03/18/2023 – 一江春水向东流

SECURITY

给节点套上CF的warp，彻底解决access denied error code 1020问题

前言最近的网络最热门的，应该当ChatGPT所属了，在IT开发者界更是：有担忧的，有兴奋的，有求知的，一时兴起万层浪，但是，也有很多小白连最基本的大门都没办法进来，因为流量太大了，已远远超过了ChatGPT的服务器所承受能力，这个访问量已大大超出了你的想像，所以请了一台流量高防大将:CloudFlare，先是真人human验证，再是IP验证，很多新人都对Access deniedAccess denied Error code 1020深有体会吧，今天就聊一下如何彻底地解决这个问题。思路由于CF验证IP，咱们大陆的IP会access denied拒绝，很多海外节点也被拒绝了，因为咱们国人多，热度高，流量大，所以第一排除的就是咱们中国及使用代理最多的中国IP。思路就是套用CloudFlare官方自己的Warp，它对自己人还是友好放行的原理。思路跟解锁Netfilx原生IP一样。条件自己能配置的节点套的IP未被CF自己封 Warp 什么是Warp呢，请查看官方介绍吧官方地址：https://1.1.1.1 用一句话介绍就是，私人的私人代理，如果你也想使用，或者升级到Warp+,推荐连接，我可能获得1G流量安装安装前

curl chat.openai.com

1	curl chat.openai.com

直接显示经典的error code:1020错误，说明我能服务器本身就无法访问ChatGPT，所以你当节点，那也肯定是跑不了1020的了 web

Access denied
You do not have access to chat.openai.com.

The site owner may have set restrictions that prevent you from accessing the site.

Ray ID: 795a3ced8bfa934a
Timestamp: 2023-02-07 06:58:35 UTC
Your IP address: 146.5X.x.x.
Requested URL: chat.openai.com/auth/login
Error reference number: 1020
Server ID: FL_443F37
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Access denied

You do not have access to chat.openai.com.

The site owner may have set restrictions that prevent you from accessing the site.

Ray ID: 795a3ced8bfa934a

Timestamp: 2023-02-07 06:58:35 UTC

Your IP address: 146.5X.x.x.

Requested URL: chat.openai.com/auth/login

Error reference number: 1020

Server ID: FL_443F37

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

我的证实是无法使用的了都是1020错误代码。估计是封IP段安装中第一，先给服务上个快照，折腾坏了也能恢复折腾前的状态第二，安装warp 官网教程：https://pkg.cloudflareclient.com/install 或者通过warp一键配置脚本（项目地址：https://github.com/P3TERX/warp.sh） bash <(curl -fsSL git.io/warp.sh) d 配置xray 登录x-ui控制后台——面板设置——xray相关设置——xray配置模板——复制出来，备份好在高亮文体编辑器里修改（可选） 1，在”outbounds”的代码块添加出站规则 2，在”routing”的代码块添加路由规则，使用域名chat.openai.com及ip138.com(为了测试是否生效)的规则我的xray配置文件

{
  "api": {
    "services": [
      "HandlerService",
      "LoggerService",
      "StatsService"
    ],
    "tag": "api"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 62789,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "127.0.0.1"
      },
      "tag": "api"
    },
    {
      "listen": "127.0.0.1",
      "port": 44223,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "alterId": 64,
            "id": "xx-51fa-xxx-a26d-xxxx"
          }
        ],
        "disableInsecureEncryption": true
      },
      "sniffing": {
        "destOverride": [
          "http",
          "tls"
        ],
        "enabled": true
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "headers": {},
          "path": "/ray"
        }
      },
      "tag": "inbound-44223"
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "chatGPT_proxy",
      "protocol": "socks",
      "settings": {
        "servers": [
          {
            "address": "127.0.0.1",
            "port": 40000
          }
        ]
      }
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "policy": {
    "system": {
      "statsInboundDownlink": true,
      "statsInboundUplink": true
    }
  },
  "log" : {
    "access": "/data/logs/v2ray/access.log",
    "error": "/data/logs/v2ray/error.log",
    "loglevel": "warning"
  },
  "routing": {
    "rules": [
          {
        "type": "field",
        "outboundTag": "chatGPT_proxy",
        "domain": [
          "chat.openai.com",
          "ip138.com"
        ]
      },
      {
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "type": "field"
      },
      {
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "blocked",
        "type": "field"
      },
      {
        "outboundTag": "blocked",
        "protocol": [
          "bittorrent"
        ],
        "type": "field"
      }
    ]
  },
  "stats": {}
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

{

"api": {

"services": [

"HandlerService",

"LoggerService",

"StatsService"

"tag": "api"

"inbounds": [

{

"listen": "127.0.0.1",

"port": 62789,

"protocol": "dokodemo-door",

"settings": {

"address": "127.0.0.1"

"tag": "api"

{

"listen": "127.0.0.1",

"port": 44223,

"protocol": "vmess",

"settings": {

"clients": [

{

"alterId": 64,

"id": "xx-51fa-xxx-a26d-xxxx"

}

"disableInsecureEncryption": true

"sniffing": {

"destOverride": [

"http",

"tls"

"enabled": true

"streamSettings": {

"network": "ws",

"security": "none",

"wsSettings": {

"headers": {},

"path": "/ray"

}

"tag": "inbound-44223"

}

"outbounds": [

{

"protocol": "freedom",

"settings": {}

{

"tag": "chatGPT_proxy",

"protocol": "socks",

"settings": {

"servers": [

{

"address": "127.0.0.1",

"port": 40000

}

]

}

{

"protocol": "blackhole",

"settings": {},

"tag": "blocked"

}

"policy": {

"system": {

"statsInboundDownlink": true,

"statsInboundUplink": true

}

"log" : {

"access": "/data/logs/v2ray/access.log",

"error": "/data/logs/v2ray/error.log",

"loglevel": "warning"

"routing": {

"rules": [

{

"type": "field",

"outboundTag": "chatGPT_proxy",

"domain": [

"chat.openai.com",

"ip138.com"

]

{

"inboundTag": [

"api"

"outboundTag": "api",

"type": "field"

{

"ip": [

"geoip:private"

"outboundTag": "blocked",

"type": "field"

{

"outboundTag": "blocked",

"protocol": [

"bittorrent"

"type": "field"

}

]

"stats": {}

}

总结方法是从解锁Netflix得到的启示，套了Warp就能解锁CloudFlare对你的节点的封锁了，而且现在CloudFlare拒绝访问的IP限制还不是很严格的，从而这个方法可以拯救你节点。总结思路：套用warp——设置域名分流规则

By sean, 2 years03/18/2023 ago

OS

一键自动创建磁盘并挂载

#! /bin/bash
 
#注:只有硬盘没有做过系统才能这么搞，如果有做过文件系统会直接返回异常信息。
 
diskEmpty=""
nameOfLv="lv_data"
nameOfVg="vg_data"
pathOfLog="/tmp/mkfs.log"
pathOfMount="/data"
 
echo -e "\n\n`date '+%Y-%m-%d %H:%M:%S'` ###" >> $pathOfLog
#验证磁盘是否为空，如果为空则把磁盘名称放入diskEmpty中，空格区分
for i in `lsblk -l | grep disk |awk '{print $1}'`； do
    isEmpty=1
    for j in `hexdump -n 170000 -C /dev/$i | head -1000 | awk -F'|' '{print $2}' | grep -v '^$' |awk -F'.' '{print NF-1}'`； do
        if [ $j -ne 16 ];then
            echo "Warnning: disk /dev/$i have data。please check the data of the disk 。" >> $pathOfLog
            isEmpty=0
            break
        fi
    done
    if [ $isEmpty -eq 1 ];then
        diskEmpty="$diskEmpty"" /dev/$i"
    fi
done
echo $diskEmpty
 
#创建逻辑卷和逻辑盘
vgcreate $nameOfVg $diskEmpty &>> $pathOfLog
lvcreate -l 100%FREE -n $nameOfLv $nameOfVg &>> $pathOfLog
 
#验证是否创建成功，如果失败则退出
lvscan |awk -F"'" '{print $2}' | awk -F '/' '{print $4}' | grep "^$nameOfLv$" &>> $pathOfLog
 
if [ $? -ne 0 ];then
echo "ERROR: no exists device of $nameOfLv named !" &>> $pathOfLog
exit 1
fi
 
#获取用于格式化文件系统的真实绝对路径
pathOfDeviceFormkfs=`lvscan |awk -F"'" '{print $2}'|grep "$nameOfLv$"`
echo 'pathOfDeviceFormkfs:' `lvscan |awk -F"'" '{print $2}'|grep "$nameOfLv$"`
 
#在该逻辑卷上制作文件系统
mkfs.xfs $pathOfDeviceFormkfs &>> $pathOfLog
 
#获取新创建的逻辑卷的真实绝对路径
pathOfDevice=`blkid |awk -F":" '{print $1}'|grep "$nameOfLv$"`
#检查挂载点是否存在，不存在则创建
[ ! -d $pathOfMount ] && mkdir $pathOfMount &>> $pathOfLog
 
#获取该逻辑卷的uuid和文件系统类型
infoOfDevice=`blkid |grep "^$pathOfDevice" | awk '{print $2" "$3}' | awk -F'"' '{print $2" "$4}'`
 
uuid=`echo "$infoOfDevice" | awk '{print $1}'`
typeOfFs=`echo "$infoOfDevice" | awk '{print $2}'`
 
#保证两个变量值存在，如果不存在就不做任何临时和永久的挂载操作。
[ -z "$uuid" ] && echo "uuid is null!" &>> $pathOfLog && exit
[ -z "$pathOfDevice" ] && echo "pathOfDevice is null!" &>> $pathOfLog && exit
#将挂载信息写入fstab并挂载
for i in `cat -n /etc/fstab | awk '{print $1" "$2}' | grep -E "$uuid|$pathOfDevice" | awk '{print $1}'`； do
    sed -n "${i}p" /etc/fstab >> $pathOfLog
    echo "warnning: 该数据将删除！"
done
 
echo "UUID=$uuid $pathOfMount $typeOfFs defaults 0 0" >> /etc/fstab
 
mount -a &>> $pathOfLog

#! /bin/bash

#注:只有硬盘没有做过系统才能这么搞，如果有做过文件系统会直接返回异常信息。

diskEmpty=""

nameOfLv="lv_data"

nameOfVg="vg_data"

pathOfLog="/tmp/mkfs.log"

pathOfMount="/data"

echo -e "\n\n`date '+%Y-%m-%d %H:%M:%S'` ###" >> $pathOfLog

#验证磁盘是否为空，如果为空则把磁盘名称放入diskEmpty中，空格区分

for i in `lsblk -l | grep disk |awk '{print $1}'`； do

isEmpty=1

for j in `hexdump -n 170000 -C /dev/$i | head -1000 | awk -F'|' '{print $2}' | grep -v '^$' |awk -F'.' '{print NF-1}'`； do

if [ $j -ne 16 ];then

echo "Warnning: disk /dev/$i have data。please check the data of the disk 。" >> $pathOfLog

isEmpty=0

break

done

if [ $isEmpty -eq 1 ];then

diskEmpty="$diskEmpty"" /dev/$i"

done

echo $diskEmpty

#创建逻辑卷和逻辑盘

vgcreate $nameOfVg $diskEmpty &>> $pathOfLog

lvcreate -l 100%FREE -n $nameOfLv $nameOfVg &>> $pathOfLog

#验证是否创建成功，如果失败则退出

lvscan |awk -F"'" '{print $2}' | awk -F '/' '{print $4}' | grep "^$nameOfLv$" &>> $pathOfLog

if [ $? -ne 0 ];then

echo "ERROR: no exists device of $nameOfLv named !" &>> $pathOfLog

exit 1

#获取用于格式化文件系统的真实绝对路径

pathOfDeviceFormkfs=`lvscan |awk -F"'" '{print $2}'|grep "$nameOfLv$"`

echo 'pathOfDeviceFormkfs:' `lvscan |awk -F"'" '{print $2}'|grep "$nameOfLv$"`

#在该逻辑卷上制作文件系统

mkfs.xfs $pathOfDeviceFormkfs &>> $pathOfLog

#获取新创建的逻辑卷的真实绝对路径

pathOfDevice=`blkid |awk -F":" '{print $1}'|grep "$nameOfLv$"`

#检查挂载点是否存在，不存在则创建

[ ! -d $pathOfMount ] && mkdir $pathOfMount &>> $pathOfLog

#获取该逻辑卷的uuid和文件系统类型

infoOfDevice=`blkid |grep "^$pathOfDevice" | awk '{print $2" "$3}' | awk -F'"' '{print $2" "$4}'`

uuid=`echo "$infoOfDevice" | awk '{print $1}'`

typeOfFs=`echo "$infoOfDevice" | awk '{print $2}'`

#保证两个变量值存在，如果不存在就不做任何临时和永久的挂载操作。

[ -z "$uuid" ] && echo "uuid is null!" &>> $pathOfLog && exit

[ -z "$pathOfDevice" ] && echo "pathOfDevice is null!" &>> $pathOfLog && exit

#将挂载信息写入fstab并挂载

for i in `cat -n /etc/fstab | awk '{print $1" "$2}' | grep -E "$uuid|$pathOfDevice" | awk '{print $1}'`； do

sed -n "${i}p" /etc/fstab >> $pathOfLog

echo "warnning: 该数据将删除！"

done

echo "UUID=$uuid $pathOfMount $typeOfFs defaults 0 0" >> /etc/fstab

mount -a &>> $pathOfLog

By sean, 2 years03/18/2023 ago

March 18, 2023

SECURITY

给节点套上CF的warp，彻底解决access denied error code 1020问题

OS

一键自动创建磁盘并挂载