TinyCoreLinux安裝Bit-Twist

A. Bit-Twist僅能安裝於64bit TinyCoreLinux

B. 生成bittwist.tcz

1. 安裝CorePure64.iso於Core15-dev.qcow2

qemu-img create -f qcow2 Core15-dev.qcow2 512M

qemu-system-x86_64 -hda Core15-dev.qcow2 -cdrom CorePure64-15.0.iso -boot d -m 256

開機後依OS安裝程序完成TinyCoreLinux安裝

2. 建立編譯環境

qemu-system-x86_64 -hda Core15-dev.qcow2 -m 256

tce-load -wi compiletc

3. 下載Bit-Twist編譯環境並產生bittiwst

tce-load -wi libpcap-dev

tce-load -wi wget

hash -r

wget https://sourceforge.net/projects/bittwist/files/Linux/Bit-Twist%204.4/bittwist-linux-4.4.tar.gz/download

mv download bittwist-linux-4.4.tar.gz

tar zxf bittwist-linux-4.4.tar.gz

cd bittwist-linux-4.4

修改編譯參數：
修改
LPCAP = -Wl,-Bstatic -lpcap -Wl,-Bdynamic
為
LPCAP = -lpcap

vi Makefile

make

strip bin/bittwist bin/bittwiste

4. 封裝bittwist.tcz

tce-load -wi squashfs-tools

mkdir -p /tmp/bittwist/usr/local/bin

cp bin/bittwist bin/bittwiste /tmp/bittwist/usr/local/bin

sudo chown -R root:root /tmp/bittwist

mksquashfs /tmp/bittwist bittwist.tcz -noappend

5. 送出bittwist.tcz

使用 nc (netcat) 進行檔案傳輸

接受端 (server:65001)

nc -l -p 65001 > bittwist.tcz

或

ncat -l 65001 > bittwist.tcz

發送端 

nc -w 3 server 65001 < bittwist.tcz

完成bittwist.tcz的生成。

sudo halt

C. 安裝bittwist.tcz於Core15-bittwist.qcow2

1. 建立Core15-bittwist.qcow2

qemu-img create -f qcow2 Core15-bittwist.qcow2 128M

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -cdrom CorePure64-15.0.iso -boot d -m 128

開機後依OS安裝程序完成TinyCoreLinux安裝

2. 安裝tcpdump

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -m 128 -nic user,hostfwd=tcp::65001-:65001

tce-load -wi tcpdump

3. 下載bittwist.tcz

cd /mnt/sda1/tce/optional

nc -l -p 65001 > bittwist.tcz

發送端 

nc -w 3 Host_IP 65001 < bittwist.tcz

或

ncat --send-only localhost 65001 < bittwist.tcz

測試下載的bittwist.tcz檔案

tce-load -i bittwist.tcz

4. 設定開機安裝bittwist.tcz

將bittwist.tcz加入/mnt/sda1/tce/onboot.lst

修改

tcpdump.tcz

為

tcpdump.tcz
bittwist.tcz

vi /mnt/sda1/tce/onboot.lst

安裝bittwist.tcz完畢

sudo halt

5. 測試bittwist.tcz安裝結果

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -m 128

bittwist -d

rm .ash_history

sudo halt

Windows Apache & PHP Installation

1. Download Apache (Windows version)

https://www.apachelounge.com/download/

2. Download PHP (Windows version)

https://windows.php.net/download

3. Install Apache

• Unzip httpd-2.4.62-240718-win64-VS17.zip
• Move extracted directory Apache24 to X:\Apache24
• Add or modify the following lines in httpd.conf (X:\Apache24\conf\httpd.conf):

Define SRVROOT "X:/Apache24"
Define DOCROOT "Y:/htdocs"
Define SRVNAME "your.domain"

Define CERTDOC "Y:/cert/domain"
ServerAdmin "admin@${SRVNAME}"
ServerName "${SRVNAME}:80"
DocumentRoot "${DOCROOT}"
<Directory "${DOCROOT}">

• To rotate logs modify the following lines in httpd.conf:

ErrorLog "|bin/rotatelogs.exe -l ${DOCROOT}/logs/error-%Y%m%d.log 86400"
CustomLog "|bin/rotatelogs.exe -l ${DOCROOT}/logs/access-%Y%m%d.log 86400" common

• To increase Max Client Connections

Uncomment the following line in httpd.conf:
Include conf/extra/httpd-mpm.conf

•  To enable SSL:

Uncomment the following lines in httpd.conf:

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

Add or modify the following lines in httpd-ssl.conf (conf/extra/httpd-ssl.conf):

<VirtualHost *:80>
ServerName ${SRVNAME}
Redirect permanent / https://${SRVNAME}/
</VirtualHost>

<VirtualHost _default_:443>
#DocumentRoot "${SRVROOT}/htdocs"
ServerName ${SRVNAME}:443
#ServerAdmin admin@example.com
#ErrorLog "${SRVROOT}/logs/error.log"
#TransferLog "${SRVROOT}/logs/access.log"
SSLCertificateFile "${CERTDOC}/fullchain1.pem"
SSLCertificateKeyFile "${CERTDOC}/privkey1.pem"

4. Install PHP

• Unzip php-8.3.10-Win32-vs16-x64.zip
• Move php-8.3.10-Win32-vs16-x64 to X:\php 
• Modify the following lines in httpd.conf:

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

LoadModule php_module "X:/php/php8apache2_4.dll"
<IfModule php_module>
PHPIniDir "X:\php"
AddType application/x-httpd-php .php .html
</IfModule>

• Copy php/php.ini-production to php/php.ini
• Change or uncomment the following lines in php.ini:

extension_dir = "X:\php\ext"
date.timezone = Asia/Taipei

• Enable curl in PHP:

Copy php/libssh2.dll to Apache24/bin

Uncomment the following lines in php.ini:

extension=curl
extension=openssl

• Enable MBstring (Big5 encoding) in PHP:

Uncomment the following line in php.ini:

extension=mbstring

5. Done!

Tiny Core Linux traceroute IPv6

The traceroute (symbolic linked to busybox.suid) in TinyCoreLinux 15.x does not support IPv6 address family.

To traceroute an IPv6 address, install nmap and openssl-1.1.1 as an alternative solution:

tce-load -wi nmap.tcz
tce-load -wi openssl-1.1.1.tcz

After installation, traceroute IPv6 address may be achieved by:

sudo nmap -v -6 -sn -n --traceroute 2001:4860:4860::8888

That's it!

perfSONAR 5.0.7 on Ubuntu 22.04

Failed to install perfSONAR on Ubuntu 22.04 because pscheduler depends on python3-pyjq which is not installable.

$sudo apt install perfsonar-toolkit

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

 pscheduler-server : Depends: postgresql-12 but it is not installable or

                              postgresql-11 but it is not installable or

                              postgresql-10 but it is not installable or

                              postgresql-9.6 but it is not installable or

                              postgresql-9.5 but it is not installable

                     Depends: postgresql-plpython3-12 but it is not installable or

                              postgresql-plpython3-11 but it is not installable or

                              postgresql-plpython3-10 but it is not installable or

                              postgresql-plpython3-9.6 but it is not installable or

                              postgresql-plpython3-9.5 but it is not installable

 python3-pscheduler : Depends: python3-pyjq

E: Unable to correct problems, you have held broken packages.

$sudo apt install python3-pyjq

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Package python3-pyjq is a virtual package provided by:

  python3-pyjq-u20 2.4.0-3~bpo10+1

  python3-pyjq-u18 2.4.0-3~bpo10+1

  python3-pyjq-d10 2.4.0-3~bpo10+1

You should explicitly select one to install.

E: Package 'python3-pyjq' has no installation candidate

$sudo apt install python3-pyjq-u20

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

 python3-pyjq-u20 : Depends: python3 (< 3.9) but 3.10.6-1~22.04 is to be installed

E: Unable to correct problems, you have held broken packages.

Private Softether VPN Azure

 A. Build private VPN azure

1. Download and build vpnauzure-go

git clone https://github.com/domosekai/vpnazure-go.git 
cd vpnazure-go 
go mod tidy 
go build

2. Modify auth.txt and suffix.txt

auth.txt (seprated by TAB):

vpn* .domain.my password Password_Of_VPNazure_Server

suffix.txt (seperated by TAB):

.domain.my    cloud.domain.my  fullchain.pem   privkey.pem

3. Start vpnazure-go

./vpnazure-go -b 0.0.0.0:443 -auth auth.txt -suffix suffix.txt -log vpnazure.log &

4. Modify DNS record

• Add A record for VPNazure host: 

cloud.domain.my ip_address_of_cloud.domain.my

• Add A record for each of VPN server (host to be relayed), for example:

vpn123.domain.my ip_address_of_cloud.domain.my

5. Setup VPN server for vpn123

After completion of setup, VPN client can connect to server by SSTP to vpn123.domain.my

B. Setup VPN server 

1. Download and build Softether VPN server

sudo apt -y install cmake gcc g++ make pkgconf libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev
git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
cd SoftEtherVPN
git submodule init && git submodule update
./configure
make -C build
sudo make -C build install

2. Modify codes to prevent connecting to softether-related hosts

• Modify src/Cedar/DDNS.c:

Add instant return for void DCThread()

• Modify src/Mayaqua/Network.c:

Add instant return for void RUDPGetRegisterHostNameByIP()

• Rebuild source code:

make -C build
sudo make -C build install

3. Setup VPN server

• Add auto start system service:

sudo vi /etc/systemd/system/vpnserver.service
------
[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/bin/vpnserver start
ExecStop=/usr/local/bin/vpnserver stop

[Install]
WantedBy=multi-user.target
------

• Start vpnserver service:

sudo systemctl start vpnserver
sudo systemctl enable vpnserver
sudo vpncmd

Select 1, 2 or 3: 1
Hostname of IP Address of Destination: [Enter]
Specify Virtual Hub Name: [Enter]
VPN Server>ServerPasswordSet
Password: [Enter password]
Confirm input: [Enter password]
VPN Server>Hub DEFAULT
VPN Server/DEFAULT>UserCreate username
VPN Server/DEFAULT>UserPasswordSet username
Password: [Enter password]
Confirm input: [Enter password]
VPN Server/DEFAULT>SecureNatEnable
VPN Server/DEFAULT>VpnAzureSetCustom
Server address: cloud.domain.my:443
Hostname: vpn123.domain.my
Password: Password_of_VPNazure_Server

VPN Server/DEFAULT>VpnAzureSetEnable yes
exit

Fix Ubuntu meta-release-lts check fail problem

 After login, the following message is found in MOTD:

"Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings"

It is caused by incorrect system certificate setting, it can be checked by issuing the following command:

python3 -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)'

And the result shows:

/usr/local/ssl/cert.pem

However, thers is no cert.pem found on /usr/local/ssl. 

Fix this by add a cert.pm symbolic link to /etc/ssl/certs/ca-certificates.crt

sudo ln -s /etc/ssl/certs/ca-certificates.crt /usr/local/ssl/cert.pem

Then, remove old motd check by:

sudo rm /var/lib/ubuntu-release-upgrader/release-upgrade-available

Update the motd message by:

sudo /usr/lib/ubuntu-release-upgrader/release-upgrade-motd

Now, it's done! Problem fixed.

I think this is a better solution then modify MetaRelease.py to ignore the certificates.