Nws thiaj li tshwm sim hais tias los ntawm txoj hauj lwm kuv yog ib tug thawj coj ntawm lub computer systems thiab networks (nyob rau hauv luv luv: system administrator), thiab kuv muaj lub sij hawm los qhia prof rau me ntsis ntau tshaj 10 xyoo. kev ua ub no ntawm ntau lub tshuab, nrog rau cov uas yuav tsum tau [hnyav] ntsuas kev ruaj ntseg. Nws kuj tshwm sim tias qee lub sij hawm dhau los kuv pom nws nthuav dev
, yog li ntawd, kuv tau hla dhau). Tab sis kuv tsis hais txog kev txhim kho, Kuv tab tom tham txog qhov chaw nyab xeeb thiab muaj txiaj ntsig zoo rau kev siv.
Nyiaj txiag Technology (fintech) mus tom ntej ntawm kev ruaj ntseg ntaub ntawv (cov infosec) thiab thawj zaug tuaj yeem ua haujlwm yam tsis muaj qhov thib ob, tab sis tsis ntev. Yog vim li cas kuv thiaj xav qhia kuv qhov kev paub thiab cov txheej txheem uas kuv siv, uas suav nrog ob qho tib si fintech, thiab cov infosec, thiab tib lub sijhawm, thiab tseem tuaj yeem siv rau lub hom phiaj dav dua lossis txawv kiag li. Hauv tsab xov xwm no kuv yuav qhia koj tsis ntau txog Bitcoin, tab sis hais txog cov qauv kev tsim kho vaj tse rau kev txhim kho thiab kev ua haujlwm ntawm nyiaj txiag (thiab tsis yog) cov kev pabcuam - hauv ib lo lus, cov kev pabcuam uas "B" tseem ceeb. Qhov no siv ob qho tib si rau kev sib pauv Bitcoin thiab rau cov tuam txhab zoo tshaj plaws ntawm cov kev pabcuam ntawm lub tuam txhab me tsis txuas nrog Bitcoin hauv txhua txoj kev.
Kuv xav kom nco ntsoov tias kuv yog tus txhawb nqa ntawm cov ntsiab cai "kom nws ruam yooj yim" ΠΈ "tsawg yog ntau", yog li ntawd, ob tsab xov xwm thiab dab tsi tau piav qhia hauv nws yuav muaj cov yam ntxwv uas cov ntsiab cai no hais txog.
Kev xav scenario: Cia peb saib txhua yam siv tus piv txwv ntawm bitcoin exchanger. Peb tau txiav txim siab los tsim kev sib pauv ntawm rubles, nyiaj, euros rau bitcoins thiab rov qab, thiab peb twb muaj kev daws teeb meem ua haujlwm, tab sis rau lwm cov nyiaj digital xws li qiwi thiab webmoney, i.e. Peb tau kaw tag nrho cov teeb meem kev cai lij choj, peb muaj daim ntawv thov npaj ua haujlwm uas ua haujlwm rau kev them nyiaj rau rubles, nyiaj thiab euros thiab lwm yam kev them nyiaj. Nws txuas nrog peb cov txhab nyiaj hauv txhab nyiaj thiab muaj qee yam API rau peb cov ntawv thov kawg. Peb kuj muaj ib daim ntawv thov lub vev xaib uas ua raws li kev sib pauv rau cov neeg siv, zoo, zoo li tus lej qiwi lossis webmoney account - tsim ib tus account, ntxiv daim npav, thiab lwm yam. Nws sib txuas lus nrog peb daim ntawv thov rooj vag, txawm tias dhau los ntawm REST API hauv cheeb tsam. Thiab yog li peb txiav txim siab txuas bitcoins thiab tib lub sijhawm txhim kho cov txheej txheem, vim tias ... Thaum xub thawj, txhua yam tau muab tso rau hauv nrawm nrawm ntawm virtualboxes hauv chaw ua haujlwm hauv qab rooj ... lub xaib tau pib siv, thiab peb pib txhawj xeeb txog lub sijhawm ua haujlwm thiab kev ua haujlwm.
Yog li, cia peb pib nrog qhov tseem ceeb - xaiv lub server. Vim kev lag luam hauv peb qhov piv txwv yog me me thiab peb ntseeg tus tswv tsev (OVH) peb yuav xaiv
Server installation
Txhua yam yooj yim ntawm no. Peb xaiv cov khoom siv uas haum rau peb cov kev xav tau. Tom qab ntawd xaiv cov duab FreeBSD. Zoo, los yog peb txuas (nyob rau hauv rooj plaub ntawm lwm hoster thiab peb tus kheej kho vajtse) ntawm IPMI los yog nrog ib tug saib thiab pub lub .iso FreeBSD duab rau hauv lub download. Rau kev teeb tsa orchestral kuv siv
Kev teeb tsa ntawm lub kaw lus tshwm sim hauv tus qauv, Kuv yuav tsis nyob ntawm qhov no, kuv tsuas yog nco ntsoov tias ua ntej pib ua haujlwm nws tsim nyog tau txais kev saib xyuas. tawv tawv kev xaiv uas nws muaj bsdinstaller
Thaum kawg ntawm lub installation (yog tias koj nruab qhov system koj tus kheej):
muaj
Nws tseem muaj peev xwm ua kom cov kev ntsuas saum toj no hais txog ntawm qhov system uas twb tau teeb tsa lawm. Txhawm rau ua qhov no, koj yuav tsum hloov kho cov ntaub ntawv bootloader thiab ua kom cov kernel tsis. *ee yog tus editor zoo li no hauv BSD
# ee /etc/rc.conf
...
#sec hard
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
# ee /etc/sysctl.conf
...
#sec hard
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=$(jot -r 1 9999)
security.bsd.stack_guard_page=1
Koj yuav tsum tau ua kom paub tseeb tias koj muaj qhov tseeb version ntawm qhov system ntsia, thiab
Tom qab ntawd peb teeb tsa aide
, saib xyuas cov xwm txheej ntawm qhov system configuration cov ntaub ntawv. Koj tuaj yeem nyeem ntxiv kom ntxaws
pkg install aide
thiab kho peb crontab
crontab -e
06 01 * * 0-6 /root/chkaide.sh
#! /bin/sh
#chkaide.sh
MYDATE=`date +%Y-%m-%d`
MYFILENAME="Aide-"$MYDATE.txt
/bin/echo "Aide check !! `date`" > /tmp/$MYFILENAME
/usr/local/bin/aide --check > /tmp/myAide.txt
/bin/cat /tmp/myAide.txt|/usr/bin/grep -v failed >> /tmp/$MYFILENAME
/bin/echo "**************************************" >> /tmp/$MYFILENAME
/usr/bin/tail -20 /tmp/myAide.txt >> /tmp/$MYFILENAME
/bin/echo "****************DONE******************" >> /tmp/$MYFILENAME
Peb suav nrog
sysrc auditd_enable=YES
# service auditd start
Yuav ua li cas tswj qhov teeb meem no zoo kawg nkaus piav nyob rau hauv
Tam sim no peb reboot thiab mus rau lub software ntawm lub server. Txhua lub server yog hypervisor rau ntim lossis puv tshuab virtual. Yog li ntawd, nws yog ib qho tseem ceeb uas lub processor txhawb VT-x thiab EPT yog tias peb npaj yuav siv tag nrho virtualization.
Txhawm rau tswj cov ntim khoom thiab cov tshuab virtual kuv siv
Ntim? Docker dua los yog dab tsi?
Tab sis tsis muaj. cbsd
mus orchestrate cov thawv, uas yog hu ua cell.
Lub tawb yog ib qho kev daws teeb meem zoo heev rau kev tsim kho vaj tse rau ntau lub hom phiaj, qhov twg ua tiav kev sib cais ntawm tus kheej cov kev pabcuam lossis cov txheej txheem yog qhov kawg. Qhov tseem ceeb, nws yog clone ntawm tus tswv system, tab sis nws tsis tas yuav tsum muaj tag nrho cov khoom siv virtualization. Thiab ua tsaug rau qhov no, cov peev txheej tsis yog siv rau ntawm "tus qhua OS", tab sis tsuas yog ntawm kev ua haujlwm. Thaum cov hlwb siv rau cov kev xav tau sab hauv, qhov no yog qhov kev daws teeb meem yooj yim heev rau kev siv cov peev txheej zoo - ib pawg ntawm cov hlwb ntawm ib tus neeg rau zaub mov kho vajtse tuaj yeem siv ib tus zuj zus siv tag nrho cov peev txheej server yog tias tsim nyog. Xav tias feem ntau sib txawv subservices xav tau ntxiv. cov peev txheej ntawm lub sijhawm sib txawv, koj tuaj yeem rho tawm qhov ua tau zoo tshaj plaws los ntawm ib tus neeg rau zaub mov yog tias koj npaj kom zoo thiab sib npaug ntawm cov hlwb ntawm cov servers. Yog tias tsim nyog, cov hlwb kuj tuaj yeem muab kev txwv rau cov peev txheej siv.
Yuav ua li cas yog tag nrho virtualization?
Raws li kuv paub, cbsd
txhawb kev ua haujlwm bhyve
thiab XEN hypervisors. Kuv yeej tsis tau siv tus thib ob, tab sis thawj tus yog tus tshiab bhyve
hauv qhov piv txwv hauv qab no.
Txhim kho thiab Configuring Host Environment
Peb siv FS
gpart add -t freebsd-zfs /dev/ada0
/dev/ada0p4 added!
ntxiv ib qho kev faib disk rau qhov chaw seem
geli init /dev/ada0p4
sau peb tus password encryption
geli attach /dev/ada0p4
Peb nkag mus rau tus password dua thiab peb muaj lub cuab yeej /dev/ada0p4.eli - qhov no yog peb qhov chaw encrypted. Tom qab ntawd peb rov ua qhov qub rau /dev/ada1 thiab seem ntawm cov disks hauv array. Thiab peb tsim ib qho tshiab
zpool create vms mirror /dev/ada0p4.eli /dev/ada1p4.eli /dev/ada3p4.eli
- Zoo, peb muaj cov khoom siv sib ntaus sib tua yam tsawg kawg nkaus. Ib qho mirrored array ntawm disks yog tias ib qho ntawm peb ua tsis tau.
Tsim cov ntaub ntawv tshiab ntawm "pool" tshiab
zfs create vms/jails
pkg install cbsd
- Peb tau tsim ib pab neeg thiab teeb tsa kev tswj hwm rau peb lub hlwb.
Tom qab cbsd
ntsia, nws yuav tsum tau pib:
# env workdir="/vms/jails" /usr/local/cbsd/sudoexec/initenv
Zoo, peb teb ib pawg ntawm cov lus nug, feem ntau nrog cov lus teb tsis raug.
* Yog tias koj siv encryption, nws tseem ceeb heev uas tus daemon cbsdd
tsis tau pib kom txog thaum koj decrypt cov disks manually lossis txiav (hauv peb qhov piv txwv no ua tiav los ntawm zabbix)
** Kuv kuj tsis siv NAT los ntawm cbsd
, thiab kuv configure nws tus kheej hauv pf
.
# sysrc pf_enable=YES
# ee /etc/pf.conf
IF_PUBLIC="em0"
IP_PUBLIC="1.23.34.56"
JAIL_IP_POOL="192.168.0.0/24"
#WHITE_CL="{ 127.0.0.1 }"
icmp_types="echoreq"
set limit { states 20000, frags 20000, src-nodes 20000 }
set skip on lo0
scrub in all
#NAT for jails
nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC
## Bitcoin network port forward
IP_JAIL="192.168.0.1"
PORT_JAIL="{8333}"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
# service pf start
# pfctl -f /etc/pf.conf
Kev teeb tsa firewall txoj cai kuj yog ib lub ncauj lus cais, yog li kuv yuav tsis nkag mus tob rau hauv kev teeb tsa BLOCK TAG NRHO txoj cai thiab teeb tsa cov npe dawb, koj tuaj yeem ua qhov ntawd los ntawm kev nyeem ntawv
Zoo ... peb muaj cbsd ntsia, nws yog lub sij hawm los tsim peb thawj workhorse - lub caged Bitcoin dab!
cbsd jconstruct-tui
Ntawm no peb pom cell creation dialog. Tom qab tag nrho cov txiaj ntsig tau teeb tsa, cia peb tsim!
Thaum tsim koj thawj lub xov tooj, koj yuav tsum xaiv dab tsi siv los ua lub hauv paus rau cov hlwb. Kuv xaiv ib qho kev faib tawm los ntawm FreeBSD chaw cia khoom nrog cov lus txib repo
. Qhov kev xaiv no tsuas yog thaum tsim thawj lub xovtooj ntawm ib qho tshwj xeeb version (koj tuaj yeem tuav lub hlwb ntawm txhua lub version uas laus dua tus tswv tsev).
Tom qab txhua yam raug teeb tsa, peb tso lub tawb!
# cbsd jstart bitcoind
Tab sis peb yuav tsum nruab software hauv lub tawb.
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
jexec bitcoind
mus rau hauv lub cell console
thiab twb nyob rau hauv lub cell peb nruab software nrog nws dependencies (peb tus tswv tsev tseem huv si)
bitcoind:/@[15:25] # pkg install bitcoin-daemon bitcoin-utils
bitcoind:/@[15:30] # sysrc bitcoind_enable=YES
bitcoind:/@[15:30] # service bitcoind start
Muaj Bitcoin hauv lub tawb, tab sis peb xav tau kev qhia tsis qhia npe vim peb xav txuas rau qee lub tawb ntawm TOP network. Feem ntau, peb npaj yuav khiav feem ntau cov hlwb nrog cov software tsis txaus ntseeg tsuas yog los ntawm lub npe. Ua tsaug rau pf
Koj tuaj yeem lov tes taw NAT rau qee qhov ntawm IP chaw nyob ntawm lub network hauv zos, thiab tso cai rau NAT nkaus xwb rau peb TOR node. Yog li, txawm tias malware nkag mus rau hauv lub xov tooj ntawm tes, nws feem ntau yuav tsis sib txuas lus nrog lub ntiaj teb sab nraud, thiab yog tias nws ua, nws yuav tsis qhia tus IP ntawm peb lub server. Yog li ntawd, peb tsim lwm lub xovtooj rau "xa mus" cov kev pabcuam raws li ".onion" kev pabcuam thiab ua tus tso npe rau kev nkag mus rau Is Taws Nem rau ib tus neeg lub hlwb.
# cbsd jsconstruct-tui
# cbsd jstart tor
# jexec tor
tor:/@[15:38] # pkg install tor
tor:/@[15:38] # sysrc tor_enable=YES
tor:/@[15:38] # ee /usr/local/etc/tor/torrc
Teem kom mloog ntawm qhov chaw nyob hauv zos (muaj rau txhua lub hlwb)
SOCKSPort 192.168.0.2:9050
Peb xav tau dab tsi ntxiv rau kev zoo siab? Yog, peb xav tau ib qho kev pabcuam rau peb lub vev xaib, tej zaum ntau tshaj ib qho. Cia peb pib nginx, uas yuav ua raws li tus neeg sawv cev rov qab thiab saib xyuas kev rov ua dua Let's Encrypt daim ntawv pov thawj
# cbsd jsconstruct-tui
# cbsd jstart nginx-rev
# jexec nginx-rev
nginx-rev:/@[15:47] # pkg install nginx py36-certbot
Thiab yog li peb muab 150 MB ntawm kev vam khom rau hauv lub tawb. Thiab tus tswv tsev tseem huv.
Cia peb rov qab los teeb tsa nginx tom qab, peb yuav tsum tau tsa ob lub hlwb ntxiv rau peb lub qhov rooj them nyiaj ntawm nodejs thiab xeb thiab daim ntawv thov web, uas yog vim li cas rau hauv Apache thiab PHP, thiab tom kawg kuj xav tau MySQL database.
# cbsd jsconstruct-tui
# cbsd jstart paygw
# jexec paygw
paygw:/@[15:55] # pkg install git node npm
paygw:/@[15:55] # curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
...thiab lwm 380 MB ntawm pob khoom cais
Tom ntej no, peb rub peb daim ntawv thov nrog git thiab tso nws.
# cbsd jsconstruct-tui
# cbsd jstart webapp
# jexec webapp
webapp:/@[16:02] # pkg install mariadb104-server apache24 php74 mod_php74 php74-pdo_mysql
450 MB pob. hauv ib lub tawb.
ntawm no peb muab tus tsim tawm nkag los ntawm SSH ncaj qha rau ntawm tes, lawv yuav ua txhua yam nyob ntawd lawv tus kheej:
webapp:/@[16:02] # ee /etc/ssh/sshd_config
Port 2267
- hloov SSH chaw nres nkoj ntawm lub xov tooj mus rau ib qho kev txiav txim siab
webapp:/@[16:02] # sysrc sshd_enable=YES
webapp:/@[16:02] # service sshd start
Zoo, qhov kev pabcuam tau ua haujlwm, txhua yam uas tseem tshuav yog ntxiv txoj cai rau pf
firewall
Cia peb pom dab tsi IP peb lub hlwb muaj thiab peb "hauv cheeb tsam" feem ntau zoo li cas.
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
2 192.168.0.2 tor.space.com /zroot/jails/jails/tor
3 192.168.0.3 nginx-rev.space.com /zroot/jails/jails/nginx-rev
4 192.168.0.4 paygw.space.com /zroot/jails/jails/paygw
5 192.168.0.5 webapp.my.domain /zroot/jails/jails/webapp
thiab ntxiv ib txoj cai
# ee /etc/pf.conf
## SSH for web-Devs
IP_JAIL="192.168.0.5"
PORT_JAIL="{ 2267 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
Zoo, txij li peb nyob ntawm no, cia peb ntxiv ib txoj cai rau thim rov qab:
## web-ports for nginx-rev
IP_JAIL="192.168.0.3"
PORT_JAIL="{ 80, 443 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL
# pfctl -f /etc/pf.conf
Zoo, tam sim no me ntsis txog bitcoins
Qhov peb muaj yog peb muaj daim ntawv thov web uas nthuav tawm sab nraud thiab nws hais lus hauv zos rau peb lub qhov rooj them nyiaj. Tam sim no peb yuav tsum npaj qhov chaw ua haujlwm rau kev cuam tshuam nrog Bitcoin network nws tus kheej - qhov node bitcoind
nws tsuas yog ib tug daemon uas khaws cov ntawv luam hauv zos ntawm blockchain mus txog hnub tim. Cov daemon no muaj RPC thiab lub hnab nyiaj ua haujlwm, tab sis muaj cov "wrappers" yooj yim dua rau kev txhim kho daim ntawv thov. Yuav pib nrog, peb txiav txim siab tso electrum
yog CLI hnab nyiaj.
laptops. Txog tam sim no peb yuav siv Electrum nrog cov servers pej xeem, thiab tom qab ntawd peb yuav tsa nws hauv lwm lub xov tooj
# cbsd jsconstruct-tui
# cbsd jstart electrum
# jexec electrum
electrum:/@[8:45] # pkg install py36-electrum
lwm 700 MB ntawm software hauv peb lub tawb
electrum:/@[8:53] # adduser
Username: wallet
Full name:
Uid (Leave empty for default):
Login group [wallet]:
Login group is wallet. Invite wallet into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: tcsh
Home directory [/home/wallet]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username : wallet
Password : <disabled>
Full Name :
Uid : 1001
Class :
Groups : wallet
Home : /home/wallet
Home Mode :
Shell : /bin/tcsh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (wallet) to the user database.
Add another user? (yes/no): no
Goodbye!
electrum:/@[8:53] # su wallet
electrum:/@[8:53] # su wallet
wallet@electrum:/ % electrum-3.6 create
{
"msg": "Please keep your seed in a safe place; if you lose it, you will not be able to restore your wallet.",
"path": "/usr/home/wallet/.electrum/wallets/default_wallet",
"seed": "jealous win pig material ribbon young punch visual okay cactus random bird"
}
Tam sim no peb muaj lub hnab nyiaj tsim.
wallet@electrum:/ % electrum-3.6 listaddresses
[
"18WEhbjvMLGRMfwudzUrUd25U5C7uZYkzE",
"14XHSejhxsZNDRtk4eFbqAX3L8rftzwQQU",
"1KQXaN8RXiCN1ne9iYngUWAr6KJ6d4pPas",
...
"1KeVcAwEYhk29qEyAfPwcBgF5mMMoy4qjw",
"18VaUuSeBr6T2GwpSHYF3XyNgLyLCt1SWk"
]
wallet@electrum:/ % electrum-3.6 help
Rau peb on-saw Tsuas yog cov neeg tsawg tsawg yuav tuaj yeem txuas mus rau lub hnab nyiaj txij li tam sim no. Txhawm rau kom tsis txhob qhib kev nkag mus rau lub xovtooj ntawm sab nraud, kev sib txuas ntawm SSH yuav tshwm sim los ntawm TOP (ib qho kev faib tawm ntawm VPN). Peb tso SSH hauv lub xov tooj ntawm tes, tab sis tsis txhob kov peb pf.conf ntawm tus tswv tsev.
electrum:/@[9:00] # sysrc sshd_enable=YES
electrum:/@[9:00] # service sshd start
Tam sim no cia peb tua lub xov tooj nrog lub hnab nyiaj hauv Internet. Cia peb muab nws qhov chaw nyob IP los ntawm lwm qhov chaw subnet uas tsis yog NATed. Ua ntej cia peb hloov /etc/pf.conf
ntawm tus tswv tsev
# ee /etc/pf.conf
JAIL_IP_POOL="192.168.0.0/24"
cia peb hloov nws mus JAIL_IP_POOL="192.168.0.0/25"
, yog li txhua qhov chaw nyob 192.168.0.126-255 yuav tsis muaj kev nkag mus rau Is Taws Nem ncaj qha. Ib hom software "air-gap" network. Thiab txoj cai NAT tseem nyob li qub
nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC
Overloading cov cai
# pfctl -f /etc/pf.conf
Tam sim no cia peb coj peb lub cell
# cbsd jconfig jname=electrum
jset mode=quiet jname=electrum ip4_addr="192.168.0.200"
Remove old IP: /sbin/ifconfig em0 inet 192.168.0.6 -alias
Setup new IP: /sbin/ifconfig em0 inet 192.168.0.200 alias
ip4_addr: 192.168.0.200
Hm, tab sis tam sim no lub kaw lus nws tus kheej yuav tsum tsis ua haujlwm rau peb. Txawm li cas los xij, peb tuaj yeem hais qhia qhov system npe. Tab sis muaj ib yam, ntawm TOR nws yog SOCKS5 npe, thiab kom yooj yim peb kuj xav tau HTTP npe.
# cbsd jsconstruct-tui
# cbsd jstart polipo
# jexec polipo
polipo:/@[9:28] # pkg install polipo
polipo:/@[9:28] # ee /usr/local/etc/polipo/config
socksParentProxy = "192.168.0.2:9050"
socksProxyType = socks5
polipo:/@[9:42] # sysrc polipo_enable=YES
polipo:/@[9:43] # service polipo start
Zoo, tam sim no muaj ob lub npe servers hauv peb lub cev, thiab ob qho tib si tso tawm ntawm TOR: thom khwm5: 192.168.0.2: 9050 thiab
Tam sim no peb tuaj yeem teeb tsa peb lub hnab nyiaj ib puag ncig
# jexec electrum
electrum:/@[9:45] # su wallet
wallet@electrum:/ % ee ~/.cshrc
#in the end of file proxy config
setenv http_proxy http://192.168.0.6:8123
setenv https_proxy http://192.168.0.6:8123
Zoo, tam sim no lub plhaub yuav ua haujlwm los ntawm kev tso npe. Yog tias peb xav txhim kho pob khoom, ces peb yuav tsum ntxiv rau /usr/local/etc/pkg.conf
los ntawm lub hauv paus ntawm lub tawb
pkg_env: {
http_proxy: "http://my_proxy_ip:8123",
}
Zoo, tam sim no nws yog lub sijhawm los ntxiv TOR zais kev pabcuam raws li qhov chaw nyob ntawm peb qhov kev pabcuam SSH hauv lub hnab nyiaj.
# jexec tor
tor:/@[9:59] # ee /usr/local/etc/tor/torrc
HiddenServiceDir /var/db/tor/electrum/
HiddenServicePort 22 192.168.0.200:22
tor:/@[10:01] # mkdir /var/db/tor/electrum
tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/electrum
tor:/@[10:01] # chmod 700 /var/db/tor/electrum
tor:/@[10:03] # service tor restart
tor:/@[10:04] # cat /var/db/tor/electrum/hostname
mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion
Nov yog peb qhov chaw nyob txuas. Cia peb kuaj los ntawm lub tshuab hauv zos. Tab sis ua ntej peb yuav tsum ntxiv peb tus yuam sij SSH:
wallet@electrum:/ % mkdir ~/.ssh
wallet@electrum:/ % ee ~/.ssh/authorized_keys
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAG9Fk2Lqi4GQ8EXZrsH3EgSrVIQPQaAlS38MmJLBabihv9KHIDGXH7r018hxqLNNGbaJWO/wrWk7sG4T0yLHAbdQAFsMYof9kjoyuG56z0XZ8qaD/X/AjrhLMsIoBbUNj0AzxjKNlPJL4NbHsFwbmxGulKS0PdAD5oLcTQi/VnNdU7iFw== user@local
Zoo, los ntawm lub tshuab siv Linux
user@local ~$ nano ~/.ssh/config
#remote electrum wallet
Host remotebtc
User wallet
Port 22
Hostname mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion
ProxyCommand /bin/ncat --proxy localhost:9050 --proxy-type socks5 %h %p
Wb sib txuas (Rau qhov no los ua haujlwm, koj xav tau lub zos TOR daemon uas mloog ntawm 9050)
user@local ~$ ssh remotebtc
The authenticity of host 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:iW8FKjhVF4yyOZB1z4sBkzyvCM+evQ9cCL/EuWm0Du4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion' (ECDSA) to the list of known hosts.
FreeBSD 12.1-RELEASE-p1 GENERIC
To save disk space in your home directory, compress files you rarely
use with "gzip filename".
-- Dru <[email protected]>
wallet@electrum:~ % logout
Kev vam meej!
Txhawm rau ua haujlwm nrog kev them nyiaj tam sim thiab micro, peb kuj xav tau lub node c-lightning
xav tau kev ua haujlwm bitcoind
tab sis yog.
*Muaj ntau qhov kev siv ntawm Lightning Network raws tu qauv hauv ntau hom lus. Ntawm cov uas peb tau sim, c- xob laim (sau hauv C) zoo li qhov ruaj khov tshaj plaws thiab muaj txiaj ntsig zoo
# cbsd jsconstruct-tui
# cbsd jstart cln
# jexec cln
lightning:/@[10:23] # adduser
Username: lightning
...
lightning:/@[10:24] # pkg install git
lightning:/@[10:23] # su lightning
cd ~ && git clone https://github.com/ElementsProject/lightning
lightning@lightning:~ % exit
lightning:/@[10:30] # cd /home/lightning/lightning/
lightning:/home/lightning/lightning@[10:31] # pkg install autoconf automake gettext git gmp gmake libtool python python3 sqlite3 libsodium py36-mako bash bitcoin-utils
lightning:/home/lightning/lightning@[10:34] # ./configure && gmake && gmake install
Thaum txhua yam tsim nyog tau muab tso ua ke thiab teeb tsa, cia peb tsim tus neeg siv RPC rau lightningd
Π² bitcoind
# jexec bitcoind
bitcoind:/@[10:36] # ee /usr/local/etc/bitcoin.conf
rpcbind=192.168.0.1
rpcuser=test
rpcpassword=test
#allow only c-lightning
rpcallowip=192.168.0.7/32
bitcoind:/@[10:39] # service bitcoind restart
Kuv chaotic hloov ntawm cov hlwb hloov tawm mus yuav tsis chaotic yog tias koj nco txog cov nqi hluav taws xob tmux
, uas tso cai rau koj los tsim ntau lub davhlau ya nyob twg sub-sessions hauv ib zaug. Analogue: screen
Yog li, peb tsis xav qhia tus IP tiag tiag ntawm peb cov node, thiab peb xav ua txhua yam kev lag luam nyiaj txiag los ntawm TOP. Yog li ntawd, lwm .dos tsis xav tau.
# jexec tor
tor:/@[9:59] # ee /usr/local/etc/tor/torrc
HiddenServiceDir /var/db/tor/cln/
HiddenServicePort 9735 192.168.0.7:9735
tor:/@[10:01] # mkdir /var/db/tor/cln
tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/cln
tor:/@[10:01] # chmod 700 /var/db/tor/cln
tor:/@[10:03] # service tor restart
tor:/@[10:04] # cat /var/db/tor/cln/hostname
en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion
Tam sim no cia peb tsim ib qho config rau c- xob laim
lightning:/home/lightning/lightning@[10:31] # su lightning
lightning@lightning:~ % mkdir .lightning
lightning@lightning:~ % ee .lightning/config
alias=My-LN-Node
bind-addr=192.168.0.7:9735
rgb=ff0000
announce-addr=en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion:9735
network=bitcoin
log-level=info
fee-base=0
fee-per-satoshi=1
proxy=192.168.0.2:9050
log-file=/home/lightning/.lightning/c-lightning.log
min-capacity-sat=200000
# sparko plugin
# https://github.com/fiatjaf/lightningd-gjson-rpc/tree/master/cmd/sparko
sparko-host=192.168.0.7
sparko-port=9737
sparko-tls-path=sparko-tls
#sparko-login=mywalletusername:mywalletpassword
#sparko-keys=masterkey;secretread:+listchannels,+listnodes;secretwrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
sparko-keys=masterkey;secretread:+listchannels,+listnodes;ultrawrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
# for the example above the initialization logs (mixed with lightningd logs) should print something like
lightning@lightning:~ % mkdir .lightning/plugins
lightning@lightning:~ % cd .lightning/plugins/
lightning@lightning:~/.lightning/plugins:% fetch https://github.com/fiatjaf/sparko/releases/download/v0.2.1/sparko_full_freebsd_amd64
lightning@lightning:~/.lightning/plugins % mkdir ~/.lightning/sparko-tls
lightning@lightning:~/.lightning/sparko-tls % cd ~/.lightning/sparko-tls
lightning@lightning:~/.lightning/sparko-tls % openssl genrsa -out key.pem 2048
lightning@lightning:~/.lightning/sparko-tls % openssl req -new -x509 -sha256 -key key.pem -out cert.pem -days 3650
lightning@lightning:~/.lightning/plugins % chmod +x sparko_full_freebsd_amd64
lightning@lightning:~/.lightning/plugins % mv sparko_full_freebsd_amd64 sparko
lightning@lightning:~/.lightning/plugins % cd ~
koj kuj yuav tsum tau tsim cov ntaub ntawv configuration rau bitcoin-cli, cov khoom siv hluav taws xob sib txuas lus nrog bitcoind
lightning@lightning:~ % mkdir .bitcoin
lightning@lightning:~ % ee .bitcoin/bitcoin.conf
rpcconnect=192.168.0.1
rpcuser=test
rpcpassword=test
kuaj
lightning@lightning:~ % bitcoin-cli echo "test"
[
"test"
]
tso tawm lightningd
lightning@lightning:~ % lightningd --daemon
Nws tus kheej lightningd
koj tuaj yeem tswj cov khoom siv hluav taws xob lightning-cli
, piv txwv:
lightning-cli newaddr
tau qhov chaw nyob rau kev them nyiaj tuaj tshiab
{
"address": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv",
"bech32": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv"
}
lightning-cli withdraw bc1jufcxahfrnfhruwjgx3cq2n2ffq3lplhme878pv all
xa tag nrho cov nyiaj hauv hnab nyiaj mus rau qhov chaw nyob (tag nrho cov chaw nyob hauv-chain)
Kuj commands rau off-chain operations lightning-cli invoice
, lightning-cli listinvoices
, lightning-cli pay
lwm.
Zoo, rau kev sib txuas lus nrog daim ntawv thov peb muaj REST Api
curl -k https://192.168.0.7:9737/rpc -d '{"method": "pay", "params": ["lnbc..."]}' -H 'X-Access masterkey'
Cia li muab cov ntsiab lus los sib piv
# jls
JID IP Address Hostname Path
1 192.168.0.1 bitcoind.space.com /zroot/jails/jails/bitcoind
2 192.168.0.2 tor.space.com /zroot/jails/jails/tor
3 192.168.0.3 nginx-rev.space.com /zroot/jails/jails/nginx-rev
4 192.168.0.4 paygw.space.com /zroot/jails/jails/paygw
5 192.168.0.5 webapp.my.domain /zroot/jails/jails/webapp
7 192.168.0.200 electrum.space.com /zroot/jails/jails/electrum
8 192.168.0.6 polipo.space.com /zroot/jails/jails/polipo
9 192.168.0.7 lightning.space.com /zroot/jails/jails/cln
Peb muaj cov thawv ntim khoom, txhua tus nrog nws tus kheej qib nkag tau ob qho tib si los ntawm thiab mus rau lub network hauv zos.
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 279G 1.48T 88K /zroot
zroot/ROOT 1.89G 1.48T 88K none
zroot/ROOT/default 1.89G 17.6G 1.89G /
zroot/home 88K 1.48T 88K /home
zroot/jails 277G 1.48T 404M /zroot/jails
zroot/jails/bitcoind 190G 1.48T 190G /zroot/jails/jails-data/bitcoind-data
zroot/jails/cln 653M 1.48T 653M /zroot/jails/jails-data/cln-data
zroot/jails/electrum 703M 1.48T 703M /zroot/jails/jails-data/electrum-data
zroot/jails/nginx-rev 190M 1.48T 190M /zroot/jails/jails-data/nginx-rev-data
zroot/jails/paygw 82.4G 1.48T 82.4G /zroot/jails/jails-data/paygw-data
zroot/jails/polipo 57.6M 1.48T 57.6M /zroot/jails/jails-data/polipo-data
zroot/jails/tor 81.5M 1.48T 81.5M /zroot/jails/jails-data/tor-data
zroot/jails/webapp 360M 1.48T 360M /zroot/jails/jails-data/webapp-data
Raws li koj tuaj yeem pom, bitcoind siv tag nrho 190 GB ntawm qhov chaw. Yuav ua li cas yog tias peb xav tau lwm qhov rau kev sim? Qhov no yog qhov uas ZFS los ua ke. Nrog kev pab cbsd jclone old=bitcoind new=bitcoind-clone host_hostname=clonedbtc.space.com
koj tuaj yeem tsim ib qho snapshot thiab txuas lub xov tooj tshiab rau qhov snapshot no. Lub xov tooj tshiab yuav muaj nws qhov chaw, tab sis tsuas yog qhov sib txawv ntawm lub xeev tam sim no thiab tus thawj yuav raug coj mus rau hauv tus account hauv cov ntaub ntawv kaw lus (peb yuav txuag tsawg kawg 190 GB)
Txhua lub xov tooj yog nws tus kheej cais ZFS dataset, thiab qhov no yooj yim heev.
Nws tseem tsim nyog sau cia qhov xav tau rau kev saib xyuas cov chaw taws teeb ntawm tus tswv tsev, rau cov hom phiaj no peb muaj
B - kev nyab xeeb
Hais txog kev ruaj ntseg, cia peb pib los ntawm cov hauv paus ntsiab lus tseem ceeb hauv cov ntsiab lus ntawm infrastructure:
Kev zais siab - Cov cuab yeej txheem ntawm UNIX-zoo li tshuab ua kom muaj kev ua raws li txoj cai no. Peb logically cais nkag mus rau txhua qhov kev sib cais ntawm qhov system - ib lub xovtooj. Kev nkag tau yog muab los ntawm tus qauv siv kev lees paub siv tus neeg siv tus kheej tus yuam sij. Tag nrho cov kev sib txuas lus ntawm thiab mus rau qhov kawg hlwb tshwm sim nyob rau hauv daim ntawv encrypted. Ua tsaug rau disk encryption, peb tsis tas yuav txhawj xeeb txog kev nyab xeeb ntawm cov ntaub ntawv thaum hloov disk lossis tsiv mus rau lwm lub server. Qhov tsuas yog qhov tseem ceeb yog nkag mus rau tus tswv system, txij li qhov kev nkag mus no feem ntau muab kev nkag mus rau cov ntaub ntawv hauv cov thawv.
Kev ncaj ncees βKev ua raws li txoj cai no tshwm sim nyob rau ntau theem sib txawv. Ua ntej, nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov tias nyob rau hauv cov ntaub ntawv ntawm server hardware, ECC nco, ZFS twb "tawm ntawm lub thawv" saib xyuas cov ntaub ntawv ncaj ncees ntawm cov ntaub ntawv cov khoom. Instant snapshots tso cai rau koj ua thaub qab txhua lub sijhawm ntawm ya. Yooj yim ntawm tes export / ntshuam cov cuab yeej ua cell replication yooj yim.
Muaj Txaus - Qhov no twb yog xaiv tau. Nyob ntawm seb koj lub koob meej thiab qhov tseeb tias koj muaj cov neeg ntxub. Hauv peb qhov piv txwv, peb tau xyuas kom meej tias lub hnab nyiaj siv tau tshwj xeeb los ntawm TOP network. Yog tias tsim nyog, koj tuaj yeem thaiv txhua yam ntawm firewall thiab tso cai rau kev nkag mus rau tus neeg rau zaub mov tshwj xeeb los ntawm tunnels (TOR lossis VPN yog lwm qhov teeb meem). Yog li, tus neeg rau zaub mov yuav raug txiav tawm ntawm lub ntiaj teb sab nraud kom ntau li ntau tau, thiab tsuas yog peb tus kheej yuav muaj peev xwm cuam tshuam nws qhov muaj.
Kev tsis lees paub - Thiab qhov no nyob ntawm kev ua haujlwm ntxiv thiab ua raws li cov cai kom raug rau cov neeg siv txoj cai, nkag mus, thiab lwm yam. Tab sis nrog txoj hauv kev zoo, txhua tus neeg siv cov kev ua tau raug tshuaj xyuas, thiab ua tsaug rau cov kev daws teeb meem cryptographic nws muaj peev xwm los txheeb xyuas tsis meej leej twg ua qee yam ua thiab thaum twg.
Ntawm chav kawm, qhov kev piav qhia configuration tsis yog ib qho piv txwv ntawm yuav ua li cas nws yuav tsum ib txwm ua, nws yog ib qho piv txwv ntawm yuav ua li cas nws yuav ua tau, thaum tuav tau yooj yim scaling thiab customization muaj peev xwm.
Yuav ua li cas yog tag nrho virtualization?
Txog tag nrho virtualization siv cbsd koj tuaj yeem ua tau bhyve
Koj yuav tsum tau qhib qee cov kev xaiv kernel.
# cat /etc/rc.conf
...
kld_list="vmm if_tap if_bridge nmdm"
...
# cat /boot/loader.conf
...
vmm_load="YES"
...
Yog li yog tias koj dheev xav pib docker, tom qab ntawd nruab qee qhov debian thiab mus tom ntej!
Yog tag nrho
Kuv xav tias yog txhua yam kuv xav qhia. Yog tias koj nyiam tsab xov xwm, ces koj tuaj yeem xa kuv ib co bitcoins -
Tau qhov twg los: www.hab.com