EExcel 丞燕快速查詢2

EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/

nuxt 3 $fetch x-www-form-urlencode blob

file download


  const pdf = async () => {
    const download_url = new URL("/api/pdf")
    download_url.search = new URLSearchParams({'order_id': '20241101001'}).toString();
    
    try {
      const blob = await $fetch(download_url.toString(), {
        method: 'GET',
        headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
        },
      })
    
      const link = document.createElement('a');
      link.href = URL.createObjectURL(blob);
      link.setAttribute('download', '20241101001.pdf');
      document.body.appendChild(link);
      link.click()

      document.body.removeChild(link);
    } catch (error) {
      console.log(error)
    }
  }
file print


  var iframe = document.createElement('iframe');
  iframe.style.display = 'none';
  iframe.src = url;
  document.body.appendChild(iframe);
  iframe.contentWindow.focus();
  iframe.contentWindow.print();

Alpine qemu-guest-agent no such package


> apk add qemu-guest-agent

ERROR: unable to select packages:
  qemu-guest-agent (no such package):
    required by: world[qemu-guest-agent]
Only way: Change Alpine repositores.


# https://wiki.alpinelinux.org/wiki/Repositories

> setup-apkrepos -cf

or

http://alpine.ccns.ncku.edu.tw/alpine/v3.20/main

#http://dl-cdn.alpinelinux.org/alpine/v3.20/community

http://alpine.cs.nycu.edu.tw/v3.20/main

http://alpine.cs.nycu.edu.tw/v3.20/community

Alpine Linux image with Cloud-Init ready for Proxmox

[轉]How to prepare Alpine Linux image with Cloud-Init ready for Proxmox

https://5wire.co.uk/how-to-prepare-alpine-linux-image-with-cloud-init-ready-for-proxmox/

[轉]Enable cloud-init for a Alpine VM on proxmox

https://gist.github.com/longtian/499261f4c68f0fb40b481bb1e74aa8ca

systemd wstunnel

Create /etc/systemd/system/wstunnel.service


[Unit]
Description=Wstunnel Server Service
After=network.target

[Service]
Type=simple
Restart=on-failure
RestartSec=5s
LimitNOFILE=1048576

ExecStart=/usr/bin/wstunnel server wss://[::]:1234 -r aabbccddeeff

[Install]
WantedBy=multi-user.target


systemctl daemon-reload

systemctl enable wstunnel.service

systemctl start wstunnel.service

systemctl status wstunnel.service

[轉]Debian: fail2ban + nftables

https://blog.cyberfront.org/index.php/2021/10/27/debian-fail2ban/

=====

https://github.com/fail2ban/fail2ban/issues/3292

# /etc/fail2ban/jail.local
[DEFAULT]
default_backend = systemd
logtarget = SYSTEMD-JOURNAL

# /etc/fail2ban/jail.d/named.conf
[named-refused-tcp]
backend = systemd
How to check

1. journalctl -r

2. less /var/log/fail2ban.log

3. fail2ban-client status or fail2ban-client status sshd or fail2ban-client status ooxxooxx

2 files in one command Create SSL for wildcard domain selfsigned

https://gist.github.com/dasgoll/5c7c02f363e7aeaff2837d650d985cc7

EX: *.ccdd.com


openssl req  -subj "/C=cd/CN=*.ccdd.com" -x509 -nodes -days 365 -newkey rsa:2048 -keyout ccdd-wildcard-selfsigned.key -out ccdd-wildcard-selfsigned.crt

awesome-tunneling

https://github.com/anderspitman/awesome-tunneling

nftables template

https://wiki.gbe0.com/en/linux/firewalling-and-filtering/nftables/template-inbound-outbound

#!/usr/sbin/nft -f

## Clear/flush all existing rules
flush ruleset

# Main inet family filtering table
table inet filter {

  # Rules for forwarded traffic
  chain forward {
    type filter hook forward priority 0; policy drop

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "Forward - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

  # Rules for input traffic
  chain input {
    type filter hook input priority 0; policy drop

    ## Permit inbound traffic to loopback interface
    iif lo \
      accept \
      comment "Permit all traffic in from loopback interface"

    ## Permit established and related connections
    ct state established,related \
      counter \
      accept \
      comment "Permit established/related connections"

    ## Log and drop new TCP non-SYN packets
    tcp flags != syn ct state new \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - New !SYN: " \
      comment "Rate limit logging for new connections that do not have the SYN TCP flag set"
    tcp flags != syn ct state new \
      counter \
      drop \
      comment "Drop new connections that do not have the SYN TCP flag set"

    ## Log and drop TCP packets with invalid fin/syn flag set
    tcp flags & (fin|syn) == (fin|syn) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - TCP FIN|SIN: " \
      comment "Rate limit logging for TCP packets with invalid fin/syn flag set"
    tcp flags & (fin|syn) == (fin|syn) \
      counter \
      drop \
      comment "Drop TCP packets with invalid fin/syn flag set"

    ## Log and drop TCP packets with invalid syn/rst flag set
    tcp flags & (syn|rst) == (syn|rst) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - TCP SYN|RST: " \
      comment "Rate limit logging for TCP packets with invalid syn/rst flag set"
    tcp flags & (syn|rst) == (syn|rst) \
      counter \
      drop \
      comment "Drop TCP packets with invalid syn/rst flag set"

    ## Log and drop invalid TCP flags
    tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - FIN:" \
      comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) < (fin)"
    tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
      counter \
      drop \
      comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) < (fin)"

    ## Log and drop invalid TCP flags
    tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - FIN|PSH|URG:" \
      comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"
    tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
      counter \
      drop \
      comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"

    ## Drop traffic with invalid connection state
    ct state invalid \
      limit rate 100/minute burst 150 packets \
      log flags all prefix "IN - Invalid: " \
      comment "Rate limit logging for traffic with invalid connection state"
    ct state invalid \
      counter \
      drop \
      comment "Drop traffic with invalid connection state"

    ## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
    ip protocol icmp icmp type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit inbound IPv4 echo (ping) limited to 2000 PPS"

    ## Permit all other inbound IPv4 ICMP
    ip protocol icmp \
      counter \
      accept \
      comment "Permit all other IPv4 ICMP"

    ## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
    icmpv6 type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit inbound IPv6 echo (ping) limited to 2000 PPS"

    ## Permit all other inbound IPv6 ICMP
    meta l4proto { icmpv6 } \
      counter \
      accept \
      comment "Permit all other IPv6 ICMP"

    ## Permit inbound traceroute UDP ports but limit to 500 PPS
    udp dport 33434-33524 \
      limit rate 500/second \
      counter \
      accept \
      comment "Permit inbound UDP traceroute limited to 500 PPS"

    ## Permit inbound SSH
    tcp dport ssh ct state new \
      counter \
      accept \
      comment "Permit inbound SSH connections"

    ## Permit inbound HTTP and HTTPS
    tcp dport { http, https } ct state new \
      counter \
      accept \
      comment "Permit inbound HTTP and HTTPS connections"

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "IN - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

  # Rules for output traffic
  chain output {
    type filter hook output priority 0; policy drop

    ## Permit outbound traffic to loopback interface
    oif lo \
      accept \
      comment "Permit all traffic out to loopback interface"

    ## Permit established and related connections
    ct state established,related \
      counter \
      accept \
      comment "Permit established/related connections"

    ## Drop traffic with invalid connection state
    ct state invalid \
      limit rate 100/minute burst 150 packets \
      log flags all prefix "OUT - Invalid: " \
      comment "Rate limit logging for traffic with invalid connection state"
    ct state invalid \
      counter \
      drop \
      comment "Drop traffic with invalid connection state"

    ## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
    ip protocol icmp icmp type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit outbound IPv4 echo (ping) limited to 2000 PPS"

    ## Permit all other outbound IPv4 ICMP
    ip protocol icmp \
      counter \
      accept \
      comment "Permit all other IPv4 ICMP"

    ## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
    icmpv6 type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit outbound IPv6 echo (ping) limited to 2000 PPS"

    ## Permit all other outbound IPv6 ICMP
    meta l4proto { icmpv6 } \
      counter \
      accept \
      comment "Permit all other IPv6 ICMP"

    ## Permit outbound traceroute UDP ports but limit to 500 PPS
    udp dport 33434-33524 \
      limit rate 500/second \
      counter \
      accept \
      comment "Permit outbound UDP traceroute limited to 500 PPS"

    ## Allow outbound HTTP and HTTPS connections
    tcp dport { http, https } ct state new \
      counter \
      accept \
      comment "Permit outbound HTTP and HTTPS connections"

    ## Permit outbound DNS requests
    meta l4proto { tcp, udp } th dport 53 \
      counter \
      accept \
      comment "Permit outbound TCP and UDP DNS requests"

    ## Allow outbound NTP requests
    udp dport 123 \
      counter \
      accept \
      comment "Permit outbound NTP requests"

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "OUT - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

}

cloudflare tunnel rdp

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/rdp/#connect-to-rdp-server-with-cloudflared-access

This document is bad for understand.

Important

1. Server (be control) need connect to cloudflare tunnel.
2. Client need connect to cloudflare tunnel too.

Server - tunnel - cloudflare - tunnel - Client

Server
Follow cloudflare document “1. Connect the server to Cloudflare”. This is correct.

Client
cloudflare document “2. Connect as a user” have problems


cloudflared access rdp --hostname rdp.example.com --url rdp://localhost:3389
--hostname => --tunnel-host


cloudflared access rdp --tunnel-host rdp.example.com --url rdp://localhost:3389
Then Rdp Client connect localhost:3389

Clinet PC opne port 3389, rdp client use this port –connect to– cloudflare rdp.example.com –pass to– Server rdp://localhost:3389

Result

> cloudflared access rdp --tunnel-host rdp.example.com --url localhost:3389
2024-09-12T04:36:46Z INF Start Websocket listener host=localhost:3389