R68S 升级 openwrt注意事项
自己编译的 LEDE ROM在R68S上面不能通过 web 页面进行升级,只能使用 dd命令进行升级,命令如下:
dd if=./xxx.img of=/dev/mmcblk0Mysql 主备同步异常修复:
change master to master_host='mysql-master-svc.wordpress.svc.cluster.local',master_user='slave',master_password='xxxxxx',master_log_file='mysql_bin.000004',master_log_pos=0,master_port=3306; change master to master_log_file='mysql-bin.000007',master_log_pos=155;openWRT socat转发 IPV6 命令:
socat TCP6-LISTEN:10000,reuseaddr,fork TCP4:192.168.10.1:80let’s encrypt证书申请:
1.安装:
curl https://get.acme.sh | sh
2.切换加密方式
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
3.修改 account.conf,内容如下:
#LOG_FILE="/root/.acme.sh/acme.sh.log"
#LOG_LEVEL=1
#AUTO_UPGRADE="1"
#NO_TIMESTAMP=1
UPGRADE_HASH='afacdfcb95e063325d8f01ebc8daa57322307d92'
SAVED_CF_Key='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
SAVED_CF_Email='[email protected]'
USER_PATH='/usr/sbin:/usr/bin:/sbin:/bin'
DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'
4.申请命令如下:
/root/.acme.sh/acme.sh --issue --dns dns_cf -d ruibo.edu.eu.org -d *.ruibo.edu.eu.org
5.用 certbot命令申请,其中--dry-run 为测试,正式申请需删除
certbot certonly -d *.opro.asia --manual --preferred-challenges dns --dry-run编译 docker 版 ipv6 注意事项
通过加速镜像站点安装指定版本 docker
curl -fsSL https://get.docker.com | DOWNLOAD_URL=https://mirrors.ustc.edu.cn/docker-ce bash -s docker --version 24.0.5通过加速镜像站点安装指定版本 docker
curl -fsSL https://get.docker.com | DOWNLOAD_URL=https://mirrors.ustc.edu.cn/docker-ce bash -s docker --version 24.0.5编译完 armbian 版 docker 的 LEDE 后,armvirt版 LEDE 的 uhttpd 服务起不来,可以将 nginx 编译进去就可以了,编译时添加两个包,luci-nginx和luci-ssl-nginx
nginx 配置文件(/etc/config/nginx)如下:
config main global
option uci_enable 'true'
config server '_lan'
list listen '443 ssl default_server'
list listen '[::]:7443 ssl default_server'
option server_name '_lan'
#list include 'restrict_locally'
list include 'conf.d/*.locations'
#option uci_manage_ssl 'self-signed'
option ssl_certificate '/etc/uhttpd.crt'
option ssl_certificate_key '/etc/uhttpd.key'
option ssl_session_cache 'shared:SSL:32k'
option ssl_session_timeout '64m'
option access_log 'off; # logd openwrt'
config server '_redirect2ssl'
list listen '80'
list listen '[::]:7080'
option server_name '_redirect2ssl'
option return '302 https://$host$request_uri'
config server '_redirect2ssl'
list listen '90'
list listen '[::]:90'
option server_name '_redirect2ssl'
option return '302 https://$host$request_uri'Armbian Docker安装 openwrt 镜像作为旁路由,同时开启 ipv6
查看 ipv6 网段
root@armbian:~# ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
240e:380:9990:ba00::1000 dev eth0 proto kernel metric 100 pref medium
240e:380:9990:ba00::/64 dev eth0 proto ra metric 100 pref medium
240e:380:9990:ba00::/64 dev docker0 proto kernel metric 256 linkdown pref medium
240e:380:9990:ba00::/64 dev docker0 metric 1024 linkdown pref medium
fe80::/64 dev macvlan proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
default via fe80::a61a:3aff:fe19:f881 dev eth0 proto ra metric 100 pref medium创建 docker macvlan 命令如下:
docker network create -d macvlan --subnet=192.168.10.0/24 --gateway=192.168.10.254 --subnet=fe80::/64 --gateway=fe80::1 -o parent=eth0 macnet创建 lede docker
docker run --restart always -d --name lede --network macnet --privileged guoshh/lede:latest
如果需要指定 lede 的 mac 地址,可执行以下命令:
docker stop lede; docker rm lede; docker run --restart always -d --name lede --mac-address=02:42:c0:a8:0a:02 --network macnet --privileged guoshh/lede:latest编译 armbian docker版 lede 方法:
make menuconfig
-->Target System (QEMU ARM Virtual Machine)
-->Subtarget (64-bit ARM machines)
-->Target Profile (Generic EFI Boot)
...
-->Target Images
取消选择:cpio.gz vmdk ext4
取消选择:
-> Network -> Web Servers/Proxies
-> sing-box
取消选择:
-> LuCI
-> Applications
-> luci-app-passwall
-> Include Sing-Box
选择:
->LuCI
->Collections
[*] luci-nginx
[*] luci-ssl-nginx将make_opwrt_docker_img.gz 解压到/root/N1 目录,并将openwrt-armvirt-64-generic-rootfs.tar.gz更名为openwrt-armvirt-64-default-rootfs.tar.gz 放入/root/N1 目录,修改build.sh 的 TAG 和 IMG_NAME变量,然后执行如下命令
bash build.sh
root@armbian:~/N1# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
guoshh/lede latest 3ff9556ef7cc 3 hours ago 264MB
guoshh/lede 5.15.145 736d419238cb 24 hours ago 211MBX86-64 Docker安装 openwrt 镜像作为旁路由,同时开启 ipv6
1.创建 docker macvlan
docker network create -d macvlan --ipv6 --subnet=fe80::/60 --gateway=fe80::1 --subnet=192.168.0.0/24 --gateway=192.168.0.254 -o parent=ens160 -o macvlan_mode=bridge macnet2.修改 docker daemon.json
{
"experimental": true,
"ipv6": true,
"ip6tables": true,
"fixed-cidr-v6": "fe80::/64"
}3.创建 docker
docker run --restart always -d --name lede --network macnet --privileged guoshhsz/lede-x86:latest
如果需要指定 lede 的 mac 地址,可执行以下命令:
docker stop lede; docker rm lede; docker run --restart always -d --name lede --mac-address=02:42:c0:a8:0a:02 --network macnet --privileged guoshhsz/lede:latest4.修改 openwrt /etc/sysctl.conf 文件,添加如下内容:
net.ipv6.conf.all.disable_ipv6=0
net.ipv6.conf.default.disable_ipv6=0
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=25.修改 openwrt /etc/rc.local文件,在 exit 0 之前添加如下内容
ip link set eth0 promisc on
ip link add link eth0 wan_mac0 type macvlan
ip link set wan_mac0 address 02:42:00:11:7C:01
ip link set wan_mac0 up解决ubuntu宿主机无法和 docker 通讯的问题:
#配置宿主机和容器通讯
#开启网卡混杂模式
ip link set enp1s0 promisc on
#宿主机创建一个macvlan
ip link add macvlan_host link enp1s0 type macvlan mode bridge
#设置macvlan ip 并启用
ip addr add 192.168.10.250 dev macvlan_host
ip link set macvlan_host up
@增加路由表
ip route add 192.168.10.254 dev macvlan_hostarmbian 网卡 MAC地址修改方法:
在/boot/uEnv.txt文件最后一行添加如下内容:
ethaddr=xx:xx:xx:xx:xx
最好是用原来的 mac 地址进行微调,否则可能会不生效
如果还不行,继续修改如下文件:
root@armbian:~# cat /etc/NetworkManager/system-connections/Wired\ connection\ 1.nmconnection |grep mac
cloned-mac-address=FC:xx:xx:xx:xx:xx