通过Tailscale我们可以将处于不同位置的主机组建一个私有网络(Tailnet),这些设备都可以通过Tailscale分配的IP进行互相访问。 但有时会存在这样的情况,局域网中部分设备没有对应的Tailscale客户端,或者只有一台设备方便安装Tailscale,但我们想通过访问局域网IP的方式来访问其他设备,这时我们就需要使用Tailscale提供的子网路由(Subnet Routers)功能来实现。 例如:办公室PC、VPS和局域网内的斐讯N1都安装了Tailscale,局域网中有斐讯N1,PC,NAS,RouterOS路由器。 我们可以在斐讯N1上配置子网路由,这样办公室PC和VPS就可以通过局域网IP来访问内部的PC,NAS,RouterOS路由器。 开启ip转发 如果你的linux系统有/etc/sysctl.d目录,执行如下操作: echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.d/99-tailscale.conf echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/99-tailscale.conf sysctl -p /etc/sysctl.d/99-tailscale.conf 或者执行如下操作: echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf sysctl -p /etc/sysctl.conf N1有/etc/sysctl.d目录,采用第一种操作。 N1设置子网路由 N1已经加入Tailscale,通过以下命令设置子路由(192.168.1.0/24) tailscale set --advertise-routes=192.168.1.0/24 第一次加入Tailscale,可以通过以下方法直接配置子路由 tailscale up --advertise-routes=192.168.1.0/24 可以设置多个子路由,格式如:--advertise-routes=192.168.1.0/24,192.168.2.0/24 设置完后,在Tailscale网站管理页面,点击进入N1设备,选择右上角Machine settings -> Edit route settings,在Subnet routers中勾选刚设置的子路由192.168.1.0/24保存即可。 外网终端设置接受路由 在外网设备中,我们要设置接受子网路由才可以使用该功能。 在Linux设备中,通过以下命令接受路由 tailscale up --accept-routes Windows和MACOS上默认开启,移动端打开Use Tailscale subnets开关。 验证功能 在VPS上ping一下内网RouterOS的ip看下是否能通 ➜ ~ ping 192.168.1.111 PING 192.168.1.111 (192.168.1.111) 56(84) bytes of data. 64 bytes from 192.168.1.111: icmp_seq=1 ttl=63 time=745 ms 64 bytes from 192.168.1.111: icmp_seq=2 ttl=63 time=252 ms 64 bytes from 192.168.1.111: icmp_seq=3 ttl=63 time=252 ms 64 bytes from 192.168.1.111: icmp_seq=4 ttl=63 time=252 ms 64 bytes from 192.168.1.111: icmp_seq=5 ttl=63 time=252 ms 64 bytes from 192.168.1.111: icmp_seq=6 ttl=63 time=252 ms 64 bytes from 192.168.1.111: icmp_seq=7 ttl=63 time=251 ms ^C --- 192.168.1.111 ping statistics --- 8 packets transmitted, 7 received, 12.5% packet loss, time 7002ms rtt min/avg/max/mdev = 250.515/322.219/745.459/172.787 ms 看来访问已经没有问题咯。 ...
斐讯N1安装Nextcloud
手上这台N1运行着Armbian系统,安装方法可以参考斐讯N1恢复原厂系统并重新安装Armbian 安装Docker并修改源 通过armbian-software来先安装Docker armbian-software 在提示中输入101进行Docker安装。 phn1:~:# armbian-software [ STEPS ] Start selecting software [ Current system: debian/trixie ]... ─────────────────────────────────────────────────────────────────── ID NAME STATE MANAGE ─────────────────────────────────────────────────────────────────── 101 Docker installed update/remove 102 Portainer not-installed install 103 Yacht not-installed install 104 Transmission not-installed install 105 qBittorrent not-installed install 106 NextCloud installed update/remove 107 Jellyfin not-installed install 108 HomeAssistant not-installed install 109 Kodbox not-installed install 110 CouchPotato not-installed install ... ... 安装完Docker后可以通过docker version来检查版本信息。 phn1:~:# docker version Client: Docker Engine - Community Version: 29.1.3 API version: 1.52 Go version: go1.25.5 Git commit: f52814d Built: Fri Dec 12 14:49:15 2025 OS/Arch: linux/arm64 Context: default Server: Docker Engine - Community Engine: Version: 29.1.3 API version: 1.52 (minimum version 1.44) Go version: go1.25.5 Git commit: fbf3ed2 Built: Fri Dec 12 14:49:15 2025 OS/Arch: linux/arm64 Experimental: false containerd: Version: v2.2.1 GitCommit: dea7da592f5d1d2b7755e3a161be07f43fad8f75 runc: Version: 1.3.4 GitCommit: v1.3.4-0-gd6d73eb8 docker-init: Version: 0.19.0 GitCommit: de40ad0 由于国内网络问题,Docker官方的安装源已经废了,这里需要修改为国内镜像源才能进一步安装docker镜像。 ...
斐讯N1安装FnOS
飞牛OS开启了arm版公测,首批适配机型中有斐讯N1,于是手上闲置的N1终于可以不用吃灰了。 手上这台N1当前运行的是armbian系统,安装方法以前发过斐讯N1恢复原厂系统并重新安装Armbian 此次安装就方便多了,将系统镜像通过工具Rufus写入U盘,将U盘插入左侧U口(HDMI右侧),然后加电开机即可通过U盘引导。 进入U盘系统后,登陆root用户,密码也是root,执行以下命令将系统安装到内置硬盘(eMMC) ./install-to-emmc.sh 安装完成后运行halt命令关机,去掉U盘即可,重新开机后通过路由器后台或者显示器可以看到系统IP,浏览器打开http://ip:5666开始设置系统。 另外,由于测试系统没有公测资格的账号无法访问app商店,以下提供部分缺失app的安装包。 相册 trim.photos.fpk (访问密码: 3705) 媒体 trim.media.fpk (访问密码: 3705) 下载 easydown.fpk (访问密码: 3705) 百度网盘 baidu.netdisk.fpk (访问密码: 3705) 在应用中心左下角点击手动安装,选择下载的.fpk文件。 7G的emmc可怜的剩余800m左右,看来得外接usb移动硬盘才能正常使用了。 相关文件下载 Rufus U盘写入工具 rufus-4.11.exe (访问密码: 3705) N1的fnos镜像文件 fnos_Mainland-PE_arm_1.0.0_phicomm-n1_182.img.xz (访问密码: 3705) 系统信息检查 bbq@phn1:/$ sudo neofetch _,met$$$$$gg. root@phn1 ,g$$$$$$$$$$$$$$$P. --------- ,g$$P" """Y$$.". OS: Debian GNU/Linux 12 (bookworm) aarch64 ,$$P' `$$$. Host: Phicomm N1 ',$$P ,ggs. `$$b: Kernel: 6.12.41-trim `d$$' ,$P"' . $$$ Uptime: 15 mins $$P d$' , $$P Packages: 1173 (dpkg) $$: $$. - ,d$$' Shell: bash 5.2.15 $$; Y$b._ _,d$P' CPU: (4) @ 1.512GHz Y$$. `.`"Y$$$$P"' Memory: 660MiB / 1927MiB `$$b "-.__ `Y$$ `Y$$. `$$b. `Y$$b. `"Y$b._ `""" bbq@phn1:/$ sudo inxi -F System: Host: phn1 Kernel: 6.12.41-trim arch: aarch64 bits: 64 Console: pty pts/1 Distro: Debian GNU/Linux 12 (bookworm) Machine: Type: ARM System: Phicomm N1 details: N/A serial: QD********0 CPU: Info: quad core model: N/A variant: cortex-a53 bits: 64 type: MCP Speed (MHz): avg: 1512 min/max: 100/1512 cores: 1: 1512 2: 1512 3: 1512 4: 1512 Graphics: Device-1: meson-gxl-dw-hdmi driver: meson_dw_hdmi v: N/A Device-2: meson-gxl-vpu driver: meson_drm v: N/A Device-3: meson-gxl-mali driver: lima v: kernel Display: server: No display server data found. Headless machine? tty: 149x44 API: OpenGL Message: GL data unavailable in console for root. Audio: Device-1: meson-gxl-dw-hdmi driver: meson_dw_hdmi Device-2: gx-sound-card driver: gx_sound_card API: ALSA v: k6.12.41-trim status: kernel-api Network: Device-1: meson-gxbb-dwmac driver: meson8b_dwmac IF: end0 state: up speed: 1000 Mbps duplex: full mac: 4e:1c:a0:02:c7:35 Device-2: ethernet-phy-id0181.4400 driver: Meson GXL Internal PHY Device-3: pwm-clock driver: pwm_clock IF-ID-1: docker0 state: down mac: 72:0b:df:e5:f4:31 Drives: Local Storage: total: 7.28 GiB used: 5.22 GiB (71.7%) ID-1: /dev/mmcblk1 type: Removable model: 8GME4R size: 7.28 GiB Partition: ID-1: / size: 5.97 GiB used: 5.16 GiB (86.4%) fs: ext4 dev: /dev/mmcblk1p2 ID-2: /boot size: 487.7 MiB used: 64.6 MiB (13.3%) fs: vfat dev: /dev/mmcblk1p1 Swap: Alert: No swap data was found. Sensors: Src: lm-sensors+/sys Message: No sensor data found using /sys/class/hwmon or lm-sensors. Info: Processes: 222 Uptime: 16m Memory: 1.88 GiB used: 792.2 MiB (41.1%) Init: systemd target: graphical (5) Shell: Sudo inxi: 3.3.26 bbq@phn1:/$ iperf3 -s ----------------------------------------------------------- Server listening on 5201 (test #1) ----------------------------------------------------------- Accepted connection from 192.168.1.31, port 61190 [ 5] local 192.168.1.217 port 5201 connected to 192.168.1.31 port 61191 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 102 MBytes 855 Mbits/sec [ 5] 1.00-2.00 sec 104 MBytes 876 Mbits/sec [ 5] 2.00-3.00 sec 102 MBytes 859 Mbits/sec [ 5] 3.00-4.00 sec 95.8 MBytes 804 Mbits/sec [ 5] 4.00-5.00 sec 97.2 MBytes 815 Mbits/sec [ 5] 5.00-6.00 sec 97.5 MBytes 818 Mbits/sec [ 5] 6.00-7.00 sec 103 MBytes 861 Mbits/sec [ 5] 7.00-8.00 sec 99.7 MBytes 837 Mbits/sec [ 5] 8.00-9.00 sec 101 MBytes 848 Mbits/sec [ 5] 9.00-10.00 sec 97.7 MBytes 819 Mbits/sec [ 5] 10.00-10.03 sec 2.96 MBytes 813 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.03 sec 1003 MBytes 839 Mbits/sec receiver ----------------------------------------------------------- Server listening on 5201 (test #2) ----------------------------------------------------------- bbq@phn1:/$ sudo hdparm -Tt /dev/mmcblk1 /dev/mmcblk1: Timing cached reads: 2154 MB in 2.00 seconds = 1076.82 MB/sec Timing buffered disk reads: 448 MB in 3.01 seconds = 148.94 MB/sec
使用acme.sh DNS模式签发证书
如果域名没有绑定具体主机,但仍需要签发ssl证书的话,可以使用acme.sh的DNS模式手动进行签发。 这种签发模式有一个缺点就是不能自动更新,需要手动关注更新证书,周期为90天。 安装acme.sh curl https://get.acme.sh | sh -s email=my@example.com` 或者 wget -O - https://get.acme.sh | sh -s email=my@example.com dns模式签发证书 使用如下命令为optipng.cn和www.optipng.cn签发证书。 acme.sh --issue --dns -d optipng.cn -d www.optipng.cn --yes-I-know-dns-manual-mode-enough-go-ahead-please ... ... [Mon Nov 17 07:17:54 PM PST 2025] Sleeping for 10 seconds and retrying. [Mon Nov 17 07:18:05 PM PST 2025] Using CA: https://acme.zerossl.com/v2/DV90 [Mon Nov 17 07:18:05 PM PST 2025] Account key creation OK. [Mon Nov 17 07:18:05 PM PST 2025] No EAB credentials found for ZeroSSL, let's obtain them [Mon Nov 17 07:18:06 PM PST 2025] Registering account: https://acme.zerossl.com/v2/DV90 [Mon Nov 17 07:18:06 PM PST 2025] Could not get nonce, let's try again. [Mon Nov 17 07:18:09 PM PST 2025] Could not get nonce, let's try again. [Mon Nov 17 07:18:13 PM PST 2025] Could not get nonce, let's try again. [Mon Nov 17 07:18:16 PM PST 2025] Registered [Mon Nov 17 07:18:16 PM PST 2025] ACCOUNT_THUMBPRINT='39EcpbbsWhtdSzzd8Rz-z3kXNzpzadw0Vmq6wS2xIKY' [Mon Nov 17 07:18:16 PM PST 2025] Creating domain key [Mon Nov 17 07:18:16 PM PST 2025] The domain key is here: /root/.acme.sh/optipng.cn_ecc/optipng.cn.key [Mon Nov 17 07:18:16 PM PST 2025] Multi domain='DNS:optipng.cn,DNS:www.optipng.cn' [Mon Nov 17 07:18:17 PM PST 2025] Getting webroot for domain='optipng.cn' [Mon Nov 17 07:18:17 PM PST 2025] Getting webroot for domain='www.optipng.cn' [Mon Nov 17 07:18:17 PM PST 2025] Add the following TXT record: [Mon Nov 17 07:18:17 PM PST 2025] Domain: '_acme-challenge.optipng.cn' [Mon Nov 17 07:18:17 PM PST 2025] TXT value: 'VTtpEviHUIZZz4wCu9RWR4yJBTNkIE1t1vw9cuGv6-g' [Mon Nov 17 07:18:17 PM PST 2025] Please make sure to prepend '_acme-challenge.' to your domain [Mon Nov 17 07:18:17 PM PST 2025] so that the resulting subdomain is: _acme-challenge.optipng.cn [Mon Nov 17 07:18:17 PM PST 2025] Add the following TXT record: [Mon Nov 17 07:18:17 PM PST 2025] Domain: '_acme-challenge.www.optipng.cn' [Mon Nov 17 07:18:17 PM PST 2025] TXT value: 'zp-ntPgXeUX_TZO7NZaeNCeX_AJqTc76OV7Z-s5axRY' [Mon Nov 17 07:18:17 PM PST 2025] Please make sure to prepend '_acme-challenge.' to your domain [Mon Nov 17 07:18:17 PM PST 2025] so that the resulting subdomain is: _acme-challenge.www.optipng.cn [Mon Nov 17 07:18:17 PM PST 2025] Please add the TXT records to the domains, and re-run with --renew. [Mon Nov 17 07:18:17 PM PST 2025] Please add '--debug' or '--log' to see more information. [Mon Nov 17 07:18:17 PM PST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh 在dns管理中,按如上提示添加_acme-challenge.optipng.cn和_acme-challenge.www.optipng.cn两个txt解析,大约等待1分钟左右生效。 ...
使用Cloudflare Workers和Hugo快速部署静态站点
Cloudflare推荐使用Workers替代Pages来部署静态站点,以下为一次完整使用Cloudflare Workers和Hugo快速部署静态站点的实例。 github操作 在github上新建项目,属性可以设为私有,防止公共浏览。 然后将项目clone下来 $ git clone git@github.com:xtod/cf1027.git Cloning into 'cf1027'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0) Receiving objects: 100% (3/3), done. 安装Hugo Hugo官方下载链接https://github.com/gohugoio/hugo/releases,根据自己系统进行下载安装。 如果github不能访问,国内下载地址如下: Windows版 hugo_extended_withdeploy_0.152.2_windows-amd64.zip (访问密码: 3705) Linux版 hugo_extended_withdeploy_0.152.2_Linux-64bit.tar.gz (访问密码: 3705) 然后使用Hugo新建站点 #进入github目录 $ cd cf1027/ #新建站点p $ hugo new site p Congratulations! Your new Hugo site was created in D:\githubs\cf1027\p. Just a few more steps... 1. Change the current directory to D:\githubs\cf1027\p. 2. Create or install a theme: - Create a new theme with the command "hugo new theme <THEMENAME>" - Or, install a theme from https://themes.gohugo.io/ 3. Edit hugo.toml, setting the "theme" property to the theme name. 4. Create new content with the command "hugo new content <SECTIONNAME>\<FILENAME>.<FORMAT>". 5. Start the embedded web server with the command "hugo server --buildDrafts". See documentation at https://gohugo.io/. #将文件移动至根目录 $ mv p/* . 然后浏览hugo主题页面https://themes.gohugo.io/下载主题进行安装,以hugo-bearblog为例 ...