜像站点安装指定版本 docker

curl -fsSL https://get.docker.com | DOWNLOAD_URL=https://mirrors.ustc.edu.cn/docker-ce bash -s docker --version 24.0.5

编译完 armbian 版 docker 的 LEDE 后,armvirt版 LEDE 的 uhttpd 服务起不来,可以将 nginx 编译进去就可以了,编译时添加两个包,luci-nginx和luci-ssl-nginx

nginx 配置文件(/etc/config/nginx)如下:

config main global
        option uci_enable 'true'

config server '_lan'
        list listen '443 ssl default_server'
        list listen '[::]:7443 ssl default_server'
        option server_name '_lan'
        #list include 'restrict_locally'
        list include 'conf.d/*.locations'
        #option uci_manage_ssl 'self-signed'
        option ssl_certificate '/etc/uhttpd.crt'
        option ssl_certificate_key '/etc/uhttpd.key'
        option ssl_session_cache 'shared:SSL:32k'
        option ssl_session_timeout '64m'
        option access_log 'off; # logd openwrt'

config server '_redirect2ssl'
        list listen '80'
        list listen '[::]:7080'
        option server_name '_redirect2ssl'
        option return '302 https://$host$request_uri'

config server '_redirect2ssl'
        list listen '90'
        list listen '[::]:90'
        option server_name '_redirect2ssl'
        option return '302 https://$host$request_uri'

Armbian Docker安装 openwrt 镜像作为旁路由,同时开启 ipv6

查看 ipv6 网段

root@armbian:~# ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
240e:380:9990:ba00::1000 dev eth0 proto kernel metric 100 pref medium
240e:380:9990:ba00::/64 dev eth0 proto ra metric 100 pref medium
240e:380:9990:ba00::/64 dev docker0 proto kernel metric 256 linkdown pref medium
240e:380:9990:ba00::/64 dev docker0 metric 1024 linkdown pref medium
fe80::/64 dev macvlan proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
default via fe80::a61a:3aff:fe19:f881 dev eth0 proto ra metric 100 pref medium

创建 docker macvlan 命令如下:

docker network create -d macvlan --subnet=192.168.10.0/24 --gateway=192.168.10.254 --subnet=fe80::/64 --gateway=fe80::1 -o parent=eth0 macnet

创建 lede docker

docker run --restart always -d --name lede --network macnet --privileged guoshh/lede:latest

如果需要指定 lede 的 mac 地址,可执行以下命令:
docker stop lede; docker rm lede; docker run --restart always -d --name lede --mac-address=02:42:c0:a8:0a:02 --network macnet --privileged guoshh/lede:latest

编译 armbian docker版 lede 方法:

make menuconfig 
-->Target System (QEMU ARM Virtual Machine)
-->Subtarget (64-bit ARM machines)
-->Target Profile (Generic EFI Boot)
...
-->Target Images
   取消选择:cpio.gz vmdk ext4

取消选择:
-> Network                                                                                           -> Web Servers/Proxies
-> sing-box

取消选择:
-> LuCI
-> Applications
-> luci-app-passwall
-> Include Sing-Box

选择:
->LuCI
->Collections
[*] luci-nginx
[*] luci-ssl-nginx

将make_opwrt_docker_img.gz 解压到/root/N1 目录,并将openwrt-armvirt-64-generic-rootfs.tar.gz更名为openwrt-armvirt-64-default-rootfs.tar.gz 放入/root/N1 目录,修改build.sh 的 TAG 和 IMG_NAME变量,然后执行如下命令

bash build.sh

root@armbian:~/N1# docker image ls
REPOSITORY    TAG        IMAGE ID       CREATED        SIZE
guoshh/lede   latest     3ff9556ef7cc   3 hours ago    264MB
guoshh/lede   5.15.145   736d419238cb   24 hours ago   211MB

X86-64 Docker安装 openwrt 镜像作为旁路由,同时开启 ipv6

1.创建 docker macvlan

docker network create -d macvlan --ipv6 --subnet=fe80::/60 --gateway=fe80::1 --subnet=192.168.0.0/24 --gateway=192.168.0.254 -o parent=ens160 -o macvlan_mode=bridge macnet

2.修改 docker daemon.json

{
"experimental": true,
"ipv6": true,
"ip6tables": true,
"fixed-cidr-v6": "fe80::/64"
}

3.创建 docker

docker run --restart always -d --name lede --network macnet --privileged guoshhsz/lede-x86:latest

如果需要指定 lede 的 mac 地址,可执行以下命令:
docker stop lede; docker rm lede; docker run --restart always -d --name lede --mac-address=02:42:c0:a8:0a:02 --network macnet --privileged guoshhsz/lede:latest

4.修改 openwrt /etc/sysctl.conf 文件,添加如下内容:

net.ipv6.conf.all.disable_ipv6=0
net.ipv6.conf.default.disable_ipv6=0
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2

5.修改 openwrt /etc/rc.local文件,在 exit 0 之前添加如下内容

ip link set eth0 promisc on
ip link add link eth0 wan_mac0 type macvlan
ip link set wan_mac0 address 02:42:00:11:7C:01
ip link set wan_mac0 up

解决ubuntu宿主机无法和 docker 通讯的问题:

#配置宿主机和容器通讯
#开启网卡混杂模式
ip link set enp1s0 promisc on
#宿主机创建一个macvlan
ip link add macvlan_host link enp1s0 type macvlan mode bridge
#设置macvlan ip 并启用
ip addr add 192.168.10.250 dev macvlan_host
ip link set macvlan_host up
@增加路由表
ip route add 192.168.10.254 dev macvlan_host

armbian 网卡 MAC地址修改方法:

在/boot/uEnv.txt文件最后一行添加如下内容:
ethaddr=xx:xx:xx:xx:xx
最好是用原来的 mac 地址进行微调,否则可能会不生效

如果还不行,继续修改如下文件:
root@armbian:~# cat /etc/NetworkManager/system-connections/Wired\ connection\ 1.nmconnection |grep mac
cloned-mac-address=FC:xx:xx:xx:xx:xx

发表回复

联系站长