update

Author: adoyle-h

.github/workflows/jekyll-gh-pages.yml

@@ -38,7 +38,7 @@ jobs:
           key: ${{ runner.os }}-node-modules
 
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 18
 
@@ -54,7 +54,7 @@ jobs:
           destination: ./_site
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@v3
 
   # Deployment job
   deploy:
@@ -66,4 +66,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v1
+        uses: actions/deploy-pages@v4

.github/workflows/weekly-report.yml

@@ -25,13 +25,13 @@ jobs:
         run: |
           echo "OK=false" >> "$GITHUB_OUTPUT"
 
-          c=$(git rev-list --all --since '1 week ago' --reverse  | head -n1 || true)
+          c=$(git rev-list --all --since '168 hours ago' --reverse  | head -n1 || true)
           if [ -z "${c:-}" ]; then
             echo "[Warn] No any changed"
             exit 0
           fi
 
-          git --no-pager diff --no-color -U0 "$c" HEAD -- '*.md' ':!./_docs' |
+          git --no-pager diff --no-color -U0 "$c"^ HEAD -- '*.md' ':!./_docs' |
           grep -v -E '^(index|new file mode|deleted file mode|\-\-\-) ' |
           sed -E -e 's|^diff --git a/(.+) b/.+|```\n\n### \1\n|g' -e 's/^\+\+\+.+/```diff/' |
           tail +2 > _report

Makefile

@@ -1,7 +1,7 @@
 include ./makefile-utils/*.mk
 .DEFAULT_GOAL := help
 
-GH_PAGE_IMAGE=adoyle/gh-pages:v231.1
+GH_PAGE_IMAGE=ghcr.io/adoyle-h/jekyll-build-pages:v1.0.7-ad-7
 
 # 本地编辑与浏览（不用先执行 make build，会自动构建，支持热更新）
 .PHONY: serve
@@ -41,7 +41,7 @@ http:
 .PHONY: debug-gh-pages
 debug-gh-pages:
 	docker run -it --rm -p 4000:4000 -v "${PWD}:/src/site" \
-		--entrypoint ash \
+		--entrypoint bash -w /src/site \
 		${GH_PAGE_IMAGE}
 
 .PHONY: clean-index-md

git/connection-closed-by-unknown-port-65535.md

@@ -0,0 +1,51 @@
+# Connection closed by UNKNOWN port 65535
+
+git fetch 或者 git push 时看到这个错误。
+
+## 排查思路
+
+`ssh -vvv -T [email protected]` 查看与 github.com 的 ssh 链接过程具体有什么问题。
+
+比如我的案例是：
+
+```sh
+debug3: channel_clear_timeouts: clearing
+debug1: Executing proxy command: exec nc -x 127.0.0.1:7890 github.com 22
+debug1: identity file /Users/adoyle/.ssh/id_rsa type 0
+debug1: identity file /Users/adoyle/.ssh/id_rsa-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_ecdsa type -1
+debug1: identity file /Users/adoyle/.ssh/id_ecdsa-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_ecdsa_sk type -1
+debug1: identity file /Users/adoyle/.ssh/id_ecdsa_sk-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_ed25519 type 3
+debug1: identity file /Users/adoyle/.ssh/id_ed25519-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_ed25519_sk type -1
+debug1: identity file /Users/adoyle/.ssh/id_ed25519_sk-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_xmss type -1
+debug1: identity file /Users/adoyle/.ssh/id_xmss-cert type -1
+debug1: identity file /Users/adoyle/.ssh/id_dsa type -1
+debug1: identity file /Users/adoyle/.ssh/id_dsa-cert type -1
+debug1: Local version string SSH-2.0-OpenSSH_9.7
+
+kex_exchange_identification: Connection closed by remote host
+Connection closed by UNKNOWN port 65535
+```
+
+`debug1: Executing proxy command: exec nc -x 127.0.0.1:7890 github.com 22` 表示我的 ssh 走了代理。
+
+`kex_exchange_identification: Connection closed by remote host` 说明问题发生在 [kex_exchange_identification](https://github.com/openssh/openssh-portable/blob/aee54878255d71bf93aa6e91bbd4eb1825c0d1b9/kex.c#L1237)
+
+目测是 GFW 或者网络代理商的缘故，ssh 传输被中断了。
+
+## 解决方法
+
+默认 ssh 用的端口是 22。可以采用 [SSH over the HTTPS port](https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port) 的方式，用 HTTPS 端口传输 SSH 协议。
+
+修改 ~/.ssh/config，增加这一段：
+
+```
+Host github.com
+Hostname ssh.github.com
+Port 443
+User git
+```

others/aliyun-cli.md

@@ -0,0 +1,43 @@
+# aliyun cli
+
+https://github.com/aliyun/aliyun-cli/blob/master/README-CN.md
+
+使用准备：先执行 `aliyun configure` 会生成 ./.aliyun/config.json
+
+查询 API 文档：https://api.aliyun.com/
+
+## -FILE 隐藏参数
+
+当使用 `aliyun cdn BatchSetCdnDomainServerCertificate` 这个命令上传证书，根据官方文档，证书内容居然是整个作为字符串传参的。震惊。
+
+根据[这个 issue](https://github.com/aliyun/aliyun-cli/issues/298) 发现，竟然还有一个隐藏参数。官方文档里居然一点都没提到。再次震惊。
+
+我使用 [lego](https://github.com/go-acme/lego) 来生成证书，再配合 `--run-hook` 以及 `--renew-hook` 参数即可在生成证书后部署到阿里云。具体例子如下：
+
+```sh
+#!/usr/bin/env bash
+# vim: ft=bash
+
+set -o errexit -o nounset -o pipefail -o errtrace
+(shopt -p inherit_errexit &>/dev/null) && shopt -s inherit_errexit
+
+PUB=~/.lego/certificates/$1.crt
+PRI=~/.lego/certificates/$1.key
+
+args=(
+ --region cn-hangzhou
+ --DomainName "$2"
+ --SSLProtocol on
+ --CertType upload
+ --SSLPub-FILE "$PUB"
+ --SSLPri-FILE "$PRI"
+)
+
+aliyun cdn BatchSetCdnDomainServerCertificate "${args[@]}"
+```
+
+```sh
+lego --dns alidns -d '*.xxxx.com' -d 'xxxx.com' --email '@gmail.com' \
+  renew \
+  --renew-hook "./cert_hook.sh _.xxxx.com cdn.xxxx.com,public.xxxx.com"
+```

others/umami-is-blocked.md

@@ -0,0 +1,3 @@
+# umami.is 网站被反广告规则屏蔽
+
+在 [AdGuard Tracking Protection filter — third-party trackers](https://raw.githubusercontent.com/AdguardTeam/AdguardFilters/master/SpywareFilter/sections/tracking_servers.txt) 以及 https://github.com/Loyalsoldier/clash-rules 的 reject.txt，以及 https://github.com/Silentely/AdBlock-Acceleration 的 AdGuard DNS Filter 文件里。都把 umami.is 屏蔽了。