Oct
21
docker-compose.yml
services:
clickhouse:
image: clickhouse/clickhouse-server:latest
container_name: my-clickhouse
ports:
- "8123:8123" # HTTP API 端口,用于Web界面和HTTP请求
- "9000:9000" # 原生TCP协议端口,用于clickhouse-client连接
volumes:
- ./data:/var/lib/clickhouse # 数据持久化到主机的 ./data 目录
environment:
- CLICKHOUSE_DB=default
- CLICKHOUSE_USER=default
- CLICKHOUSE_PASSWORD=123456
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
deploy:
resources:
limits:
cpus: '4.0'
memory: 8G
reservations:
cpus: '1.0'
memory: 2G
启动
$ docker compose up -d
连接
$ docker exec -it my-clickhouse clickhouse-client --user default --password 123456
Playground:
$ git clone https://github.com/VKCOM/lighthouse.git
访问(替换 $CLICKHOUSE 为部署的 IP 或域名)
http://127.0.0.1/lighthouse/#http://$CLICKHOUSE:8123/?user=learn&password=123456
引用
services:
clickhouse:
image: clickhouse/clickhouse-server:latest
container_name: my-clickhouse
ports:
- "8123:8123" # HTTP API 端口,用于Web界面和HTTP请求
- "9000:9000" # 原生TCP协议端口,用于clickhouse-client连接
volumes:
- ./data:/var/lib/clickhouse # 数据持久化到主机的 ./data 目录
environment:
- CLICKHOUSE_DB=default
- CLICKHOUSE_USER=default
- CLICKHOUSE_PASSWORD=123456
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
deploy:
resources:
limits:
cpus: '4.0'
memory: 8G
reservations:
cpus: '1.0'
memory: 2G
启动
$ docker compose up -d
连接
$ docker exec -it my-clickhouse clickhouse-client --user default --password 123456
CREATE DATABASE learn;
CREATE USER 'learn' IDENTIFIED WITH sha256_password BY '123456';
GRANT ALL ON learn.* to 'learn';
CREATE USER 'learn' IDENTIFIED WITH sha256_password BY '123456';
GRANT ALL ON learn.* to 'learn';
Playground:
$ git clone https://github.com/VKCOM/lighthouse.git
访问(替换 $CLICKHOUSE 为部署的 IP 或域名)
http://127.0.0.1/lighthouse/#http://$CLICKHOUSE:8123/?user=learn&password=123456
Oct
16
备查
or from mysql:
Manually reload:
Usage
UDF:
CREATE DICTIONARY xxx.ip_region_dict
ON CLUSTER default_cluster
(
`prefix` UInt32,
`province` Nullable(String),
`province_code` UInt32,
`city` Nullable(String),
`city_code` UInt32,
`area` Nullable(String),
`area_code` UInt32
)
PRIMARY KEY prefix
SOURCE(CLICKHOUSE(HOST '127.0.01' USER 'user' PASSWORD 'xxxx' DB 'test' TABLE 'ip_region' ))
LIFETIME(MIN 0 MAX 0) -- 需要手动刷新
LAYOUT(HASHED())
ON CLUSTER default_cluster
(
`prefix` UInt32,
`province` Nullable(String),
`province_code` UInt32,
`city` Nullable(String),
`city_code` UInt32,
`area` Nullable(String),
`area_code` UInt32
)
PRIMARY KEY prefix
SOURCE(CLICKHOUSE(HOST '127.0.01' USER 'user' PASSWORD 'xxxx' DB 'test' TABLE 'ip_region' ))
LIFETIME(MIN 0 MAX 0) -- 需要手动刷新
LAYOUT(HASHED())
or from mysql:
SOURCE(MYSQL(HOST '127.0.0.1' PORT 3306 USER 'root' PASSWORD 'xxxxx' DB 'test' TABLE 'xxx'))
LIFETIME(MIN 300 MAX 600) -- 5~10分钟自动刷新
LAYOUT(HASHED())
LIFETIME(MIN 300 MAX 600) -- 5~10分钟自动刷新
LAYOUT(HASHED())
Manually reload:
SYSTEM RELOAD DICTIONARY
ON CLUSTER default_cluster
ip_region_dict;
ON CLUSTER default_cluster
ip_region_dict;
Usage
dictGet('xxx.ip_region_dict', 'city', intDiv(IPv4StringToNumOrDefault(ip), 256))
UDF:
CREATE FUNCTION getIPCity
ON CLUSTER default_cluster
AS (ip) ->
dictGet('xxx.ip_region_dict', 'city', intDiv(IPv4StringToNumOrDefault(ip), 256));
ON CLUSTER default_cluster
AS (ip) ->
dictGet('xxx.ip_region_dict', 'city', intDiv(IPv4StringToNumOrDefault(ip), 256));
Aug
15
前置准备:给 Moon 服务器放通 UDP 9993 端口
部署 Moon 服务器:
# curl -s https://install.zerotier.com | sudo bash
***
Waiting for identity generation...
***
Success! You are ZeroTier address [ d77***817 ]
# cd /var/lib/zerotier-one
# zerotier-idtool initmoon identity.public >>moon.json
# vi moon.json
在 `stableEndpoints` 里增加 Moon 服务器的 "固定IP:端口"(有IPv6的话也可以加上),例如
"stableEndpoints": ["1.2.3.4:9993"]
# zerotier-idtool genmoon moon.json
wrote 00000032***006.moon (signed world with timestamp 1755***6150)
# mkdir moons.d
# cp 0000003286fa6006.moon moons.d/
# systemctl restart zerotier-one
部署控制器 ztncui
安装 nodejs
# curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
# source ~/.bashrc
# nvm install v16
使用淘宝镜像源
# npm config set registry https://registry.npmmirror.com
# git clone https://github.com/key-networks/ztncui
# cd ztncui/src
# npm install
# cp -v etc/default.passwd etc/passwd
# vi .env
ZT_TOKEN=$TOKEN
NODE_ENV=production
HTTP_PORT=3456
HTTP_ALL_INTERFACES=no
注:
1. $TOKEN 的值从 /var/lib/zerotier-one/authtoken.secret 读取
2. 最后一个参数改成 yes 就是把 3456 端口暴露给公网了,慎用(考虑用 https 加密)
测试启动:
# npm start
通过ssh端口转发把服务器的 3456 端口开到本地访问 http://127.0.0.1:3456(避免http无加密访问)
默认用户名 admin 密码 password
使用 pm2 常驻启动
# npm install -g pm2
# pm2 start bin/www --name ztncui
# pm2 startup
# pm2 save
登录 ztncui
- add network
- easy network setup
- generate network address
在需要加入的设置执行
# sudo zerotier-cli join $NETWORK
然后在 ztncui 上 approve 即可。
部署 Moon 服务器:
# curl -s https://install.zerotier.com | sudo bash
引用
***
Waiting for identity generation...
***
Success! You are ZeroTier address [ d77***817 ]
# cd /var/lib/zerotier-one
# zerotier-idtool initmoon identity.public >>moon.json
# vi moon.json
在 `stableEndpoints` 里增加 Moon 服务器的 "固定IP:端口"(有IPv6的话也可以加上),例如
引用
"stableEndpoints": ["1.2.3.4:9993"]
# zerotier-idtool genmoon moon.json
引用
wrote 00000032***006.moon (signed world with timestamp 1755***6150)
# mkdir moons.d
# cp 0000003286fa6006.moon moons.d/
# systemctl restart zerotier-one
部署控制器 ztncui
安装 nodejs
# curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
# source ~/.bashrc
# nvm install v16
使用淘宝镜像源
# npm config set registry https://registry.npmmirror.com
# git clone https://github.com/key-networks/ztncui
# cd ztncui/src
# npm install
# cp -v etc/default.passwd etc/passwd
# vi .env
引用
ZT_TOKEN=$TOKEN
NODE_ENV=production
HTTP_PORT=3456
HTTP_ALL_INTERFACES=no
注:
1. $TOKEN 的值从 /var/lib/zerotier-one/authtoken.secret 读取
2. 最后一个参数改成 yes 就是把 3456 端口暴露给公网了,慎用(考虑用 https 加密)
测试启动:
# npm start
通过ssh端口转发把服务器的 3456 端口开到本地访问 http://127.0.0.1:3456(避免http无加密访问)
默认用户名 admin 密码 password
使用 pm2 常驻启动
# npm install -g pm2
# pm2 start bin/www --name ztncui
# pm2 startup
# pm2 save
登录 ztncui
- add network
- easy network setup
- generate network address
在需要加入的设置执行
# sudo zerotier-cli join $NETWORK
然后在 ztncui 上 approve 即可。
Jun
7
参考安装步骤:https://yeasy.gitbook.io/docker_practice/install/ubuntu
== 修改镜像源 ==
国内 Docker Hub 镜像加速器:https://github.com/DaoCloud/public-image-mirror
$ sudo mkdir -p /etc/docker && sudo vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.m.daocloud.io"
]
}
== 配置代理 ==
sudo mkdir /etc/systemd/system/docker.service.d
sudo vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:7890"
Environment="HTTPS_PROXY=http://127.0.0.1:7890"
Environment="NO_PROXY=localhost,127.0.0.1,tencentcloudcr.com"
最后需要重新加载配置:
sudo systemctl daemon-reload && sudo systemctl restart docker
== 修改镜像源 ==
国内 Docker Hub 镜像加速器:https://github.com/DaoCloud/public-image-mirror
$ sudo mkdir -p /etc/docker && sudo vi /etc/docker/daemon.json
引用
{
"registry-mirrors": [
"https://docker.m.daocloud.io"
]
}
== 配置代理 ==
sudo mkdir /etc/systemd/system/docker.service.d
sudo vi /etc/systemd/system/docker.service.d/http-proxy.conf
引用
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:7890"
Environment="HTTPS_PROXY=http://127.0.0.1:7890"
Environment="NO_PROXY=localhost,127.0.0.1,tencentcloudcr.com"
最后需要重新加载配置:
sudo systemctl daemon-reload && sudo systemctl restart docker
May
8
在阿里云采购的小内存(512M)主机会 OOM,卸载完这些垃圾服务以后就正常了。
# 云盾(AliYunDun、AliYunDunMonitor)
https://help.aliyun.com/zh/security-center/user-guide/uninstall-the-security-center-agent#section-wfc-zqf-pgb
在主机资产页面该服务器基本信息页签的防御状态区域关闭「客户端自保护」和「恶意主机行为防御」
然后在 云安全中心控制台 -> 系统配置 > 功能设置 -> 客户端 -> 卸载,找到对应的主机完成卸载。
# 云助手(aliyun-assist)
https://help.aliyun.com/zh/ecs/user-guide/start-stop-or-uninstall-the-cloud-assistant-agent
# 云监控(cloudmonitor)
https://help.aliyun.com/zh/cms/cloudmonitor-1-0/user-guide/install-and-uninstall-the-cloudmonitor-agent-for-cpp#section-hdw-doi-fv4
06-30 update
aliyun 的默认 ubuntu 发行版还自动启用了一些非常占内存的服务,可能会导致小内存实例 OOM,需要禁用:
# 云盾(AliYunDun、AliYunDunMonitor)
https://help.aliyun.com/zh/security-center/user-guide/uninstall-the-security-center-agent#section-wfc-zqf-pgb
在主机资产页面该服务器基本信息页签的防御状态区域关闭「客户端自保护」和「恶意主机行为防御」
然后在 云安全中心控制台 -> 系统配置 > 功能设置 -> 客户端 -> 卸载,找到对应的主机完成卸载。
# 云助手(aliyun-assist)
https://help.aliyun.com/zh/ecs/user-guide/start-stop-or-uninstall-the-cloud-assistant-agent
/usr/local/share/assist-daemon/assist_daemon --stop
/usr/local/share/assist-daemon/assist_daemon --delete
ps x | grep aliyun-service
kill $PID
rm -rf /usr/local/share/assist-daemon
rm -rf /usr/local/share/aliyun-assist
/usr/local/share/assist-daemon/assist_daemon --delete
ps x | grep aliyun-service
kill $PID
rm -rf /usr/local/share/assist-daemon
rm -rf /usr/local/share/aliyun-assist
# 云监控(cloudmonitor)
https://help.aliyun.com/zh/cms/cloudmonitor-1-0/user-guide/install-and-uninstall-the-cloudmonitor-agent-for-cpp#section-hdw-doi-fv4
bash /usr/local/cloudmonitor/cloudmonitorCtl.sh stop
bash /usr/local/cloudmonitor/cloudmonitorCtl.sh uninstall
rm -rf /usr/local/cloudmonitor
bash /usr/local/cloudmonitor/cloudmonitorCtl.sh uninstall
rm -rf /usr/local/cloudmonitor
06-30 update
aliyun 的默认 ubuntu 发行版还自动启用了一些非常占内存的服务,可能会导致小内存实例 OOM,需要禁用:
systemctl stop tuned multipathd.service multipathd.socket fwupd fwupd-refresh fwupd-refresh.timer apt-daily.timer apt-daily-upgrade.timer
systemctl disable tuned multipathd.service multipathd.socket fwupd fwupd-refresh fwupd-refresh.timer apt-daily.timer apt-daily-upgrade.timer
systemctl disable tuned multipathd.service multipathd.socket fwupd fwupd-refresh fwupd-refresh.timer apt-daily.timer apt-daily-upgrade.timer
Apr
15
某办公网的 ISP 有强制 DNS 劫持,通过这种方式可以在内网提供不受污染的 DNS 服务:
修改 hosts
120.53.53.53 doh.pub
然后用 gost v2 提供 dns 服务:
sudo gost -L="dns://${内网IP}:53?mode=udp&dns=https://doh.pub/dns-query"
注:
1. 如果不修改 hosts,有可能仍然被劫持;
2. gost(v2)可从 https://github.com/ginuerzh/gost 下载;
3. 监听 0.0.0.0 会失败(可能是因为 systemd 在监听 127.0.2.1:53 有冲突),所以需要监听指定的 IP。
修改 hosts
引用
120.53.53.53 doh.pub
然后用 gost v2 提供 dns 服务:
引用
sudo gost -L="dns://${内网IP}:53?mode=udp&dns=https://doh.pub/dns-query"
注:
1. 如果不修改 hosts,有可能仍然被劫持;
2. gost(v2)可从 https://github.com/ginuerzh/gost 下载;
3. 监听 0.0.0.0 会失败(可能是因为 systemd 在监听 127.0.2.1:53 有冲突),所以需要监听指定的 IP。
Mar
15
通过 API 下载了个 zip 文件是 AES-256 加密的,用 unzip 解压报错:
WINRAR 倒是可以解压,但是 unrar 命令行工具不支持。
换用 7zip 可以正常解压,在 windows 下有乱码,倒腾了一圈,最后解决了:
注:
- `-y` 表示确认所有提问(例如文件存在则覆盖)
- 65001 是 UTF-8 的 code page;反过来如果是windows下压缩的文件希望在linux下解压无乱码,就得用 936 (即GBK)
- 文件扩展名需要是 .zip;如果用 .7z 的话,也会报错 "Can't open as archive: 1"
引用
unsupported compression method 99
WINRAR 倒是可以解压,但是 unrar 命令行工具不支持。
换用 7zip 可以正常解压,在 windows 下有乱码,倒腾了一圈,最后解决了:
引用
7z x -y -pPASSWORD -mcp=65001 file.zip
注:
- `-y` 表示确认所有提问(例如文件存在则覆盖)
- 65001 是 UTF-8 的 code page;反过来如果是windows下压缩的文件希望在linux下解压无乱码,就得用 936 (即GBK)
- 文件扩展名需要是 .zip;如果用 .7z 的话,也会报错 "Can't open as archive: 1"
Dec
18
1. Get character count in a line
$ xxd packets | head -n 1 | wc -c
68
2. Join lines
xxd packets | tr -d '\n' && echo
Save the output to local file "packets.xxd".
3. Fold lines and decode
fold packets.xxd -w 67 | xxd -r > packets
引用
$ xxd packets | head -n 1 | wc -c
68
2. Join lines
引用
xxd packets | tr -d '\n' && echo
Save the output to local file "packets.xxd".
3. Fold lines and decode
引用
fold packets.xxd -w 67 | xxd -r > packets