架站 | 聰明的生活

rockylinux 9安裝防軟體clamAV

2023-03-102023-04-28 yku Leave a comment

即時掃瞄；自動更新病毒碼

1.安裝 epel-release

sudo dnf install epel-release yum-utils -y

2.安裝clamAV

sudo dnf install clamav clamd clamav-update -y

確認版本

clamd --version

docker xrdp遠端桌面

2023-03-032023-03-03 yku Leave a comment

在docker裡安裝rdp，這裡有二個範例，一個是ubuntu為範本製作的，另一個使用rockylinux為基底，基本上可使用注音及倉頡輸入法、中文字型及firefox browser。

catyku/UbuntuXRDP: with chinese input ime and firefox (github.com)

catyku/RockyLinux9XRdpDocker: RockyLinux 9 install xrdp to docker (github.com)

rockylinux (centos)為基底的image，很多UI應用程式都可以使用yum 直接安裝。

而以ubuntu為基底的image，因為ubuntu本身UI應用程式都需要使用snap都支持，安裝上就相對比較麻煩。

docker run -d --name containerName -p 3389:3389 catyku/ubuntu-xrdp:22.04 createUser password rootYesNo

docker run -d --name containerName -p 3389:3389 catyku/rockylinuxrdp createUser password rootYesNo

之後就可以使用遠端桌面連入docker裡了

ubuntu 22.04 安裝clamav防毒軟體

2023-02-242023-02-24 yku Leave a comment

當在使用 Ubuntu 22.04 時，可能需要安裝 ClamAV 來檢查系統中是否有病毒和惡意軟體。在本篇文章中，將介紹如何安裝 ClamAV，以保護 Linux 系統免受惡意軟體和病毒的侵害。

首先，打開終端terminal機並更新系統。請輸入以下命令：

sudo apt update && sudo apt upgrade

接下來，輸入以下命令以安裝 ClamAV：

sudo apt install clamav clamav-daemon -y

安裝完成後，可以執行以下命令來更新 ClamAV 的病毒定義庫：

sudo freshclam

接下來，可以使用以下命令來掃描您的系統：

sudo clamscan -r /path/to/folder

如果希望 ClamAV 在系統啟動時自動運行，請使用以下命令：

sudo systemctl enable clamav-daemon

這將自動啟用 ClamAV 並在系統啟動時運行。

ubuntu 22.04 網路修改成固定ip (多個)

2023-02-232023-02-23 yku Leave a comment

ubuntu 17.10之後更改網路ip改使用netplan，這比之前的設定方式簡單而且安全多了，設定完可以先使用try來確定設定值是否成立，避免network down跟up間，遠端連線就失敗掉了。

方法很簡單，修改

sudo nano /etc/netplan/00-installer-config.yaml

原本

改成需要的設定檔

nginx with let’s encrypt ssl , php-fpm , tomcat , mariadb environment

2022-10-142022-10-14 yku Leave a comment

nginx 啟動時會自動安裝let’s encrypt ssl ，nginx與tomcat及php-fpm間使用proxy_pass，大概如下:

server {
    # Listen to port 443 on both IPv4 and IPv6.
    listen 443 ssl default_server reuseport;
    listen [::]:443 ssl default_server reuseport;

    # Domain names this server should respond to.
    server_name a.yslifes.com;

    root /var/www/html;
    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/a.yslifes.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/a.yslifes.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/a.yslifes.com/chain.pem;

    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

    #return 200 'Let\'s Encrypt certificate successfully installed!';
    #add_header Content-Type text/plain;


    gzip on;
    gzip_types text/plain application/xml application/json;
    gzip_comp_level 9;
    gzip_min_length 1000;


    #brotli on;
 
    # 預設為 6, 0 ~ 11; 值愈大壓縮率愈高，使用的 CPU 愈多~
    #brotli_comp_level 6;
    #brotli_static on;
 
    # 壓縮對像
    #brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
 



    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    #location / {
    #        proxy_pass http://api/;
    #}


        # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;


#    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
#            try_files $uri $uri/ =404;
#    }
    location / {
        proxy_pass http://tomcat10:8080/;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Forwarded $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }
#    location ~ [^/]\.php(/|$) {
#       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#       if (!-f $document_root$fastcgi_script_name) {
#           return 404;
#       }

       # Mitigate https://httpoxy.org/ vulnerabilities
#       fastcgi_param HTTP_PROXY "";
   
#       fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
#       fastcgi_param PATH_INFO        $fastcgi_path_info;

#       fastcgi_pass phpfpm7.4:9000;
#       fastcgi_index index.php; 

       # include the fastcgi_param setting
#       include fastcgi_params;

       # SCRIPT_FILENAME parameter is used for PHP FPM determining
       #  the script name. If it is not set in fastcgi_params file,
       # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
       # please comment off following line:
       # fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
#    }
}

docker-compose.yml檔如下: