ini FreeBSD pf.conf用于服务
FreeBSD pf.conf的服务理念
service-pf.conf
# See pf(4) and pf.conf(5)
#
#
# Author: Carlo DiCelico, June 2018
#
# Notes:
# Required order is options, normalization, queuing, translation, filtering
# Translation rules match first, filtering rules match last
# Update IPs for your instance and customize rules for your service
# ----- 0. MACROS -----
services = "{ domain, http, https, ntp }"
web_services = "{ http, https }"
# ICMP
icmp_types = "{ echoreq, unreach }"
# external interface
public_if = "vtnet0"
public_ip = "KADABRA_PUBLIC_IP"
# internal interface
private_if = "vtnet1"
private_ip = "KADABRA_PRIVATE_IP"
# jail interface
jail_if = "lo1"
jail_ip = "172.16.1.1"
jail_net = $jail_if:network
# black holes
table <bruteforce> persist
table <abusivehost> persist
# trusted - TODO: generate these from terraform based on fw rules
table <trusted_hosts_inet> persist file "/etc/pf/trusted_hosts_inet"
table <trusted_hosts_inet6> persist file "/etc/pf/trusted_hosts_inet6"
# ----- 1. OPTIONS -----
# skip filtering loopback
set skip on lo0
# debug only urgent
set debug urgent
# return rather than drop
set block-policy return
# out-of-the-box optimizations
set optimization normal
# timeouts
set timeout { tcp.closing 60, tcp.established 7200 }
# ----- 2. NORMALIZATION -----
# scrub IB packets, reassemble, clear "do not fragment" bit, use random id, set max seg size to 1440b
scrub in all fragment reassemble no-df random-id max-mss 1440
# ----- 3. QUEUEING -----
# None (DO-managed)
# ----- 4. TRANSLATION -----
# OB NAT for jails
nat on $public_if from $jail_net to any -> $public_ip port 1024:65535 static-port
# send web traffic to our jail - put your own NAT and redirect rules here
rdr pass on $public_if inet proto tcp to port $web_services -> $jail_if
# ----- 5. FILTERING -----
# ----- INGRESS RULES -----
# default block
block log
# activity from forged IPs
antispoof quick for { $public_if $private_if }
# limited ping support
pass inet proto icmp all icmp-type $icmp_types keep state (max-src-conn-rate 6/4, overload <abusivehosts> flush global)
pass inet6 proto icmp6 all icmp6-type $icmp_types keep state (max-src-conn-rate 6/4, overload <abusivehosts> flush global)
# rate-limited, potentially malicious hosts
block quick log from { <bruteforce> <abusivehosts> }
# disallowed services
block quick log on { $public_if $private_if } \
proto { tcp, udp } \
from any to any port { 111 67 }
# allow IB SSH to public_if from trusted hosts
pass in log inet proto { tcp udp } from <trusted_hosts_inet> to $public_if port ssh
# allow other IB services to any interface—customize this for your own needs
pass in log inet proto { tcp udp } from any to any port $services
# ----- EGRESS RULES -----
# let jail traffic be translated
pass from { lo0, $jail_net } to any keep state
# allow all outgoing
pass out all keep state
ini nginx_phpmyadmin.conf
nginx_phpmyadmin.conf
server {
listen 127.0.0.1:1500;
server_name _;
index index.html index.htm index.php;
location / {
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/run/php/php7.2-fpm-phpmyadmin.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PHP_VALUE upload_max_filesize=60M;
#fastcgi_param PHP_VALUE post_max_size=60M;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
ini php_phpmyadmin.conf
php_phpmyadmin.conf
[phpmyadmin]
user = www-data
group = www-data
listen = /run/php/php7.2-fpm-phpmyadmin.sock
listen.backlog = -1
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 512
pm.start_servers = 40
pm.min_spare_servers = 32
pm.max_spare_servers = 126
pm.max_requests = 500
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
ini php.conf
php.conf
[site]
user = www-data
group = www-data
listen = /run/php/php7.2-fpm-site.sock
listen.backlog = -1
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 512
pm.start_servers = 40
pm.min_spare_servers = 32
pm.max_spare_servers = 126
pm.max_requests = 500
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
ini nginx_laravel.conf
nginx_laravel.conf
server {
listen 80;
server_name site.com www.site.com;
return 301 https://site.com$request_uri;
}
server {
listen 443 ssl http2;
server_name site.com;
root /var/www/site/public;
index index.html index.htm index.php;
access_log /var/log/nginx/site.com.access.log;
error_log /var/log/nginx/site.com.error.log;
error_page 401 /custom_401.html;
if ($host ~* ^www\.(.*)) {
set $host_without_www $1;
rewrite ^(.*)$ $scheme://$host_without_www$1 permanent;
break;
}
if ($request_uri ~* "^(.*/)index\.php$") {
return 301 $1;
}
location = /custom_401.html {
root /usr/share/nginx/html;
internal;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.(?:ico|css|gif|jpe?g|js|png|svg|svgz|swf)(\?.+)?$ {
access_log off;
log_not_found off;
expires 7d;
}
ssl on;
ssl_certificate /usr/share/ssl-cert/digamarket_com.chained.crt;
ssl_certificate_key /usr/share/ssl-cert/digamarket_com.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:!DSS;
ssl_buffer_size 8k;
ssl_session_tickets off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.2-fpm-site.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE upload_max_filesize=5M;
fastcgi_param PHP_VALUE post_max_size=5M;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
ini nginx的前后端分离配置文件
nginx的前后端分离配置文件
nginx-fe-backend.conf
server {
server_name test.com;
access_log /home/wwwlogs/test.access.log;
error_log /home/wwwlogs/test.error.log;
index index.html index.shtml index.php;
root /home/wwwroot/test_backend/public;
location / {
root /home/wwwroot/test_fe/dist;
try_files $uri $uri/ /index.html;
}
location /api {
try_files $uri $uri/ /index.php?$query_string;
}
location /web {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .*\.(php)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|woff)$
{
root /home/wwwroot/test_fe/dist;
expires 30d;
access_log off;
log_not_found off;
}
location ~ .*\.(js|css)?$
{
root /home/wwwroot/test_fe/dist;
expires 7d;
access_log off;
log_not_found off;
}
}
ini Squid https代理
用于squid https转发代理的配置文件<br/> <br/> /etc/squid/squid.conf
squid.conf
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # waiss
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \? asp aspx jsp
## Prevent caching jsp, cgi-bin etc
cache deny QUERY
## Only allow access to the defined safe ports whitelist
http_access deny !Safe_ports
## Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
## Only allow cachemgr access from localhost
http_access allow all
#http_access deny manager
## Squid normally listens to port 3128
http_port 3128
## How much RAM, in MB, to use for cache? Default since squid 3.1 is 256 MB
cache_mem 64 MB
## Maximum size of individual objects to store in cache
maximum_object_size 1 MB
## Amount of data to buffer from server to client
read_ahead_gap 64 KB
#forwarded_for on
forwarded_for delete
## Suppress sending squid version information
httpd_suppress_version_string on
## How long to wait when shutting down squid
shutdown_lifetime 30 seconds
## Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
## Use the below to avoid proxy-chaining
always_direct allow all
## Always complete the server-side handshake before client-side (recommended)
ssl_bump bump all
## Allow server side certificate errors such as untrusted certificates, otherwise the connection is closed for such errors
sslproxy_cert_error allow all
## Accept certificates that fail verification (should only be needed if using 'sslproxy_cert_error allow all')
sslproxy_flags DONT_VERIFY_PEER
## Disable SSLv2 because it isn't safe
http_port 3128 intercept ssl-bump cert=/usr/local/squid/ssl_cert/squid.crt key=/usr/local/squid/ssl_cert/squid.key options=NO_SSLv2
ini 我自己的GRUB2配置文件,用于引导基于Linux的操作系统的各种实时发行版,以及一些系统工具。我tr
我自己的GRUB2配置文件,用于引导基于Linux的操作系统的各种实时发行版,以及一些系统工具。我试图包含很多样本配置条目,即使我目前没有使用它们,所以它可能会帮助其他人。博客文章的篇幅非常长:http://tehfishyblog.logdown.com/chips/306146-a-homemade-ultimate-boot-usb
grub.cfg
# Config for GNU GRand Unified Bootloader (GRUB) (2)
# /boot/grub/grub.cfg
# or
# /boot/grub2/grub.cfg
# This grub.cfg file was created by Lance http://www.pendrivelinux.com
# Suggested Entries and the suggestor, if available, will also be noted.
# and then improved by Pysis.
# Improvement Sources:
# https://www.pendrivelinux.com/boot-multiple-iso-from-usb-via-grub2-using-linux/
# Used GRUB2 with command `grub2-install` instead, along with the `--boot-directory` parameter.
# If you get an error about failing 'to get a canonical path', or folders not existing on the device, then again, you need to run the command as a privileged user.
# If you get errors concerning a bad superblock, and unable to install grub, try rewriting the filesystem again.
# https://gist.github.com/jamiekurtz/26c46b3e594f8cdd453a
# https://gist.github.com/noisufnoc/e0053d738f5fbb679535
# https://gist.github.com/samdoran/90056b8e4a2aedc6a3e8
# https://gist.github.com/yeahunter/9eca12b3db064e5dc23b
# https://gist.github.com/jeekl/5564476
# https://wiki.archlinux.org/index.php/Multiboot_USB_drive
# and this one. How did I forget about these!!!!
# https://help.ubuntu.com/community/Grub2/ISOBoot/Examples
# Seems to be a gold mine for my purposes!!
# http://www.coreboot.org/GRUB2
# http://www.backtrack-linux.org/forums/showthread.php?t=42722
# http://www.linuxdevcenter.com/pub/a/linux/excerpts/9780596100797/kernel-boot-command-line-parameter-reference.html
# https://wiki.archlinux.org/index.php/Grub2
# Notes:
# - For variables, be sure to use double-quotes to have them actually resolve in the string.
# - Need to re-declare variables inside sub-menus because they open a new "context"..... great..
# Source: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1175127
# Linting:
# - Make sure every 'submenu' command contains 3 periods at the end, connected to the main content string's last charcter
# TODO:
# - Separate different types of booting options into more grub config files, if possible. Look into it.
# Great GRUB2 Reference: http://www.dedoimedo.com/computers/grub-2.html
# Timeout for menu
set timeout=20
# Default boot entry
set default=0
set isoPath="/ISOs"
set linuxPath="$isoPath/Linux"
set toolPath="$isoPath/Tools"
set memdiskPath="/boot/memdisk"
set grub4dosPath="/boot/grub.exe"
# Menu Colours
set menu_color_normal=white/black
set menu_color_highlight=white/cyan
submenu "Local OS installations..." {
submenu "Elementary OS..." {
menuentry "Elementary OS on Disk" {
set root=(hd0,msdos6)
linux /boot/vmlinuz-3.2.0-88-generic root=/dev/sda6
initrd /boot/initrd.img-3.2.0-88-generic
boot
}
menuentry "Elementary OS on Disk; RO, Quiet, Splash" {
set root=(hd0,msdos6)
linux /boot/vmlinuz-3.2.0-88-generic root=/dev/sda6 ro quiet splash
initrd /boot/initrd.img-3.2.0-88-generic
boot
}
menuentry "Elementary OS on Disk; RO, Recovery, NoModeSet" {
set root=(hd0,msdos6)
linux /boot/vmlinuz-3.2.0-88-generic root=/dev/sda6 ro recovery nomodeset
initrd /boot/initrd.img-3.2.0-88-generic
boot
}
}
}
submenu "Linux-based OS Live/Install Images..." {
set isoPath="/ISOs"
set linuxPath="$isoPath/Linux"
## Ubuntu-based distros
menuentry "Elementary OS 20130810 x64" {
set isofile="$linuxPath/elementaryos-stable-amd64.20130810.iso"
loopback loop $isofile
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile quiet splash --
initrd (loop)/casper/initrd.lz
}
menuentry "Linux Mint 17.2 x64" {
set isofile="$linuxPath/linuxmint-17.2-mate-64bit.iso"
loopback loop $isofile
linux (loop)/casper/vmlinuz file=/cdrom/preseed/mint.seed boot=casper initrd=/casper/initrd.lz iso-scan/filename=$isofile noeject noprompt splash --
initrd (loop)/casper/initrd.lz
}
submenu "Fedora..." {
set isoPath="/ISOs"
set linuxPath="$isoPath/Linux"
# https://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/ap-admin-options.html
menuentry 'Fedora Workstation Live 64-bit 25 (1.3)' {
set isofile="$linuxPath/Fedora-Workstation-Live-x86_64-25-1.3.iso"
loopback loop "$isofile"
linux (loop)/isolinux/vmlinuz root=live:CDLABEL=Fedora-WS-Live-25-1-3 iso-scan/filename="$isofile" rd.live.image quiet
initrd (loop)/isolinux/initrd.img
}
menuentry 'Fedora Server 64-bit 25 (1.3) Doesn"t Work' {
set isofile="$linuxPath/Fedora-Server-dvd-x86_64-25-1.3.iso"
loopback loop "$isofile"
linux (loop)/isolinux/vmlinuz inst.stage2=hd:LABEL=Fedora-S-dvd-x86_64-25 iso-scan/filename="$isofile" quiet
initrd (loop)/isolinux/initrd.img
}
menuentry 'Fedora Workstation Live 64-bit 25 (1.3)' {
set isofile="$linuxPath/Fedora-Workstation-Live-x86_64-25-1.3.iso"
loopback loop "$isofile"
linux (loop)/isolinux/vmlinuz inst.stage2=live:CDLABEL=Fedora-WS-Live-25-1-3 iso-scan/filename="$isofile" rd.live.image quiet
initrd (loop)/isolinux/initrd.img
}
}
submenu "(X/L)Ubuntu..." {
set isoPath="/ISOs"
set linuxPath="$isoPath/Linux"
menuentry "Ubuntu 16.10 Minimal" {
set isofile="$linuxPath/ubuntu-16.10-mini"
loopback loop $isofile
# linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile locale=en_US.UTF-8
# linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile liveimg noprompt noeject quiet splash --
linux (loop)/linux boot=casper iso-scan/filename=$isofile locale=en_US.UTF-8
# initrd (loop)/casper/initrd.lz
initrd (loop)/initrd.gz
}
menuentry "ubuntu-15.04-desktop-amd64" {
set isofile="$linuxPath/ubuntu-15.04-desktop-amd64.iso"
loopback loop $isofile
linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=$isofile locale=en_US.UTF-8
initrd (loop)/casper/initrd.lz
}
menuentry "ubuntu-16.10-server-amd64" {
set isofile="$linuxPath/ubuntu-16.10-server-amd64.iso"
loopback loop $isofile
linux (loop)/install/vmlinuz boot=casper iso-scan/filename=$isofile locale=en_US.UTF-8
initrd (loop)/install/initrd.gz
}
menuentry "Xbuntu 14.04 Beta - 64bit" {
set isofile="$linuxPath/xubuntu-15.04-desktop-amd64.iso"
loopback loop $isofile
linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=$isofile noprompt noeject splash --
initrd (loop)/casper/initrd.lz
}
}
## Other desktop distros
# submenu "Debian..." {
# menuentry "Debian 7.0 Wheezy AMD64 Installer (netinst, firmware)" {
# set isofile="$linuxPath/debian-7.0.0-amd64-firmware-netinst.iso"
# loopback loop $iso
# linux (loop)/install.amd/vmlinuz
# initrd (loop)/install.amd/initrd.gz
# }
#
# menuentry "Debian 7.0 Wheezy AMD64 Live system (GNOME, firmware/non-free)" {
# set isofile="$linuxPath/debian-live-7.0.0-amd64-gnome-desktop+nonfree.iso"
# loopback loop $iso
# linux (loop)/live/vmlinuz boot=live
# initrd (loop)/live/initrd.img
# }
# }
## Minimal resource-focused distros
menuentry "CorePlus ISO" {
set isofile="$linuxPath/CorePlus-current.iso"
loopback loop $isofile
#linux (loop)/boot/bzImage --
linux (loop)/boot/vmlinuz --
# Add ' loglevel=3 cde showapps desktop=flwm_topside' ?
#initrd (loop)/boot/tinycore.gz
initrd (loop)/boot/core.gz
}
# menuentry "CorePlus (Variant 2)" {
# set isofile="$linuxPath/COREPLUS"
# loopback loop $isofile
# linux (loop)/boot/vmlinuz
# initrd (loop)/boot/core.gz
# }
# Will leave commented out and unused; Using CorePlus instead.
# menuentry "Tinycore" {
# set isofile="$linuxPath/TINYCORE"
# loopback loop $isofile
# linux (loop)/boot/vmlinuz
# #linux (loop)/boot/vmlinuz quiet cde iso=/mnt/sd[x]X$isofile
# #initrd (loop)/boot/tinycore.gz
# initrd (loop)/boot/core.gz
# }
# Source: https://wiki.archlinux.org/index.php/Multiboot_USB_drive#Arch_Linux_monthly_release
# Installing from USB: "You must specify the filesystem type for loop0"
# - https://bbs.archlinux.org/viewtopic.php?id=212871
# ~ https://bbs.archlinux.org/viewtopic.php?id=226410
# https://askubuntu.com/questions/143718/mount-you-must-specify-the-filesystem-type#comment172573_143723
# https://bbs.archlinux.org/viewtopic.php?pid=1620387#p1620387
menuentry 'Arch Linux x64 2017-06-01' {
set isofile="$linuxPath/archlinux-2017.06.01-x86_64.iso"
loopback loop "$isofile"
# Leftover, unused kernel boot options that may be helpful later on.
# video=efifb fbdev noefi single
# archisolabel=ARCH_201508
# archisobasedir=arch
# archisodevice=/dev/loop0
linux (loop)/arch/boot/x86_64/vmlinuz img_dev=/dev/sda1 img_loop=$isofile earlymodules=loop
initrd (loop)/arch/boot/x86_64/archiso.img
}
menuentry "CentOS 6 x86_64 minimal" {
set isofile="$linuxPath/CentOS-7-x86_64-Minimal-1503-01.iso"
loopback loop $isofile
linux (loop)/isolinux/vmlinuz noeject inst.stage2=hd:LABEL=UNJEB:/$isofile
initrd (loop)/isolinux/initrd.img
}
menuentry "CentOS 6 x86_64 minimal with basic video driver" {
set isofile="$linuxPath/CentOS-7-x86_64-Minimal-1503-01.iso"
loopback loop $iso
linux (loop)/isolinux/vmlinuz noeject inst.stage2=hd:LABEL=UNJEB:/$isofile xdriver=vesa nomodset askmethod
initrd (loop)/isolinux/initrd.img
}
menuentry "Damn Small Linux" {
echo "Doesn't work yet"'!';
# Maybe try this instead later: https://gist.github.com/oxplot/2041319
# set isofile="$linuxPath/..."
linux16 /boot/bootdistro/damnsmall/isolinux/linux24 knoppix_dir=damnsmall ramdisk_size=100000 lang=en apm=power-off nomce noapic quiet BOOT_IMAGE=knoppix
initrd16 /boot/bootdistro/damnsmall/isolinux/minirt24.gz
}
## Administrative- / Recovery- focused distros
# menuentry "Knoppix" {
# set isofile="$linuxPath/knoppix.iso"
# }
menuentry "Boot Finnix 109 (64-bit)" {
set isofile="$linuxPath/finnix-111.iso"
loopback loop $isofile
linux (loop)/boot/x86/linux64 findiso=$isofile vga=791 nomodeset quiet --
initrd (loop)/boot/x86/initrd.xz
}
menuentry "Boot Finnix 109 (64-bit, text mode)" {
set isofile="$linuxPath/finnix-111.iso"
loopback loop $isofile
linux /boot/x86/linux64 findiso=$isofile vga=normal nomodeset quiet --
initrd /boot/x86/initrd.xz
}
menuentry "GRML - the sysadmins best friend" {
set isofile="$linuxPath/grml96-full_2014.11.iso"
loopback loop "$isofile"
set root=(loop)
configfile /boot/grub/loopback.cfg
}
# https://github.com/grml/grml-live/blob/3ac646b41e6ce3aa58ff914bf2ba5d52d157d125/templates/boot/grub/%25SHORT_NAME%25_default.cfg
menuentry "grml64-full - copy Grml to RAM" {
set isofile="$linuxPath/grml96-full_2014.11.iso"
loopback loop "$isofile"
set root=(loop)
set gfxpayload=keep
echo 'Loading kernel...'
linux (loop)/boot/grml64full/vmlinuz apm=power-off boot=live nomce net.ifnames=0 "${loopback}" "${kernelopts}" toram=grml64-full.squashfs live-media-path="(loop)/live/grml64-full/" bootid=0fdfb62c-40af-40b9-9387-014232eb1f74
echo 'Loading initrd...'
initrd (loop)/boot/grml64full/initrd.img
}
## Pentesting distros
menuentry "kali-linux-1.1.0a-amd64" {
set isofile="$linuxPath/kali-linux-1.1.0a-amd64.iso"
loopback loop $isofile
linux (loop)/live/vmlinuz boot=live findiso=$isofile noconfig=sudo username=root hostname=kali
initrd (loop)/live/initrd.img
}
# Will leave commented out and unusued, but still referenced; Using Kali instead.
# menuentry "BackTrack 5" {
# loopback loop /BT5-GNOME-64.iso
# linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/BT5-GNOME-64.iso noeject noprompt splash --
# initrd (loop)/casper/initrd.lz
# }
## Anonymous distros
menuentry "TAILS - The Amnesic Incognito Live System" {
set isofile="$linuxPath/tails-i386-0.17.2.iso"
loopback loop $isofile
linux (loop)/live/vmlinuz boot=live config live-media=removable nopersistent noprompt quiet timezone=America/New_York block.events_dfl_poll_msecs=1000 splash nox11autologin module=Tails findiso=$isofile quiet_
initrd (loop)/live/initrd.img
}
}
submenu "Utils..." {
set isoPath="/ISOs";
set toolPath="$isoPath/Tools";
set memdiskPath="/boot/memdisk";
set oldMemtestPath="$toolPath/Memtest86-4.3.7.iso"; # I keep this around for some reason. Something about a major version difference. Compatibility maybe? MBR?
set memtestPath="$toolPath/Memtest86-7.3.iso";
menuentry "Memtest 86+" {
set isofile="$memtestPath"
loopback loop "$isofile"
linux16 (loop)/isolinux/memtest iso-scan/filename="$isofile"
}
submenu "SpinRite..." {
set isoPath="/ISOs";
set toolPath="$isoPath/Tools";
set memdiskPath="/boot/memdisk";
menuentry "SpinRite 6.0 (raw)" {
set isofile="$toolPath/SpinRite 6.0/SpinRite.img"
set gfxpayload=text
linux16 "$memdiskPath" raw
initrd16 "$isofile"
}
# Source: http://codeverge.com/grc.techtalk.linux/grub-booting-spinrite-image-got-it-working/1617093
menuentry "SpinRite 6.0 (bigraw)" {
set isofile="$toolPath/SpinRite 6.0/SpinRite.img"
set gfxpayload=text
linux16 "$memdiskPath" bigraw
initrd16 "$isofile"
}
}
# If I want direct access to TestDisk/PhotoRec, maybe look into bundling FreeDOS to run them: http://www.cgsecurity.org/wiki/Create_a_TestDisk_FreeDos_LiveCD
# Source: https://help.ubuntu.com/community/Grub2/ISOBoot/Examples#Gparted
menuentry 'GParted 64-bit ISO' {
#set gfxpayload=text # ~= vga='normal'
# isofile_abspath is relative to LiveUSB root.
set isofile_abspath="$toolPath/gparted-live-0.28.1-1-amd64.iso"
# isofile_devpath is relative to (and begins with) '/dev'
set isofile_devpath="${devroot}${isofile_abspath}"
# "mount" the ISO
loopback loop "(${root})${isofile_abspath}"
# Following (single!) line adapted from https://wiki.archlinux.org/index.php/Multiboot_USB_drive#GParted_Live
linux '(loop)/live/vmlinuz' boot='live' union='overlay' username='user' config components noswap noeject toram='filesystem.squashfs' ip='' nosplash findiso="${isofile_abspath}"
# start RAMdisk from device=loop
initrd '(loop)/live/initrd.img'
}
#menuentry "Parted Magic" {
# set isofile="$toolPath/pmagic.iso"
# loopback loop $isofile
# linux (loop)/pmagic/bzImage iso_filename=$isofile edd=off load_ramdisk=1 prompt_ramdisk=0 rw gfxpayload=800x600x16 loglevel=9 max_loop=256 vmalloc=384MiB keymap=dvorak
# initrd (loop)/pmagic/initrd.img
#}
menuentry "SystemRescueCd" {
set isofile="$toolPath/systemrescuecd-x86-4.5.3.iso"
loopback loop "$isofile"
# linux (loop)/isolinux/rescuecd isoloop"=$isofile" setkmap=us docache dostartx
# Or linux (loop)/isolinux/rescue32
# Or linux (loop)/isolinux/rescue64
linux (loop)/isolinux/rescue64 isoloop="$isofile" setkmap=us docache dostartx
initrd (loop)/isolinux/initram.igz
}
menuentry "CloneZilla" {
set isofile="$toolPath/clonezilla-live-2.5.0-25-amd64.iso"
loopback loop "$isofile"
# linux (loop)/live/vmlinuz boot=live live-config union=aufs nolocales noprompt gfxpayload=800x600x16 ip=frommedia findiso="$isofile"
# initrd (loop)/live/initrd.img
# linux (loop)/live/vmlinuz initrd=/live/initrd.img boot=live union=overlay username=user config components quiet noswap edd=on nomodeset locales= keyboard-layouts= ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch="no" vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1
linux (loop)/live/vmlinuz
initrd /live/initrd.img boot=live union=overlay username=user config components quiet noswap edd=on nomodeset locales= keyboard-layouts= ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch="no" vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1
}
# Source: https://askubuntu.com/a/880484
menuentry "clonezilla" {
set isofile="$toolPath/clonezilla-live-2.5.0-25-amd64.iso"
loopback loop "$isofile"
linux (loop)/live/vmlinuz boot=live components config findiso=$isofile ip=frommedia toram=filesystem.squashfs union=overlay username=user
initrd (loop)/live/initrd.img
}
#menuentry "Ophcrack No Tables" {
# set isofile="$toolPath/ophcrack-notables.iso"
# set gfxpayload=text
# loopback loop $isofile
# linux (loop)/boot/bzImage root=/dev/null rw lang=en_US kmap=dvorak autologin iso-scan/filename=$isofile
# initrd (loop)/boot/rootfs.gz
#}
#menuentry "Ophcrack Vista/7 Tables" {
# set isofile="$toolPath/ophcrack-vistatables.iso"
# set gfxpayload=text
# loopback loop $isofile
# linux (loop)/boot/bzImage root=/dev/null rw lang=en_US kmap=dvorak autologin iso-scan/filename=$isofile
# initrd (loop)/boot/rootfs.gz
#}
#menuentry "DBAN ISO" {
# set isofile="$toolPath/dban.iso"
# loopback loop $isofile
# linux (loop)/DBAN.BZI nuke="dwipe" iso-scan/filename=$isofile silent --
#}
#menuentry "PC-Doctor" {
# loopback loop /boot/iso/pcdd1780.iso
# linux (loop)/[BOOT]/Bootable_2.88M.img
#}
#menuentry "Boot Hardware Detection Tool from iso using memdisk 4.05" {
# linux16 $memdiskPath iso
# initrd16 /customboot/hdt.iso
#}
#menuentry "Free Dos from iso using memdisk 4.05" {
# set isofile="/OS/fdbasecd.iso"
# linux16 $memdiskPath iso
# initrd16 (hd0,6)$isofile
#}
# Source: dann.com.br...
menuentry "Hiren's boot CD using grub.exe" {
set dosGRUBPath="$grub4dosPath";
set hbcdPath="$toolPath/HBCD";
set menuLstPath="$hbcdPath/menu.lst";
set isofile="$toolPath/Hiren's.BootCD.15.2.iso"
linux16 "$dosGRUBPath" --config-file="find --set-root $menuLstPath; configfile $menuLstPath"
}
menuentry "Hiren's boot CD using memdisk 4.05" {
set isofile="$toolPath/Hiren's.BootCD.15.2.iso"
linux16 $memdiskPath iso
initrd16 (hd0,6)$isofile
}
menuentry "Ultimate Boot CD iso using memdisk 4.05" {
set isofile="$toolPath/UBCD4WinBuilder.iso"
linux16 $memdiskPath iso
initrd16 (hd0,6)$isofile
}
#menuentry "UBCD with MEMDISK" {
# set isofile="$toolPath/ubcd502.iso"
# linux16 $memdiskPath iso raw
# initrd $isofile
#}
#menuentry "UBCD with grub4dos" {
# set isofile="$toolPath/ubcd502.iso"
# linux16 "$grub4dosPath" --config-file="map (rd) (hd32); map --hook; root (hd32); chainloader (hd32);"
# initrd $isofile
#}
}
menuentry "Scan for OS on internal HDD (Untested)" {
insmod regexp
insmod ahci
insmod part_msdos
for x in (ahci0,*) ; do
if [ -f "$x/grub/grub.cfg" ] ; then
menuentry "Load Config from $x" $x {
root=$2
configfile /grub/grub.cfg
}
fi
if [ -f "$x/boot/grub/grub.cfg" ] ; then
menuentry "Load Config from $x" $x {
root=$2
configfile /boot/grub/grub.cfg
}
fi
done
}
submenu "DOS/Windows (Doesn't work)..." {
set isoPath="/ISOs";
# menuentry "win7" {
# loopback loop "$isoPath/win7.iso"
# chainloader (loop)
# }
menuentry "Run Windows 7 Ultimate 64-bit Installer (Doesn't work)" {
#insmod part_msdos
#insmod ntfs
set root='(hd0,msdos5)'
#search --no-floppy --fs-uuid --set=root 01D0DC21970FC910
#drivemap -s (hd0) ${root}
chainloader +1
boot
}
menuentry "Microsoft Windows x86_64 UEFI-GPT Setup (Doesn't work)" {
insmod usbms
insmod part_gpt
insmod part_msdos
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --no-floppy --set=root 01D0DC21970FC910
#chainloader (${root})/efi/Microsoft/Boot/bootmgfw.efi
chainloader (${root})/efi/Microsoft/Boot/cdboot_noprompt.efi
}
menuentry "Windows 7 (loader) (on /dev/sda1) (Doesn't work)" {
insmod part_msdos
insmod ntfs
insmod ntldr
set root='hd0,msdos5'
ntldr /bootmgr
}
submenu "Windows PE..." {
menuentry "WinPE 1a" {
set root=(hd0,msdos5)
boot
}
menuentry "WinPE 1b" {
set root=(hd0,msdos5)
chainloader +1
}
menuentry "WinPE 2" {
rootnoverify (hd0,msdos5)
chainloader +1
}
}
submenu "MS-DOS..." {
set isoPath="/ISOs";
set dosWinPath="$isoPath/Dos-Win";
menuentry "MS-DOS" {
set isofile="$dosWinPath/DOS6.22_bootdisk.iso"
set gfxpayload=text
linux16 "$memdiskPath" raw
initrd16 "$isofile"
}
menuentry "MS-DOS 2" {
set isofile="$dosWinPath/DOS6.22_bootdisk.iso"
linux16 "$memdiskPath" bigraw
initrd16 "$isofile"
}
}
}
menuentry "Grub4dos (Untested)"{
linux "$grub4dosPath"
}
menuentry 'System setup (Untested)' {
fwsetup
}
menuentry "System shutdown (Untested)" {
echo "System shutting down..."
halt
}
menuentry "System restart (Untested)" {
echo "System rebooting..."
reboot
}
ini 烧瓶app的uwsgi文件
我相信这是针对nginx的
mysite.ini
[uwsgi]
module = wsgi
master = true
processes = 5
socket = mysite.sock
chmod-socket = 660
vacuum = true
die-on-term = true
ini 修复index.php永久链接问题
permalinks.conf
<Directory /path/to/site>
#add the following setting to allow .htaccess in your web dir to work
AllowOverride FileInfo
</Directory>