ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

合并文档并更新

Browse Source
This commit is contained in:
admin
2026-06-04 15:12:25 +08:00
parent b147c5730f
commit 836bbdd90d
3 changed files with 1291 additions and 980 deletions
Download Patch File Download Diff File Expand all files Collapse all files

543
openclaw/knowledgebase/FRP 配置详细笔记.md
View File

@@ -1,543 +0,0 @@
---
title: FRP 配置详细笔记
source:
author: shenwei
published:
created: 2026-04-03
description:
tags: [frp, macos, ubuntu]
---
# FRP 配置详细笔记
#frp #macos #ubuntu
## 概述
本文档记录 macmini、ubuntu1、ubuntu2、NAS 四个服务器上的 FRPFast Reverse Proxy客户端配置信息。
---
## 服务器配置总览
| 服务器 | FRP目录 | 配置文件 |
| ------- | ---------------------------------- | ----------- |
| macmini | `/opt/frp/frp_0.65.0_darwin_arm64` | `frpc.toml` |
| ubuntu1 | `/opt/frp/frp_0.65.0_linux_amd64` | `frpc.toml` |
| ubuntu2 | `/opt/frp/frp_0.65.0_linux_amd64` | `frpc.toml` |
| NAS | `/opt/frp/frp_0.65.0_linux_amd64` | `frpc.toml` |
| | | |
---
## FRP 服务器信息
| 配置项 | 值 |
|--------|-----|
| serverAddr | 192.227.222.142 (VPS1) |
| serverPort | 7000 |
| auth.token | Gg8sqHJVgh42KQ0oTatMjl6AywWqAzaaT0B77a4qD46tXtoH9j9mXb2k1YitObhs |
| webServer.addr | 127.0.0.1 |
| webServer.port | 7400 |
| webServer.user | admin |
| webServer.password | admin |
---
## 1. MacMini 配置
### 基本信息
- **FRP目录**: `/opt/frp/frp_0.65.0_darwin_arm64`
- **配置文件**: `frpc.toml`
- **运行用户**: root (通过 tmux 管理)
### 代理配置列表
| 名称 | 类型 | LocalPort | RemotePort | 说明 |
|------|------|------------|-------------|------|
| macmini-ssh | tcp | 22 | 60026 | SSH反向代理 |
| n8n | tcp | 5678 | 15679 | n8n自动化工具 |
| vaultwarden | tcp | 5151 | 15151 | 密码管理器 |
| it-tools | tcp | 8999 | 18999 | IT工具集合 |
| drawio | tcp | 8085 | 18085 | 绘图工具 |
### 完整配置文件内容
```toml
# frpc.toml
# 客户端配置文件
# 服务器地址与认证
serverAddr = "192.227.222.142"
serverPort = 7000
auth.method = "token"
auth.token = "Gg8sqHJVgh42KQ0oTatMjl6AywWqAzaaT0B77a4qD46tXtoH9j9mXb2k1YitObhs"
# 日志配置
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
# 管理界面(可选)
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# 代理配置
[[proxies]]
name = "macmini-ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 60026
[[proxies]]
name = "n8n"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5678
remotePort = 15679
[[proxies]]
name = "vaultwarden"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5151
remotePort = 15151
[[proxies]]
name = "it-tools"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8999
remotePort = 18999
[[proxies]]
name = "drawio"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8085
remotePort = 18085
```
## 2. Ubuntu1 配置
### 基本信息
- **FRP目录**: `/opt/frp/frp_0.65.0_linux_amd64`
- **配置文件**: `frpc.toml`
- **运行用户**: root (通过 systemd 管理)
### 代理配置列表
| 名称 | 类型 | LocalPort | RemotePort | 说明 |
|------|------|------------|-------------|------|
| ubuntu1-ssh | tcp | 22 | 60022 | SSH反向代理 |
| transmission | tcp | 9091 | 19091 | BT下载 |
| grafana | tcp | 3000 | 13000 | 监控面板 |
| homarr | tcp | 7575 | 17575 | 导航面板 |
| superset | tcp | 8777 | 18777 | 数据可视化 |
| tk | tcp | 8888 | 18888 | TikTok生产环境 |
| portainer | tcp | 9000 | 19443 | Docker管理 |
| stq | tcp | 5173 | 15173 | STQ开发 |
| stq-admin | tcp | 7000 | 17000 | STQ管理后台 |
| stq-n8n | tcp | 62000 | 15678 | STQ n8n |
### 完整配置文件内容
```toml
# frpc.toml
# 客户端配置文件
# 服务器地址与认证
serverAddr = "192.227.222.142"
serverPort = 7000
auth.method = "token"
auth.token = "Gg8sqHJVgh42KQ0oTatMjl6AywWqAzaaT0B77a4qD46tXtoH9j9mXb2k1YitObhs"
# 日志配置
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
# 管理界面(可选)
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
[[proxies]]
name = "transmission"
type = "tcp"
localIP = "127.0.0.1"
localPort = 9091
remotePort = 19091
[[proxies]]
name = "grafana"
type = "tcp"
localIP = "127.0.0.1"
localPort = 3000
remotePort = 13000
[[proxies]]
name = "ubuntu1-ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 60022
[[proxies]]
name = "homarr"
type = "tcp"
localIP = "127.0.0.1"
localPort = 7575
remotePort = 17575
[[proxies]]
name = "superset"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8777
remotePort = 18777
[[proxies]]
name = "tk"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8888
remotePort = 18888
[[proxies]]
name = "ubuntu1-portainer"
type = "tcp"
localIP = "127.0.0.1"
localPort = 9000
remotePort = 19443
[[proxies]]
name = "stq"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5173
remotePort = 15173
[[proxies]]
name = "stq-admin"
type = "tcp"
localIP = "127.0.0.1"
localPort = 7000
remotePort = 17000
[[proxies]]
name = "stq-n8n"
type = "tcp"
localIP = "127.0.0.1"
localPort = 62000
remotePort = 15678
```
---
## 3. Ubuntu2 配置
### 基本信息
- **FRP目录**: `/opt/frp/frp_0.65.0_linux_amd64`
- **配置文件**: `frpc.toml`
- **运行用户**: root (通过 systemd 管理)
### 代理配置列表
| 名称 | 类型 | LocalPort | RemotePort | 说明 |
|------|------|------------|-------------|------|
| ubuntu2-ssh | tcp | 22 | 60024 | SSH反向代理 |
| tk-dev | tcp | 8888 | 18889 | TikTok开发环境 |
### 完整配置文件内容
```toml
# frpc.toml
# 客户端配置文件
# 服务器地址与认证
serverAddr = "192.227.222.142"
serverPort = 7000
auth.method = "token"
auth.token = "Gg8sqHJVgh42KQ0oTatMjl6AywWqAzaaT0B77a4qD46tXtoH9j9mXb2k1YitObhs"
# 日志配置
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
# 管理界面(可选)
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# 示例1SSH 反向代理(将本地 22 端口暴露到服务器的 60024 端口)
[[proxies]]
name = "ubuntu2-ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 60024
[[proxies]]
name = "tk-dev"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8888
remotePort = 18889
```
---
## 4. NAS 配置
### 基本信息
- **FRP目录**: `/opt/frp/frp_0.65.0_linux_amd64`
- **配置文件**: `frpc.toml`
- **运行用户**: root (通过 systemd 管理)
### 代理配置列表
| 名称 | 类型 | LocalPort | RemotePort | 说明 |
|------|------|------------|-------------|------|
| nas | tcp | 5000 | 15000 | DSM管理界面 |
| navidrome | tcp | 4533 | 14533 | 音乐服务器 |
| calibre | tcp | 8083 | 18083 | 电子书管理 |
| webdav | tcp | 5005 | 65005 | WebDAV服务 |
| miniflux | tcp | 8080 | 18080 | RSS阅读器 |
| zipline | tcp | 3333 | 13333 | URL短链接 |
| nas_ssh | tcp | 22 | 60023 | SSH反向代理 |
| mysql | tcp | 3307 | 63307 | MySQL数据库 |
| nas_web | tcp | 80 | 10080 | Web服务 |
| jellyfin | tcp | 8096 | 18096 | 媒体服务器 |
### 完整配置文件内容
```toml
# FRP Client Configuration for NAS
# Converted from frpc.ini
serverAddr = "192.227.222.142"
serverPort = 7000
[auth]
token = "Gg8sqHJVgh42KQ0oTatMjl6AywWqAzaaT0B77a4qD46tXtoH9j9mXb2k1YitObhs"
[[proxies]]
name = "nas"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5000
remotePort = 15000
[[proxies]]
name = "navidrome"
type = "tcp"
localIP = "127.0.0.1"
localPort = 4533
remotePort = 14533
[[proxies]]
name = "calibre"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8083
remotePort = 18083
[[proxies]]
name = "webdav"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5005
remotePort = 65005
[[proxies]]
name = "miniflux"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8080
remotePort = 18080
[[proxies]]
name = "zipline"
type = "tcp"
localIP = "127.0.0.1"
localPort = 3333
remotePort = 13333
[[proxies]]
name = "nas_ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 60023
[[proxies]]
name = "mysql"
type = "tcp"
localIP = "127.0.0.1"
localPort = 3307
remotePort = 63307
[[proxies]]
name = "nas_web"
type = "tcp"
localIP = "127.0.0.1"
localPort = 80
remotePort = 10080
[[proxies]]
name = "jellyfin"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8096
remotePort = 18096
```
---
## 端口映射汇总
### 按 RemotePort 排序
| RemotePort | 服务器 | 服务名称 |
|------------|--------|----------|
| 60022 | ubuntu1 | ubuntu1-ssh |
| 60023 | NAS | nas_ssh |
| 60024 | ubuntu2 | ubuntu2-ssh |
| 60026 | macmini | macmini-ssh |
| 10080 | NAS | nas_web |
| 13000 | ubuntu1 | grafana |
| 13333 | NAS | zipline |
| 14533 | NAS | navidrome |
| 15000 | NAS | nas |
| 15151 | macmini | vaultwarden |
| 15173 | ubuntu1 | stq |
| 15678 | ubuntu1 | stq-n8n |
| 15679 | macmini | n8n |
| 17000 | ubuntu1 | stq-admin |
| 17575 | ubuntu1 | homarr |
| 18083 | NAS | calibre |
| 18085 | macmini | drawio |
| 18096 | NAS | jellyfin |
| 18777 | ubuntu1 | superset |
| 18888 | ubuntu1 | tk |
| 18889 | ubuntu2 | tk-dev |
| 18999 | macmini | it-tools |
| 19091 | ubuntu1 | transmission |
| 19443 | ubuntu1 | portainer |
| 63307 | NAS | mysql |
| 65005 | NAS | webdav |
---
## FRP 管理命令
### MacMini
#### 查看状态
```bash
# SSH到服务器后连接tmux会话
ssh <服务器名>
tmux attach -t frpc
```
#### 重启FRP
```bash
# 在tmux中按 Ctrl+C 停止,然后重新运行
./frpc -c frpc.toml
```
### Ubuntu1/Ubuntu2/NAS
#### 查看状态
```bash
ssh <服务器名>
systemctl status frpc
```
#### 重启FRP
```bash
systemctl restart frpc
```
#### 配置FRP service
```bash
# Reload systemd manager configuration
systemctl daemon-reload
# Stop Service
systemctl stop frpc
# Start Service
systemctl start frpc
# Check service status
systemctl status frpc
```
#### 配置frpc.service
```
cd /etc/systemd/system
# ubuntu1/ubuntu2
nano frpc.service
# nas
vi frpc.service
```
```python
[Unit]
Description=frp client
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/opt/frp/frp_0.65.0_linux_amd64/frpc -c /opt/frp/frp_0.65.0_linux_amd64/frpc.toml
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
```
### 常用命令速查
| 服务器 | SSH别名 | FRP目录 | 启动命令 |
| ------- | ------------- | -------------------------------- | ---- |
| macmini | `ssh macmini` | /opt/frp/frp_0.65.0_darwin_arm64 | frpc |
| ubuntu1 | `ssh ubuntu1` | /opt/frp/frp_0.65.0_linux_amd64 | frpc |
| ubuntu2 | `ssh ubuntu2` | /opt/frp/frp_0.65.0_linux_amd64 | frpc |
| NAS | `ssh nas` | /opt/frp/frp_0.65.0_linux_amd64 | frpc |
---
## 相关域名映射
| 域名 | 服务器 | 目标服务 | RemotePort |
|------|--------|----------|------------|
| n8n.ishenwei.online | macmini | n8n | 15679 |
| vaultwarden.ishenwei.online | NAS | vaultwarden | 15151 |
| it-tools.ishenwei.online | macmini | it-tools | 18999 |
| drawio.ishenwei.online | macmini | drawio | 18085 |
| tk.ishenwei.online | ubuntu1 | tk | 18888 |
| tk-dev.ishenwei.online | ubuntu2 | tk-dev | 18889 |
| grafana.ishenwei.online | ubuntu1 | grafana | 13000 |
| superset.ishenwei.online | ubuntu1 | superset | 18777 |
| dashboard.ishenwei.online | ubuntu1 | homarr | 17575 |
| transmission.ishenwei.online | ubuntu1 | transmission | 19091 |
| nas.ishenwei.online | NAS | DSM | 15000 |
| navidrome.ishenwei.online | NAS | navidrome | 14533 |
| calibre.ishenwei.online | NAS | calibre-web | 18083 |
| jellyfin.ishenwei.online | NAS | jellyfin | 18096 |
| zipline.ishenwei.online | NAS | zipline | 13333 |

437
openclaw/knowledgebase/Gitea + SSH 完整配置指南(含排错).md
View File

@@ -1,437 +0,0 @@
---
title: Gitea + SSH 完整配置指南(含排错)
source:
author: shenwei
published:
created:
description:
tags: [git, gitea, obsidian, ssh]
---
# Gitea + SSH 完整配置指南(含排错)
#git #gitea #ssh #obsidian
```table-of-contents
```
## 一、整体目标
实现:
- 使用 Gitea 作为 Git 服务器
- 使用 SSH Key 替代 username/password
- 在 Visual Studio Code 中无感使用 Git
- 避免 HTTP + Proxy 带来的问题
---
# 二、Gitea 部署与 SSH 配置
## 1. Docker 部署(推荐标准配置)
```yaml
version: "3"
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: always
ports:
- "3000:3000" # Web UI
- "2222:22" # SSH关键
volumes:
- ./gitea:/data
```
---
## 2. 为什么要用 2222
- 宿主机 22 端口通常已被系统 SSH 占用
- 使用 `2222 → 22` 映射避免冲突
---
## 3. 启用 Gitea SSH 服务
进入容器:
```bash
docker exec -it gitea /bin/sh
```
检查配置:
```bash
cat /data/gitea/conf/app.ini
```
确保:
```ini
[server]
START_SSH_SERVER = true
SSH_PORT = 22
```
---
## 4. 重启服务
```bash
docker compose down
docker compose up -d
```
---
# 三、客户端 SSH Key 配置
## 1. 生成 SSH Key
```bash
ssh-keygen -t ed25519 -C "ishenwei@gmail.com"
```
默认路径:
```bash
~/.ssh/id_ed25519
~/.ssh/id_ed25519.pub
```
---
## 2. 启动 SSH Agent
```bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
```
---
## 3. 添加公钥到 Gitea
```bash
cat ~/.ssh/id_ed25519.pub
```
复制内容 → 登录 Gitea
- Settings
- SSH Keys
- Add Key
---
# 四、SSH 连接测试(关键步骤)
## 正确命令
```bash
ssh -T git@192.168.3.17 -p 2222
```
```
ssh -T git@gitea.ishenwei.online -p 12222
```
---
## 返回结果解析
### ✅ 成功
```bash
Hi username! You've successfully authenticated...
```
👉 可以开始使用 Git
---
### ❌ Connection refused
```bash
connect to host ... port 2222: Connection refused
```
👉 原因:
- Docker 没映射端口
✔ 修复:
```yaml
- "2222:22"
```
---
### ❌ Connection closed
```bash
Connection closed by ... port 2222
```
👉 原因:
- SSH 服务存在,但不是 Gitea 在处理
- 或 Gitea SSH 未启用
---
### ❌ Permission denied (publickey)
```bash
Permission denied (publickey)
```
👉 原因:
- SSH key 未加载或未添加
✔ 修复:
```bash
ssh-add ~/.ssh/id_ed25519
```
---
### ❌ 错误写法(常见坑)
```bash
ssh -T git@192.168.3.189:3000 ❌
```
👉 错误原因:
- SSH 不支持 `IP:PORT` 写法
---
# 五、Git 仓库改为 SSH
## 1. 查看当前 remote
```bash
git remote -v
```
你当前是:
```bash
http://192.168.3.189:3000/admin/nexus.git ❌
```
## 2. 修改为 SSH
```bash
git remote set-url origin ssh://git@192.168.3.17:2222/ishenwei/nexus.git
```
## 3. 验证
```bash
git pull
```
## 4. 查看配置
```bash
git config --list
```
---
# 六、VS Code 使用说明
在 Visual Studio Code 中:
- 无需额外配置
- 只要 Git + SSH 正常即可
👉 优势:
- 不再输入密码
- 不受 proxy 影响
- clone / pull 不会卡住
---
# 七、进阶优化(强烈推荐)
## 1. SSH Host 别名
编辑:
```bash
~/.ssh/config
```
```bash
Host macmini
HostName 192.168.3.189
Port 2222
User git
IdentityFile ~/.ssh/id_ed25519
```
## 2. 使用简化地址
```bash
git clone ssh://git@192.168.3.45:2222/admin/nexus.git
```
---
# 八、你这次问题的根因总结
## 实际问题链路
```text
HTTP Git + Proxy → 卡住
尝试 SSH但用错端口
未映射 Docker SSH 端口
连接到了错误的 SSH 服务
```
---
## 正确架构
```text
VS Code
Git (SSH)
Gitea (Docker)
SSH Port 2222 → Container 22
```
---
# 九、最佳实践总结
- 使用 SSH 替代 HTTP + Password
- Docker 映射 SSH 端口2222
- 使用 ed25519 key
- 使用 SSH config 做多环境管理
- 避免代理干扰 Git
---
# 十、一句话结论
👉 **Git 的本质是:**
- user.name / email → 标识身份
- SSH Key → 认证身份
👉 **最稳定方案:**
> Gitea + SSH2222+ VS Code = 无痛开发环境
这是一个关于从 Windows 客户端通过 SSH 连接 Mac mini 上 Gitea 仓库的排错笔记。你可以将其保存为 Markdown 文件(如 `Gitea_SSH_Troubleshooting.md`)以便日后查阅。
---
# 📝 Git 排错笔记:解决 Gitea SSH 连接断开与权限问题
## 1. 问题现象
在 Windows 终端执行 `git clone` 或 `git pull` 时,出现以下错误:
- **现象 A:** `Connection closed by 192.168.3.189 port 22` 或 `fatal: Could not read from remote repository`.
- **现象 B:** `ishen@192.168.3.189: Permission denied (publickey)`.
---
## 2. 核心原因分析
经过排查,导致问题的根源有三点:
1. **端口冲突**:默认 SSH 使用 22 端口(指向 macOS 系统 SSH而 Gitea 运行在 **2222 端口**。
2. **用户混淆**Git 默认尝试使用 Windows 当前用户名(`ishen`),但 Gitea 的 SSH 验证强制要求使用 **`git`** 用户。
3. **协议格式**:在非标准端口(非 22必须使用特定的 `ssh://` 前缀格式。
---
## 3. 修复步骤
### 第一步:验证 SSH 连通性
首先确认公钥是否已在 Gitea 中生效,并指定正确端口:
Bash
```
ssh -vT git@192.168.3.189 -p 2222
```
- **预期输出**`Hi there, admin! You've successfully authenticated... but Gitea does not provide shell access.`
- **结论**只要看到这段话说明密钥Key和端口Port是通的。
### 第二步:修正远程仓库地址 (Remote URL)
如果已经克隆了仓库但无法 Pull/Push需要更新 `origin` 的地址:
Bash
```
# 切换到项目目录
cd D:\Workspace\nexus
# 重新设置远程地址,强制指定 git 用户和 2222 端口
git remote set-url origin ssh://git@192.168.3.17:2222/ishenwei/nexus.git
```
### 第三步:验证修改
查看当前的远程配置是否正确:
Bash
```
git remote -v
```
- **正确结果应包含**`ssh://git@192.168.3.189:2222/...`
---
## 4. 终极解决方案:配置 SSH Config (推荐)
为了避免每次都要手动输入端口和用户,在 Windows 本地创建或修改 `C:\Users\ishen\.ssh\config` 文件:
Plaintext
```
# Mac mini Gitea 配置
Host 192.168.3.189
HostName 192.168.3.189
User git
Port 2222
IdentityFile ~/.ssh/id_rsa
```
**配置后的效果:**
以后只需执行简单的命令Git 会自动映射 `git` 用户和 `2222` 端口:
- `git clone ssh://git@192.168.3.45:2222/admin/nexus.git`
- `git pull`
---
## 5. 总结备忘
- **不要使用系统用户名**:无论你的 Gitea 账户叫什么SSH 连接用户名统一用 `git`。
- **非标端口必须加协议**:如果端口不是 22地址必须写成 `ssh://git@host:port/repo.git`。
- **优先检查端口**Mac 系统的 SSH (22) 和 Gitea 的 SSH (通常是 2222 或 10022) 是两码事。
---
**记录时间**2026-03-25
**设备环境**Windows ThinkBook -> Mac mini (192.168.3.189)