update some content

2021-10-28 14:13:06 +08:00
parent 97eb780aa4
commit 4f99455d8f
242 changed files with 1826 additions and 2616 deletions
--- a/public/post/init-script-in-openwrt-to-start-leproxy/index.html
+++ b/public/post/init-script-in-openwrt-to-start-leproxy/index.html
@@ -13,7 +13,7 @@
        "articleSection" : "post",
        "name" : "Init Script in Openwrt to Start Leproxy\/在openwrt 新增自動啟動leproxy的script",
        "headline" : "Init Script in Openwrt to Start Leproxy\/在openwrt 新增自動啟動leproxy的script",
-        "description" : "\x3cp\x3e最近在逐步的把舊有的VPN Router 汰換掉，改用wireguard 來作 full mesh site-to-site VPN\x3c\/p\x3e\n\x3cp\x3e不過這是另外的故事了\x26hellip;\x3c\/p\x3e\n\x3cp\x3e在把wireguard VPN 都搞定之後，才發現原來 openwrt 的 uhttpd 要加上 letsencrypt 的免費憑證有點難搞\x3c\/p\x3e\n\x3cp\x3e網路上大部分都介紹用 acme.sh ，我是有測試出來啦\x3c\/p\x3e\n\x3cp\x3e但是跟網路上的方法不太一樣了，新增了滿多步驟的，覺得很麻煩\x3c\/p\x3e\n\x3cp\x3e想到向來愛用的 leproxy ，既然是 golang 開發的，又是open source\x3c\/p\x3e\n\x3cp\x3e就拿來compile 給openwrt router 用用看\x3c\/p\x3e\n\x3cp\x3e想不到還真的可以， golang 真是棒！\x3c\/p\x3e\n\x3cp\x3e不過也還是要順手改一些openwrt 東西才行\x3c\/p\x3e\n\x3cp\x3e還是簡單作個筆記好了\x3c\/p\x3e",
+        "description" : "\u003cp\u003e最近在逐步的把舊有的VPN Router 汰換掉，改用wireguard 來作 full mesh site-to-site VPN\u003c\/p\u003e\n\u003cp\u003e不過這是另外的故事了\u0026hellip;\u003c\/p\u003e\n\u003cp\u003e在把wireguard VPN 都搞定之後，才發現原來 openwrt 的 uhttpd 要加上 letsencrypt 的免費憑證有點難搞\u003c\/p\u003e\n\u003cp\u003e網路上大部分都介紹用 acme.sh ，我是有測試出來啦\u003c\/p\u003e\n\u003cp\u003e但是跟網路上的方法不太一樣了，新增了滿多步驟的，覺得很麻煩\u003c\/p\u003e\n\u003cp\u003e想到向來愛用的 leproxy ，既然是 golang 開發的，又是open source\u003c\/p\u003e\n\u003cp\u003e就拿來compile 給openwrt router 用用看\u003c\/p\u003e\n\u003cp\u003e想不到還真的可以， golang 真是棒！\u003c\/p\u003e\n\u003cp\u003e不過也還是要順手改一些openwrt 東西才行\u003c\/p\u003e\n\u003cp\u003e還是簡單作個筆記好了\u003c\/p\u003e",
        "inLanguage" : "en",
        "author" : "Eric Chang",
        "creator" : "Eric Chang",
@@ -21,8 +21,8 @@
        "accountablePerson" : "Eric Chang",
        "copyrightHolder" : "Eric Chang",
        "copyrightYear" : "2021",
-        "datePublished": "2021-09-29 14:38:10 \x2b0800 CST",
-        "dateModified" : "2021-09-29 14:38:10 \x2b0800 CST",
+        "datePublished": "2021-09-29 14:38:10 \u002b0800 CST",
+        "dateModified" : "2021-09-29 14:38:10 \u002b0800 CST",
        "url" : "https:\/\/h.cowbay.org\/post\/init-script-in-openwrt-to-start-leproxy\/",
        "wordCount" : "312",
        "image" : "https://h.cowbay.orghttps://h.cowbay.org/images/post-default-8.jpg"",
@@ -45,9 +45,9 @@

 <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">

-<link href="https://h.cowbay.org/css/style.css?v=1632901489" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
+<link href="https://h.cowbay.org/css/style.css?v=1634607506" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>

-<link href="https://h.cowbay.org/css/custom.css?v=1632901489" rel="stylesheet" type='text/css' media='all'>
+<link href="https://h.cowbay.org/css/custom.css?v=1634607506" rel="stylesheet" type='text/css' media='all'>
 <link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
 <link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">

@@ -317,27 +317,27 @@ if (!doNotTrack) {
 <h4 id="compile-leproxy-for-arm64">compile leproxy for arm64</h4>
 <p>當然要先確認好自己的環境有沒有裝了golang 可以用來編譯，這部分就不多提了。</p>
 <h5 id="下載並編譯-leproxy">下載並編譯 leproxy</h5>
-<pre><code>git clone https://github.com/artyom/leproxy
+<pre tabindex="0"><code>git clone https://github.com/artyom/leproxy
 cd leproxy
 GOOS=linux GOARCH=arm64 go build .
 mv leproxy leproxy.arm64
 </code></pre><h5 id="copy-leproxyarm64-to-router">copy leproxy.arm64 to router</h5>
-<pre><code>scp leproxy.arm64 root@192.168.0.254:/root/leproxy.arm64
+<pre tabindex="0"><code>scp leproxy.arm64 root@192.168.0.254:/root/leproxy.arm64
 </code></pre><h4 id="接著-ssh-登入-router-作相關設定">接著 ssh 登入 router 作相關設定</h4>
 <p>ssh <a href="mailto:root@192.168.0.254">root@192.168.0.254</a></p>
 <h5 id="建立etcleproxymappingyml">建立/etc/leproxy/mapping.yml</h5>
-<pre><code>mkdir -p /etc/leproxy
+<pre tabindex="0"><code>mkdir -p /etc/leproxy
 vim /etc/leproxy/mapping.yml
 </code></pre><p>內容大概長這樣，一次可以不止一行
 然後要注意 hqvpnrouter.abc.com 這個域名要先存在 A 記錄並指向這臺 router</p>
-<pre><code>hqvpnrouter.abc.com: 192.168.0.254:81
+<pre tabindex="0"><code>hqvpnrouter.abc.com: 192.168.0.254:81
 </code></pre><p>前面是這臺機器的hostname , leproxy 會用這個hostname 去申請免費的憑證
 後面是要把hqvpnrouter.abc.com 的要求轉到哪裡？這邊就是轉到本機(192.168.0.254)的 81 port</p>
 <h5 id="修改-uhttpd-config">修改 uhttpd config</h5>
 <p>因為leproxy 會佔用 80 ,443 兩個port
 所以要把 uhttpd 改去別的port 工作
 順便把 https 的設定拿掉，讓leproxy 去煩惱</p>
-<pre><code># HTTP listen addresses, multiple allowed
+<pre tabindex="0"><code># HTTP listen addresses, multiple allowed
 	list listen_http	0.0.0.0:81
 	list listen_http	[::]:81

@@ -348,9 +348,9 @@ vim /etc/leproxy/mapping.yml
 	# Redirect HTTP requests to HTTPS if possible
 	option redirect_https	0
 </code></pre><p>然後先重啟 uhttpd</p>
-<pre><code>/etc/init.d/uhttpd restart
+<pre tabindex="0"><code>/etc/init.d/uhttpd restart
 </code></pre><p>看看 uhttpd 是不是已經改到 port 81</p>
-<pre><code>[200~root@HQ_VPN_ROUTER:~# netstat -antlp
+<pre tabindex="0"><code>[200~root@HQ_VPN_ROUTER:~# netstat -antlp
 netstat: showing only processes with your user ID
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
@@ -359,10 +359,10 @@ tcp        0      0 10.2.3.2:53             0.0.0.0:*               LISTEN
 </code></pre><p>好，這時候就可以用以下指令來測試leproxy 是不是可以正常運作</p>
 <p>cacheDir 是會被用來存放leproxy 取得的免費憑證，必須要先存在系統中
 或者是要存放在 /tmp , /root 也都可以</p>
-<pre><code>/root/leproxy.arm64 -map /etc/leproxy/mapping.yml -email chchang@abc.com -cacheDir /etc/acme/
+<pre tabindex="0"><code>/root/leproxy.arm64 -map /etc/leproxy/mapping.yml -email chchang@abc.com -cacheDir /etc/acme/
 </code></pre><h5 id="修改-firewall-config">修改 firewall config</h5>
 <p>加入底下這段</p>
-<pre><code>config redirect
+<pre tabindex="0"><code>config redirect
 	option dest_port '443'
 	option src 'wan'
 	option name 'https for leproxy'
@@ -376,7 +376,7 @@ tcp        0      0 10.2.3.2:53             0.0.0.0:*               LISTEN
 <h4 id="建立-init-script">建立 init script</h4>
 <p>在 /etc/init.d 中新增一個檔案叫 leproxy</p>
 <p>內容如下</p>
-<pre><code>#!/bin/sh /etc/rc.common
+<pre tabindex="0"><code>#!/bin/sh /etc/rc.common
 # Example script
 # Copyright (C) 2007 OpenWrt.org

@@ -392,11 +392,11 @@ stop () {
 	killall leproxy.arm64
 	}
 </code></pre><h5 id="改一下file-permission">改一下file permission</h5>
-<pre><code>chmod u+rwx /etc/init.d/leproxy
+<pre tabindex="0"><code>chmod u+rwx /etc/init.d/leproxy
 </code></pre><h5 id="設定開機自動啟動">設定開機自動啟動</h5>
-<pre><code>/etc/init.d/leproxy enable
+<pre tabindex="0"><code>/etc/init.d/leproxy enable
 </code></pre><h5 id="啟動leproxy">啟動leproxy</h5>
-<pre><code>/etc/init.d/leproxy restart
+<pre tabindex="0"><code>/etc/init.d/leproxy restart
 </code></pre><p>開啟 <a href="https://vpnrouter.abc.com">https://vpnrouter.abc.com</a> 再做一次確認</p>
            </article>
          </div>
@@ -684,7 +684,7 @@ title="pinterest icon"></i>
  </div>
  <script src="https://h.cowbay.org/js/jquery.min.js"></script>
 <script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
-<script src="https://h.cowbay.org/js/production.min.js?v=1632901489"></script>
+<script src="https://h.cowbay.org/js/production.min.js?v=1634607506"></script>

 </body>
 </html>