Dubbo指定某一个 Provider 执行指令或请求

发表于2025-05-28Zeno Chen

Dubbo 可以实现“只向某个指定 Provider 发送调用”的机制,你可以通过以下几种方式实现指定某一个 Provider 执行指令或请求,这在做远程控制、运维命令下发、灰度测试等场景中非常常见。

✅ 方案一:使用 Dubbo 的 parameters + 扩展路由规则

你可以给某个请求添加自定义参数,让特定 Provider 根据参数自行识别和执行。

示例:客户端设置指令标识参数

RpcContext.getContext().setAttachment("target-ip", "192.168.1.10");
yourService.command("reboot");

然后在 Provider 中做判断:

String targetIp = RpcContext.getContext().getAttachment("target-ip");
String localIp = InetAddress.getLocalHost().getHostAddress();

if (targetIp.equals(localIp)) {
    // 只处理给自己的指令
    doReboot();
}

✅ 适用于多个 Provider 接收但只一个执行场景。

✅ 方案二:使用 Dubbo 标签路由(tag routing)

Dubbo 支持通过“标签”将请求路由到特定 Provider(按 IP、标签等)。

步骤:

1. 给 Provider 打标签:

application.properties 或注解中配置:

dubbo.provider.tag=provider-A

或注解方式:

@DubboService(parameters = {"tag", "provider-A"})

Consumer 指定 tag:

RpcContext.getContext().setAttachment("dubbo.tag", "provider-A");
yourService.command("reboot");

这样就只会路由到带有 tag = provider-A 的 Provider 上。

⚠️ 前提:开启了标签路由支持(Dubbo 2.7+),且该服务支持多个 Provider 实例。

发表在 Java | Dubbo指定某一个 Provider 执行指令或请求已关闭评论

libopenconnect 的自定义 IO 支持补丁

发表于2025-05-25Zeno Chen

内容包括:

  • openconnect_set_custom_io(...):注册 read/write 回调
  • 修改 setup_tun_device(...)tun_mainloop(...),跳过系统 TUN,走自定义回调逻辑
  • write_packet(...) 内也支持自定义写出

✅ 集成方式:

1. 在 openconnect-internal.h 中添加:

int openconnect_set_custom_io(struct openconnect_info *vpninfo,
                              ssize_t (*read_cb)(void *buf, size_t len),
                              ssize_t (*write_cb)(const void *buf, size_t len));

2. 修改 setup_tun_device()tun_mainloop()write_packet() 函数(或用 #ifdef IOS_TUN_SUPPORT 包裹)

// patch_openconnect_custom_io.c
// 为 libopenconnect 添加自定义 IO 支持(适用于 iOS/macOS 的 TUN 替代方案)

#include "openconnect-internal.h"

// 自定义 read/write 回调
static ssize_t (*custom_read_cb)(void *buf, size_t len) = NULL;
static ssize_t (*custom_write_cb)(const void *buf, size_t len) = NULL;

int openconnect_set_custom_io(struct openconnect_info *vpninfo,
                              ssize_t (*read_cb)(void *buf, size_t len),
                              ssize_t (*write_cb)(const void *buf, size_t len)) {
    custom_read_cb = read_cb;
    custom_write_cb = write_cb;
    vpninfo->tun_is_custom = 1;
    return 0;
}

int setup_tun_device(struct openconnect_info *vpninfo) {
    if (vpninfo->tun_is_custom) {
        vpninfo->tun_fd = -1; // 标记为不使用系统 tun
        return 0;
    }
    // 原有平台相关 TUN 初始化保留
    return real_setup_tun_device(vpninfo); // 伪函数,表示原有实现
}

int tun_mainloop(struct openconnect_info *vpninfo, int *timeout) {
    if (vpninfo->tun_is_custom && custom_read_cb && custom_write_cb) {
        // 示例处理逻辑:
        uint8_t buf[4096];
        ssize_t len = custom_read_cb(buf, sizeof(buf));
        if (len > 0) {
            return process_received_packet(vpninfo, buf, len); // 解包处理
        }
        return 0;
    }

    return real_tun_mainloop(vpninfo, timeout); // 原有逻辑
}

int write_packet(struct openconnect_info *vpninfo, const void *pkt, size_t len) {
    if (vpninfo->tun_is_custom && custom_write_cb) {
        return custom_write_cb(pkt, len);
    }
    return real_write_packet(vpninfo, pkt, len); // 默认写入
}

3. 在 iOS/macOS 的 TunnelProvider.mm 中:

openconnect_set_custom_io(vpninfo, ios_read_cb, ios_write_cb);

你只需实现这两个回调函数,桥接 self.packetFlow 的数据收发。

发表在 C/C++ | libopenconnect 的自定义 IO 支持补丁已关闭评论

完整的 Qt 6 + CMake 跨平台项目模板

发表于2025-05-24Zeno Chen

✅ 一、目录结构示例

MyApp/
├── CMakeLists.txt
├── main.cpp
├── mainwindow.cpp
├── mainwindow.h
├── mainwindow.ui
└── platform/
    ├── ios/
    └── android/

✅ 二、顶层 CMakeLists.txt

cmake_minimum_required(VERSION 3.16)
project(MyApp LANGUAGES CXX)

set(CMAKE_CXX_STANDARD 17)
set(CMAKE_AUTOMOC ON)
set(CMAKE_AUTORCC ON)
set(CMAKE_AUTOUIC ON)

# Qt 6 查找
find_package(Qt6 REQUIRED COMPONENTS Widgets)

add_executable(MyApp
    main.cpp
    mainwindow.cpp
    mainwindow.h
    mainwindow.ui
)

target_link_libraries(MyApp PRIVATE Qt6::Widgets)

# 平台特定设置
if(APPLE)
    set_target_properties(MyApp PROPERTIES MACOSX_BUNDLE TRUE)
elseif(ANDROID)
    set_target_properties(MyApp PROPERTIES ANDROID_PACKAGE_SOURCE_DIR "${CMAKE_SOURCE_DIR}/platform/android")
endif()

✅ 三、主程序 main.cpp

#include "mainwindow.h"
#include <QApplication>

int main(int argc, char *argv[]) {
#if defined(Q_OS_ANDROID)
    QGuiApplication app(argc, argv);
#else
    QApplication app(argc, argv);
#endif
    MainWindow w;
    w.show();
    return app.exec();
}

✅ 四、UI 代码(mainwindow.h / mainwindow.cpp

简单的窗口类,内容略,可参考 Qt Designer。

✅ 五、构建和部署平台支持说明

✅ macOS / Linux / Windows

使用 Qt 官方提供的 CMake 支持,直接构建:

cmake -B build -DCMAKE_PREFIX_PATH=/path/to/Qt6
cmake --build build

✅ Android

安装 Qt for Android 后:

cmake -B build_android -DCMAKE_TOOLCHAIN_FILE=$Qt6_ANDROID/armv7/lib/cmake/Qt6/qt.toolchain.cmake
cmake --build build_android

✅ iOS

确保 Xcode 中安装 Qt6 iOS 工具链:

cmake -B build_ios -GXcode -DCMAKE_SYSTEM_NAME=iOS -DCMAKE_PREFIX_PATH=/path/to/Qt6
cmake --build build_ios --config Release

然后用 Xcode 打开 .xcodeproj 进行签名和部署。

✅ 六、平台兼容技巧建议

技巧建议
条件编译使用 #ifdef Q_OS_WIN / Q_OS_MAC / Q_OS_ANDROID / Q_OS_IOS 控制平台特有代码
图片资源使用 Qt 的 qrc 机制统一打包
输入输出尽量使用 Qt 提供的 QFile、QDir、QStandardPaths 等跨平台封装类
构建工具尽量统一使用 CMake + Ninja 管理构建

✅ 七、Qt 多平台支持说明

平台支持版本特别说明
Windows✅ MSVC / MinGW无需额外配置
macOS✅ Clang可打包为 .app
Linux✅ GCC建议静态编译或 AppImage
Android✅ arm64-v8aQt 自带 Gradle 项目支持
iOS✅ arm64Xcode 打包签名
发表在 C/C++ | 完整的 Qt 6 + CMake 跨平台项目模板已关闭评论

Docker内部固定IP,并相互通信

发表于2025-05-18Zeno Chen

使用自定义的 bridgemacvlan 网络,Docker 默认的 bridge 网络不支持固定 IP 分配

1️⃣ 创建自定义 bridge 网络(支持固定 IP)

docker network create \
  --driver=bridge \
  --subnet=172.16.234.0/24 \
  --gateway=172.16.234.1 \
  navi-net

2️⃣ 启动容器并指定固定内部 IP(容器内部可见)

docker run -d \
  --name my-container \
  --network navi-net \
  --ip 172.16.234.2 \
  nginx

现在容器的 内部 IP 就是 172.16.234.2,你可以在容器内通过命令验证:

docker exec -it my-container ip addr show eth0

输出会看到:

inet 172.16.234.2/24 …

3️⃣ 同一网络下的其他容器可直接访问

发表在 Linux | Docker内部固定IP,并相互通信已关闭评论

PVE 里 virtiofs 设置完整步骤

发表于2025-05-06Zeno Chen

virtiofs 是一种现代的文件系统共享机制,主要用于宿主机与虚拟机(尤其是 KVM/QEMU 虚拟机)之间的高效目录共享。相比传统的 9pfs 或 NFS,virtiofs 提供了更好的性能、兼容性和安全性,适合容器、开发环境、嵌入式虚拟化等场景。

将宿主目录 /hostshare 映射到虚拟机 /mnt/virtshare:

qemu-system-x86_64 \
  -enable-kvm \
  -m 4096 \
  -cpu host \
  -drive file=vm.qcow2,format=qcow2 \
  -fsdev local,id=myfs,path=/hostshare,security_model=passthrough \
  -device vhost-user-fs-pci,chardev=char0,tag=mytag \
  -chardev socket,id=char0,path=/tmp/vhost.sock \
  ...

1️⃣ 找到虚拟机的配置文件

PVE 的每个虚拟机有一个对应的配置文件,路径是:

/etc/pve/qemu-server/<VMID>.conf

举例:

  • 如果你的虚拟机 ID 是 100,路径就是:
/etc/pve/qemu-server/100.conf

2️⃣ 编辑配置文件

用编辑器打开:

nano /etc/pve/qemu-server/100.conf

添加如下行:

args: -object memory-backend-memfd,id=mem,size=4G,share=on \
      -numa node,memdev=mem \
      -chardev socket,path=/var/run/qemu-server/100.virtiofs,id=char0 \
      -device vhost-user-fs-pci,chardev=char0,tag=devserver \
      -fsdev local,id=fsdev0,path=/mnt/vmshare/devserver,security_model=passthrough \

virtiofs: data0,mount_tag=devserver,path=/mnt/vmshare/devserver,security_model=passthrough
参数含义
virtiofs:开头标记,说明是 virtiofs 类型
data0设备 ID(随意命名,比如 data0, share0, myshare 都可以)
mount_tag=devserver客户机里挂载时用的名字,必须记住后面会用到
path=/mnt/vmshare/devserver宿主机目录,是真实存在的路径(这是你刚才说的路径✅)

3️⃣如果用的是 PVE Web 页面(图形界面操作)

PVE 的 Web 界面 数据中心->Directory Mapping, 然后添加名称devserver, 路径/mnt/vmshare/devserver

进入虚拟机的设置 硬件->virtiofs, 增加,名字devserver即可

4️⃣在虚拟机里面编辑/etc/fstab

devserver /mnt/devserver virtiofs defaults 0 0
发表在 Linux | PVE 里 virtiofs 设置完整步骤已关闭评论

Arch Linux 上安装与启用 PostGIS

发表于2025-04-21Zeno Chen

1 . 安装软件包

sudo pacman -Syu                  # 更新系统
sudo pacman -S postgresql postgis 
# postgis-sfcgal
# 可选:postgis-old-upgrade(跨大版本升级时用) \
#       pgrouting (路网分析)   \
#       ogr_fdw (外部表访问各种 GIS 格式)
说明
postgresql核心 PostgreSQL 16(Arch 滚动发行始终跟上游最新)
postgisPostGIS 3.4.x(含 raster、topology、tiger geocoder)
postgis-sfcgal额外 3D/曲面运算 (安装后自动提供 postgis_sfcgal 扩展)

2 . 初始化数据库集群

mkdir /srv/postgres
chown -R postgres:postgres  /srv/postgres
sudo -iu postgres  # 切到 postgres 系统用户
initdb -D /srv/postgres/data --encoding=UTF8 --locale=en_US.UTF-8
exit

存储路径 /var/lib/postgres/data 为默认;如想迁移到独立分区,改 -D /path/to/pgdata 并在 /etc/systemd/system/postgresql.service.d/override.conf 里指定 Environment=PGROOT=...

Archlinux:
/usr/lib/systemd/system/postgresql.service
直接增加

Environment=PGROOT=/srv/postgres

SyslogIdentifier=postgres
PIDFile=/srv/postgres/data/postmaster.pid

4 . 创建数据库并加载 PostGIS 扩展

# 创建一个角色(可跳过直接用 postgres)
sudo -iu postgres createuser --interactive        # 选 “superuser” or 给予 CREATEDB
sudo -iu postgres createdb ovsea

# 进入数据库
psql -d ovsea -U <your_user>

psql 提示符下执行:

CREATE EXTENSION postgis;
CREATE EXTENSION postgis_raster;        -- 若要 raster 支持
CREATE EXTENSION postgis_topology;      -- 若要拓扑模型
-- 可选
CREATE EXTENSION postgis_sfcgal;        -- 3D/曲面

验证:

SELECT postgis_full_version();

应显示类似:

POSTGIS="3.4.1 2025-02-14" [EXTENSION] PGSQL="160"
GEOS="3.13.0-CAPI-1.18.0" PROJ="9.4.0" GDAL="3.9.0" SFCGAL="1.5.0"

5 . (可选)创建 PostGIS 模板库

若你经常新建 GIS 数据库,可把扩展装进模板库:

sudo -iu postgres
createdb template_postgis
psql -d template_postgis -c "CREATE EXTENSION postgis;"
psql -d template_postgis -c "CREATE EXTENSION postgis_raster;"
psql -d template_postgis -c "VACUUM FREEZE;"
psql -d postgres -c "UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';"

建库

createdb -T template_postgis newgis

6 . 防火墙与远程访问(若需要)

1.修改监听端口

nano -w /srv/postgres/data/postgresql.conf
listen_addresses = '*'

配置 pg_hba.conf,允许远程主机:

nano -w /srv/postgres/data/pg_hba.conf
# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             all             0.0.0.0/0               md5

发表在 Linux | Arch Linux 上安装与启用 PostGIS已关闭评论

GeoServer 中使用 PostgreSQL 来存储和加载地图数据

发表于2025-04-06Zeno Chen

你想在 GeoServer 中使用 PostgreSQL 来存储和加载地图数据,这是非常专业也非常推荐的 GIS 解决方案,尤其适合:

  • 大体量空间数据(如 OSM)
  • 多人协作编辑
  • 动态查询、发布 WebGIS 接口(WMS/WFS/WCS)

下面是完整流程 ✅

✅ 总体步骤

步骤内容
✅ 1安装 PostgreSQL + PostGIS
✅ 2-1下载开源地图数据(如 OpenStreetMap)
✅ 2-2准备数据格式(Shapefile、GeoTIFF、GeoPackage 或 PostGIS)
✅ 2-3导入数据(Shapefile、OSM、GeoJSON 等)到 PostGIS
✅ 3配置 GeoServer 连接 PostgreSQL 数据源
✅ 4发布图层,提供 WMS/WFS 服务
✅ 5前端调用或嵌入地图展示

🛠️ 1. 安装 PostgreSQL + PostGIS

ubuntu

sudo apt update
sudo apt install postgresql postgis -y

archlinux

pacman -S postgresql postgis -y

修改数据库存储路径

mkdir /srv/postgres
chown -R postgresql:postgresql /srv/postgres
chown -R postgres:postgres /srv/postgres

nano -w /usr/lib/systemd/system/postgresql.service

#Environment=PGROOT=/var/lib/postgres
Environment=PGROOT=/srv/postgres
systemctl start postgresql


创建数据库并启用 PostGIS:

sudo -u postgres createdb gis
sudo -u postgres psql -d gis -c "CREATE EXTENSION postgis;"

创建用户

sudo -u postgres createuser -P ovsea
sudo -u postgres psql
ALTER USER ovsea WITH SUPERUSER;  -- 或给 SELECT 权限

📦 2. 导入空间数据到 PostGIS

一、获取开源地图数据(OSM / Natural Earth / 海图)

下载 OpenStreetMap(.pbf)数据

你可以从 https://download.geofabrik.de/ 按区域下载 OSM 数据(.osm.pbf 格式)

例如:

wget https://download.geofabrik.de/asia/china-latest.osm.pbf
wget https://download.geofabrik.de/asia/singapore-latest.osm.pbf

使用 Natural Earth 提供的基础地图

Home

它提供:

  • 国家边界、行政区划(Shapefile)
  • 地形、高程(GeoTIFF)
  • 城市、河流、道路等

示例下载:

wget https://naciscdn.org/naturalearth/10m/cultural/ne_10m_admin_0_countries.zip
unzip ne_10m_admin_0_countries.zip

二、将数据导入 GeoServer 可识别格式

GeoServer 支持多种格式:

数据格式推荐工具
Shapefile(.shp)直接上传
GeoTIFF(栅格图)可直接读取
PostGIS(最强大)推荐大数据量场景
GeoPackage (.gpkg)单文件数据库格式,轻量灵活

三、如果你下载的是 .osm.pbf → 转换成 PostGIS 或 .shp

使用 osm2pgsql 导入 PostgreSQL + PostGIS:

apt install osm2pgsql
pacman -S osm2pgsql
osm2pgsql -d gis --create --slim -C 1024 --hstore china-latest.osm.pbf

导入 Shapefile 示例(使用 shp2pgsql工具):

shp2pgsql -I -s 4326 your_shapefile.shp public.your_layer > your_layer.sql
psql -U postgres -d gis -f your_layer.sql

-I:自动建索引

-s 4326:设置坐标系(WGS84)

你也可以使用 QGIS 图形界面直接导入 shapefile/geojson/等数据进数据库(推荐)

🌍 3. 在 GeoServer 中连接 PostgreSQL 数据源

打开 GeoServer 管理后台(默认:http://localhost:8080/geoserver)

点击左侧【Stores】 → 【Add new Store】

选择 PostGIS(PostgreSQL)

填写连接信息:

参数示例
hostlocalhost 或你的服务器 IP
port5432
databasegis
schemapublic
usergeoserver_user
password你的密码
validate connection✅ 勾选
namespace通常为你的 workspace 地址,如 http://example.com/gis

点击 Save,GeoServer 会自动列出这个数据库下的所有空间表

🧩 4. 发布图层

进入【Layers】 → 【Add a new layer】

选择刚才创建的数据源

点击你想发布的图层(如 your_layer),配置样式(可以选默认)

点击【Publish】

检查:

CRS 是否为 EPSG:4326(WGS84)

Bounding Box 是否已填

点击【Save】

现在你的图层已经通过 WMS/WFS/WCS 等服务发布出来

🌐 5. 测试访问服务

你可以通过以下地址访问:

http://localhost:8080/geoserver/your_workspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=your_layer&styles=&bbox=...&width=800&height=600&format=image/png&srs=EPSG:4326

也可以将图层添加到前端 Leaflet、OpenLayers 等项目中。

发表在 Postgres | GeoServer 中使用 PostgreSQL 来存储和加载地图数据已关闭评论

OpenConnect全平台编译

发表于2025-03-29Zeno Chen

OpenConnect 是一个开源的 VPN 客户端,最初是为了兼容 Cisco 的 AnyConnect 协议开发的,现在支持多个 VPN 协议,功能强大、跨平台。

OpenConnect 支持多个协议和 VPN 后端,包括:

协议/服务简介
Cisco AnyConnect SSL VPN初代支持目标,完全兼容
Juniper/Pulse Connect Secure支持通过 –protocol=nc
GlobalProtect(Palo Alto)通过 –protocol=gp
Fortinet FortiGate SSL VPN通过 –protocol=fortinet
F5 BIG-IP部分支持
ocservOpenConnect 服务端(开源版)

今天我们针对MacOS、iOS、Windows、Linux、Android进行统一的编译,导出动态和静态库,

  • MacOS

1. ✅ 安装依赖(用 Homebrew)

curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh > install.sh && chmod 755 install.sh

echo >> ~/.zprofile
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"
brew install autoconf automake libtool pkg-config gnutls libxml2 lz4 gcc

设置必要的 pkg-config 路径(视架构可能不同):

Apple Silicon

export CC=/opt/homebrew/Cellar/gcc/14.2.0_1/bin/gcc-14
export CXX=/opt/homebrew/Cellar/gcc/14.2.0_1/bin/g++-14
export PKG_CONFIG_PATH="/opt/homebrew/opt/libxml2/lib/pkgconfig:/opt/homebrew/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH"

Intel x86_64

export CC=/usr/local/Cellar/gcc/14.2.0/bin/gcc-14
export CXX=/usr/local/Cellar/gcc/14.2.0/bin/g++-14
export PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH"

2. ✅ 获取 openconnect 源码

Apple Silicon

mkdir -p /Volumes/mindata/app/ovsea/rootfs/macos_aarch64
cd /Volumes/mindata/app/openconnect/macos_aarch64
git clone https://gitlab.com/openconnect/openconnect.git
cd openconnect

Intel x86_64

mkdir -p /Volumes/mindata/app/ovsea/rootfs/macos_x86_64
cd /Volumes/mindata/app/openconnect/macos_x86_64
git clone https://gitlab.com/openconnect/openconnect.git
cd openconnect


3. ✅ 配置静态编译参数(autotools)

运行 configure,开启静态库编译、关闭动态库:

aarch64

./autogen.sh
./configure \
  --prefix=/Volumes/mindata/app/ovsea/rootfs/macos_aarch64 \
  --enable-static \
  --with-gnutls \
  --without-openssl \
  --with-vpnc-script=/etc/vpnc/vpnc-script \
  CFLAGS="-O2 -fPIC" \
  LDFLAGS=""

x86_64

./autogen.sh
./configure \
  --prefix=/Volumes/mindata/app/ovsea/rootfs/macos_x86_64 \
  --enable-static \
  --with-gnutls \
  --without-openssl \
  --with-vpnc-script=/etc/vpnc/vpnc-script \
  CFLAGS="-O2 -fPIC" \
  LDFLAGS=""

注意这个vpnc-script的目录不需要真实存在,因为我们只要静态库


4. ✅ 编译生成 .a 静态库

make && make install
  • iOS

1. ✅ 准备交叉编译工具链

使用 xcrun 获取 iOS SDK 路径:

export IOS_SDK=$(xcrun --sdk iphoneos --show-sdk-path)
export IOS_PLATFORM=$(xcrun --sdk iphoneos --show-sdk-platform-path)

设置架构和目标:

export CC="$(xcrun --sdk iphoneos -f clang)"
export CXX="$(xcrun --sdk iphoneos -f clang++)"
export CPPFLAGS="-isysroot $IOS_SDK -arch arm64"
export CFLAGS="$CPPFLAGS -O2 -fembed-bitcode"
export LDFLAGS="-isysroot $IOS_SDK -arch arm64"

2. ✅ 获取 openconnect 源码

cd /Volumes/mindata/app/openconnect/ios_aarch64
git clone https://gitlab.com/openconnect/openconnect.git
cd openconnect

删除PCSC

打开 openconnect/Makefile.am(或 Makefile.in)

找到这行:

lib_srcs_yubikey = yubikey.c
libopenconnect_la_SOURCES = version.c $(library_srcs)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) \
        $(LIBXML2_CFLAGS) $(JSON_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) \
        $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBPSKC_CFLAGS) \
        $(GSSAPI_CFLAGS) $(INTL_CFLAGS) $(ICONV_CFLAGS) $(LIBPCSCLITE_CFLAGS) \
        $(LIBP11_CFLAGS) $(LIBLZ4_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) \
        $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(P11KIT_LIBS) \
        $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBPSKC_LIBS) $(GSSAPI_LIBS) \
        $(INTL_LIBS) $(ICONV_LIBS) $(LIBPCSCLITE_LIBS) $(LIBP11_LIBS)\
        $(LIBLZ4_LIBS) ${JSON_LIBS}

把 yubikey.c 删除!

3. ✅ 配置静态编译参数(autotools)

运行 configure,开启静态库编译、关闭动态库:

./autogen.sh
./configure \
  --host=arm-apple-darwin \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  --enable-static \
  --with-gnutls \
  --without-openssl \
  --with-vpnc-script=/etc/vpnc/vpnc-script \
  --without-libpcsclite \
  CC="$CC" CFLAGS="$CFLAGS -I$(pwd)/../libs/usr/local/include -I$(pwd)/../libs/include" \
  LDFLAGS="$LDFLAGS -L$(pwd)/../libs/usr/local/lib -L$(pwd)/../libs/lib -lz -liconv -lnettle -lhogweed -lgmp -ltasn1 -lidn2 -lunistring"

注意这个vpnc-script的目录不需要真实存在,因为我们只要静态库

4. ✅ 编译

需要预先编译一些代码
编译 GMP(供 nettle 使用)

curl -O https://gmplib.org/download/gmp/gmp-6.3.0.tar.xz
tar xf gmp-6.3.0.tar.xz && cd gmp-6.3.0

./configure --host=arm-apple-darwin \
  --disable-assembly \
  --enable-static --disable-shared \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"

make -j8
make install
cd ..

cp /Volumes/mindata/app/openconnect/ios_aarch64/libs

编译 Nettle

curl -O https://ftp.gnu.org/gnu/nettle/nettle-3.9.1.tar.gz
tar xf nettle-3.9.1.tar.gz && cd nettle-3.9.1

./configure --host=arm-apple-darwin \
  --enable-static --disable-shared \
  --disable-assembler \
  --disable-arm-neon \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  --with-lib-path=$(pwd)/../libs/lib \
  --with-include-path=$(pwd)/../libs/include \
  CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"

make -j8
make install
cd ..

编译 libtasn1

curl -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
tar xf libtasn1-4.19.0.tar.gz && cd libtasn1-4.19.0

./configure --host=arm-apple-darwin \
  --enable-static --disable-shared \
  CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"

make -j8
make install DESTDIR=$(pwd)/../libs
cd ..

编译 ZSTD

git clone https://github.com/facebook/zstd.git
cd zstd

make lib-mt CC="$CC" CFLAGS="$CFLAGS"

mkdir -p ../libs/lib
mkdir -p ../libs/include
cp lib/libzstd.a ../libs/lib/
cp -r lib ../libs/include/zstd
cd ..

编译 libunistring

curl -LO https://ftp.gnu.org/gnu/libunistring/libunistring-1.2.tar.gz
tar xf libunistring-1.2.tar.gz && cd libunistring-1.2

./configure --host=arm-apple-darwin \
  --enable-static --disable-shared \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"

make -j8 && make install
cd ..

编译 libidn2

curl -LO https://ftp.gnu.org/gnu/libidn/libidn2-2.3.4.tar.gz
tar xf libidn2-2.3.4.tar.gz && cd libidn2-2.3.4

./configure --host=arm-apple-darwin \
  --enable-static --disable-shared \
  --disable-nls --without-libiconv-prefix \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" \
  CFLAGS="$CFLAGS -I/Volumes/mindata/app/openconnect/ios_aarch64/libs/include" \
  LDFLAGS="$LDFLAGS -L/Volumes/mindata/app/openconnect/ios_aarch64/libs/lib" \
  UNISTRING_CFLAGS="-I/Volumes/mindata/app/openconnect/ios_aarch64/libs/include" \
  UNISTRING_LIBS="-L/Volumes/mindata/app/openconnect/ios_aarch64/libs/lib -lunistring"

make -j8 && make install
cd ..

编译 GnuTLS

curl -O https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz
tar xf gnutls-3.8.3.tar.xz && cd gnutls-3.8.3

./configure --host=arm-apple-darwin \
  --enable-static --disable-shared \
  --with-included-libtasn1 \
  --with-included-unistring \
  --disable-nls \
  --disable-cxx \
  --without-p11-kit \
  --with-included-libtasn1 \
  --with-included-unistring \
  --disable-doc \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" CFLAGS="$CFLAGS -I$(pwd)/../libs/usr/local/include -I$(pwd)/../libs/include" \
  LDFLAGS="$LDFLAGS -L$(pwd)/../libs/usr/local/lib -L$(pwd)/../libs/lib"

make -j8
make install DESTDIR=$(pwd)/../libs
cd ..

编译 liblz4

# 1. 获取源码
git clone https://github.com/lz4/lz4.git
cd lz4

# 3. 编译静态库
make lib CC="$CC" CFLAGS="$CFLAGS"

# 4. 安装输出
mkdir -p ../libs/lib ../libs/include
cp lib/liblz4.a ../libs/lib/
cp lib/lz4.h ../libs/include/
cd ..

编译 zlib

curl -LO https://zlib.net/zlib-1.3.1.tar.gz
tar xf zlib-1.3.1.tar.gz
cd zlib-1.3.1

./configure --static
make CC="$CC" CFLAGS="$CFLAGS"

mkdir -p ../libs/lib ../libs/include
cp libz.a ../libs/lib/
cp zlib.h zconf.h ../libs/include/
cd ..

编译 libxml2 

curl -LO http://xmlsoft.org/sources/libxml2-2.11.7.tar.gz
curl -LO https://github.com/GNOME/libxml2/archive/refs/tags/v2.14.0.tar.gz
mv v2.14.0.tar.gz libxml2-2.14.0.tar.gz && tar xf libxml2-2.14.0.tar.gz && cd libxml2-2.14.0

# ===== 配置编译参数 ===== #
./autogen.sh
./configure \
  --host=arm-apple-darwin \
  --enable-static \
  --disable-shared \
  --without-python \
  --without-lzma \
  --disable-dependency-tracking \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" \
  CFLAGS="$CFLAGS" \
  LDFLAGS="$LDFLAGS"

# ===== 编译并安装 ===== #
make -j8
make install
cd ..

编译 stoken 

git clone https://github.com/cernekee/stoken.git
cd stoken

./autogen.sh
./configure \
  --host=arm-apple-darwin \
  --enable-static --disable-shared \
  --prefix=/Volumes/mindata/app/openconnect/ios_aarch64/libs \
  CC="$CC" CFLAGS="$CFLAGS -I$(pwd)/../libs/usr/local/include -I$(pwd)/../libs/include" \
  LDFLAGS="$LDFLAGS -L$(pwd)/../libs/usr/local/lib -L$(pwd)/../libs/lib"

make -j8
make install
cd ..

5. ✅ 编译生成静态库

make && make install

  • Windows(msys2 mingw64)

1. ✅ 安装依赖

mkdir -p /d/app/openconnect/win_x86_64/external
cd

2. ✅ 获取 wintun 源码

cd /d/app/openconnect/win_x86_64/wintun
wget https://www.wintun.net/builds/wintun-0.14.1.zip
cd ../


3. ✅ 配置静态编译参数(autotools)

使用下面的编译脚本即可:

nano -w build_deps_mingw@msys2.sh
#
# Sample script to checkout & build 'openconnect' project
# with MINGW64 on MSYS2 toolchain
#
# It should be used only as illustration how to build application
# and create an installer package
#
# (c) 2018-2021, Lubomir Carik
#

SAVE_PWD=$(pwd)
BUILD_DIR="${BUILD_DIR:-build-$MSYSTEM}"

if [ "$MSYSTEM" == "MINGW64" ]; then
    export BUILD_ARCH=x86_64
    export MINGW_PREFIX=/mingw64
    WINTUN_ARCH=amd64
elif [ "$MSYSTEM" == "MINGW32" ]; then
    export BUILD_ARCH=i686
    export MINGW_PREFIX=/mingw32
    WINTUN_ARCH=x86
else
    echo "Unknown MSYS2 build environment..."
    exit -1
fi

export STOKEN_TAG=v0.92
WINTUN_VERSION=0.14.1

#root directory is the parent of the directory containing the build script
ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}")/.." >/dev/null 2>&1 && pwd )"

#sanity check for root dir
if [ ! -d ${ROOT_DIR}/external ]; then
    echo "Root Directory not set correctly: ${ROOT_DIR}"
    exit 1
fi

echo "Starting under $MSYSTEM build environment ($ROOT_DIR)..."

if [ "$1" == "--head" ]; then
    export OC_TAG=master
else
    export OC_TAG=v9.12
fi

echo "OpenConnect: $OC_TAG"
echo "stoken: $STOKEN_TAG"
echo "wintun: $WINTUN_VERSION"
echo ""

export OC_URL=https://gitlab.com/openconnect/openconnect.git
export STOKEN_URL=https://github.com/stoken-dev/stoken

echo "======================================================================="
echo " Preparing sandbox..."
echo "======================================================================="

if [ "$STOKEN_TAG" != "v0.92" ]; then
    BUILD_STOKEN=yes
fi
BUILD_STOKEN=${BUILD_STOKEN:-no}

echo "======================================================================="
echo " Installing dependencies..."
echo "======================================================================="

set -e

pacman --needed --noconfirm -S \
    git \
    unzip \
    p7zip \
    base-devel \
    autotools \
    mingw-w64-x86_64-toolchain \
    mingw-w64-x86_64-jq \
    mingw-w64-${BUILD_ARCH}-gcc \
    mingw-w64-${BUILD_ARCH}-make \
    mingw-w64-${BUILD_ARCH}-gnutls \
    mingw-w64-${BUILD_ARCH}-libidn2 \
    mingw-w64-${BUILD_ARCH}-libunistring \
    mingw-w64-${BUILD_ARCH}-nettle \
    mingw-w64-${BUILD_ARCH}-gmp \
    mingw-w64-${BUILD_ARCH}-p11-kit \
    mingw-w64-${BUILD_ARCH}-zlib \
    mingw-w64-${BUILD_ARCH}-libxml2 \
    mingw-w64-${BUILD_ARCH}-zlib \
    mingw-w64-${BUILD_ARCH}-lz4 \
    mingw-w64-${BUILD_ARCH}-nsis \
    mingw-w64-${BUILD_ARCH}-libproxy

#openconnect compilation is broken on recent versions (>=2.12) of libxml2 because of header reorg
#(see https://gitlab.com/openconnect/openconnect/-/issues/685)
#
#use latest 2.11 version until openconnect is fixed
#TODO remove the following line after bumping OC_TAG (hopefully to v9.13)
pacman --needed --noconfirm -U https://repo.msys2.org/mingw/mingw64/mingw-w64-x86_64-libxml2-2.11.6-1-any.pkg.tar.zst

set +e

[ -d "${BUILD_DIR}" ] || mkdir "${BUILD_DIR}"
cd "${BUILD_DIR}"

#CORES=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || sysctl -n hw.ncpu || echo "$NUMBER_OF_PROCESSORS")
CORES=$(getconf _NPROCESSORS_ONLN)

if [ "x$BUILD_STOKEN" = "xno" ]; then
    echo "======================================================================="
    echo " Installing stoken..."
    echo "======================================================================="
    pacman --needed --noconfirm -S \
        mingw-w64-${BUILD_ARCH}-stoken
else
    echo "======================================================================="
    echo " Building stoken..."
    echo "======================================================================="
    [ -d stoken ] || git clone -b ${STOKEN_TAG} ${STOKEN_URL}
    cd stoken

    git clean -fdx
    git reset --hard ${STOKEN_TAG}

    set -e

    ./autogen.sh

    set +e

    [ -d build-${BUILD_ARCH} ] || mkdir build-${BUILD_ARCH}
    cd build-${BUILD_ARCH}
    set -e
    ../configure --disable-dependency-tracking --without-tomcrypt --without-gtk
    mingw32-make -j${CORES}
    mingw32-make install
    cd ../../
    set +e
fi

echo "======================================================================="
echo " Building openconnect..."
echo "======================================================================="
[ -d openconnect ] || git clone -b ${OC_TAG} ${OC_URL}

set -e
cd openconnect
set +e

git clean -fdx
git reset --hard ${OC_TAG}

set -e
echo "hash:"
git rev-parse --short HEAD | tee ../openconnect-${OC_TAG}_$MSYSTEM.hash

# For openconnect we need wintun locally to avoid downloading
# which is unreliable.
#WINTUNFILE=$(cat Makefile.am|grep ^WINTUNDRIVER |cut -d '=' -f 2|sed 's/^\s//')
#echo "Copying ${WINTUNFILE} for openconnect"
#cp ../../wintun/${WINTUNFILE} .

./autogen.sh
set +e

[ -d build-${BUILD_ARCH} ] || mkdir build-${BUILD_ARCH}
cd build-${BUILD_ARCH}

set -e

#disable libproxy since libproxy >= 0.5 has a lot of dependencies that expand the attack surface
#see https://gitlab.com/openconnect/openconnect-gui/-/merge_requests/259#note_1713843295
CFLAGS="${CFLAGS} -O2 -g -Wno-error=incompatible-pointer-types" ../configure --disable-dependency-tracking --with-gnutls --without-openssl --without-libpskc --without-libproxy --with-vpnc-script=vpnc-script-win.js

#Make only openconnect.exe; openconnect 12.x fails when generating the nsis installer and
#we do not use the installer or other created artifacts.
mingw32-make -j${CORES} openconnect.exe
cd ../../
set +e

#
# Sample script to create a package from build 'openconnect' project
# incl. all dependencies (hardcoded paths!)
#
echo "======================================================================="
echo " Packaging..."
echo "======================================================================="

rm -rf pkg
mkdir -p pkg/nsis && cd pkg/nsis

set -e

cp ${MINGW_PREFIX}/bin/libffi-8.dll .
cp ${MINGW_PREFIX}/bin/libgcc_*-1.dll .
cp ${MINGW_PREFIX}/bin/libgmp-10.dll .
cp ${MINGW_PREFIX}/bin/libgnutls-30.dll .
cp ${MINGW_PREFIX}/bin/libhogweed-6.dll .
cp ${MINGW_PREFIX}/bin/libintl-8.dll .
cp ${MINGW_PREFIX}/bin/libnettle-8.dll .
cp ${MINGW_PREFIX}/bin/libp11-kit-0.dll .
cp ${MINGW_PREFIX}/bin/libtasn1-6.dll .
cp ${MINGW_PREFIX}/bin/libwinpthread-1.dll .
cp ${MINGW_PREFIX}/bin/libxml2-2.dll .
cp ${MINGW_PREFIX}/bin/zlib1.dll .
cp ${MINGW_PREFIX}/bin/libstoken-1.dll .
cp ${MINGW_PREFIX}/bin/liblz4.dll .
cp ${MINGW_PREFIX}/bin/libiconv-2.dll .
cp ${MINGW_PREFIX}/bin/libunistring-5.dll .
cp ${MINGW_PREFIX}/bin/libidn2-0.dll .
cp ${MINGW_PREFIX}/bin/liblzma-5.dll .
cp ${MINGW_PREFIX}/bin/libbrotlicommon.dll .
cp ${MINGW_PREFIX}/bin/libbrotlidec.dll .
cp ${MINGW_PREFIX}/bin/libzstd.dll .
cp ${MINGW_PREFIX}/bin/libbrotlienc.dll .
cp ../../openconnect/build-${BUILD_ARCH}/.libs/libopenconnect-5.dll .
#cp ../../openconnect/build-${BUILD_ARCH}/.libs/wintun.dll .
cp ../../openconnect/build-${BUILD_ARCH}/.libs/openconnect.exe .

echo "Getting vpnc-script from https://gitlab.com/openconnect/vpnc-scripts/..."

curl --no-progress-meter  -o vpnc-script-win.js https://gitlab.com/openconnect/vpnc-scripts/-/raw/master/vpnc-script-win.js

echo "Extracting wintun.dll..."
unzip -j ${ROOT_DIR}/wintun/wintun-${WINTUN_VERSION}.zip "wintun/bin/${WINTUN_ARCH}/wintun.dll" -d .

cd ../../

set +e


mkdir -p pkg/lib && cd pkg/lib
set -e
cp ${MINGW_PREFIX}/lib/libgmp.dll.a .
cp ${MINGW_PREFIX}/lib/libgnutls.dll.a .
cp ${MINGW_PREFIX}/lib/libhogweed.dll.a .
cp ${MINGW_PREFIX}/lib/libnettle.dll.a .
cp ${MINGW_PREFIX}/lib/libp11-kit.dll.a .
cp ${MINGW_PREFIX}/lib/libxml2.dll.a .
cp ${MINGW_PREFIX}/lib/libz.dll.a .
cp ${MINGW_PREFIX}/lib/libstoken.dll.a .
cp ${MINGW_PREFIX}/lib/liblz4.dll.a .
cp ${MINGW_PREFIX}/lib/libiconv.dll.a .
cp ${MINGW_PREFIX}/lib/libunistring.dll.a .
cp ${MINGW_PREFIX}/lib/libidn2.dll.a .
cp ${MINGW_PREFIX}/lib/liblzma.dll.a .
cp ../../openconnect/build-${BUILD_ARCH}/.libs/libopenconnect.dll.a .

cd ../../
set +e

mkdir -p pkg/lib/pkgconfig && cd pkg/lib/pkgconfig

set -e

cp ${MINGW_PREFIX}/lib/pkgconfig/gnutls.pc .
cp ${MINGW_PREFIX}/lib/pkgconfig/hogweed.pc .
cp ${MINGW_PREFIX}/lib/pkgconfig/libxml-2.0.pc .
cp ${MINGW_PREFIX}/lib/pkgconfig/nettle.pc .
cp ${MINGW_PREFIX}/lib/pkgconfig/zlib.pc .
cp ${MINGW_PREFIX}/lib/pkgconfig/stoken.pc .
cp ../../../openconnect/build-${BUILD_ARCH}/openconnect.pc .
cd ../../../

mkdir -p pkg/include && cd pkg/include
cp -R ${MINGW_PREFIX}/include/gnutls/ .
cp -R ${MINGW_PREFIX}/include/libxml2/ .
cp -R ${MINGW_PREFIX}/include/nettle/ .
cp -R ${MINGW_PREFIX}/include/p11-kit-1/p11-kit/ .
cp ${MINGW_PREFIX}/include/gmp.h .
cp ${MINGW_PREFIX}/include/zconf.h .
cp ${MINGW_PREFIX}/include/zlib.h .
cp ${MINGW_PREFIX}/include/stoken.h .
cp ../../openconnect/openconnect.h .
cd ../../

export MINGW_PREFIX=

cd pkg/nsis
7za a -tzip -mx=9 -sdel ../../openconnect-${OC_TAG}_$MSYSTEM.zip *
cd ../
rmdir -v nsis
7za a -tzip -mx=9 -sdel ../openconnect-devel-${OC_TAG}_$MSYSTEM.zip *
cd ../

set +e

rmdir -v pkg


if [ "x$BUILD_STOKEN" = "xyes" ]; then
    echo "======================================================================="
    echo " Uninstalling system-wide stoken..."
    echo "======================================================================="
    #uninstall stoken; we just build it for the library
    cd stoken/build-${BUILD_ARCH}
    mingw32-make install
    cd ../..
fi

set -e

echo "List of system-wide used packages versions:" \
    > openconnect-${OC_TAG}_$MSYSTEM.txt
echo "openconnect-${OC_TAG}" \
    >> openconnect-${OC_TAG}_$MSYSTEM.txt
echo "stoken-${STOKEN_TAG}" \
    >> openconnect-${OC_TAG}_$MSYSTEM.txt
pacman -Q \
    mingw-w64-${BUILD_ARCH}-gnutls \
    mingw-w64-${BUILD_ARCH}-libidn2 \
    mingw-w64-${BUILD_ARCH}-libunistring \
    mingw-w64-${BUILD_ARCH}-nettle \
    mingw-w64-${BUILD_ARCH}-gmp \
    mingw-w64-${BUILD_ARCH}-p11-kit \
    mingw-w64-${BUILD_ARCH}-libxml2 \
    mingw-w64-${BUILD_ARCH}-zlib \
    mingw-w64-${BUILD_ARCH}-lz4 \
    mingw-w64-${BUILD_ARCH}-libproxy \
    >> openconnect-${OC_TAG}_$MSYSTEM.txt

sha512sum.exe openconnect-${OC_TAG}_$MSYSTEM.zip > openconnect-${OC_TAG}_$MSYSTEM.zip.sha512
sha512sum.exe openconnect-devel-${OC_TAG}_$MSYSTEM.zip > openconnect-devel-${OC_TAG}_$MSYSTEM.zip.sha512

mv -vu openconnect-*.zip openconnect-*.txt openconnect-*.zip.sha512 openconnect-${OC_TAG}_$MSYSTEM.hash ${ROOT_DIR}/external

set +e

cd ${SAVE_PWD}


4. ✅ 编译生成 .a 静态库

chmod 755 build_deps_mingw@msys2.sh
./build_deps_mingw@msys2.sh

5. ✅ 拷贝文件备用

cp -r libs/lib /Volumes/mindata/app/OvSeaUI/libs/windows/x86_64/
cp -r libs/include /Volumes/mindata/app/OvSeaUI/libs/windows/x86_64/

  • Linux

发表在 C/C++ | OpenConnect全平台编译已关闭评论

安装docker,并且运行定制的镜像

发表于2025-03-09Zeno Chen

一、安装 docker

ArchLinux

pacman -S docker

二、修改配置

nano -w /etc/docker/daemon.json

{
  "registry-mirrors": [
    "https://docker.ovsea.cfd"
  ],
  "data-root": "/srv/docker",
  "dns": ["8.8.8.8", "8.8.4.4"]
}

三、拉取rustdesk镜像

1.Ocserv & Marzban–MySQL+FreeRadius

docker pull docker.ovsea.cfd/archvpns:latest

2.Ocserv & Marzban-node

docker pull docker.ovsea.cfd/archvpnc:latest

四、运行

1.服务器方案

docker run -d --restart always --name vpn-server --privileged --cgroupns=host \
    -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
    --tmpfs /run --tmpfs /run/lock \
    -v /tmp:/tmp \
    -v /srv/archvpns/mysqlconf:/etc/mysql \
    -v /srv/archvpns/nginx:/etc/nginx \
    -v /srv/archvpns/ocserv:/etc/ocserv \
    -v /srv/archvpns/radcli:/etc/radcli \
    -v /srv/archvpns/raddb:/etc/raddb \
    -v /srv/archvpns/srv:/srv \
    -p 80:80 -p 443:443 -p 10000:10000 -p 6443:6443 \
    -p 62050:62050 -p 62051:62051 \
    -p 8080:8080 -p 8081:8081 -p 8443:8443 -p 2053:2053 -p 2083:2083 -p 1080:1080 \
    docker.ovsea.cfd/archvpns:latest
docker exec -it vpn-server bash

2.节点方案

docker run -d --restart always --name vpn-client --privileged --cgroupns=host \
    -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
    --tmpfs /run --tmpfs /run/lock \
    -v /tmp:/tmp \
    -v /srv/archvpnc/nginx:/etc/nginx \
    -v /srv/archvpnc/ocserv:/etc/ocserv \
    -v /srv/archvpnc/radcli:/etc/radcli \
    -v /srv/archvpnc/marzban-node:/var/lib/marzban-node \
    -v /srv/archvpnc/srv:/srv \
    -p 80:80 -p 443:443 -p 6443:6443 \
    -p 62050:62050 -p 62051:62051 \
    -p 8080:8080 -p 8081:8081 -p 8443:8443 -p 2053:2053 -p 2083:2083 -p 1080:1080 \
    docker.ovsea.cfd/archvpnc:latest
docker exec -it vpn-client bash

发表在 Linux | 安装docker,并且运行定制的镜像已关闭评论

密码保护:安装xboard

发表于2025-02-27Zeno Chen

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

发表在 默认分类 | 密码保护:安装xboard已关闭评论