No laila, ma ka ʻoihana, he luna hoʻomalu au o nā ʻōnaehana kamepiula a me nā pūnaewele (ma ka pōkole: luna hoʻomalu pūnaewele), a ua loaʻa iaʻu ka manawa e haʻi aku ai i ka prof. nā hana o nā ʻōnaehana like ʻole, me nā mea e koi ana i nā ʻano palekana [kiʻekiʻe]. ʻO kekahi manawa i hala aku nei ua ʻike wau he hoihoi dev
, no laila, ke maalo nei au). Akā ʻaʻole wau e kamaʻilio e pili ana i ka hoʻomohala ʻana, ke kamaʻilio nei wau e pili ana i kahi wahi palekana a maikaʻi hoʻi no nā noi.
ʻenehana kālā (fintech) hele ma hope o ka palekana ʻike (infosec) a hiki i ka mea mua ke hana me ka ʻole o ka lua, akā ʻaʻole lōʻihi. ʻO ia ke kumu makemake wau e kaʻana like i kaʻu ʻike a me ka hoʻonohonoho o nā mea hana aʻu e hoʻohana ai, e komo pū ana nā mea ʻelua fintech, a infosec, a ma ka manawa like, a hiki ke hoʻohana ʻia no kahi kumu ākea a ʻokoʻa paha. Ma kēiaʻatikala e haʻi aku wau iā ʻoe ʻaʻole nui e pili ana i ka Bitcoin, akā e pili ana i ke kumu hoʻohālike no ka hoʻomohala ʻana a me ka hana ʻana o nā lawelawe kālā (a ʻaʻole wale) - ma kahi huaʻōlelo, kēlā mau lawelawe kahi e pili ai ka "B". Pili kēia i ka hoʻololi Bitcoin a me ka zoo hui maʻamau o nā lawelawe o kahi hui liʻiliʻi ʻaʻole i pili me Bitcoin ma kekahi ʻano.
Makemake au e hoʻomaopopo he kākoʻo wau i nā loina "E mālama i ka naʻaupō maʻalahi" и "ʻoi aku ka liʻiliʻi", no laila, e loa'a i ka 'atikala a me ka mea i wehewehe 'ia i loko o ia 'atikala.
ʻAno noʻonoʻo: E nānā kākou i nā mea a pau e hoʻohana ana i ka laʻana o kahi mea hoʻololi bitcoin. Ua hoʻoholo mākou e hoʻomaka i ka hoʻololi o nā rubles, nā kālā, nā euro no nā bitcoins a me ke kua, a ua loaʻa iā mākou kahi hopena hana, akā no nā kālā kikohoʻe ʻē aʻe e like me qiwi a me webmoney, ʻo ia hoʻi. Ua pani mākou i nā pilikia pili kānāwai, loaʻa iā mākou kahi noi i mākaukau e lawelawe ma ke ʻano he puka uku no nā rubles, nā kālā a me nā euro a me nā ʻōnaehana uku ʻē aʻe. Hoʻopili ʻia ia i kā mākou waihona waihona a loaʻa kekahi ʻano API no kā mākou mau noi hope. Loaʻa iā mākou kahi noi pūnaewele e hana nei i mea hoʻololi no nā mea hoʻohana, maikaʻi, e like me kahi qiwi maʻamau a i ʻole webmoney moʻokāki - hana i kahi moʻokāki, hoʻohui i kahi kāleka, a pēlā aku. Kūkākūkā ʻo ia me kā mākou puka puka, ʻoiai ma o ka REST API ma ka wahi kūloko. A no laila ua hoʻoholo mākou e hoʻohui i nā bitcoins a ma ka manawa like e hoʻonui i ka ʻōnaehana, no ka mea ... I ka hoʻomakaʻana, ua hoʻokomoʻia nā mea a pau i ka wikiwiki ma nā virtualboxes ma ke keʻena ma lalo o ka papaʻaina ... ua hoʻomaka ka pūnaewele e hoʻohana, a ua hoʻomaka mākou e hopohopo no ka uptime a me ka hana.
No laila, e hoʻomaka kākou me ka mea nui - ke koho ʻana i kahi kikowaena. No ka mea liʻiliʻi ka ʻoihana i kā mākou laʻana a hilinaʻi mākou i ka hoster (OVH) a mākou e koho ai
Hoʻokomo kikowaena
He mea maʻalahi nā mea a pau maʻaneʻi. Koho mākou i ka lako e kūpono i kā mākou pono. A laila koho i ke kiʻi FreeBSD. ʻAe, a i ʻole mākou e hoʻopili (ma ke ʻano o kahi hoster ʻē aʻe a me kā mākou lako ponoʻī) ma o IPMI a i ʻole me kahi nānā a hānai i ke kiʻi .iso FreeBSD i ka hoʻoiho. No kahi hoʻonohonoho orchestral aʻu e hoʻohana ai
Hoʻokomo ʻia ka ʻōnaehana ma ke ʻano maʻamau, ʻaʻole wau e noʻonoʻo i kēia, e hoʻomaopopo wale wau ma mua o ka hoʻomaka ʻana i ka hana pono ia e hoʻolohe. a paakiki nā koho i hāʻawi ʻia bsdinstaller
i ka hopena o ka hoʻouka ʻana (inā ʻoe e hoʻokomo i ka ʻōnaehana iā ʻoe iho):
he nui na
Hiki nō hoʻi ke ʻae i nā ʻāpana i ʻōlelo ʻia ma luna o kahi ʻōnaehana i hoʻokomo ʻia. No ka hana ʻana i kēia, pono ʻoe e hoʻoponopono i ka faila bootloader a hiki i nā ʻāpana kernel. *ee he mea hoʻoponopono e like me kēia ma BSD
# ee /etc/rc.conf
...
#sec hard
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
# ee /etc/sysctl.conf
...
#sec hard
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=$(jot -r 1 9999)
security.bsd.stack_guard_page=1
Pono ʻoe e hōʻoia ua loaʻa iā ʻoe ka mana hou o ka ʻōnaehana i hoʻokomo ʻia, a
A laila hoʻonohonoho mākou aide
, ka nānā ʻana i ke kūlana o nā faila hoʻonohonoho ʻōnaehana. Hiki iā ʻoe ke heluhelu i nā kikoʻī hou aku
pkg install aide
a hoʻoponopono i kā mākou crontab
crontab -e
06 01 * * 0-6 /root/chkaide.sh
#! /bin/sh
#chkaide.sh
MYDATE=`date +%Y-%m-%d`
MYFILENAME="Aide-"$MYDATE.txt
/bin/echo "Aide check !! `date`" > /tmp/$MYFILENAME
/usr/local/bin/aide --check > /tmp/myAide.txt
/bin/cat /tmp/myAide.txt|/usr/bin/grep -v failed >> /tmp/$MYFILENAME
/bin/echo "**************************************" >> /tmp/$MYFILENAME
/usr/bin/tail -20 /tmp/myAide.txt >> /tmp/$MYFILENAME
/bin/echo "****************DONE******************" >> /tmp/$MYFILENAME
E huli
sysrc auditd_enable=YES
# service auditd start
Pehea e lawelawe ai i kēia mea i wehewehe pono ʻia ma
I kēia manawa, hoʻomaka hou mākou a hele i ka polokalamu ma ka kikowaena. He hypervisor kēlā me kēia kikowaena no nā ipu a i ʻole nā mīkini virtual piha. No laila, he mea nui e kākoʻo ke kaʻina hana VT-x a me EPT inā mākou e hoʻolālā e hoʻohana i ka virtualization piha.
No ka mālama ʻana i nā ipu a me nā mīkini virtual aʻu e hoʻohana ai
Nā pahu? Docker hou a pehea?
Akā ʻaʻole. cbsd
e hoʻonohonoho i kēia mau pahu, i kapa ʻia nā ʻāpana.
He hopena maikaʻi loa ka cage no ke kūkulu ʻana i nā ʻoihana no nā kumu like ʻole, kahi e pono ai ka hoʻokaʻawale piha ʻana i nā lawelawe a i ʻole nā kaʻina hana. ʻO ka mea nui, he clone ia o ka ʻōnaehana host, akā ʻaʻole pono ia i ka virtualization hardware piha. A mahalo i kēia, ʻaʻole i hoʻohana ʻia nā kumuwaiwai ma ka "host OS", akā ma ka hana wale nō. Ke hoʻohana ʻia nā kelepona no nā pono o loko, he hopena kūpono loa kēia no ka hoʻohana ʻana i nā kumuwaiwai maikaʻi loa - hiki i kahi pūʻulu o nā cell ma hoʻokahi kikowaena kikowaena hiki i kēlā me kēia ke hoʻohana i ka punawai kikowaena holoʻokoʻa inā pono. Ke noʻonoʻo nei i ka maʻamau o nā subservices ʻē aʻe e pono ai. nā kumuwaiwai i nā manawa like ʻole, hiki iā ʻoe ke unuhi i ka hana kiʻekiʻe loa mai kahi kikowaena inā ʻoe e hoʻolālā pono a kaulike i nā cell ma waena o nā kikowaena. Inā pono, hiki ke hoʻopaʻa ʻia nā kelepona i nā kumuwaiwai i hoʻohana ʻia.
Pehea e pili ana i ka virtualization piha?
I koʻu ʻike ʻana cbsd
kākoʻo i ka hana bhyve
a me XEN hypervisors. ʻAʻole au i hoʻohana i ka lua, akā he mea hou ka mea mua bhyve
ma ka laana malalo.
Hoʻouka a hoʻonohonoho ʻana i ke Kaiapuni Hoʻokipa
Hoʻohana mākou iā FS
gpart add -t freebsd-zfs /dev/ada0
/dev/ada0p4 added!
e hoʻohui i kahi ʻāpana disk i ka hakahaka i koe
geli init /dev/ada0p4
e hoʻokomo i kā mākou ʻōlelo huna
geli attach /dev/ada0p4
Hoʻokomo hou mākou i ka ʻōlelo huna a loaʻa iā mākou kahi mea /dev/ada0p4.eli - ʻo kā mākou wahi i hoʻopili ʻia. A laila hana hou mākou no / dev / ada1 a me ke koena o nā disks i ka array. A hana mākou i kahi hou
zpool create vms mirror /dev/ada0p4.eli /dev/ada1p4.eli /dev/ada3p4.eli
- ʻAe, ua mākaukau mākou i ka pahu kaua liʻiliʻi. ʻO kahi hui aniani o nā disks inā hāʻule kekahi o nā ʻekolu.
Ke hana ʻana i kahi ʻikepili ma kahi "wai" hou
zfs create vms/jails
pkg install cbsd
- Ua hoʻomaka mākou i kahi hui a hoʻonohonoho i ka hoʻokele no kā mākou mau cell.
Ma hope cbsd
hoʻokomo ʻia, pono e hoʻomaka:
# env workdir="/vms/jails" /usr/local/cbsd/sudoexec/initenv
ʻAe, pane mākou i nā nīnau he nui, me nā pane paʻamau.
*Inā ʻoe e hoʻohana ana i ka hoʻopunipuni, he mea nui ka daemon cbsdd
ʻAʻole i hoʻomaka maʻalahi a hiki i ka hoʻokaʻawale ʻana i nā disks me ka lima a i ʻole (ma kā mākou hiʻohiʻona e hana ʻia e zabbix)
** ʻAʻole wau e hoʻohana i ka NAT mai cbsd
, a hoʻonohonoho wau iaʻu iho i loko pf
.
# sysrc pf_enable=YES
# ee /etc/pf.conf
IF_PUBLIC="em0"
IP_PUBLIC="1.23.34.56"
JAIL_IP_POOL="192.168.0.0/24"
#WHITE_CL="{ 127.0.0.1 }"
icmp_types="echoreq"
set limit { states 20000, frags 20000, src-nodes 20000 }
set skip on lo0
scrub in all
#NAT for jails
nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC
## Bitcoin network port forward
IP_JAIL="192.168.0.1"
PORT_JAIL="{8333}"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
# service pf start
# pfctl -f /etc/pf.conf
ʻO ka hoʻonohonoho ʻana i nā kulekele firewall he kumuhana ʻokoʻa nō hoʻi, no laila ʻaʻole wau e hele hohonu i ka hoʻonohonoho ʻana i ke kulekele BLOCK ALL a me ka hoʻonohonoho ʻana i nā papa inoa keʻokeʻo, hiki iā ʻoe ke hana i kēlā me ka heluhelu ʻana.
ʻAe ... ua hoʻokomo mākou i cbsd, ʻo ia ka manawa e hana ai i kā mākou workhorse mua - ka diabolō Bitcoin caged!
cbsd jconstruct-tui
Maanei mākou e ʻike ai i ke kamaʻilio hana cell. Ma hope o ka hoʻonohonoho ʻana i nā waiwai āpau, e hana mākou!
I ka hana ʻana i kāu kelepona mua, pono ʻoe e koho i ka mea e hoʻohana ai i kumu no nā cell. Ke koho nei au i kahi mahele mai ka waihona FreeBSD me ke kauoha repo
. Hana ʻia kēia koho i ka wā e hoʻokumu ai i ke kelepona mua o kahi mana kikoʻī (hiki iā ʻoe ke hoʻokipa i nā cell o kekahi mana i ʻoi aku ka ʻoi ma mua o ka mana hoʻokipa).
Ma hope o ka hoʻokomoʻiaʻana o nā mea a pau, hoʻomaka mākou i ka hale!
# cbsd jstart bitcoind
Akā pono mākou e hoʻokomo i nā polokalamu i loko o ka hale.
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
jexec bitcoind
e komo i ka console cell
a i loko o ke kelepona hoʻokomo mākou i ka polokalamu me kona mau hilinaʻi (e hoʻomaʻemaʻe ʻia kā mākou ʻōnaehana hoʻokipa)
bitcoind:/@[15:25] # pkg install bitcoin-daemon bitcoin-utils
bitcoind:/@[15:30] # sysrc bitcoind_enable=YES
bitcoind:/@[15:30] # service bitcoind start
Aia ka Bitcoin i loko o ka hale, akā pono mākou i ka inoa ʻole no ka mea makemake mākou e hoʻopili i kekahi mau cages ma o ka pūnaewele TOP. Ma keʻano laulā, hoʻolālā mākou e holo i ka hapa nui o nā pūnaewele me nā polokalamu kānalua wale nō ma o kahi koho. Mahalo iā pf
Hiki iā ʻoe ke hoʻopau iā NAT no kekahi ʻano o nā helu IP ma ka pūnaewele kūloko, a ʻae iā NAT wale nō no kā mākou TOR node. No laila, ʻoiai inā komo ka malware i loko o ke kelepona, ʻaʻole ia e kamaʻilio me ka honua o waho, a inā e hana ʻia, ʻaʻole ia e hōʻike i ka IP o kā mākou kikowaena. No laila, hana mākou i kahi kelepona ʻē aʻe i nā lawelawe "i mua" ma ke ʻano he lawelawe ".onion" a ma ke ʻano he koho no ka loaʻa ʻana o ka Pūnaewele i nā kelepona pākahi.
# cbsd jsconstruct-tui
# cbsd jstart tor
# jexec tor
tor:/@[15:38] # pkg install tor
tor:/@[15:38] # sysrc tor_enable=YES
tor:/@[15:38] # ee /usr/local/etc/tor/torrc
Hoʻonohonoho e hoʻolohe ma kahi helu wahi (loaʻa no nā cell āpau)
SOCKSPort 192.168.0.2:9050
He aha hou aʻe kā mākou e pono ai no ka hauʻoli piha? ʻAe, pono mākou i kahi lawelawe no kā mākou pūnaewele, ʻoi aku paha ma mua o hoʻokahi. E hoʻomaka kākou i ka nginx, e hana ma ke ʻano he reverse-proxy a mālama i ka hoʻohou ʻana i nā palapala hōʻoia Let's Encrypt.
# cbsd jsconstruct-tui
# cbsd jstart nginx-rev
# jexec nginx-rev
nginx-rev:/@[15:47] # pkg install nginx py36-certbot
A no laila ua kau mākou i 150 MB o nā mea hilinaʻi i loko o kahi hale. A maʻemaʻe ka mea hoʻokipa.
E hoʻi kāua i ka hoʻonohonoho ʻana i ka nginx ma hope, pono mākou e hoʻāla hou i ʻelua mau kelepona no kā mākou ʻīpuka uku ma nā nodejs a me ka rust a me kahi noi pūnaewele, no kekahi kumu aia ma Apache a me PHP, a ʻo ka mea hope hoʻi e koi i kahi waihona MySQL.
# cbsd jsconstruct-tui
# cbsd jstart paygw
# jexec paygw
paygw:/@[15:55] # pkg install git node npm
paygw:/@[15:55] # curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
...a me 380 MB o nā pūʻolo i hoʻokaʻawale ʻia
A laila, hoʻoiho mākou i kā mākou noi me git a hoʻomaka.
# cbsd jsconstruct-tui
# cbsd jstart webapp
# jexec webapp
webapp:/@[16:02] # pkg install mariadb104-server apache24 php74 mod_php74 php74-pdo_mysql
450 MB pūʻolo. i loko o kahi pā.
eia mākou e hāʻawi i ka mea hoʻomohala i ke komo ma o SSH pololei i ke kelepona, e hana lākou i nā mea āpau ma laila:
webapp:/@[16:02] # ee /etc/ssh/sshd_config
Port 2267
- hoʻololi i ke awa SSH o ke kelepona i kekahi mea ʻole
webapp:/@[16:02] # sysrc sshd_enable=YES
webapp:/@[16:02] # service sshd start
ʻAe, ke holo nei ka lawelawe, ʻo ka mea i koe e hoʻohui i ke kānāwai pf
kikowaena
E ʻike kākou i ka IP i loaʻa i kā mākou mau cell a me ke ʻano o kā mākou "wahi kūloko".
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
2 192.168.0.2 tor.space.com /zroot/jails/jails/tor
3 192.168.0.3 nginx-rev.space.com /zroot/jails/jails/nginx-rev
4 192.168.0.4 paygw.space.com /zroot/jails/jails/paygw
5 192.168.0.5 webapp.my.domain /zroot/jails/jails/webapp
a hoʻohui i kahi lula
# ee /etc/pf.conf
## SSH for web-Devs
IP_JAIL="192.168.0.5"
PORT_JAIL="{ 2267 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
ʻAe, no ka mea aia mākou ma ʻaneʻi, e hoʻohui pū i kahi lula no ka hoʻohuli-proxy:
## web-ports for nginx-rev
IP_JAIL="192.168.0.3"
PORT_JAIL="{ 80, 443 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
# pfctl -f /etc/pf.conf
ʻAe, i kēia manawa e pili ana i nā bitcoins
ʻO ka mea i loaʻa iā mākou he palapala noi pūnaewele i hōʻike ʻia ma waho a kamaʻilio kūloko i kā mākou puka uku. I kēia manawa pono mākou e hoʻomākaukau i kahi hana hana no ka launa pū ʻana me ka pūnaewele Bitcoin ponoʻī - ka node bitcoind
he daemon wale nō ia e mālama nei i ke kope kūloko o ka blockchain i kēia lā. Loaʻa i kēia daemon ka hana RPC a me ka putele, akā aia nā "wrappers" maʻalahi no ka hoʻomohala noi. I ka hoʻomaka ʻana, ua hoʻoholo mākou e kau electrum
he pēke CLI.
laptops. I kēia manawa e hoʻohana mākou i ka Electrum me nā kikowaena lehulehu, a ma hope e hoʻāla mākou iā ia i kahi keena ʻē aʻe
# cbsd jsconstruct-tui
# cbsd jstart electrum
# jexec electrum
electrum:/@[8:45] # pkg install py36-electrum
kekahi 700 MB o ka lako polokalamu i loko o kā mākou hale
electrum:/@[8:53] # adduser
Username: wallet
Full name:
Uid (Leave empty for default):
Login group [wallet]:
Login group is wallet. Invite wallet into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: tcsh
Home directory [/home/wallet]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username : wallet
Password : <disabled>
Full Name :
Uid : 1001
Class :
Groups : wallet
Home : /home/wallet
Home Mode :
Shell : /bin/tcsh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (wallet) to the user database.
Add another user? (yes/no): no
Goodbye!
electrum:/@[8:53] # su wallet
electrum:/@[8:53] # su wallet
wallet@electrum:/ % electrum-3.6 create
{
"msg": "Please keep your seed in a safe place; if you lose it, you will not be able to restore your wallet.",
"path": "/usr/home/wallet/.electrum/wallets/default_wallet",
"seed": "jealous win pig material ribbon young punch visual okay cactus random bird"
}
I kēia manawa ua hana mākou i kahi ʻeke.
wallet@electrum:/ % electrum-3.6 listaddresses
[
"18WEhbjvMLGRMfwudzUrUd25U5C7uZYkzE",
"14XHSejhxsZNDRtk4eFbqAX3L8rftzwQQU",
"1KQXaN8RXiCN1ne9iYngUWAr6KJ6d4pPas",
...
"1KeVcAwEYhk29qEyAfPwcBgF5mMMoy4qjw",
"18VaUuSeBr6T2GwpSHYF3XyNgLyLCt1SWk"
]
wallet@electrum:/ % electrum-3.6 help
I ko makou i-ke kaulahao Hiki i nā poʻe liʻiliʻi ke hoʻopili i ka ʻeke kālā mai kēia manawa. I mea e wehe ʻole ai i ke komo ʻana i kēia kelepona mai waho mai, e loaʻa nā pilina ma o SSH ma o TOP (kahi decentralized version of VPN). Hoʻomaka mākou i ka SSH i loko o ke kelepona, akā mai hoʻopā i kā mākou pf.conf ma ka mea hoʻokipa.
electrum:/@[9:00] # sysrc sshd_enable=YES
electrum:/@[9:00] # service sshd start
I kēia manawa e hoʻopau i ke kelepona me ka loaʻa ʻana o ka Pūnaewele. E hāʻawi iā ia i IP address mai kahi kikowaena subnet ʻaʻole NATed. E hoʻololi mua kāua /etc/pf.conf
ma ka mea hookipa
# ee /etc/pf.conf
JAIL_IP_POOL="192.168.0.0/24"
e hoololi kakou i JAIL_IP_POOL="192.168.0.0/25"
, no laila ʻaʻole e loaʻa pololei nā helu helu 192.168.0.126-255 i ka Pūnaewele. ʻO kahi ʻano polokalamu "air-gap" pūnaewele. A e mau ana ka rula NAT e like me ia
nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC
Ke hoʻouka nui i nā lula
# pfctl -f /etc/pf.conf
I kēia manawa e lawe kāua i kā mākou kelepona
# cbsd jconfig jname=electrum
jset mode=quiet jname=electrum ip4_addr="192.168.0.200"
Remove old IP: /sbin/ifconfig em0 inet 192.168.0.6 -alias
Setup new IP: /sbin/ifconfig em0 inet 192.168.0.200 alias
ip4_addr: 192.168.0.200
Hmm, akā i kēia manawa e pau ka ʻōnaehana ponoʻī iā mākou. Eia naʻe, hiki iā mākou ke kuhikuhi i kahi proxy pūnaewele. Akā hoʻokahi mea, ma TOR he mea koho SOCKS5, a no ka maʻalahi makemake mākou i kahi proxy HTTP.
# cbsd jsconstruct-tui
# cbsd jstart polipo
# jexec polipo
polipo:/@[9:28] # pkg install polipo
polipo:/@[9:28] # ee /usr/local/etc/polipo/config
socksParentProxy = "192.168.0.2:9050"
socksProxyType = socks5
polipo:/@[9:42] # sysrc polipo_enable=YES
polipo:/@[9:43] # service polipo start
ʻAe, i kēia manawa aia ʻelua mau kikowaena proxy i kā mākou ʻōnaehana, a ua hoʻopuka ʻia ʻelua ma TOR: socks5://192.168.0.2:9050 a
I kēia manawa hiki iā mākou ke hoʻonohonoho i kā mākou ʻeke kālā
# jexec electrum
electrum:/@[9:45] # su wallet
wallet@electrum:/ % ee ~/.cshrc
#in the end of file proxy config
setenv http_proxy http://192.168.0.6:8123
setenv https_proxy http://192.168.0.6:8123
ʻAe, i kēia manawa e hana ka shell mai lalo o kahi proxy. Inā makemake mākou e hoʻokomo i nā pūʻolo, a laila pono mākou e hoʻohui i /usr/local/etc/pkg.conf
mai lalo mai o ke kumu o ka hīnaʻi
pkg_env: {
http_proxy: "http://my_proxy_ip:8123",
}
ʻAe, ʻo ka manawa kēia e hoʻohui i ka lawelawe huna TOR ma ke ʻano he helu o kā mākou lawelawe SSH i loko o ka hale ʻeke.
# jexec tor
tor:/@[9:59] # ee /usr/local/etc/tor/torrc
HiddenServiceDir /var/db/tor/electrum/
HiddenServicePort 22 192.168.0.200:22
tor:/@[10:01] # mkdir /var/db/tor/electrum
tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/electrum
tor:/@[10:01] # chmod 700 /var/db/tor/electrum
tor:/@[10:03] # service tor restart
tor:/@[10:04] # cat /var/db/tor/electrum/hostname
mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion
ʻO kēia kā mākou wahi pili. E nānā kāua mai ka mīkini kūloko. Akā pono mākou e hoʻohui i kā mākou kī SSH:
wallet@electrum:/ % mkdir ~/.ssh
wallet@electrum:/ % ee ~/.ssh/authorized_keys
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAG9Fk2Lqi4GQ8EXZrsH3EgSrVIQPQaAlS38MmJLBabihv9KHIDGXH7r018hxqLNNGbaJWO/wrWk7sG4T0yLHAbdQAFsMYof9kjoyuG56z0XZ8qaD/X/AjrhLMsIoBbUNj0AzxjKNlPJL4NbHsFwbmxGulKS0PdAD5oLcTQi/VnNdU7iFw== user@local
ʻAe, mai kahi mīkini mea kūʻai Linux
user@local ~$ nano ~/.ssh/config
#remote electrum wallet
Host remotebtc
User wallet
Port 22
Hostname mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion
ProxyCommand /bin/ncat --proxy localhost:9050 --proxy-type socks5 %h %p
E hoʻohui kāua (No kēia hana, pono ʻoe i kahi daemon TOR kūloko e hoʻolohe ana ma 9050)
user@local ~$ ssh remotebtc
The authenticity of host 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:iW8FKjhVF4yyOZB1z4sBkzyvCM+evQ9cCL/EuWm0Du4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion' (ECDSA) to the list of known hosts.
FreeBSD 12.1-RELEASE-p1 GENERIC
To save disk space in your home directory, compress files you rarely
use with "gzip filename".
-- Dru <[email protected]>
wallet@electrum:~ % logout
Спех!
No ka hana ʻana me ka uku koke a me ka micro-uku, pono mākou i kahi node c-lightning
pono no ka hana bitcoind
akā ʻae.
*Aia nā hoʻokō like ʻole o ka protocol Lightning Network ma nā ʻōlelo like ʻole. ʻO nā mea a mākou i hoʻāʻo ai, ʻo c-uwila (i kākau ʻia ma C) ʻoi aku ka paʻa a me ka maikaʻi o ka waiwai.
# cbsd jsconstruct-tui
# cbsd jstart cln
# jexec cln
lightning:/@[10:23] # adduser
Username: lightning
...
lightning:/@[10:24] # pkg install git
lightning:/@[10:23] # su lightning
cd ~ && git clone https://github.com/ElementsProject/lightning
lightning@lightning:~ % exit
lightning:/@[10:30] # cd /home/lightning/lightning/
lightning:/home/lightning/lightning@[10:31] # pkg install autoconf automake gettext git gmp gmake libtool python python3 sqlite3 libsodium py36-mako bash bitcoin-utils
lightning:/home/lightning/lightning@[10:34] # ./configure && gmake && gmake install
ʻOiai e hoʻopili ʻia a hoʻokomo ʻia nā mea āpau e pono ai, e hana mākou i mea hoʻohana RPC no lightningd
в bitcoind
# jexec bitcoind
bitcoind:/@[10:36] # ee /usr/local/etc/bitcoin.conf
rpcbind=192.168.0.1
rpcuser=test
rpcpassword=test
#allow only c-lightning
rpcallowip=192.168.0.7/32
bitcoind:/@[10:39] # service bitcoind restart
ʻO kaʻu hoʻololi chaotic ma waena o nā cell e lilo i mea ʻaʻole i chaotic inā ʻoe e ʻike i ka pono tmux
, hiki iā ʻoe ke hana i nā sub-sesions he nui i loko o hoʻokahi kau. Analogue: screen
No laila, ʻaʻole mākou makemake e hōʻike i ka IP maoli o kā mākou node, a makemake mākou e hana i nā hana kālā āpau ma o TOP. No laila, ʻaʻole pono kekahi .onion.
# jexec tor
tor:/@[9:59] # ee /usr/local/etc/tor/torrc
HiddenServiceDir /var/db/tor/cln/
HiddenServicePort 9735 192.168.0.7:9735
tor:/@[10:01] # mkdir /var/db/tor/cln
tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/cln
tor:/@[10:01] # chmod 700 /var/db/tor/cln
tor:/@[10:03] # service tor restart
tor:/@[10:04] # cat /var/db/tor/cln/hostname
en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion
I kēia manawa e hana mākou i kahi hoʻonohonoho no ka c-lightning
lightning:/home/lightning/lightning@[10:31] # su lightning
lightning@lightning:~ % mkdir .lightning
lightning@lightning:~ % ee .lightning/config
alias=My-LN-Node
bind-addr=192.168.0.7:9735
rgb=ff0000
announce-addr=en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion:9735
network=bitcoin
log-level=info
fee-base=0
fee-per-satoshi=1
proxy=192.168.0.2:9050
log-file=/home/lightning/.lightning/c-lightning.log
min-capacity-sat=200000
# sparko plugin
# https://github.com/fiatjaf/lightningd-gjson-rpc/tree/master/cmd/sparko
sparko-host=192.168.0.7
sparko-port=9737
sparko-tls-path=sparko-tls
#sparko-login=mywalletusername:mywalletpassword
#sparko-keys=masterkey;secretread:+listchannels,+listnodes;secretwrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
sparko-keys=masterkey;secretread:+listchannels,+listnodes;ultrawrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
# for the example above the initialization logs (mixed with lightningd logs) should print something like
lightning@lightning:~ % mkdir .lightning/plugins
lightning@lightning:~ % cd .lightning/plugins/
lightning@lightning:~/.lightning/plugins:% fetch https://github.com/fiatjaf/sparko/releases/download/v0.2.1/sparko_full_freebsd_amd64
lightning@lightning:~/.lightning/plugins % mkdir ~/.lightning/sparko-tls
lightning@lightning:~/.lightning/sparko-tls % cd ~/.lightning/sparko-tls
lightning@lightning:~/.lightning/sparko-tls % openssl genrsa -out key.pem 2048
lightning@lightning:~/.lightning/sparko-tls % openssl req -new -x509 -sha256 -key key.pem -out cert.pem -days 3650
lightning@lightning:~/.lightning/plugins % chmod +x sparko_full_freebsd_amd64
lightning@lightning:~/.lightning/plugins % mv sparko_full_freebsd_amd64 sparko
lightning@lightning:~/.lightning/plugins % cd ~
pono ʻoe e hana i kahi faila hoʻonohonoho no bitcoin-cli, kahi pono e kamaʻilio pū me bitcoind
lightning@lightning:~ % mkdir .bitcoin
lightning@lightning:~ % ee .bitcoin/bitcoin.conf
rpcconnect=192.168.0.1
rpcuser=test
rpcpassword=test
kaha
lightning@lightning:~ % bitcoin-cli echo "test"
[
"test"
]
hoʻolana lightningd
lightning@lightning:~ % lightningd --daemon
Nona iho lightningd
hiki iā ʻoe ke hoʻomalu i ka pono lightning-cli
no ka laʻana:
lightning-cli newaddr
e kiʻi i ka helu wahi no ka uku hou
{
"address": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv",
"bech32": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv"
}
lightning-cli withdraw bc1jufcxahfrnfhruwjgx3cq2n2ffq3lplhme878pv all
e hoʻouna i ke kālā a pau i loko o ka ʻeke kālā i ka helu wahi (nā leka uila āpau)
He kauoha nō hoʻi no nā hana o waho lightning-cli invoice
, lightning-cli listinvoices
, lightning-cli pay
a pēlā aku nō
ʻAe, no ka kamaʻilio ʻana me ka noi iā mākou he REST Api
curl -k https://192.168.0.7:9737/rpc -d '{"method": "pay", "params": ["lnbc..."]}' -H 'X-Access masterkey'
E hōʻuluʻulu i nā hualoaʻa
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
2 192.168.0.2 tor.space.com /zroot/jails/jails/tor
3 192.168.0.3 nginx-rev.space.com /zroot/jails/jails/nginx-rev
4 192.168.0.4 paygw.space.com /zroot/jails/jails/paygw
5 192.168.0.5 webapp.my.domain /zroot/jails/jails/webapp
7 192.168.0.200 electrum.space.com /zroot/jails/jails/electrum
8 192.168.0.6 polipo.space.com /zroot/jails/jails/polipo
9 192.168.0.7 lightning.space.com /zroot/jails/jails/cln
Loaʻa iā mākou kahi pahu pahu, kēlā me kēia me kona pae ponoʻī o ke komo ʻana mai a i ka pūnaewele kūloko.
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 279G 1.48T 88K /zroot
zroot/ROOT 1.89G 1.48T 88K none
zroot/ROOT/default 1.89G 17.6G 1.89G /
zroot/home 88K 1.48T 88K /home
zroot/jails 277G 1.48T 404M /zroot/jails
zroot/jails/bitcoind 190G 1.48T 190G /zroot/jails/jails-data/bitcoind-data
zroot/jails/cln 653M 1.48T 653M /zroot/jails/jails-data/cln-data
zroot/jails/electrum 703M 1.48T 703M /zroot/jails/jails-data/electrum-data
zroot/jails/nginx-rev 190M 1.48T 190M /zroot/jails/jails-data/nginx-rev-data
zroot/jails/paygw 82.4G 1.48T 82.4G /zroot/jails/jails-data/paygw-data
zroot/jails/polipo 57.6M 1.48T 57.6M /zroot/jails/jails-data/polipo-data
zroot/jails/tor 81.5M 1.48T 81.5M /zroot/jails/jails-data/tor-data
zroot/jails/webapp 360M 1.48T 360M /zroot/jails/jails-data/webapp-data
E like me kāu e ʻike ai, lawe ʻo bitcoind i nā 190 GB āpau. He aha inā makemake mākou i kahi node hou no ka hoʻāʻo? ʻO kēia kahi e hiki mai ai ʻo ZFS. Me ke kōkua cbsd jclone old=bitcoind new=bitcoind-clone host_hostname=clonedbtc.space.com
hiki iā ʻoe ke hana i kahi kiʻi paʻi a hoʻopili i kahi kelepona hou i kēia kiʻi. E loaʻa i ka cell hou kona wahi ponoʻī, akā ʻo ka ʻokoʻa ma waena o ka mokuʻāina o kēia manawa a me ka mea mua e mālama ʻia i ka ʻōnaehana faila (e mālama mākou ma kahi o 190 GB)
ʻO kēlā me kēia pūnaewele kona mau kikowaena ZFS pono'ī, a he mea maʻalahi kēia.
He mea kūpono hoʻi e ʻike i ka pono o ka nānā mamao ʻana i ka host, no kēia mau kumu i loaʻa iā mākou
B - palekana
E pili ana i ka palekana, e hoʻomaka kākou mai nā kumu nui i ka pōʻaiapili o ka ʻoihana:
Palekana - Nā mea hana maʻamau o nā ʻōnaehana like UNIX e hōʻoia i kēia kumu. Hoʻokaʻawale mākou i ke komo ʻana i kēlā me kēia ʻāpana ʻokoʻa o ka ʻōnaehana - kahi kelepona. Hāʻawi ʻia ke komo ma o ka hōʻoia o ka mea hoʻohana maʻamau me ka hoʻohana ʻana i nā kī pilikino o nā mea hoʻohana. Hoʻopili ʻia nā kamaʻilio āpau ma waena a i nā cell hope. Mahalo i ka disk encryption, ʻaʻole pono mākou e hopohopo e pili ana i ka palekana o ka ʻikepili ke hoʻololi i kahi disk a i ʻole ka neʻe ʻana i kahi kikowaena ʻē aʻe. ʻO ke ala koʻikoʻi wale nō ke komo ʻana i ka ʻōnaehana hoʻokipa, no ka mea, hāʻawi maʻamau ka loaʻa ʻana i ka ʻikepili i loko o nā pahu.
Pono pono “Aia ka hoʻokō ʻana i kēia loina ma nā pae like ʻole. ʻO ka mea mua, he mea nui e hoʻomaopopo i ke ʻano o ka lako kikowaena, ka hoʻomanaʻo ʻana o ECC, ʻo ZFS ua "ma waho o ka pahu" e mālama i ka pono o ka ʻikepili ma ka pae o nā ʻike. Hiki i nā paʻi kiʻi koke iā ʻoe ke hana i nā kope i kēlā me kēia manawa ma ka lele. He mea maʻalahi ka hoʻopili kelepona maʻalahi.
Loaʻa - He koho kēia. Ma muli o ke kiʻekiʻe o kou kaulana a me ka ʻoiaʻiʻo he mau inaina kāu. I kā mākou hiʻohiʻona, ua hōʻoia mākou e hiki ke loaʻa wale ka peke kālā mai ka pūnaewele TOP. Inā pono, hiki iā ʻoe ke ālai i nā mea āpau ma ka pā ahi a ʻae i ke komo ʻana i ka server ma o nā tunnels (TOR a i ʻole VPN kekahi mea ʻē aʻe). No laila, e ʻoki ʻia ke kikowaena mai ka honua waho e like me ka hiki, a ʻo mākou wale nō e hiki ke hoʻololi i kona loaʻa.
ʻAʻole hiki ke hōʻole - A pili kēia i ka hana hou a me ka hoʻokō ʻana i nā kulekele kūpono no nā kuleana mea hoʻohana, komo, etc. Akā me ke ala kūpono, ua loiloi ʻia nā hana a pau o ka mea hoʻohana, a mahalo i nā hoʻonā cryptographic hiki ke ʻike maopopo ʻole i ka mea nāna i hana i kekahi mau hana a me ka manawa.
ʻOiaʻiʻo, ʻo ka hoʻonohonoho i wehewehe ʻia ʻaʻole ia he hiʻohiʻona o ke ʻano o ka mea e mau ai, ʻo ia kahi hiʻohiʻona o ke ʻano e hiki ai, ʻoiai e paʻa ana i ka scaling maʻalahi a me ka hiki ke hoʻoponopono.
Pehea e pili ana i ka virtualization piha?
E pili ana i ka virtualization piha me ka cbsd hiki iā ʻoe bhyve
Pono ʻoe e ʻae i kekahi mau koho kernel.
# cat /etc/rc.conf
...
kld_list="vmm if_tap if_bridge nmdm"
...
# cat /boot/loader.conf
...
vmm_load="YES"
...
No laila inā pono ʻoe e hoʻomaka i kahi docker, a laila e hoʻokomo i kahi debian a hele!
ʻo ia wale nō
Manaʻo wau ʻo ia wale nō kaʻu makemake e kaʻana like. Inā makemake ʻoe i ka ʻatikala, hiki iā ʻoe ke hoʻouna mai iaʻu i kekahi bitcoins -
Source: www.habr.com