安装的 lf 无法执行
在 bash 中执行 lf 的运行结果像 ls 一样。定睛一看 which 没结果,alias 显示 alias lf='ls -F'。最后找了一圈是 bash-it enable alias general directory 搞进来的,禁用的话范围太大。
unalias lfZed 会用黑色块遮盖 .env 文件中值的部分
效果大概这样,一开始我以为是因为 Key 上有 Password 所以隐藏了,还觉得挺好。然后看其他正常的键也被遮盖了,这就很不好了。
NAS_PASSWORD=password
MEMORY_LIMIT=512MB通过对比测试,文件名用 .env 开头的都在作用范围内。
其实是配置文件中 redact_private_values 在作怪,目前只能关了。
PVE LXC 容器中无法使用 dmesg
在 LXC 容器中执行 dmesg 提示错误没有权限
$ dmesg
dmesg: read kernel buffer failed: Operation not permitted- LXC Ubuntu 24.04 the dmesg isn’t working | Proxmox Support Forum
- LXC privilege level? | Proxmox Support Forum
- /proc/kmsg: Permission denied. | Proxmox Support Forum
这是预期行为,非特权容器没有 /proc/kmsg 文件的访问权限。
在 PVE 主机上用 echo 0 > /proc/sys/kernel/dmesg_restrict 做解禁快速验证是这个问题。
本来这个问题是为了解决无法在非特权 LXC 容器安装的 Docker 无法进行 mount 动作,最后感觉用虚拟机安装 Docker 才是正确的选择。记录到 VM vs LXC vs Docker
使用 mirror 协议为 Debian 选择 APT 镜像站
官方在 Debian — Debian 全球镜像站 中推荐名为 netselect-apt 的程序来测速。但下载安装它需要先访问官方源,而且生成的不是 DEB822 格式。
root@docker:~# netselect-apt -c CN
Using distribution stable.
Retrieving the list of mirrors from www.debian.org...
URL transformed to HTTPS due to an HSTS policy
--2025-11-14 13:36:44-- https://www.debian.org/mirror/mirrors_full
Resolving www.debian.org (www.debian.org)... 2603:400a:ffff:bb8::801f:3e, 2001:67c:2564:a119::77, 2001:648:2ffc:deb:216:61ff:fe2b:6138, ...
Connecting to www.debian.org (www.debian.org)|2603:400a:ffff:bb8::801f:3e|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 124396 (121K) [text/html]
Saving to: ‘/tmp/netselect-apt.FY8WT2’
/tmp/netselect-apt.FY8WT2 100%[===========================================================================================>] 121.48K 95.4KB/s in 1.3s
2025-11-14 13:36:48 (95.4 KB/s) - ‘/tmp/netselect-apt.FY8WT2’ saved [124396/124396]
Choosing a main Debian mirror using netselect.
(will filter only for mirrors in country CN)
Running netselect to choose 10 out of 14 addresses.
.................................................................................
The fastest 10 servers seem to be:
http://mirrors.ustc.edu.cn/debian/
http://mirrors.bfsu.edu.cn/debian/
http://mirror.nyist.edu.cn/debian/
http://mirrors.neusoft.edu.cn/debian/
http://mirrors.tuna.tsinghua.edu.cn/debian/
http://ftp.cn.debian.org/debian/
http://mirrors.hit.edu.cn/debian/
http://mirror.sjtu.edu.cn/debian/
http://mirror.nyist.edu.cn/debian/
http://mirrors.jlu.edu.cn/debian/
Of the hosts tested we choose the fastest valid for http:
http://mirrors.ustc.edu.cn/debian/
Writing sources.list.
sources.list exists, moving to sources.list.1763127422
Done.不过我注意到新安装的 Debian 13 的 apt source 文件居然有不同寻常的 URIs,它的协议是 mirror+file
Types: deb deb-src
URIs: mirror+file:///etc/apt/mirrors/debian.list
Suites: bookworm bookworm-updates bookworm-backports
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpghttps://deb.debian.org/debian找了一圈文档在 sources.list(5) — apt — Debian trixie — Debian Manpages 有描述,看来 mirror 文件每行都是个 URI,那就简单了。把之前 netselect-apt 的结果贴进去。
echo "https://mirrors.cernet.edu.cn/debian/" > /etc/apt/mirrors/debian/debian.list
echo "https://mirrors.cernet.edu.cn/debian-security/" > /etc/apt/mirrors/debian/debian-security.list其他不是用这种方式定义 source 的可以这样做:
sed -i 's/archive.ubuntu.com/mirrors.cernet.edu.cn/g' /etc/apt/sources.list.d/ubuntu.sources
sed -i 's/deb.debian.org/mirrors.cernet.edu.cn/g' /etc/apt/sources.list
sed -i 's#security.debian.org#mirrors.cernet.edu.cn/debian-security#g' /etc/apt/sources.listaria2 使用证书错误代码 80090327
继 aria2 使用 P12 证书错误 之后,我打算从自签名证书转换到 Let’s Encrypt 的公共领域证书,为了支持从外部访问。
签发是简单,就算不能给 localhost 发,但写全域名也能接受。
记住不能用 fullchain.pem,而要使用不含链的单独证书。
sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d amd-9700x-lan.lan.kokomi.site
sudo openssl pkcs12 -export -out aria2.pfx \
-in /etc/letsencrypt/live/amd-9700x-lan.lan.kokomi.site/cert.pem \
-inkey /etc/letsencrypt/live/amd-9700x-lan.lan.kokomi.site/privkey.pem但应用起来之后发现有新的错误,服务端代码 80090327。
11/15 00:12:53 [INFO] RPC: Accepted the connection from ::1:5879.
11/15 00:12:53 [DEBUG] Creating TLS session
11/15 00:12:53 [DEBUG] TLS Handshaking
11/15 00:12:53 [DEBUG] WinTLS: Starting/Resuming TLS Connect
11/15 00:12:53 [DEBUG] WinTLS: Reading handshake...
11/15 00:12:53 [DEBUG] WinTLS: Continuing with handshake
11/15 00:12:53 [DEBUG] WinTLS: Writing handshake
11/15 00:12:53 [DEBUG] WinTLS: Reading handshake...
11/15 00:12:53 [DEBUG] WinTLS: Starting/Resuming TLS Connect
11/15 00:12:53 [DEBUG] WinTLS: Reading handshake...
11/15 00:12:53 [INFO] CUID#11 - Error occurred while reading HTTP request
Exception: [src\network\SocketCore.cc:1023] errorCode=1 SSL/TLS handshake failure: Error: 处理证书时,出现了一个未知错误。
(80090327)还好在客户端有明确的错误,其实就是域名不对。虽然在做 DNS 的时候,操作系统会加上 DNS suffix,但校验证书 DNS 名称时,短名称无效,得写全。
$ xh https://localhost:6800
xh: error: error sending request for url (https://localhost:6800/)
Caused by:
0: client error (Connect)
1: invalid peer certificate: certificate not valid for name "localhost"; certificate is only valid for DnsName("amd-9700x-lan.lan.kokomi.site")
$ curl https://amd-9700x-lan:6800
curl: (60) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - 目标主要名称不正确。
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.不过奇怪的是,修正后 jsonrpc 接口是通了,但在 AriaNg 中没法用 HTTPS 的方式访问,改为 WebSocket Secure(WSS) 后居然能正常连接,包括用 localhost 作为域名。是浏览器做了魔法?