检查F12后会发现是CORS相关错误。使用Firefox 87.0 on win64配合Allow CORS这个插件会发现问题解决了。

但是大多数浏览器无法通过这个方法解决问题,因为最新版本chrome和firefox开始禁止使用Access-Control-Allow-Origin: *

I'm looking into this problem, and Firefox 87.0 on win64 is a verified working solution. Try it if you're stuck!

Are you writing an v2ray setup script for others, but still asking noob users to prepare their own domain?

Are you running remote powershell, but got fucked by the TrustedHosts limitation?

Are you running a test-only https server, but acme.sh refuses to provide certificate for bare ip?

Convert your IP to a domain!

If your ip address is 192.168.1.1, then your domain is 192.168.1.1.ip.rtmp.asia.

If your ip address is 13.80.82.152, then your domain is 13.80.82.152.ip.rtmp.asia.

The domain name "$ipaddr.$prefix" always points to $ipaddr! You can get an available prefix list with this api: https://recolic.net/api/ip2domain-prefix.list.

I'll deploy a highly-available server only if there're already enough users.

Binary download

Working-in-progress

Guide

This guide is for building smbclient and smbd (https://github.com/samba-team/samba) for windows.

Install dependencies

Use cygwin64 (usually better) or cygwin32. Install latest version of the following mandatory package: gcc-g++, bash, flex, libintl-devel, libgnutls-devel, perl, python3, python3-devel, zlib-devel, liblmdb-devel, rpcsvc-proto, m4 and the following optional package: libjansson-devel, libarchive-devel, openldap-devel, libicu-devel.

Then run pip3 install dnspython markdown

Then install perl-parse-yapp manually. You should manually copy these file into correct directory in your cygwin shell. You may download the following file here or get the latest version from archlinux pacman -S perl-parse-yapp.

perl-parse-yapp /usr/bin/vendor_perl/yapp => /usr/bin/yapp
perl-parse-yapp /usr/lib/perl5/5.32/vendor_perl/auto/Parse/Yapp/
perl-parse-yapp /usr/share/perl5/vendor_perl/ => You may have to move to /usr/share/perl5/5.32/vendor_perl/
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Driver.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Grammar.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Lalr.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Options.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Output.pm
perl-parse-yapp /usr/share/perl5/vendor_perl/Parse/Yapp/Parse.pm

Please run echo 'use Parse::Yapp::Driver;' | perl, and make sure it works. Then run yapp, also make sure it works.

Build

Then download the samba git repository, run ./configure --without-gpgme --without-pam. Please add corresponding argument if you skipped any optional package in previous step:

Missing Package Extra Command Line
libjansson-devel --without-json
libarchive-devel –without-libarchive
openldap-devel –without-ldap

If configure is success, continue.

Fix

Run the following command to patch ld:

cd /usr/x86_64-pc-cygwin/bin
mv ld ld.real

echo '#!/bin/bash
_result=()
for ele in "$@"; do
    [[ "$ele" = "--export-dynamic" ]] && _result+=("--export-all-symbols") || _result+=("$ele")
done
/usr/bin/ld.real "${_result[@]}"
exit $?
' > ld

chmod +x ld

And apply this git-patch to your repository:

diff --git a/source3/lib/cluster_support.c b/source3/lib/cluster_support.c
index c11b1f76dbb..007e76f0953 100644
--- a/source3/lib/cluster_support.c
+++ b/source3/lib/cluster_support.c
@@ -59,7 +59,7 @@ const char *lp_ctdbd_socket(void)
 {
        const char *ret;

-       ret = lp__ctdbd_socket();
+       ret = NULL; /* lp__ctdbd_socket(); */
        if (ret != NULL && strlen(ret) > 0) {
                return ret;
        }
diff --git a/third_party/popt/poptconfig.c b/third_party/popt/poptconfig.c
index f0a92e01bd5..d9fa848a786 100644
--- a/third_party/popt/poptconfig.c
+++ b/third_party/popt/poptconfig.c
@@ -42,7 +42,7 @@ extern int glob_pattern_p (const char *__pattern, int __quote)
 /*@=declundef =exportheader =incondefs =protoparammatch =redecl =type @*/
 #endif /* __LCLINT__ */

-#if !defined(__GLIBC__)
+#if 0
 /* Return nonzero if PATTERN contains any metacharacters.
    Metacharacters can be quoted with backslashes if QUOTE is nonzero.  */
 static int

Build

OK. Now run make bin/smbclient -j8 and you're all set.

Realtime status board: https://recolic.net/status

Telegram channel t.me/net_recolic has been deprecated. I'll use this post to update incident about recolic.net services. (A private blog is so useful!)

News in the last month

  • Apr 5 - Apr 6, drive.recolic.net, git.recolic.net is down, because of Azure billing issue. Resolved at 06:00 UTC, Apr 6.

什么是安全DNS

传统的DNS数据报文不加密,可以被任意劫持和篡改。DNS over TLS(RFC7858,RFC8310) 和 DNS over HTTPS(RFC 8484)是很好的解决方案,它们用不同的方法达成了相同的目的:防止DNS报文被中间人窥探、篡改或伪造。

浏览器ONLY 安全DNS解决方案

此方式难度较低!

目前(2019.7)Chrome还正在实现此功能,Firefox早已支持此功能了。如果你用的是中国浏览器,请不要指望他们。

  • Firefox 在右上角->Preferences->最下面的Network Settings->勾上最下面的Enable DNS over HTTPS->确定即可。
    (翻译: 在右上角->选项->最下面的网络设置->勾上最下面的启用DNS over HTTPS->确定即可。)

全局安全DNS解决方案

这一类解决方案让你的所有网络流量不受DNS污染攻击的影响。这类小工具有很多,我的推荐不一定适合你,但我会推荐最容易操作、最广泛使用、足够安全的解决方案。

Windows推荐: SimpleDNSCrypt

请访问这个网站下载安装包。https://simplednscrypt.org/ 安装之后,启动软件,点击中间的Service的开关启动服务,然后在下方点击你的WLAN或者网线的图标,即可对这条网络连接启用安全DNS服务。
提示,右上角的设置里可以改界面为中文,可以禁止启动软件时检查更新(因为检查更新有点慢)。这软件的默认配置就足够大多数人用了,如果你不懂的话,不必自己改配置。
这是一个开源软件,发布的安装包也经过数字签名,如果你懂得计算机知识并且重视安全,你可以自行验证它的安全性。如果你不懂得计算机知识且重视安全,相信我,你没有能力重视安全。

Linux推荐: stubby

Linux直接用包管理器一条命令安装,然后systemd启动就好了。下面我写的命令只是示例,请修改成你使用的包管理器。同样,这个软件的默认配置就足够好用了。如果你希望加上GoogleDNS作为你的服务器,你可以参考这里的配置

  • Ubuntu
sudo apt-get install -y stubby ; sudo systemctl disable systemd-resolved --now ; sudo systemctl enable stubby --now
  • ArchLinux
sudo pacman  -S --noconfirm stubby ; sudo systemctl disable systemd-resolved --now ; sudo systemctl enable stubby --now
  • Android 9+ 请在Settings -> Network&internet -> Private DNS -> Private DNS provider hostname填写dns.google并确定。我不清楚这个路径的中文翻译会被翻译成什么样,请自己寻找吧。

  • 其他Android和IOS设备 请搜索下载Cloudflare的手机app,这是全球最大的网络公司,能帮助你一键解决DNS不安全的问题。当然,中国对它不太友好,因为它是安全的。
    在Google Play Store或Apple App Store搜索Cloudflare或1.1.1.1即可找到这个好用的App。

测试我的设置

请尝试访问https://recolic.net 。选择全局方案的Windows用户可能需要用命令ipconfig /flushdns来清理缓存,如果能正常访问,说明配置成功。

作者:Telegram CEO Durov, 翻译 @tggeek

大公司利用营销来欺骗我们,让我们认为解决我们所有问题的方法就是购买更多的他们的产品。

真正的解决方案恰恰相反:它是少消费,而不是多消费。在大多数情况下,我们的问题首先是由过度消费引起的。

例如,如果你体重超标,你会被健身房订阅或食品补充剂的广告轰炸。但减肥的关键是少吃,而不是买新鞋和蛋白粉。

再或者,如果你有头痛和压力的困扰,他们会试图向你推销头痛药和抗抑郁药。但要想真正减少压力,你应该开始睡觉和多走路,而不是让自己沉迷于娱乐产品或在深夜浏览社交媒体。药片的设计从来都不是一个永久的解决方案:它们会随着时间的推移而失去效果,并引起副作用,进而需要更多的药片。一旦你踏上无休止的消费之旅,你就会陷入一个旨在让你痛苦、让企业快乐的陷阱。

通过进化,大自然让我们具备了高效应对资源不足的能力,但它从未让我们为现在相对丰富的生活做好准备。今天,死于肥胖的人比死于饥饿的人更多,因信息过载而焦虑的人比缺乏新闻的人更多。

人类的DNA,作为我们的硬件,已经过时了。大约在1万到2万年前,它就停止了进化,当时我们还生活在小型的狩猎采集型社区中。那时候,每一口甜食和每一条信息都非常有价值。我们现在生活在特大城市,周围有大量廉价的糖,但我们的DNA并不知道这一点。我们的身体仍在积累多余的脂肪,为永远不会到来的严寒饥饿的冬天做准备。我们的大脑紧紧抓住每一条令人不安的新闻,告诉我们永远不会实现的威胁。

我们的经济体系强调GDP的增长和企业利润的最大化,使这一生物矛盾更加严重。政府和企业都鼓励人们增加消费。美国这个在20世纪经济增长中表现突出的国家,也是世界上最肥胖的发达国家,这不是巧合。他们的市场驱动型社会变得太有效率了。

这种制度不仅对人类有害,从长远来看也是不可持续的。与企业的胃口不同,我们地球的资源是有限的。作为一个物种,我们在制造和销售自己不需要的东西方面变得非常高效,但买单的却是地球。我们的身体仍然希望我们生活在1万到2万年前的原始环境中,充满绿色的森林和干净的湖泊。当我们为了永恒的追求经济增长而不断破坏自己的栖息地时,因污染而导致的疾病数量不断增加。

我是幸运的,我很早就富裕起来了。在我22岁时,我的银行账户上就有了100万美金;到25岁时,有了几千万;到28岁时,有了上亿。然而,这从来都不是让我快乐的原因。

我真正的幸运在于很早就意识到,最有价值的一种职业是创造东西,而不是消费它们。因此,我没有购买游艇、飞机和昂贵的房地产,而是专注于我最喜欢的事情,创建社交平台,希望为人类带来好处。我把大部分个人资金都花在了 Telegram 上,让人们享受到了一种追求完美的免费服务。

我认为为他人创造事物的能力是我最宝贵的,也是最有价值的资产。我猜想,我之所以在做自己喜欢的事情的过程中碰巧发了财,其中一个原因是金钱对我来说从来都不是一个重要的目标。

当我还是学生的时候,我喜欢建设游戏和网站。那时候,这被认为是书呆子的职业。有前途的学生有望从事法律或解决商业案例。但我从来没有真正关心过别人如何定义成功。对我来说,成功在于能够花时间创造自己喜欢的东西。

我从不后悔没有买有钱人喜欢的昂贵物品。我唯一的遗憾是没有更多的时间去创造东西。

我们生活在一个人类创造力无限可能的时代。人们可以发明机器人、编辑基因、设计虚拟世界......有太多令人兴奋的未知领域可以探索。我希望更多的人能够发现为他人建造东西的乐趣。我希望有一天,作为一个物种,我们将摆脱永无止境的自我毁灭之路,转而走上为自己和周围的人创造更美好世界的充实之旅。

via. @durov

fio --loops=5 --size=1000m --filename=/mnt/fs/fiotest.tmp --stonewall --ioengine=libaio --direct=1 
  --name=Seqread --bs=1m --rw=read 
  --name=Seqwrite --bs=1m --rw=write 
  --name=512Kread --bs=512k --rw=randread 
  --name=512Kwrite --bs=512k --rw=randwrite 
  --name=4kQD32read --bs=4k --iodepth=32 --rw=randread 
  --name=4kQD32write --bs=4k --iodepth=32 --rw=randwrite

Use recolic.cc instead of recolic.net if you're fucked by P.R.China government.

  • Public
Web Service Link
shortlink (tmp) https://recolic.net/go
shortlink (perm) https://recolic.net/s
monitor board https://recolic.net/status
gitlab https://git.recolic.net
cloud drive https://drive.recolic.net
email service https://mail.recolic.net
blog https://recolic.net/blog
resource site https://dl.recolic.net
minecraft server https://recolic.net/s/mc
public proxy service https://recolic.net/s/proxy
unsafe pastebin https://recolic.net/paste
simple web proxy https://recolic.net/proxy.php
hust physics exp https://recolic.net/phy
hust physics exp H2 https://recolic.net/phy2
sitemap (myself) https://recolic.net/s/sitemap
donate https://recolic.net/donate
  • Private

https://git.recolic.net/snippets/20

  • Introducing me / social media

https://github.com/recolic

https://git.recolic.net/root

https://recolic.net/blog

This is just a draft. Still Working-In-Progress. Many bugs!

another PC run nginx Then we have mirror: 10.100.100.34/$arch/$repo

    server {
        listen       [::]:80;
        listen       80;
        #server_name  localhost;
    root /var/www/html;
        index  index.html index.htm;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /aarch64 {
        proxy_pass https://mirror.tuna.tsinghua.edu.cn/archlinuxarm/aarch64;
        }
......

android chroot:

prepare root.

mount -t proc /proc proc/
mount -o bind /sys sys/
mount -o bind /dev dev/
# Maybe we should bind every mountpoint manually. Write a script, or copy from debian-arm blog. 
chroot /path/to/.../root/

inside: /bin/bash

export PATH=/usr/bin
export LD_LIBRARY_PATH=/usr/lib

# we should run `pacman-key --init` and `pacman-key --populate archlinuxarm`. But I failed. 
vi /etc/pacman.conf # Set Siglevel to Never

# I don't know why DNS is still not working. Modify mirrorlist to use our repo. 
rm /etc/resolv.conf
echo 10.100.100.1 > /etc/resolv.conf

Deploy

(certificate should be valid. although frontend nginx has proxy_ssl_verify off;, STARTTLS still requires a valid certificate. ) (service should be restarted every 3 month, to use latest renewed certificate, just like nginx does. )

docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /srv/conf/acme-sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --restart=always --hostname func.mail.recolic.net 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net /sbin/init

If can not connect database, you need to run chown -R mysql:mysql mysql inside container. (required if mysql dir are updated. )

Upgrade from lower version

If you upgraded mysql version, you must use following code to migrate data, rather than simply copy /var/lib/mysql. see more

mysqldump -u root -p --all-databases > alldb.sql
mysql -u root -p < alldb.sql

Upgrade step:

  1. export alldb.sql from old iredmail.
  2. export alldb.sql from new iredmail.
  3. manually move all userdata from oldiredmail to new iredmail. (take care!!! DB table format may changed!)
  4. import the manually-modified new-iredmail-alldb.sql into new db, save the resulting /var/lib/mysql directory. Use this as your new mysqlDir!!

Recolic's further customize (image built at 20201021)

after making some further modification below , recolic is using 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net in PROD. https://git.recolic.net/recolic/notebook#mailrecolicnet

Disable heavy clamav, but do not disable DKIM! https://docs.iredmail.org/completely.disable.amavisd.clamav.spamassassin.html

Disable greylisting, which causes email lost from bankofchina. Also enable reject_sender_login_mismatch. https://docs.iredmail.org/manage.iredapd.html

fix facebook problem. https://docs.iredmail.org/upgrade.iredmail.0.9.9-1.0.html#fixed-fix-improper-helo-rule-which-blocks-new-facebook-servers

allow larger attachment size. https://docs.iredmail.org/change.mail.attachment.size.html

Set session timeout to 99999 min: https://forum.iredmail.org/topic8839-iredmail-support-howwhere-to-increase-timeout-session-via-roundcube.html

DNS record guide

https://docs.iredmail.org/setup.dns.html

Manual DKIM:

echo -n "v=DKIM1; p="
openssl rsa -in /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key  -pubout -outform der 2>/dev/null | openssl base64 -A

iredmail docker fresh deploy

YOU MUST CREATE /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key and /srv/conf/acme-sh/mail.recolic.net/fullchain.cer BEFORE ANYTHING!


docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /srv/conf/acme-sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --hostname func.mail.recolic.net jrei/systemd-ubuntu /sbin/init docker exec -ti rmail /bin/bash

In docker:

echo func.mail > /etc/hostname
echo 127.0.0.1 func.mail.recolic.net func.mail localhost localhost.localdomain >> /etc/hosts

apt update
apt install -y gzip vim wget rsyslog
systemctl enable rsyslog --now

wget https://github.com/iredmail/iRedMail/releases/download/1.3.1/iRedMail-1.3.1.tar.gz
tar -xvzf iRedMail-1.3.1.tar.gz ; rm iRedMail-1.3.1.tar.gz
cd iRedMail-* ; bash iRedMail.sh

NOW you have some interactive operations!

no need to edit mail storage path.

recolic note: db password/postmaster password is genpasswd('mail.recolic.net', v4)

Would you like to use filewall rules by iRedMail? NO!

docker commit rmail 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04
docker push 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04

Do not delete the generated dir /srv/iredmail while building image. You need the dir /srv/iredmail/mysql as template to migrate in.