mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
Merge branch 'translating' of https://github.com/geekpi/TranslateProject into translating
This commit is contained in:
commit
c227eb45c5
106
published/20191023 Using SSH port forwarding on Fedora.md
Normal file
106
published/20191023 Using SSH port forwarding on Fedora.md
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
[#]: collector: (lujun9972)
|
||||||
|
[#]: translator: (geekpi)
|
||||||
|
[#]: reviewer: (wxy)
|
||||||
|
[#]: publisher: (wxy)
|
||||||
|
[#]: url: (https://linux.cn/article-11515-1.html)
|
||||||
|
[#]: subject: (Using SSH port forwarding on Fedora)
|
||||||
|
[#]: via: (https://fedoramagazine.org/using-ssh-port-forwarding-on-fedora/)
|
||||||
|
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
|
||||||
|
|
||||||
|
在 Fedora 上使用 SSH 端口转发
|
||||||
|
======
|
||||||
|
|
||||||
|
![](https://img.linux.net.cn/data/attachment/album/201910/29/123804dql3aqqlghza9txt.jpg)
|
||||||
|
|
||||||
|
你可能已经熟悉使用 [ssh 命令][2]访问远程系统。`ssh` 命令背后所使用的协议允许终端的输入和输出流经[安全通道][3]。但是你知道也可以使用 `ssh` 来安全地发送和接收其他数据吗?一种方法是使用“<ruby>端口转发<rt>port forwarding</rt></ruby>”,它允许你在进行 `ssh` 会话时安全地连接网络端口。本文向你展示了它是如何工作的。
|
||||||
|
|
||||||
|
### 关于端口
|
||||||
|
|
||||||
|
标准 Linux 系统已分配了一组网络端口,范围是 0 - 65535。系统会保留 0 - 1023 的端口以供系统使用。在许多系统中,你不能选择使用这些低端口号。通常有几个端口用于运行特定的服务。你可以在系统的 `/etc/services` 文件中找到这些定义。
|
||||||
|
|
||||||
|
你可以认为网络端口是类似的物理端口或可以连接到电缆的插孔。端口可以连接到系统上的某种服务,类似物理插孔后面的接线。一个例子是 Apache Web 服务器(也称为 `httpd`)。对于 HTTP 非安全连接,Web 服务器通常要求在主机系统上使用端口 80,对于 HTTPS 安全连接通常要求使用 443。
|
||||||
|
|
||||||
|
当你连接到远程系统(例如,使用 Web 浏览器)时,你是将浏览器“连接”到你的主机上的端口。这通常是一个随机的高端口号,例如 54001。你的主机上的端口连接到远程主机上的端口(例如 443)来访问其安全的 Web 服务器。
|
||||||
|
|
||||||
|
那么,当你有这么多可用端口时,为什么还要使用端口转发呢?这是 Web 开发人员生活中的几种常见情况。
|
||||||
|
|
||||||
|
### 本地端口转发
|
||||||
|
|
||||||
|
想象一下,你正在名为 `remote.example.com` 的远程系统上进行 Web 开发。通常,你是通过 `ssh` 进入此系统的,但是它位于防火墙后面,而且该防火墙很少允许其他类型的访问,并且会阻塞大多数其他端口。要尝试你的网络应用,能够使用浏览器访问远程系统会很有帮助。但是,由于使用了讨厌的防火墙,你无法通过在浏览器中输入 URL 的常规方法来访问它。
|
||||||
|
|
||||||
|
本地转发使你可以通过 `ssh` 连接来建立可通过远程系统访问的端口。该端口在系统上显示为本地端口(因而称为“本地转发”)。
|
||||||
|
|
||||||
|
假设你的网络应用在 `remote.example.com` 的 8000 端口上运行。要将那个系统的 8000 端口本地转发到你系统上的 8000 端口,请在开始会话时将 `-L` 选项与 `ssh` 结合使用:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ssh -L 8000:localhost:8000 remote.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
等等,为什么我们使用 `localhost` 作为转发目标?这是因为从 `remote.example.com` 的角度来看,你是在要求主机使用其自己的端口 8000。(回想一下,任何主机通常可以通过网络连接 `localhost` 而连接到自身。)现在那个端口连接到你系统的 8000 端口了。`ssh` 会话准备就绪后,将其保持打开状态,然后可以在浏览器中键入 `http://localhost:8000` 来查看你的 Web 应用。现在,系统之间的流量可以通过 `ssh` 隧道安全地传输!
|
||||||
|
|
||||||
|
如果你有敏锐的眼睛,你可能已经注意到了一些东西。如果我们要 `remote.example.com` 转发到与 `localhost` 不同的主机名怎么办?如果它可以访问该网络上另一个系统上的端口,那么通常可以同样轻松地转发该端口。例如,假设你想访问也在该远程网络中的 `db.example.com` 的 MariaDB 或 MySQL 服务。该服务通常在端口 3306 上运行。因此,即使你无法 `ssh` 到实际的 `db.example.com` 主机,你也可以使用此命令将其转发:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ssh -L 3306:db.example.com:3306 remote.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
现在,你可以在 `localhost` 上运行 MariaDB 命令,而实际上是在使用 `db.example.com` 主机。
|
||||||
|
|
||||||
|
### 远程端口转发
|
||||||
|
|
||||||
|
远程转发让你可以进行相反操作。想象一下,你正在为办公室的朋友设计一个 Web 应用,并想向他们展示你的工作。不过,不幸的是,你在咖啡店里工作,并且由于网络设置,他们无法通过网络连接访问你的笔记本电脑。但是,你同时使用着办公室的 `remote.example.com` 系统,并且仍然可在这里登录。你的 Web 应用似乎在本地 5000 端口上运行良好。
|
||||||
|
|
||||||
|
远程端口转发使你可以通过 `ssh` 连接从本地系统建立端口的隧道,并使该端口在远程系统上可用。在开始 `ssh` 会话时,只需使用 `-R` 选项:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ssh -R 6000:localhost:5000 remote.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
现在,当在公司防火墙内的朋友打开浏览器时,他们可以进入 `http://remote.example.com:6000` 查看你的工作。就像在本地端口转发示例中一样,通信通过 `ssh` 会话安全地进行。
|
||||||
|
|
||||||
|
默认情况下,`sshd` 守护进程运行在设置的主机上,因此**只有**该主机可以连接它的远程转发端口。假设你的朋友希望能够让其他 `example.com` 公司主机上的人看到你的工作,而他们不在 `remote.example.com` 上。你需要让 `remote.example.com` 主机的所有者将以下选项**之一**添加到 `/etc/ssh/sshd_config` 中:
|
||||||
|
|
||||||
|
```
|
||||||
|
GatewayPorts yes # 或
|
||||||
|
GatewayPorts clientspecified
|
||||||
|
```
|
||||||
|
|
||||||
|
第一个选项意味着 `remote.example.com` 上的所有网络接口都可以使用远程转发的端口。第二个意味着建立隧道的客户端可以选择地址。默认情况下,此选项设置为 `no`。
|
||||||
|
|
||||||
|
使用此选项,你作为 `ssh` 客户端仍必须指定可以共享你这边转发端口的接口。通过在本地端口之前添加网络地址范围来进行此操作。有几种方法可以做到,包括:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ssh -R *:6000:localhost:5000 # 所有网络
|
||||||
|
$ ssh -R 0.0.0.0:6000:localhost:5000 # 所有网络
|
||||||
|
$ ssh -R 192.168.1.15:6000:localhost:5000 # 单个网络
|
||||||
|
$ ssh -R remote.example.com:6000:localhost:5000 # 单个网络
|
||||||
|
```
|
||||||
|
|
||||||
|
### 其他注意事项
|
||||||
|
|
||||||
|
请注意,本地和远程系统上的端口号不必相同。实际上,有时你甚至可能无法使用相同的端口。例如,普通用户可能不会在默认设置中转发到系统端口。
|
||||||
|
|
||||||
|
另外,可以限制主机上的转发。如果你需要在联网主机上更严格的安全性,那么这你来说可能很重要。 `sshd` 守护程进程的 `PermitOpen` 选项控制是否以及哪些端口可用于 TCP 转发。默认设置为 `any`,这让上面的所有示例都能正常工作。要禁止任何端口转发,请选择 `none`,或仅允许的特定的“主机:端口”。有关更多信息,请在手册页中搜索 `PermitOpen` 来配置 `sshd` 守护进程:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ man sshd_config
|
||||||
|
```
|
||||||
|
|
||||||
|
最后,请记住,只有在 `ssh` 会话处于打开状态时才会端口转发。如果需要长时间保持转发活动,请尝试使用 `-N` 选项在后台运行会话。确保控制台已锁定,以防止在你离开控制台时其被篡夺。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://fedoramagazine.org/using-ssh-port-forwarding-on-fedora/
|
||||||
|
|
||||||
|
作者:[Paul W. Frields][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[geekpi](https://github.com/geekpi)
|
||||||
|
校对:[wxy](https://github.com/wxy)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://fedoramagazine.org/author/pfrields/
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://fedoramagazine.org/wp-content/uploads/2019/10/ssh-port-forwarding-816x345.jpg
|
||||||
|
[2]: https://en.wikipedia.org/wiki/Secure_Shell
|
||||||
|
[3]: https://fedoramagazine.org/open-source-ssh-clients/
|
@ -1,5 +1,5 @@
|
|||||||
[#]: collector: (lujun9972)
|
[#]: collector: (lujun9972)
|
||||||
[#]: translator: ( )
|
[#]: translator: (geekpi)
|
||||||
[#]: reviewer: ( )
|
[#]: reviewer: ( )
|
||||||
[#]: publisher: ( )
|
[#]: publisher: ( )
|
||||||
[#]: url: ( )
|
[#]: url: ( )
|
||||||
|
@ -0,0 +1,271 @@
|
|||||||
|
[#]: collector: (lujun9972)
|
||||||
|
[#]: translator: ( )
|
||||||
|
[#]: reviewer: ( )
|
||||||
|
[#]: publisher: ( )
|
||||||
|
[#]: url: ( )
|
||||||
|
[#]: subject: (How to Install and Configure Nagios Core on CentOS 8 / RHEL 8)
|
||||||
|
[#]: via: (https://www.linuxtechi.com/install-nagios-core-rhel-8-centos-8/)
|
||||||
|
[#]: author: (James Kiarie https://www.linuxtechi.com/author/james/)
|
||||||
|
|
||||||
|
How to Install and Configure Nagios Core on CentOS 8 / RHEL 8
|
||||||
|
======
|
||||||
|
|
||||||
|
**Nagios** is a free and opensource network and alerting engine used to monitor various devices, such as network devices, and servers in a network. It supports both **Linux** and **Windows OS** and provides an intuitive web interface that allows you to easily monitor network resources. When professionally configured, it can alert you in the event a server or a network device goes down or malfunctions via email alerts. In this topic, we shed light on how you can install and configure Nagios core on **RHEL 8** / **CentOS 8**.
|
||||||
|
|
||||||
|
[![Install-Nagios-Core-RHEL8-CentOS8][1]][2]
|
||||||
|
|
||||||
|
### Prerequisites of Nagios Core
|
||||||
|
|
||||||
|
Before we begin, perform a flight check and ensure you have the following:
|
||||||
|
|
||||||
|
* An instance of RHEL 8 / CentOS 8
|
||||||
|
* SSH access to the instance
|
||||||
|
* A fast and stable internet connection
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
With the above requirements in check, let’s roll our sleeves!
|
||||||
|
|
||||||
|
### Step 1: Install LAMP Stack
|
||||||
|
|
||||||
|
For Nagios to work as expected, you need to install LAMP stack or any other web hosting stack since it’s going to run on a browser. To achieve this, execute the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# dnf install httpd mariadb-server php-mysqlnd php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
![Install-LAMP-stack-CentOS8][1]
|
||||||
|
|
||||||
|
You need to ensure that Apache web server is up and running. To do so, start and enable Apache server using the commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl start httpd
|
||||||
|
# systemctl enable httpd
|
||||||
|
```
|
||||||
|
|
||||||
|
![Start-enable-httpd-centos8][1]
|
||||||
|
|
||||||
|
To check the status of Apache server run
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl status httpd
|
||||||
|
```
|
||||||
|
|
||||||
|
![Check-status-httpd-centos8][1]
|
||||||
|
|
||||||
|
Next, we need to start and enable MariaDB server, run the following commands
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl start mariadb
|
||||||
|
# systemctl enable mariadb
|
||||||
|
```
|
||||||
|
|
||||||
|
![Start-enable-MariaDB-CentOS8][1]
|
||||||
|
|
||||||
|
To check MariaDB status run:
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl status mariadb
|
||||||
|
```
|
||||||
|
|
||||||
|
![Check-MariaDB-status-CentOS8][1]
|
||||||
|
|
||||||
|
Also, you might consider hardening or securing your server and making it less susceptible to unauthorized access. To secure your server, run the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# mysql_secure_installation
|
||||||
|
```
|
||||||
|
|
||||||
|
Be sure to set a strong password for your MySQL instance. For the subsequent prompts, Type **Yes** and hit **ENTER**
|
||||||
|
|
||||||
|
![Secure-MySQL-server-CentOS8][1]
|
||||||
|
|
||||||
|
### Step 2: Install Required packages
|
||||||
|
|
||||||
|
Apart from installing the LAMP server, some additional packages are needed for the installation and proper configuration of Nagios. Therefore, install the packages as shown below:
|
||||||
|
|
||||||
|
```
|
||||||
|
# dnf install gcc glibc glibc-common wget gd gd-devel perl postfix
|
||||||
|
```
|
||||||
|
|
||||||
|
![Install-requisite-packages-CentOS8][1]
|
||||||
|
|
||||||
|
### Step 3: Create a Nagios user account
|
||||||
|
|
||||||
|
Next, we need to create a user account for the Nagios user. To achieve this , run the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# adduser nagios
|
||||||
|
# passwd nagios
|
||||||
|
```
|
||||||
|
|
||||||
|
![Create-new-user-for-Nagios][1]
|
||||||
|
|
||||||
|
Now, we need to create a group for Nagios and add the Nagios user to this group.
|
||||||
|
|
||||||
|
```
|
||||||
|
# groupadd nagiosxi
|
||||||
|
```
|
||||||
|
|
||||||
|
Now add the Nagios user to the group
|
||||||
|
|
||||||
|
```
|
||||||
|
# usermod -aG nagiosxi nagios
|
||||||
|
```
|
||||||
|
|
||||||
|
Also, add Apache user to the Nagios group
|
||||||
|
|
||||||
|
```
|
||||||
|
# usermod -aG nagiosxi apache
|
||||||
|
```
|
||||||
|
|
||||||
|
![Add-Nagios-group-user][1]
|
||||||
|
|
||||||
|
### Step 4: Download and install Nagios core
|
||||||
|
|
||||||
|
We can now proceed and install Nagios Core. The latest stable version in Nagios 4.4.5 which was released on August 19, 2019. But first, download the Nagios tarball file from its official site.
|
||||||
|
|
||||||
|
To download Nagios core, first head to the tmp directory
|
||||||
|
|
||||||
|
```
|
||||||
|
# cd /tmp
|
||||||
|
```
|
||||||
|
|
||||||
|
Next download the tarball file
|
||||||
|
|
||||||
|
```
|
||||||
|
# wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.5.tar.gz
|
||||||
|
```
|
||||||
|
|
||||||
|
![Download-Nagios-CentOS8][1]
|
||||||
|
|
||||||
|
After downloading the tarball file, extract it using the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# tar -xvf nagios-4.4.5.tar.gz
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, navigate to the uncompressed folder
|
||||||
|
|
||||||
|
```
|
||||||
|
# cd nagios-4.4.5
|
||||||
|
```
|
||||||
|
|
||||||
|
Run the commands below in this order
|
||||||
|
|
||||||
|
```
|
||||||
|
# ./configure --with-command-group=nagcmd
|
||||||
|
# make all
|
||||||
|
# make install
|
||||||
|
# make install-init
|
||||||
|
# make install-daemoninit
|
||||||
|
# make install-config
|
||||||
|
# make install-commandmode
|
||||||
|
# make install-exfoliation
|
||||||
|
```
|
||||||
|
|
||||||
|
To setup Apache configuration issue the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# make install-webconf
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 5: Configure Apache Web Server Authentication
|
||||||
|
|
||||||
|
Next, we are going to setup authentication for the user **nagiosadmin**. Please be mindful not to change the username or else, you may be required to perform further configuration which may be quite tedious.
|
||||||
|
|
||||||
|
To set up authentication run the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
|
||||||
|
```
|
||||||
|
|
||||||
|
![Configure-Apache-webserver-authentication-CentOS8][1]
|
||||||
|
|
||||||
|
You will be prompted for the password of the nagiosadmin user. Enter and confirm the password as requested. This is the user that you will use to login to Nagios towards the end of this tutorial.
|
||||||
|
|
||||||
|
For the changes to come into effect, restart your web server.
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl restart httpd
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 6: Download & install Nagios Plugins
|
||||||
|
|
||||||
|
Plugins will extend the functionality of the Nagios Server. They will help you monitor various services, network devices, and applications. To download the plugin tarball file run the command:
|
||||||
|
|
||||||
|
```
|
||||||
|
# wget https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, extract the tarball file and navigate to the uncompressed plugin folder
|
||||||
|
|
||||||
|
```
|
||||||
|
# tar -xvf nagios-plugins-2.2.1.tar.gz
|
||||||
|
# cd nagios-plugins-2.2.1
|
||||||
|
```
|
||||||
|
|
||||||
|
To install the plugins compile the source code as shown
|
||||||
|
|
||||||
|
```
|
||||||
|
# ./configure --with-nagios-user=nagios --with-nagios-group=nagiosxi
|
||||||
|
# make
|
||||||
|
# make install
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 7: Verify and Start Nagios
|
||||||
|
|
||||||
|
After the successful installation of Nagios plugins, verify the Nagios configuration to ensure that all is well and there is no error in the configuration:
|
||||||
|
|
||||||
|
```
|
||||||
|
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
|
||||||
|
```
|
||||||
|
|
||||||
|
![Verify-Nagios-settings-CentOS8][1]
|
||||||
|
|
||||||
|
Next, start Nagios and verify its status
|
||||||
|
|
||||||
|
```
|
||||||
|
# systemctl start nagios
|
||||||
|
# systemctl status nagios
|
||||||
|
```
|
||||||
|
|
||||||
|
![Start-check-status-Nagios-CentOS8][1]
|
||||||
|
|
||||||
|
In case Firewall is running on system then allow “80” using the following command
|
||||||
|
|
||||||
|
```
|
||||||
|
# firewall-cmd --permanent --add-port=80/tcp# firewall-cmd --reload
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 8: Access Nagios dashboard via the web browser
|
||||||
|
|
||||||
|
To access Nagios, browse your server’s IP address as shown
|
||||||
|
|
||||||
|
<http://server-ip/nagios>
|
||||||
|
|
||||||
|
A pop-up will appear prompting for the username and the password of the user we created earlier in Step 5. Enter the credentials and hit ‘**Sign In**’
|
||||||
|
|
||||||
|
![Access-Nagios-via-web-browser-CentOS8][1]
|
||||||
|
|
||||||
|
This ushers you to the Nagios dashboard as shown below
|
||||||
|
|
||||||
|
![Nagios-dashboard-CentOS8][1]
|
||||||
|
|
||||||
|
We have finally successfully installed and configured Nagios Core on CentOS 8 / RHEL 8. Your feedback is most welcome.
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://www.linuxtechi.com/install-nagios-core-rhel-8-centos-8/
|
||||||
|
|
||||||
|
作者:[James Kiarie][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://www.linuxtechi.com/author/james/
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: 
|
||||||
|
[2]: https://www.linuxtechi.com/wp-content/uploads/2019/10/Install-Nagios-Core-RHEL8-CentOS8.jpg
|
@ -0,0 +1,69 @@
|
|||||||
|
[#]: collector: (lujun9972)
|
||||||
|
[#]: translator: ( )
|
||||||
|
[#]: reviewer: ( )
|
||||||
|
[#]: publisher: ( )
|
||||||
|
[#]: url: ( )
|
||||||
|
[#]: subject: (Enterprise JavaBeans, infrastructure predictions, and more industry trends)
|
||||||
|
[#]: via: (https://opensource.com/article/19/10/enterprise-javabeans-and-more-industry-trends)
|
||||||
|
[#]: author: (Tim Hildred https://opensource.com/users/thildred)
|
||||||
|
|
||||||
|
Enterprise JavaBeans, infrastructure predictions, and more industry trends
|
||||||
|
======
|
||||||
|
A weekly look at open source community and industry trends.
|
||||||
|
![Person standing in front of a giant computer screen with numbers, data][1]
|
||||||
|
|
||||||
|
As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.
|
||||||
|
|
||||||
|
## [Gartner: 10 infrastructure trends you need to know][2]
|
||||||
|
|
||||||
|
> Corporate network infrastructure is only going to get more involved over the next two to three years as automation, network challenges, and hybrid cloud become more integral to the enterprise.
|
||||||
|
|
||||||
|
**The impact:** The theme running through all these predictions is the impact of increased complexity. As consumers of technology, we expect things to get easier and easier. As producers of technology, we know what's going on behind the curtains to make that simplicity possible is its opposite.
|
||||||
|
|
||||||
|
## [Jakarta EE: What's in store for Enterprise JavaBeans?][3]
|
||||||
|
|
||||||
|
> [Enterprise JavaBeans (EJB)][4] has been very important to the Java EE ecosystem and promoted many robust solutions to enterprise problems. Besides that, in the past when integration techniques were not so advanced, EJB did great work with remote EJB, integrating many Java EE applications. However, remote EJB is not necessary anymore, and we have many techniques and tools that are better for doing that. So, does EJB still have a place in this new cloud-native world?
|
||||||
|
|
||||||
|
**The impact:** This offers some insights into how programming languages and frameworks evolve and change over time. Respond to changes in developer affinity by identifying the good stuff in a language and getting it landed somewhere else. Ideally that "somewhere else" should be an open standard so that no single vendor gets to control your technology destiny.
|
||||||
|
|
||||||
|
## [From virtualization to containerization][5]
|
||||||
|
|
||||||
|
> Before the telecom industry has got to grips with "step one" virtualization, many industry leaders are already moving on to the next level—containerization. This is a key part of making network software cloud-native i.e. designed, developed, and optimized to exploit cloud technology such as distributed processing and data stores.
|
||||||
|
|
||||||
|
**The impact:** There are certain industries that make big technology decisions on long time horizons; I can only imagine the FOMO that the fast-moving world of infrastructure technology could cause when you've picked something and it starts to look a bit crufty next to the new hotness.
|
||||||
|
|
||||||
|
## [How do you rollback deployments in Kubernetes?][6]
|
||||||
|
|
||||||
|
> There are several strategies when it comes to deploying apps into production. In Kubernetes, rolling updates are the default strategy to update the running version of your app. The rolling update cycles previous Pod out and bring newer Pod in incrementally.
|
||||||
|
|
||||||
|
**The impact:** What is the cloud-native distributed equivalent to **ctrl+z**? And aren't you glad there is one?
|
||||||
|
|
||||||
|
## [What's a Trusted Compute Base?][7]
|
||||||
|
|
||||||
|
> A few months ago, in an article called [Turtles—and chains of trust][8], I briefly mentioned Trusted Compute Bases, or TCBs, but then didn’t go any deeper. I had a bit of a search across the articles on this blog, and realised that I’ve never gone into this topic in much detail, which feels like a mistake, so I’m going to do it now.
|
||||||
|
|
||||||
|
**The impact:** The issue of to what extent you can trust the computer systems that power your whole life is only going to become more prevalent and more vexing. That turns out to be a great argument for open source from the bottom turtle (hardware) all the way up.
|
||||||
|
|
||||||
|
_I hope you enjoyed this list of what stood out to me from last week and come back next Monday for more open source community, market, and industry trends._
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://opensource.com/article/19/10/enterprise-javabeans-and-more-industry-trends
|
||||||
|
|
||||||
|
作者:[Tim Hildred][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://opensource.com/users/thildred
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/data_metrics_analytics_desktop_laptop.png?itok=9QXd7AUr (Person standing in front of a giant computer screen with numbers, data)
|
||||||
|
[2]: https://www.networkworld.com/article/3447397/gartner-10-infrastructure-trends-you-need-to-know.html
|
||||||
|
[3]: https://developers.redhat.com/blog/2019/10/22/jakarta-ee-whats-in-store-for-enterprise-javabeans/
|
||||||
|
[4]: https://docs.oracle.com/cd/E13222_01/wls/docs100/ejb/deploy.html
|
||||||
|
[5]: https://www.lightreading.com/nfv/from-virtualization-to-containerization/a/d-id/755016
|
||||||
|
[6]: https://learnk8s.io/kubernetes-rollbacks/
|
||||||
|
[7]: https://aliceevebob.com/2019/10/22/whats-a-trusted-compute-base/
|
||||||
|
[8]: https://aliceevebob.com/2019/07/02/turtles-and-chains-of-trust/
|
@ -0,0 +1,104 @@
|
|||||||
|
[#]: collector: (lujun9972)
|
||||||
|
[#]: translator: ( )
|
||||||
|
[#]: reviewer: ( )
|
||||||
|
[#]: publisher: ( )
|
||||||
|
[#]: url: ( )
|
||||||
|
[#]: subject: (Collapse OS – An OS Created to Run After the World Ends)
|
||||||
|
[#]: via: (https://itsfoss.com/collapse-os/)
|
||||||
|
[#]: author: (John Paul https://itsfoss.com/author/john/)
|
||||||
|
|
||||||
|
Collapse OS – An OS Created to Run After the World Ends
|
||||||
|
======
|
||||||
|
|
||||||
|
When most people think about preparing for a post-apocalyptic world, the first time that comes to mind is food and other living essentials. Recently, a programmer has decided that it would be just as important to create a versatile and survivable operating system after the collapse of society. We will be taking a look at it today, as best we can.
|
||||||
|
|
||||||
|
### Collapse OS – For when the fecal matter hits the rotating device
|
||||||
|
|
||||||
|
![][1]
|
||||||
|
|
||||||
|
The operating system in question is called [Collapse OS][2]. According to the website, Collapse OS is a “z80 kernel and a collection of programs, tools and documentation”. It would allow you to:
|
||||||
|
|
||||||
|
* Run on minimal and improvised machines.
|
||||||
|
* Interface through improvised means (serial, keyboard, display).
|
||||||
|
* Edit text files.
|
||||||
|
* Compile assembler source files for a wide range of MCUs and CPUs.
|
||||||
|
* Read and write from a wide range of storage devices.
|
||||||
|
* Replicate itself.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
The creator, [Virgil Dupras][3], started the project because [he sees][4] “our global supply chain to collapse before we reach 2030”. He bases this conclusion on the works of Pablo Servigne. He seems to understand that not everyone shares [his views][4]. “That being said, I don’t consider it unreasonable to not believe that collapse is likely to happen by 2030, so please, don’t feel attacked by my beliefs.”
|
||||||
|
|
||||||
|
The overall goal of the project is to jumpstart a post-collapse civilization’s return to the computer age. The production of electronics depends on a very complex supply chain. Once that supply chain crumbles, man will go back to a less technical age. It would take decades to regain our previous technical position. Dupras hopes to jump several steps by creating an ecosystem that will work with simpler chips that can be scavenged from a wide variety of sources.
|
||||||
|
|
||||||
|
### What is the z80?
|
||||||
|
|
||||||
|
The initial CollapseOS kernel is written for the [z80 chip][5]. As a retro computing history buff, I am familiar with [Zilog][6] and it’s z80 chip. In the late 1970s, Zilog introduced the z80 to compete with [Intel’s 8080][7] CPU. The z80 was used in a whole bunch of early personal computers, such as the [Sinclair ZX Spectrum][8] and the [Tandy TRS-80][9]. The majority of these systems used the [CP/M operating system][10], which was the top operating system of the time. (Interestingly, Dupras was originally looking to use an [open-source implementation o][11][f][11] [CP/M][11], but ultimately decided to [start from scratch][12].)
|
||||||
|
|
||||||
|
Both the z80 and CP/M started to decline in popularity after the [IBM PC][13] was released in 1981. Zilog did release several other microprocessors (Z8000 and Z80000), but these did not take off. The company switched its focus to microcontrollers. Today, an updated descendant of the z80 can be found in graphic calculators, embedded devices and consumer electronics.
|
||||||
|
|
||||||
|
Dupras said on [Reddit][14] that he wrote Collapse OS for the z80 because “it’s been in production for so long and because it’s been used in so many machines, scavenger have good chances of getting their hands on it.”
|
||||||
|
|
||||||
|
### Current status and future of the project
|
||||||
|
|
||||||
|
Collapse OS has a pretty decent start. It can self replicate with enough RAM and storage. It is capable of running on an [RC2014 homebrew computer][15] or a Sega Master System/MegaDrive (Genesis). It can read SD cards. It has a simple text editor. The kernel is made up of modules that are connected with glue code. This is designed to make the system flexible and adaptable.
|
||||||
|
|
||||||
|
There is also a detailed [roadmap][16] laying out the direction of the project. Listed goals include:
|
||||||
|
|
||||||
|
* Support for other CPUs, such as 8080 and [6502][17]
|
||||||
|
* Support for improvised peripherals, such as LCD screens, E-ink displays, and [ACIA devices][18].
|
||||||
|
* Support for more storage options, such as floppys, CDs, SPI RAM/ROMs, and AVR MCUs
|
||||||
|
* Get it to work on other z80 machines, such as [TI-83+][19] and [TI-84+][20] graphing calculators and TRS-80s
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
If you are interested in helping out or just taking a peek at the project, be sure to visit their [GitHub page][21].
|
||||||
|
|
||||||
|
### Final Thoughts
|
||||||
|
|
||||||
|
To put it bluntly, I see Collapse OS as more of a fun hobby project (for those who like building operating systems), than something useful. When a collapse does come, how will Collapse OS get distributed, since I imagine that GitHub will be down? I can’t imagine more than a handful of skill people being able to create a system from scavenged parts. There is a whole new generation of makers out there, but most of them are used to picking up an Arduino or a Raspberry Pi and building their project than starting from scratch.
|
||||||
|
|
||||||
|
Contrary to Dupras, my biggest concern is the use of [EMPs][22]. These things fry all electrical systems, meaning there would be nothing left to scavenge to build system. If that doesn’t happen, I imagine that we would be able to find enough x86 components made over the past 30 years to keep things going.
|
||||||
|
|
||||||
|
That being said, Collapse OS sounds like a fun and challenging project to people who like to program in low-level code for strange applications. If you are such a person, check out [Collapse OS][2].
|
||||||
|
|
||||||
|
Hypothetical question: what is your post-apocalyptic operating system of choice? Please let us know in the comments below.
|
||||||
|
|
||||||
|
If you found this article interesting, please take a minute to share it on social media, Hacker News or [Reddit][23].
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://itsfoss.com/collapse-os/
|
||||||
|
|
||||||
|
作者:[John Paul][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://itsfoss.com/author/john/
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/10/Collapse_OS.jpg?ssl=1
|
||||||
|
[2]: https://collapseos.org/
|
||||||
|
[3]: https://github.com/hsoft
|
||||||
|
[4]: https://collapseos.org/why.html
|
||||||
|
[5]: https://en.m.wikipedia.org/wiki/Z80
|
||||||
|
[6]: https://en.wikipedia.org/wiki/Zilog
|
||||||
|
[7]: https://en.wikipedia.org/wiki/Intel_8080
|
||||||
|
[8]: https://en.wikipedia.org/wiki/ZX_Spectrum
|
||||||
|
[9]: https://en.wikipedia.org/wiki/TRS-80
|
||||||
|
[10]: https://en.wikipedia.org/wiki/CP/M
|
||||||
|
[11]: https://github.com/davidgiven/cpmish
|
||||||
|
[12]: https://github.com/hsoft/collapseos/issues/52
|
||||||
|
[13]: https://en.wikipedia.org/wiki/IBM_Personal_Computer
|
||||||
|
[14]: https://old.reddit.com/r/collapse/comments/dejmvz/collapse_os_bootstrap_postcollapse_technology/f2w3sid/?st=k1gujoau&sh=1b344da9
|
||||||
|
[15]: https://rc2014.co.uk/
|
||||||
|
[16]: https://collapseos.org/roadmap.html
|
||||||
|
[17]: https://en.wikipedia.org/wiki/MOS_Technology_6502
|
||||||
|
[18]: https://en.wikipedia.org/wiki/MOS_Technology_6551
|
||||||
|
[19]: https://en.wikipedia.org/wiki/TI-83_series#TI-83_Plus
|
||||||
|
[20]: https://en.wikipedia.org/wiki/TI-84_Plus_series
|
||||||
|
[21]: https://github.com/hsoft/collapseos
|
||||||
|
[22]: https://en.wikipedia.org/wiki/Electromagnetic_pulse
|
||||||
|
[23]: https://reddit.com/r/linuxusersgroup
|
@ -1,107 +0,0 @@
|
|||||||
[#]: collector: (lujun9972)
|
|
||||||
[#]: translator: (geekpi)
|
|
||||||
[#]: reviewer: ( )
|
|
||||||
[#]: publisher: ( )
|
|
||||||
[#]: url: ( )
|
|
||||||
[#]: subject: (Using SSH port forwarding on Fedora)
|
|
||||||
[#]: via: (https://fedoramagazine.org/using-ssh-port-forwarding-on-fedora/)
|
|
||||||
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
|
|
||||||
|
|
||||||
在 Fedora 上使用 SSH 端口转发
|
|
||||||
======
|
|
||||||
|
|
||||||
![][1]
|
|
||||||
|
|
||||||
你可能已经熟悉使用 _ [ssh 命令][2]_ 访问远程系统。 _ssh_ 后面的协议允许终端输入和输出经过[安全通道][3]。但是你知道你也可以使用 _ssh_ 来安全地发送和接收其他数据吗?一种方法是使用_端口转发_,它允许你在进行 _ssh_ 会话时安全地连接网络端口。本文向你展示了它是如何工作的。
|
|
||||||
|
|
||||||
### 关于端口
|
|
||||||
|
|
||||||
标准 Linux 系统已分配了一组网络端口,范围是 0-65535。你的系统最多保留 1023 个端口供系统使用。在许多系统中,你不能选择使用这些低端口号。通常有几个端口用于运行特定的服务。你可以在系统的 _/etc/services_ 文件中找到这些定义。
|
|
||||||
|
|
||||||
你可以认为网络端口是类似物理端口或可以连接到电缆的插孔。端口可以连接到系统上的某种服务,类似物理插孔后面的接线。一个例子是 Apache Web 服务器(也称为 _httpd_)。对于 HTTP 非安全连接,Web 服务器通常要求在主机系统上使用端口 80,对于 HTTPS 安全连接通常要求使用 443。
|
|
||||||
|
|
||||||
当你连接到远程系统(例如,使用 Web 浏览器)时,你是将浏览器“连接”到主机上的端口。这通常是一个随机的高端口号,例如 54001。主机上的端口连接到远程主机上的端口(例如 443)来访问其安全的 Web 服务器。
|
|
||||||
|
|
||||||
那么,当你有这么多可用端口时,为什么还要使用端口转发呢?这是 Web 开发人员生活中的几种常见情况。
|
|
||||||
|
|
||||||
### 本地端口转发
|
|
||||||
|
|
||||||
想象一下,你正在名为 _remote.example.com_ 的远程系统上进行 Web 开发。通常,你是通过 _ssh_ 进入此系统的,但是它位于防火墙后面,而且该防火墙允许很少的其他访问,并且会阻塞大多数其他端口。要尝试你的网络应用,能够使用浏览器访问远程系统会很有帮助。但是,由于使用了讨厌的防火墙,你无法通过在浏览器中输入 URL 的常规方法来访问它。
|
|
||||||
|
|
||||||
本地转发使你可以通过 _ssh_ 连接来建立可通过远程系统访问的端口。该端口在系统上显示为本地端口(也称为“本地转发”)。
|
|
||||||
|
|
||||||
假设你的网络应用在 _remote.example.com_ 的 8000 端口上运行。要将那个系统的 8000 端口本地转发到你系统上的 8000 端口,请在开始会话时将 _-L_ 选项与 _ssh_ 结合使用:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ssh -L 8000:localhost:8000 remote.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
等等,为什么我们使用 _localhost_ 作为转发目标?这是因为从 _remote.example.com_ 的角度来看,你是在要求主机使用其自己的端口 8000。(回想一下,任何主机通常可以将自己作为 _localhost_ 来通过网络连接其自身。)现在那个端口连接到你系统的 8000 端口了。_ssh_ 会话准备就绪后,将其保持打开状态,然后可以在浏览器中键入 _<http://localhost:8000>_ 来查看你的 Web 应用。现在,系统之间的流量可以通过 _ssh_ 隧道安全地传输!
|
|
||||||
|
|
||||||
如果你有敏锐的眼睛,你可能已经注意到了一些东西。如果我们使用与 _localhost_ 不同的主机名来转发 _remote.example.com_ 怎么办?如果它可以访问其网络上另一个系统上的端口,那么通常可以同样轻松地转发该端口。例如,假设你想在远程网络的 _db.example.com_ 中访问 MariaDB 或 MySQL 服务。该服务通常在端口 3306 上运行。因此,即使你无法 _ssh_ 到实际的 _db.example.com_ 主机,你也可以使用此命令将其转发:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ssh -L 3306:db.example.com:3306 remote.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
现在,你可以在 _localhost_ 上运行 MariaDB 命令,这实际上是在使用 _db.example.com_ 主机。
|
|
||||||
|
|
||||||
### 远程端口转发
|
|
||||||
|
|
||||||
远程转发让你可以进行相反操作。想象一下,你正在为办公室的朋友设计一个 Web 应用,并想向他们展示你的工作。不过,不幸的是,你在咖啡店里工作,并且由于网络设置,他们无法通过网络连接访问你的笔记本电脑。但是,你同时使用着办公室的 _remote.example.com_ 系统,并且仍然可在这里登录。你的 Web 应用似乎在本地 5000 端口上运行良好。
|
|
||||||
|
|
||||||
远程端口转发使你可以通过 _ssh_ 连接从本地系统建立端口的隧道,并使该端口在远程系统上可用。在开始 _ssh_ 会话时,只需使用 _-R_ 选项:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ssh -R 6000:localhost:5000 remote.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
现在,当在公司防火墙内的朋友打开浏览器时,他们可以进入 _ <http://remote.example.com:6000> _ 并查看你的工作。就像在本地端口转发示例中一样,通信通过 _ssh_ 会话安全地进行。
|
|
||||||
|
|
||||||
默认情况下,_sshd_ 设置在本机运行,因此**只有**该主机可以连接它的远程转发端口。假设你的朋友希望能够让其他 _example.com_ 公司主机上的人看到你的工作,而他们不在 _remote.example.com_ 上。你需要让 _remote.example.com_ 主机的所有者将以下选项之**一**添加 _/etc/ssh/sshd_config_ 中:
|
|
||||||
|
|
||||||
```
|
|
||||||
GatewayPorts yes # 或
|
|
||||||
GatewayPorts clientspecified
|
|
||||||
```
|
|
||||||
|
|
||||||
第一个选项意味着 _remote.example.com_ 上的所有网络接口都可以使用远程转发的端口。第二个意味着建立隧道的客户端可以选择地址。默认情况下,此选项设置为 **no**。
|
|
||||||
|
|
||||||
With this option, you as the _ssh_ client must still specify the interfaces on which the forwarded port on your side can be shared. Do this by adding a network specification before the local port. There are several ways to do this, including the following:
|
|
||||||
使用此选项,作为 _ssh_ 客户端你仍必须指定可以共享你这边转发端口的接口。通过在本地端口之前添加网络规范来进行操作。有几种方法可以做到,包括:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ssh -R *:6000:localhost:5000 # 所有网络
|
|
||||||
$ ssh -R 0.0.0.0:6000:localhost:5000 # 所有网络
|
|
||||||
$ ssh -R 192.168.1.15:6000:localhost:5000 # 单个网络
|
|
||||||
$ ssh -R remote.example.com:6000:localhost:5000 # 单个网络
|
|
||||||
```
|
|
||||||
|
|
||||||
### 其他注意事项
|
|
||||||
|
|
||||||
请注意,本地和远程系统上的端口号不必相同。实际上,有时你甚至可能无法使用相同的端口。例如,普通用户可能不会在默认设置中转发到系统端口。
|
|
||||||
|
|
||||||
另外,可以限制主机上的转发。如果你需要在联网主机上更严格的安全性,那么这你来说可能很重要。 _sshd_ 守护程进程 _PermitOpen_ 选项控制是否以及哪些端口可用于 TCP 转发。默认设置为 **any**,这让上面的所有示例都能正常工作。要禁止任何端口转发,请选择 “none”,或仅允许的特定的“主机:端口”。有关更多信息,请在手册页中搜索 _PermitOpen_ 来配置 _sshd_ 守护进程:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ man sshd_config
|
|
||||||
```
|
|
||||||
|
|
||||||
最后,请记住,只有在 _ssh_ 会话处于打开状态时才会端口转发。如果需要长时间保持转发活动,请尝试使用 _-N_ 选项在后台运行会话。确保控制台已锁定,以防止在你离开控制台时对其进行篡改。
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: https://fedoramagazine.org/using-ssh-port-forwarding-on-fedora/
|
|
||||||
|
|
||||||
作者:[Paul W. Frields][a]
|
|
||||||
选题:[lujun9972][b]
|
|
||||||
译者:[geekpi](https://github.com/geekpi)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]: https://fedoramagazine.org/author/pfrields/
|
|
||||||
[b]: https://github.com/lujun9972
|
|
||||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/10/ssh-port-forwarding-816x345.jpg
|
|
||||||
[2]: https://en.wikipedia.org/wiki/Secure_Shell
|
|
||||||
[3]: https://fedoramagazine.org/open-source-ssh-clients/
|
|
Loading…
Reference in New Issue
Block a user