Windows on Rickyhttps://linzeyan.github.io/zh-tw/categories/windows/Recent content in Windows on RickyHugo -- gohugo.iozh-twTue, 03 Jan 2023 12:36:00 +0800Windows SSH setuphttps://linzeyan.github.io/zh-tw/posts/2023/20230103-windows-ssh-setup/Tue, 03 Jan 2023 12:36:00 +0800https://linzeyan.github.io/zh-tw/posts/2023/20230103-windows-ssh-setup/<ul> <li><a href="https://ansible.cloudns.pro/post/windows-ssh-setup/" target="_blank" rel="noopener">Windows SSH setup</a></li> <li><a href="https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse" target="_blank" rel="noopener">Install OpenSSH for Windows</a></li> </ul> <ol> <li>預設的 shell 是使用 cmd,照文件說,若需要修改,是要改 ansible_shell_type 變數,這應該是要在 inventory 主機裡加入主機變數:ansible_shell_type,變數內容可以是 cmd 或 powershell。</li> <li>inventory 主機裡要加入 ansible_connection 主機變數,告知要使用 ssh 連線。(<code>192.168.192.11 ansible_user=Administrator ansible_connection=ssh ansible_shell_type=cmd </code>)</li> <li>可能會需要在 ansible.cfg 裡加上 remote_tmp 設定,指定為 C:\TEMP</li> <li>Playbook 裡可以使用 <code>win_</code> 開頭的模組,或是使用 raw 模組</li> </ol>WSL 2 的 .wslconfig 設定檔說明https://linzeyan.github.io/zh-tw/posts/2020/20201230-e4619f17e8d252b9ff72579ac271881c/Wed, 30 Dec 2020 21:24:12 +0800https://linzeyan.github.io/zh-tw/posts/2020/20201230-e4619f17e8d252b9ff72579ac271881c/<ul> <li><a href="https://gist.github.com/doggy8088/e4619f17e8d252b9ff72579ac271881c" target="_blank" rel="noopener">WSL 2 的 .wslconfig 設定檔說明</a></li> <li><a href="https://docs.microsoft.com/en-us/windows/wsl/release-notes#build-18945" target="_blank" rel="noopener">Release Notes for Windows Subsystem for Linux | Microsoft Docs - Build 18945</a></li> <li><a href="https://www.huanlintalk.com/2020/02/wsl-2-installation.html" target="_blank" rel="noopener">在 Windows 10 環境上安裝 WSL 2</a></li> <li><a href="https://blog.miniasp.com/post/2020/07/26/Multiple-Linux-Dev-Environment-build-on-WSL-2#google_vignette" target="_blank" rel="noopener">使用 WSL 2 打造優質的多重 Linux 開發環境</a></li> </ul> <hr> <p>安裝 WSL 2 的步驟:</p> <ul> <li>加入 Windows Insider Program(此步驟不可省略)</li> <li>啟用 WSL 必要元件</li> <li>安裝 Linux 發行版本</li> <li>設定 WSL 2 支援的 Linux 發行版本</li> <li>WSL 2 問題排除:啟用壓縮功能的虛擬磁碟檔案無法轉換成 WSL 2 架構</li> <li>安裝及啟動 Docker</li> <li>安裝 Docker Desktop v2.2.1.0</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e"># 啟用 WSL 必要元件</span> </span></span><span style="display:flex;"><span>dism.exe /online /enable-feature /featurename<span style="color:#960050;background-color:#1e0010">:</span>Microsoft-Windows-Subsystem-Linux /all /norestart </span></span><span style="display:flex;"><span>dism.exe /online /enable-feature /featurename<span style="color:#960050;background-color:#1e0010">:</span>VirtualMachinePlatform /all /norestart </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 WSL 2 支援的 Linux 發行版本</span> </span></span><span style="display:flex;"><span>wsl --set-version ubuntu <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span>wsl --set-default-version <span style="color:#ae81ff">2</span> </span></span></code></pre></div><hr> <ul> <li> <p>編輯 <code>%UserProfile%\.wslconfig</code> 檔案</p>使用 oh-my-posh 美化 PowerShell 樣式https://linzeyan.github.io/zh-tw/posts/2020/20201210-setting-powershell-theme-with-oh-my-posh/Thu, 10 Dec 2020 13:15:59 +0800https://linzeyan.github.io/zh-tw/posts/2020/20201210-setting-powershell-theme-with-oh-my-posh/<ul> <li><a href="https://blog.poychang.net/setting-powershell-theme-with-oh-my-posh/" target="_blank" rel="noopener">使用 oh-my-posh 美化 PowerShell 樣式</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e"># 這會從 PowerShell Gallery 下載並安裝 posh-git 和 oh-my-posh 這兩個模組,前者是在命令列中顯示 Git 專案的相關資訊,後者則是美美的樣式套件</span> </span></span><span style="display:flex;"><span>Install-Module posh-git -Scope CurrentUser </span></span><span style="display:flex;"><span>Install-Module oh-my-posh -Scope CurrentUser </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 接著我們要修改 PowerShell 啟動時所載入的設定檔,在 PowerShell 中輸入 $PROFILE 可得到當前使用者啟動 PowerShell 時,會載入的個人設定檔位置。</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 你的電腦可能沒有這個實體檔案,這時可以執行下面的指令,如果沒有該設定檔,則建立一個,然後使用 notepad 來開啟該設定檔。</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span> (!(Test-Path -Path $PROFILE )) { New-Item -Type File -Path $PROFILE -Force } </span></span><span style="display:flex;"><span>notepad $PROFILE </span></span></code></pre></div><p>最後在該設定檔中加入下列指令</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span>Import-Module posh-git </span></span><span style="display:flex;"><span>Import-Module oh-my-posh </span></span><span style="display:flex;"><span>Set-Theme Paradox </span></span></code></pre></div><p>oh-my-posh 內建了很多樣式,你也可以使用 Get-Theme 這個 Cmdlet 指令取得 oh-my-posh 有提供的所有樣式及相關檔案位置</p>用 IIS、.NET 4.5 與 Octopus Deploy 建立 Windows Server Vagrant boxhttps://linzeyan.github.io/zh-tw/posts/2020/20201203-provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/Thu, 03 Dec 2020 12:39:01 +0800https://linzeyan.github.io/zh-tw/posts/2020/20201203-provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/<ul> <li><a href="https://kwilson.io/blog/provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/" target="_blank" rel="noopener">用 IIS、.NET 4.5 與 Octopus Deploy 建立 Windows Server Vagrant box</a></li> <li><a href="https://stackoverflow.com/questions/64242931/how-to-use-a-powershell-script-during-vagrant-up-on-host-correctly" target="_blank" rel="noopener">在 host 端執行 vagrant up 時如何正確使用 PowerShell script?</a></li> <li><a href="https://akrabat.com/first-steps-with-windows-on-vagrant/" target="_blank" rel="noopener">Windows 在 Vagrant 上的起步</a></li> <li><a href="https://followkman.com/2016/07/27/vagrant-up-on-windows-10-with-hyper-v/" target="_blank" rel="noopener">https://followkman.com/2016/07/27/vagrant-up-on-windows-10-with-hyper-v/</a></li> </ul>openvpn部署之部署基於AD域認證https://linzeyan.github.io/zh-tw/posts/2020/20200917-5b892a0b2b71775d1ce04eff/Thu, 17 Sep 2020 13:15:33 +0800https://linzeyan.github.io/zh-tw/posts/2020/20200917-5b892a0b2b71775d1ce04eff/<ul> <li><a href="https://www.twblogs.net/a/5b892a0b2b71775d1ce04eff" target="_blank" rel="noopener">openvpn 部署之部署基於 AD 域認證</a></li> <li><a href="https://jameschien.no-ip.biz/wordpress/2020/02/19/openvpn-pam-sssd-active-directory/" target="_blank" rel="noopener">OpenVPN + PAM + SSSD + Active Directory</a></li> <li><a href="https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/" target="_blank" rel="noopener">https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/</a></li> <li><a href="https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8" target="_blank" rel="noopener">https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8</a></li> <li><a href="https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5" target="_blank" rel="noopener">https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 安裝openvpn</span> </span></span><span style="display:flex;"><span>yum install openvpn -y </span></span><span style="display:flex;"><span>yum -y install openssl openssl-devel -y </span></span><span style="display:flex;"><span>yum -y install lzo lzo-devel -y </span></span><span style="display:flex;"><span>yum install -y libgcrypt libgpg-error libgcrypt-devel </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝openvpn認證插件</span> </span></span><span style="display:flex;"><span>yum install openvpn-auth-ldap -y </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝easy-rsa</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 由於openvpn2.3之後,在openvpn裏面剔除了easy-rsa文件,所以需要單獨安裝</span> </span></span><span style="display:flex;"><span>yum install easy-rsa </span></span><span style="display:flex;"><span>cp -rf /usr/share/easy-rsa/2.0 /etc/opevpn/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 生成openvpn的key及證書</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 修改 `/opt/openvpn/etc/easy-rsa/2.0/vars` 參數</span> </span></span><span style="display:flex;"><span>export KEY_COUNTRY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;CN&#34;</span> <span style="color:#75715e"># 國家</span> </span></span><span style="display:flex;"><span>export KEY_PROVINCE<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;ZJ&#34;</span> <span style="color:#75715e"># 省份</span> </span></span><span style="display:flex;"><span>export KEY_CITY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;NingBo&#34;</span> <span style="color:#75715e"># 城市</span> </span></span><span style="display:flex;"><span>export KEY_ORG<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;TEST-VPN&#34;</span> <span style="color:#75715e"># 組織</span> </span></span><span style="display:flex;"><span>exportKEY_EMAIL<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;81367070@qq.com&#34;</span> <span style="color:#75715e"># 郵件</span> </span></span><span style="display:flex;"><span>export KEY_OU<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;baidu&#34;</span> <span style="color:#75715e"># 單位</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>source vars </span></span><span style="display:flex;"><span>./clean-all </span></span><span style="display:flex;"><span>./build-ca </span></span><span style="display:flex;"><span>./build-dh </span></span><span style="display:flex;"><span>./build-key-server server </span></span><span style="display:flex;"><span>./build-key client1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 編輯openvpn服務端配置文件:`/etc/openvpn/server.conf`</span> </span></span><span style="display:flex;"><span>port <span style="color:#ae81ff">1194</span> </span></span><span style="display:flex;"><span>proto udp </span></span><span style="display:flex;"><span>dev tun </span></span><span style="display:flex;"><span>ca keys/ca.crt </span></span><span style="display:flex;"><span>cert keys/server.crt </span></span><span style="display:flex;"><span>key keys/server.key <span style="color:#75715e"># This file should be kept secret</span> </span></span><span style="display:flex;"><span>dh keys/dh2048.pem </span></span><span style="display:flex;"><span>server 10.8.0.0 255.255.255.0 //客戶端分配的ip地址 </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;route 192.168.1.0 255.255.255.0&#34;</span> //推送客戶端的路由 </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;redirect-gateway&#34;</span> //修改客戶端的網關,使其直接走vpn流量 </span></span><span style="display:flex;"><span>ifconfig-pool-persist ipp.txt </span></span><span style="display:flex;"><span>keepalive <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">120</span> </span></span><span style="display:flex;"><span>comp-lzo </span></span><span style="display:flex;"><span>persist-key </span></span><span style="display:flex;"><span>persist-tun </span></span><span style="display:flex;"><span>status openvpn-status.log </span></span><span style="display:flex;"><span>verb <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span>plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so <span style="color:#e6db74">&#34;/etc/openvpn/auth/ldap.conf&#34;</span> </span></span><span style="display:flex;"><span>client-cert-not-required </span></span><span style="display:flex;"><span>username-as-common-name </span></span><span style="display:flex;"><span>log /var/log/openvpn.log </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 修改openvpn-ldap-auth的配置文件 `/etc/openvpn/auth/ldap.conf`</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># /etc/openvpn/auth/ldap.conf</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;LDAP&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># LDAP server URL</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 更改爲 AD 服務器的 IP</span> </span></span><span style="display:flex;"><span> URL ldap://172.16.76.238:389 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind DN (If your LDAP server doesn&#39;t support anonymous binds)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BindDN uid=Manager,ou=People,dc=example,dc=com</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 更改爲域管理的 DN, 可以通過 ldapsearch 進行查詢</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># -h 的 ip 替換爲服務器 ip,-D 換爲管理員的 dn,-b 爲基礎的查詢 dn,* 爲所有</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># ldapsearch -LLL -x -h 172.16.76.238 -D &#34;administrator@xx.com&#34; -W -b &#34;dc=xx,dc=com&#34; &#34;*&#34;</span> </span></span><span style="display:flex;"><span> BindDN <span style="color:#e6db74">&#34;cn=administrator,cn=Users,dc=xx,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind Password</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Password SecretPassword</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 域管理員的密碼</span> </span></span><span style="display:flex;"><span> Password passwd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Network timeout (in seconds)</span> </span></span><span style="display:flex;"><span> Timeout <span style="color:#ae81ff">15</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Enable Start TLS</span> </span></span><span style="display:flex;"><span> TLSEnable no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Follow LDAP Referrals (anonymously)</span> </span></span><span style="display:flex;"><span> FollowReferrals no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate File</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertFile /usr/local/etc/ssl/ca.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate Directory</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertDir /etc/ssl/certs</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Client Certificate and key</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># If TLS client authentication is required</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCertFile /usr/local/etc/ssl/client-cert.pem</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSKeyFile /usr/local/etc/ssl/client-key.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Cipher Suite</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># The defaults are usually fine here</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCipherSuite ALL:!ADH:@STRENGTH</span> </span></span><span style="display:flex;"><span>&lt;/LDAP&gt; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;Authorization&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Base DN</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 查詢認證的基礎 dn</span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># User Search Filter</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(&amp;(uid=%u)(accountStatus=active))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 其中 sAMAccountName=%u 的意思是把 sAMAccountName 的字段取值爲用戶名,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 後面 &#34;memberof=CN=myvpn,DC=xx,DC=com&#34; 指向要認證的 vpn 用戶組,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 這樣任何用戶使用 vpn,只要加入這個組就好了</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(&amp;(sAMAccountName=%u)(memberof=CN=myvpn,DC=boqii-inc,DC=com))&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Require Group Membership</span> </span></span><span style="display:flex;"><span> RequireGroup false </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add non-group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_users</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> &lt;Group&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BaseDN &#34;ou=Groups,dc=example,dc=com&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(|(cn=developers)(cn=artists))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># MemberAttribute uniqueMember</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_eng</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;ou=vpn,dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(cn=openvpn)&#34;</span> </span></span><span style="display:flex;"><span> MemberAttribute <span style="color:#e6db74">&#34;member&#34;</span> </span></span><span style="display:flex;"><span> &lt;/Group&gt; </span></span><span style="display:flex;"><span>&lt;/Authorization&gt; </span></span></code></pre></div><p>拷貝<code>/etc/openvpn/key</code>目錄下的<code>ca.crt</code>證書,以備客戶端使用。</p>