update user set plugin="mysql_native_password";


1.) Requirements before you start installing phpipam, please make sure you meet following requirements: Apache2 webserver with php support or
Nginx with php-fpm Mysql server (5.1+) PHP: version 5.3 supported to
phpipam version 1.3.1 version 5.4 version 7.2 and higher supported
from phpipam release 1.3.2 PHP modules: pdo, pdo_mysql : Adds support
for mysql connections session : Adds persistent session support
sockets : Adds sockets support openssl : Adds openSSL support gmp :
Adds support for dev-libs/gmp (GNU MP library) -> to calculate IPv6
networks ldap : Adds LDAP support (Lightweight Directory Access
Protocol – for AD also) crypt : Add support for password encryption
SimpleXML: Support for SimpleXML (optional, for RIPE queries and if
required for API) json: Enable JSON support gettext: Enables
translation filter : Adds filtering support pcntl : Add support for
process creation functions (optional, required for scanning) cli :
Enable CLI (optional, required for scanning and status checks)
mbstring : Enable mbstring support php PEAR support Usually most php
modules all are built into default php installation. If some required
modules are missing phpipam will fail with warning and notify you
about them.

You can check which php modules are enabled by issuing php -m in
command line.

直接从GitHub clone
git clone https://github.com/phpipam/phpipam.git /wwwroot/ipam
git checkout -b 1.3 origin/1.3


1.) phpIPAM version 1.3.2 and higher If you are using phpIPAM version 1.3.2 or higher please use below snippet to configure your nginx server. We assume phpipam will be on separate subfolder on webserver,
e.g. http://hostname/phpipam/, if not adjust settings accordingly.

  server {
    # root directory
    root   /var/www/;

    # phpipam
    location /phpipam/ {
        try_files $uri $uri/ /phpipam/index.php;
        index index.php;
    # phpipam - api
    location /phpipam/api/ {
        try_files $uri $uri/ /phpipam/api/index.php;

    # php-fpm
    location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php-fpm.socket;
        fastcgi_index  index.php;
        try_files      $uri $uri/ index.php = 404;
        include        fastcgi_params;
    }  }

2.) phpIPAM up to version 1.3.1 For older phpIPAM versions please use below snippet. Again we assume phpipam will be on separate subfolder
on webserver.

server {
    # root directory
    root   /var/www/;

    # phpipam
    location /phpipam/ {
        try_files $uri $uri/ =404;
        index index.php;

        error_page 500 /app/error/index.php;
        error_page 404 /app/error/index.php;
        error_page 403 /app/error/index.php;

        rewrite ^/phpipam/login/dashboard/?$ /phpipam/dashboard/ redirect;
        rewrite ^/phpipam/logout/dashboard/?$ /phpipam/dashboard/ redirect;
        rewrite ^/phpipam/tools/search/(.*)/(.*)/(.*)/(.*)/([^/]+)$ /phpipam/index.php?page=tools§ion=search&addresses=$1&subnets=$2&vlans=$3&vrf=$4&ip=$5
        rewrite ^/phpipam/tools/search/(.*) /phpipam/index.php?page=tools§ion=search&ip=$1 last;
        rewrite ^/phpipam/(.*)/(.*)/(.*)/(.*)/(.*)/([^/]+)/? /phpipam/index.php?page=$1§ion=$2&subnetId=$3&sPage=$4&ipaddrid=$5&tab=$6
        rewrite ^/phpipam/(.*)/(.*)/(.*)/(.*)/([^/]+)/? /phpipam/index.php?page=$1§ion=$2&subnetId=$3&sPage=$4&ipaddrid=$5
        rewrite ^/phpipam/(.*)/(.*)/(.*)/([^/]+)/? /phpipam/index.php?page=$1§ion=$2&subnetId=$3&sPage=$4 last;
        rewrite ^/phpipam/(.*)/(.*)/([^/]+)/? /phpipam/index.php?page=$1§ion=$2&subnetId=$3 last;
        rewrite ^/phpipam/(.*)/([^/]+)/? /phpipam/index.php?page=$1§ion=$2 last;
        rewrite ^/phpipam/([^/]+)/? /phpipam/index.php?page=$1 last;
    # phpipam - api
    location /phpipam/api {
        rewrite ^/phpipam/api/(.*)/(.*)/(.*)/(.*)/(.*) /phpipam/api/index.php?app_id=$1&controller=$2&id=$3&id2=$4&id3=$5
        rewrite ^/phpipam/api/(.*)/(.*)/(.*)/(.*) /phpipam/api/index.php?app_id=$1&controller=$2&id=$3&id2=$4 last;
        rewrite ^/phpipam/api/(.*)/(.*)/(.*) /phpipam/api/index.php?app_id=$1&controller=$2&id=$3 last;
        rewrite ^/phpipam/api/(.*)/(.*) /phpipam/api/index.php?app_id=$1&controller=$2 last;
        rewrite ^/phpipam/api/(.*) /phpipam/api/index.php?app_id=$1 last;
    location /phpipam/css {
        try_files $uri $uri/ =404;
    location /phpipam/js {
        try_files $uri $uri/ =404;

    # php-fpm
    location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php-fpm.socket;
        fastcgi_index  index.php;
        try_files      $uri $uri/ index.php = 404;
        include        fastcgi_params;
    }  }

aptitude install php7.2-gd php-pear php7.2-pdo-mysql php7.2-mbstring php7.2-json php7.2-xml php7.2-gmp ,对LDAP有需求的可以安装php7.2-ldap


3.) Initial configuration Before you start installing database files, you need to enter database details, that you will use for phpipam
connecting to database. First copy config.dist.php to config.php and
enter required details. For automatic installation phpipam will
configure database with settings you enter in config.php file, for
manual installation you will have to do it yourself.

$db['host'] = "localhost";
$db['user'] = "phpipam";
$db['pass'] = "phpipamadmin";
$db['name'] = "phpipam";

also, if you extracted
phpipam directory in any other directory than web server root folder,
you need to set that as well (BASE directive) in config.php:

define('BASE', "/");

For example, if you will have phpipam
installed in http://myserver/phpipam/ directory than set BASE as /phpipam/.


You can manually import sql SCHEMA file via mysql’s cli, but first you
need to create database and grant user permission (replace user/pass
with one you set in config.php):

# mysql -u root -p Enter
mysql> create database phpipam;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL on phpipam.* to phpipam@localhost identified by ‘phpipamadmin’;
Query OK, 0 rows affected (0.00 sec)
mysql> exit

Once this is in place, you can import SCHEMA.sql file with following command:
mysql -u root -p phpipam < db/SCHEMA.sql

OpenConnect VPN Server官方网站 http://www.infradead.org/ocserv/
官方安装指南 https://github.com/openconnect/recipes
已经在Debian packages上线,可以使用apt install ocserv安装,而不用自己编译。
因为是SSL VPN,需要一个SSL证书(可以使用自签名,不过有Cisco AnyConnect会有安全提示)openssl req -newkey rsa:2048 -nodes -keyout ssl.key -x509 -days 365 -out ssl.crt -subj "/C=CN/ST=GD/L=GZ/O=GFeng/OU=IT/CN="
验证CRTopenssl x509 -in cacert.pem -text -noout
CSR方式 openssl req -newkey rsa:2048 -nodes -keyout ssl.key -out ssl.req -subj "/C=CN/ST=GD/L=GZ/O=GFeng/OU=IT/CN="
验证CSRopenssl req -in ssl.req -text -noout
生成DH算法文件,openssl dhparam -out dh.pem 1024
打开IPv4转发,net.ipv4.ip_forward = 1

iptables -t nat-A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
ip link set txqueuelen 10000 dev eth0
output-buffer = 23000 
try-mtu-discovery = true 

net.core.rmem_max = 67108864 
net.core.wmem_max = 67108864 
net.ipv4.tcp_rmem = 4096 87380 33554432 
net.ipv4.tcp_wmem = 4096 65536 33554432 
net.core.netdev_max_backlog = 30000 

支持IPv6只需打开转发即可net.ipv6.conf.all.forwarding = 1

重新载入配置 occtl reload


root@GF-CN-GZ-deb01:~# who
root     pts/1        2018-03-08 07:48 (
root     pts/2        2018-03-08 08:26 (
root     pts/3        2018-03-08 08:38 (
root     pts/4        2018-03-08 08:38 (
root@GF-CN-GZ-deb01:~# ps -ft pts/1
root     24811 24803  0 07:48 pts/1    00:00:00 -bash
root     24880 24811  0 07:51 pts/1    00:00:00 vi submit.php
root@GF-CN-GZ-deb01:~# kill -9 24811


root@GF-CN-GZ-deb01:~# who -la
           system boot  2018-03-07 07:28
           run-level 5  2018-03-07 07:28
LOGIN      ttyS0        2018-03-07 07:28               426 id=tyS0
LOGIN      tty1         2018-03-07 07:28               423 id=tty1
           pts/0        2018-03-08 09:28             25753 id=ts/0  term=0 exit=0
           pts/1        2018-03-08 09:32             24811 id=ts/1  term=0 exit=0
           pts/2        2018-03-08 09:32             24970 id=ts/2  term=0 exit=0
root     - pts/3        2018-03-08 08:38   .         24991 (
           pts/4        2018-03-08 09:32             25013 id=ts/4  term=0 exit=0
root@GF-CN-GZ-deb01:~# pkill -9 -t pts/3


# curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" URL
# curl –u user:pass URL


-d,–data:http post方式传送数据


# systemctl list-unit-files|grep enabled

# systemctl enable ssh

# systemctl disable ssh

# systemctl status ssh

查找空密码用户cat /etc/shadow|awk -F: '($2==""){print $1}'


# 设置pam_unix.so的属性,remember=X ,还可以设置最短密码长度 minlen=X
# Debian系列设置 /etc/pam.d/common-auth ,Redhat系列设置 /etc/pam.d/system-auth


# 移除被ban IP
# fail2ban-client set JAIL unbanip IPADDRESS
# 测试配置文件正常
# fail2ban-client -d
# 测试能否匹配正则表达式
# fail2ban-regex /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-forbidden.conf

一条匹配error.log记录forbidden的正则^ \[error\] \d+#\d+: \*\d+ directory .* is forbidden, client: <HOST>

iptables -A INPUT -m string --algo bm --string "something" -j DROP
iptables -A FORWARD -m string --algo bm --string "something" -j DROP
iptables -A OUTPUT -m string --algo bm --string "something" -j DROP
nohup ./some.sh > out.file 2>&1 &!
# &!是zsh专用,不加!退不了SSH session


2018/04/19 17:18:58 [error] 2438#2438: *22 client intended to send too large body: 2687556 bytes, client:, server: example.com, request: "POST something", host: "example.com", referrer: "http://example.com/"

在stackoverflow找到解决方法 nginx - client_max_body_size has no effect

The trick is to put "client_max_body_size 200M;" in at least two places http {} and server {}:


Update php.ini (Find right ini file from phpinfo();) and increase post_max_size and upload_max_filesize to size you want:

post_max_size = 200M
upload_max_filesize = 200M

如果您看到这篇文章,表示您的 blog 已经安装成功.


location / {
    index  index.php;
    if (!-e $request_filename) {
        rewrite ^(.*)$ /index.php$1 last;
location ~ [^/]\.php(/|$) {
    fastcgi_pass   unix:/run/php/php7.2-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /typecho_folder$fastcgi_script_name;
    include        fastcgi_params;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    #try_files $fastcgi_script_name =404;
    fastcgi_param PATH_INFO $fastcgi_path_info;

防止跨目录攻击sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/7.2/fpm/php.ini