免费SSL证书

给网站加HTTPS访问需要添加与域名同名的证书。 SSL证书正常是要收费的,以下是常见的免费SSL证书获取方法。 via
https://certbot.eff.org/

1 登陆网站Server,有Internet access, 命令行有sudo 权限. 先stop http server
2 运行以下命令

git clone https://github.com/certbot/certbot
cd certbot
pip install virtualen

./certbot-auto certonly –standalone –no-bootstrap

3 按提示输入域名, 比如xxx.com,也可能要求你输入邮箱地址。

[root@centos-s-1vcpu-1gb-sgp1-02 certbot]# ./certbot-auto certonly –standalone –no-bootstrap
Upgrading certbot-auto 0.40.1 to 1.0.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won’t be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): xxx.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxx.com
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/xxx.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/xxx.com/privkey.pem
Your cert will expire on 2020-03-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

4 查看保存的证书。
certificate在 /etc/letsencrypt/live/xxx.com/fullchain.pem 中的第一部分
—–BEGIN CERTIFICATE—–
….
—–END CERTIFICATE—–

fullchain 在 /etc/letsencrypt/live/xxx.com/fullchain.pem 中的第二部分

PrivateKey在 /etc/letsencrypt/live/xxx.com/privkey.pem

5 导入证书, 重启http server

Windows截图方法

工欲善其事,必先利其器。
电脑上截图方法:
1 Windows自带工具,Win+R或Win搜索框里输入 snippingtool 回车,跳出截图工具。Win10上 Win+Shift+S 开始区域截图.
2 输入法自带,切换到QQ输入法,Ctrl+Alt+Q,截图后还可简单标记。搜狐输入法也有。
3 使用截图软件,以前开机启动Hypersnap,现在基本被输入法替代。
4 自从CovID-19 疫情爆发后, 在家办公不得不登陆微信, PC上的截图只使用Alt+A. 

电脑上录屏方法:
1 Win10机器上,Win+G 调出游戏工具栏,开始录屏,默认保存在用户Video(视频)目录下,效果不错。
2 打开一个PPT (office 2013及以上),”插入”->”屏幕录像”, 然后就是选区域开始录,可录话筒音但不同步自带音,Win+Shift+Q结束录制。PPT页面上点右键,可将它保存为mp4。
3 录屏工具,太多了,很多要钱。
Bandicam 有破解版本,或者用OSB Studio吧,开源解决方案。

内网穿透之FRP

本地有台PC,连网但没公网IP,想要发布web服务或远程桌面连接,需要内网穿透

准备:

首先得有台公网IP的主机,这里选择 digitalocean.com 新加坡的 VPS,最便宜的 5刀每月。创建后会收到邮件告知root用户的密码 (你用ssh key登陆也可以)

image

image

然后,登陆VPS,下载 frp 对应操作系统的版本, https://github.com/fatedier/frp/releases 这里我的VPS是 centos 7.4 64位,  所以选 frp_0.21.0_linux_amd64.tar.gz 5.81 MB . 解压后进入目录

mkdir Downloads

cd Downloads

wegt https://github.com/fatedier/frp/releases/download/v0.21.0/frp_0.21.0_linux_amd64.tar.gz

tar –xzvf frp_0.21.0_linux_amd64.tar.gz

cd frp_0.21.0_linux_amd64

然后,根据github上的说明文档修改服务器端配置文件 frps.ini , 这里你得有个域名(可以是二级域名), 将它A记录解析到VPS地址上. 然后运行 ./frps –c frps.ini , 要后台运行就 nohup ./frps –c frps.ini &

[common]
bind_port = 7000
vhost_http_port = 80
subdomain_host = dodemo.com

然后,在内网机器上,下载对应版本的frp, 比如我是在windows 64位机器上, 则下载 frp_0.21.0_windows_amd64.zip 5.78 MB, 解压后进入目录,修改修改客户端配置文件 frpc.ini 其中 [common]是必需的, 下面的每个[]称为proxy,注意不要重名. 运行 命令行进入目录 运行 frpc –c frpc.ini 如果以下提示则表示连接成功. 否则检查网络或代理或防火墙或软件版本是否一致

[control.go:246] [fe2df7c9d9d20bbd] login to server success, get run id [fe2df7c9d9d20bbd], server udp port [0]

参考 frpc.ini

[common]
server_addr = dodemo.com
server_port = 7000
#内网连网需要使用代理
http_proxy = http://proxyserver.com:8080

#以下配置允许windows远程桌面 访问地址 mstsc.dodemo.com
[mstsc]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389
subdomain = mstsc

#以下配置允许访问本机提供的web服务
[web1]
type = http
local_ip = 127.0.0.1
local_port = 80
subdomain = web1

[web2]
type = http
local_ip = 192.168.112.128
local_port = 81
subdomain = web2

#以下配置允许登陆局域网内的其它机器
[vm_ssh]
type = tcp
local_ip = 192.168.112.128
local_port = 22
remote_port = 6002

#以下配置允许访问本机可访问的局域网提供的web服务
[vm_web1]
type = http
local_ip = 192.168.112.128
local_port = 80
subdomain = vmweb1
http_user = admin
http_pwd = admin1

[vm_web2]
type = http
local_ip = 192.168.112.128
local_port = 81
subdomain = vmweb2

FRP还有许多功能,适用就好. 用类还有ngrok,不作最优选择. 其它如花生壳,Nat123已没落,交钱服务可能还不好. pubyun, noip什么的也很非主流. 如果只有一两个要穿透的服务,也不必自购VPS, 有现成的 ngrok或frp服务,10块钱一个月还是可以的.