almalinux9.5安装阿里ossfs

# 官方文档
https://help.aliyun.com/zh/oss/developer-reference/install-ossfs

# 通过源码方式安装
sudo yum makecache
sudo yum install automake gcc-c++ git libcurl-devel libxml2-devel fuse-devel make openssl-devel

git clone https://github.com/aliyun/ossfs.git
cd ossfs
./autogen.sh 

# 在下面这一步会报错,提示需要fuse版本需要大于指定版本
./configure 
make
make install



# 在almalinux9中,fuse叫fuse3和fuse3-devel,但是无法被ossfs编译使用,手动安装fuse和fuse-devel

# 通过rpmfind网站查到centos stream9的包并安装

# 先装fuse
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/BaseOS/x86_64/os/Packages/fuse-2.9.9-17.el9.x86_64.rpm

# 装fuse-libs,会被fuse-devel依赖
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/BaseOS/x86_64/os/Packages/fuse-libs-2.9.9-17.el9.x86_64.rpm
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/CRB/x86_64/os/Packages/fuse-devel-2.9.9-17.el9.x86_64.rpm
再次 ./configure 通过

按照官方文档继续配置剩下的部分。

ngx_http_realip_module 获取客户端真实ip模块测试

此模块需要在编译安装nginx时加上 –with-http_realip_module 参数

测试环境:
PC主机 -> nginx反向代理 -> 源nginx
192.168.6.88 -> 192.168.6.151 -> 192.168.6.114

# 192.168.6.151 中 nginx 反向代理配置
location / {
	proxy_pass http://192.168.6.114;
	proxy_set_header host t1.test.com;
	proxy_set_header x-forwarded-for $remote_addr,192.168.6.151,1.1.1.1;
}

# 192.168.6.114中nginx配置:
real_ip_header x-forwarded-for;
set_real_ip_from 192.168.6.151;
set_real_ip_from 1.1.1.1;
real_ip_recursive on;

当用PC浏览器访问反向代理nginx ip时,源nginx日志中为:
192.168.6.88 - - [07/Feb/2025:01:31:55 -0500] "GET /

real_ip_header 用于配置从哪个请求头中获取真实ip。
set_real_ip_from 配置指令可以有多个,用于配置受信任的ip,移除 x-forwarded-for 字段中 set_real_ip_from 中定义的值。
real_ip_recursive 为on,先从 x-forwarded-for 中排除 set_real_ip_from 指令指定的ip,然后取最后一个ip作为客户端ip。
real_ip_recursive 为off,取x-forwarded-for中最后一个ip作为客户端ip

当 set_real_ip_from 的值都匹配不到 x-forwarded-for 中的值时,则不处理,直接用上一级代理的ip作为客户端ip(也就是 nginx反向代理机器ip )

这样可以实现在不改动后端代码的情况下获取真实客户端ip
例如php

解决mysql8.0.40自带openssl库文件版本过低

安装的mysql8.0.40版本,在漏扫中出现一个漏洞提示openssl版本过低

# 系统自带的openssl链接库文件在/usr/lib64下
[root@localhost ~]# cd /usr/lib64/
[root@localhost lib64]# ll libcrypto*
lrwxrwxrwx 1 root root      18 Oct  1 09:38 libcrypto.so -> libcrypto.so.3.2.2
lrwxrwxrwx 1 root root      18 Oct  1 09:38 libcrypto.so.3 -> libcrypto.so.3.2.2
-rwxr-xr-x 1 root root 5435440 Oct  1 09:38 libcrypto.so.3.2.2

[root@localhost lib64]# ll libssl*
-rwxr-xr-x. 1 root root 449560 Sep 16 11:38 libssl3.so
lrwxrwxrwx  1 root root     15 Oct  1 09:38 libssl.so -> libssl.so.3.2.2
lrwxrwxrwx  1 root root     15 Oct  1 09:38 libssl.so.3 -> libssl.so.3.2.2
-rwxr-xr-x  1 root root 957480 Oct  1 09:38 libssl.so.3.2.2

# 查看mysql载入的动态链接库路径
[root@localhost lib64]# ldd /usr/local/mysql/bin/mysql | grep libcrypto
	libcrypto.so.3 => /usr/local/mysql/bin/../lib/private/libcrypto.so.3 (0x00007f59b5e00000)
[root@localhost lib64]# ldd /usr/local/mysql/bin/mysqld | grep -i "ssl"
	libssl.so.3 => /usr/local/mysql/bin/../lib/private/libssl.so.3 (0x00007fa5b1e00000)
	
可以看到都是用的mysql自带的库

[root@localhost lib64]# strings /usr/local/mysql/lib/private/libcrypto.so.3 | grep -i "OpenSSL"
OpenSSL 3.0.15 3 Sep 2024
自带的是3.0.15版本,所以漏扫提示此版本有漏洞

解决方法:
# 通过输出环境变量,让mysql去读系统自带的openssl
[root@localhost lib64]# export LD_LIBRARY_PATH=/usr/lib64:$LD_LIBRARY_PATH
[root@localhost lib64]# systemctl restart mysql

# 再次确认
[root@localhost lib64]# ldd /usr/local/mysql/bin/mysqld | grep -i "ssl"
	libssl.so.3 => /usr/lib64/libssl.so.3 (0x00007fe9b4f1a000)
[root@localhost lib64]# ldd /usr/local/mysql/bin/mysql | grep libcrypto
	libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007f262d600000)

[root@localhost ~]# strings /usr/lib64/libcrypto.so.3 | grep -i "OpenSSL"
OpenSSL 3.2.2 4 Jun 2024

ubuntu中atp安装的openproject意外断电后无法启动,访问提示503错误

浏览器访问80时实际是通过apache反向代理的6000端口,netstat查看监听端口6000并没有监听,说明openproject的web服务并未启动。

通过手动启动查看是否有报错

root@rd:/opt/openproject# /usr/bin/openproject run web
=> Booting Puma
=> Rails 7.1.4.1 application starting in production 
=> Run `bin/rails server --help` for more startup options
A server is already running. Check /opt/openproject/tmp/pids/server.pid.
Exiting

提示已经在运行,实际是因为pid文件没有正确关闭删除,导致pid文件存在。
将其删除后再次启动。

root@rd:/opt/openproject# cd /opt/openproject/tmp/pids
root@rd:/opt/openproject/tmp/pids# ll
total 12
drwxrwxr-x 2 openproject openproject 4096 Dec  9 00:44 ./
drwxr-xr-x 6 openproject openproject 4096 Dec 11 01:47 ../
-rw-r--r-- 1 openproject openproject    4 Dec  9 00:44 server.pid
root@rd:/opt/openproject/tmp/pids# rm -f server.pid 

root@rd:/opt/openproject/tmp/pids# systemctl start openproject.service
systemctl start openproject-web-1.service
systemctl start openproject-web.service
systemctl start openproject-worker-1.service
systemctl start openproject-worker.service
root@rd:/opt/openproject/tmp/pids# ll
total 8
drwxrwxr-x 2 openproject openproject 4096 Dec 11 03:30 ./
drwxr-xr-x 6 openproject openproject 4096 Dec 11 01:47 ../

启动需要一定时间
root@rd:/opt/openproject/tmp/pids# ll
total 12
drwxrwxr-x 2 openproject openproject 4096 Dec 11 03:32 ./
drwxr-xr-x 6 openproject openproject 4096 Dec 11 01:47 ../
-rw-r--r-- 1 openproject openproject    4 Dec 11 03:32 server.pid
root@rd:/opt/openproject/tmp/pids# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:45432         0.0.0.0:*               LISTEN      3179/postgres       
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      788/systemd-resolve 
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      819/memcached       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      891/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:6000          0.0.0.0:*               LISTEN      6270/puma 6.4.3 (tc 
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      6166/sshd: rd@pts/2 
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      1219/sshd: rd@pts/0 
tcp6       0      0 ::1:6010                :::*                    LISTEN      1219/sshd: rd@pts/0 
tcp6       0      0 ::1:6011                :::*                    LISTEN      6166/sshd: rd@pts/2 
tcp6       0      0 :::80                   :::*                    LISTEN      993/apache2         
tcp6       0      0 :::22                   :::*                    LISTEN      891/sshd: /usr/sbin 
root@rd:/opt/openproject/tmp/pids# 

Adobe Flash Professional CS6打开tga文件提示意外文件格式或导入提示读取文件时出现问题

重装软件及重装系统都无法解决,最终发现安装QuickTime后解决。
Flash CS6 依赖 QuickTime 来支持部分图像和视频格式。
下载地址:https://softdown.365xiazai.com/20241107/2651/down/2024down/9/11/QuickTime7.79.80.95.exe

安装后重启软件。

未安装之前:
导入 – 导入到舞台 – 选择tga文件,则提示 读取文件时出现问题

直接打开tga文件则提示 意外的文件格式