sueboy
nuxt3 build .env !!
You want Build time use .env setting context. Two way:
1. source .env
package.json > "build": "source .env && nuxt build"
2. eval $(grep '^NUXT_' .env)
package.json > "build": "eval $(grep '^PROD_' .env) && nuxt build"
^RROD_ can replace by yourself
.env file inside
PROD_API_URL=https://ooxxooxx
nuxt 3 $fetch x-www-form-urlencode blob
file download
const pdf = async () => {
const download_url = new URL("/api/pdf")
download_url.search = new URLSearchParams({'order_id': '20241101001'}).toString();
try {
const blob = await $fetch(download_url.toString(), {
method: 'GET',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
})
const link = document.createElement('a');
link.href = URL.createObjectURL(blob);
link.setAttribute('download', '20241101001.pdf');
document.body.appendChild(link);
link.click()
document.body.removeChild(link);
} catch (error) {
console.log(error)
}
}
file print
var iframe = document.createElement('iframe');
iframe.style.display = 'none';
iframe.src = url;
document.body.appendChild(iframe);
iframe.contentWindow.focus();
iframe.contentWindow.print();
Alpine qemu-guest-agent no such package
> apk add qemu-guest-agent
ERROR: unable to select packages:
qemu-guest-agent (no such package):
required by: world[qemu-guest-agent]
Only way: Change Alpine repositores.
# https://wiki.alpinelinux.org/wiki/Repositories
> setup-apkrepos -cf
or
http://alpine.ccns.ncku.edu.tw/alpine/v3.20/main #http://dl-cdn.alpinelinux.org/alpine/v3.20/community http://alpine.cs.nycu.edu.tw/v3.20/main http://alpine.cs.nycu.edu.tw/v3.20/communityAlpine Linux image with Cloud-Init ready for Proxmox
[轉]How to prepare Alpine Linux image with Cloud-Init ready for Proxmox
https://5wire.co.uk/how-to-prepare-alpine-linux-image-with-cloud-init-ready-for-proxmox/
[轉]Enable cloud-init for a Alpine VM on proxmox
https://gist.github.com/longtian/499261f4c68f0fb40b481bb1e74aa8ca
systemd wstunnel
Create /etc/systemd/system/wstunnel.service
[Unit]
Description=Wstunnel Server Service
After=network.target
[Service]
Type=simple
Restart=on-failure
RestartSec=5s
LimitNOFILE=1048576
ExecStart=/usr/bin/wstunnel server wss://[::]:1234 -r aabbccddeeff
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable wstunnel.service
systemctl start wstunnel.service
systemctl status wstunnel.service
[轉]Debian: fail2ban + nftables
https://blog.cyberfront.org/index.php/2021/10/27/debian-fail2ban/
=====
https://github.com/fail2ban/fail2ban/issues/3292
# /etc/fail2ban/jail.local
[DEFAULT]
default_backend = systemd
logtarget = SYSTEMD-JOURNAL
# /etc/fail2ban/jail.d/named.conf
[named-refused-tcp]
backend = systemd
How to check
1. journalctl -r
2. less /var/log/fail2ban.log
3. fail2ban-client status or fail2ban-client status sshd or fail2ban-client status ooxxooxx
2 files in one command Create SSL for wildcard domain selfsigned
https://gist.github.com/dasgoll/5c7c02f363e7aeaff2837d650d985cc7
EX: *.ccdd.com
openssl req -subj "/C=cd/CN=*.ccdd.com" -x509 -nodes -days 365 -newkey rsa:2048 -keyout ccdd-wildcard-selfsigned.key -out ccdd-wildcard-selfsigned.crt
nftables template
https://wiki.gbe0.com/en/linux/firewalling-and-filtering/nftables/template-inbound-outbound
#!/usr/sbin/nft -f
## Clear/flush all existing rules
flush ruleset
# Main inet family filtering table
table inet filter {
# Rules for forwarded traffic
chain forward {
type filter hook forward priority 0; policy drop
## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
## The default policy will be applied to unmatched traffic
limit rate 60/minute burst 100 packets \
log prefix "Forward - Drop: " \
comment "Log any unmatched traffic"
## Count the unmatched traffic
counter \
comment "Count any unmatched traffic"
}
# Rules for input traffic
chain input {
type filter hook input priority 0; policy drop
## Permit inbound traffic to loopback interface
iif lo \
accept \
comment "Permit all traffic in from loopback interface"
## Permit established and related connections
ct state established,related \
counter \
accept \
comment "Permit established/related connections"
## Log and drop new TCP non-SYN packets
tcp flags != syn ct state new \
limit rate 100/minute burst 150 packets \
log prefix "IN - New !SYN: " \
comment "Rate limit logging for new connections that do not have the SYN TCP flag set"
tcp flags != syn ct state new \
counter \
drop \
comment "Drop new connections that do not have the SYN TCP flag set"
## Log and drop TCP packets with invalid fin/syn flag set
tcp flags & (fin|syn) == (fin|syn) \
limit rate 100/minute burst 150 packets \
log prefix "IN - TCP FIN|SIN: " \
comment "Rate limit logging for TCP packets with invalid fin/syn flag set"
tcp flags & (fin|syn) == (fin|syn) \
counter \
drop \
comment "Drop TCP packets with invalid fin/syn flag set"
## Log and drop TCP packets with invalid syn/rst flag set
tcp flags & (syn|rst) == (syn|rst) \
limit rate 100/minute burst 150 packets \
log prefix "IN - TCP SYN|RST: " \
comment "Rate limit logging for TCP packets with invalid syn/rst flag set"
tcp flags & (syn|rst) == (syn|rst) \
counter \
drop \
comment "Drop TCP packets with invalid syn/rst flag set"
## Log and drop invalid TCP flags
tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
limit rate 100/minute burst 150 packets \
log prefix "IN - FIN:" \
comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) < (fin)"
tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
counter \
drop \
comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) < (fin)"
## Log and drop invalid TCP flags
tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
limit rate 100/minute burst 150 packets \
log prefix "IN - FIN|PSH|URG:" \
comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"
tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
counter \
drop \
comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"
## Drop traffic with invalid connection state
ct state invalid \
limit rate 100/minute burst 150 packets \
log flags all prefix "IN - Invalid: " \
comment "Rate limit logging for traffic with invalid connection state"
ct state invalid \
counter \
drop \
comment "Drop traffic with invalid connection state"
## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
ip protocol icmp icmp type { echo-reply, echo-request } \
limit rate 2000/second \
counter \
accept \
comment "Permit inbound IPv4 echo (ping) limited to 2000 PPS"
## Permit all other inbound IPv4 ICMP
ip protocol icmp \
counter \
accept \
comment "Permit all other IPv4 ICMP"
## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
icmpv6 type { echo-reply, echo-request } \
limit rate 2000/second \
counter \
accept \
comment "Permit inbound IPv6 echo (ping) limited to 2000 PPS"
## Permit all other inbound IPv6 ICMP
meta l4proto { icmpv6 } \
counter \
accept \
comment "Permit all other IPv6 ICMP"
## Permit inbound traceroute UDP ports but limit to 500 PPS
udp dport 33434-33524 \
limit rate 500/second \
counter \
accept \
comment "Permit inbound UDP traceroute limited to 500 PPS"
## Permit inbound SSH
tcp dport ssh ct state new \
counter \
accept \
comment "Permit inbound SSH connections"
## Permit inbound HTTP and HTTPS
tcp dport { http, https } ct state new \
counter \
accept \
comment "Permit inbound HTTP and HTTPS connections"
## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
## The default policy will be applied to unmatched traffic
limit rate 60/minute burst 100 packets \
log prefix "IN - Drop: " \
comment "Log any unmatched traffic"
## Count the unmatched traffic
counter \
comment "Count any unmatched traffic"
}
# Rules for output traffic
chain output {
type filter hook output priority 0; policy drop
## Permit outbound traffic to loopback interface
oif lo \
accept \
comment "Permit all traffic out to loopback interface"
## Permit established and related connections
ct state established,related \
counter \
accept \
comment "Permit established/related connections"
## Drop traffic with invalid connection state
ct state invalid \
limit rate 100/minute burst 150 packets \
log flags all prefix "OUT - Invalid: " \
comment "Rate limit logging for traffic with invalid connection state"
ct state invalid \
counter \
drop \
comment "Drop traffic with invalid connection state"
## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
ip protocol icmp icmp type { echo-reply, echo-request } \
limit rate 2000/second \
counter \
accept \
comment "Permit outbound IPv4 echo (ping) limited to 2000 PPS"
## Permit all other outbound IPv4 ICMP
ip protocol icmp \
counter \
accept \
comment "Permit all other IPv4 ICMP"
## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
icmpv6 type { echo-reply, echo-request } \
limit rate 2000/second \
counter \
accept \
comment "Permit outbound IPv6 echo (ping) limited to 2000 PPS"
## Permit all other outbound IPv6 ICMP
meta l4proto { icmpv6 } \
counter \
accept \
comment "Permit all other IPv6 ICMP"
## Permit outbound traceroute UDP ports but limit to 500 PPS
udp dport 33434-33524 \
limit rate 500/second \
counter \
accept \
comment "Permit outbound UDP traceroute limited to 500 PPS"
## Allow outbound HTTP and HTTPS connections
tcp dport { http, https } ct state new \
counter \
accept \
comment "Permit outbound HTTP and HTTPS connections"
## Permit outbound DNS requests
meta l4proto { tcp, udp } th dport 53 \
counter \
accept \
comment "Permit outbound TCP and UDP DNS requests"
## Allow outbound NTP requests
udp dport 123 \
counter \
accept \
comment "Permit outbound NTP requests"
## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
## The default policy will be applied to unmatched traffic
limit rate 60/minute burst 100 packets \
log prefix "OUT - Drop: " \
comment "Log any unmatched traffic"
## Count the unmatched traffic
counter \
comment "Count any unmatched traffic"
}
}
訂閱:
文章 (Atom)