@beijiaoff bt 助手是什么？

2022.3.31 更新：博客评论区功能已上线。

测试通过了，真的就是因为 NZBGet 安全协议的锅，关掉就可以用了。

https://t.me/vpstoolbox/1367

我自己编译了个 Docker image ，想用 TLS1.3 的可以试试。

https://hub.docker.com/repository/docker/johnrosen/nzbget

https://github.com/nzbget/nzbget/blob/77f86988cbf625be74b0d757ea900a262625425f/daemon/connect/TlsSocket.cpp#L413

可能是这个的问题

2022.3.22 更新：新增手动保存 iptables 方法。

操，放弃了，手动编译了一遍 NZBGet , tls1.3 还是报错。openssl 确实是最新版本。

Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG getaddrinfo for news-us.newsgroup.ninja: 0 (Connection.cpp:599:DoConnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Starting TLS (Connection.cpp:993:StartTls)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Do disconnecting (Connection.cpp:861:DoDisconnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Destroying Connection (Connection.cpp:146:~Connection)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Disconnecting (Connection.cpp:187:Disconnect)
Tue Mar 22 16:02:07 2022 16960 140204677510912 DEBUG Response="Could not select cipher for TLS: error:1410F0B9:SSL routines:SSL_set_cipher_list:no cipher match" (XmlRpc.cpp:538:BuildResponse)

对端也支持 1.3 的

root@debian:~# openssl s_client -connect news-us.newsgroup.ninja:563 -ciphersuites TLS_AES_128_GCM_SHA256
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = news.sslusenet.com
verify return:1
---
Certificate chain
0 s:CN = news.sslusenet.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIqDCCB5CgAwIBAgISBLvFSa8Jk6lggwq6fPmwSIrWMA0GCSqGSIb3DQEBCwUA
···
bzBq56cGGykABTj3
-----END CERTIFICATE-----
subject=CN = news.sslusenet.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5716 bytes and written 375 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 2426EEC4692BCF9F8D32F5EBC160B965EF6D023EE50F5FDDF041022EBB3C8167
Session-ID-ctx:
Resumption PSK: 18A84FA1AA70A75ED939A6B794739177BFB8F2E2648737BC6F00B6F48309B33A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
···

Start Time: 1647937881
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 02BE66E7987ADFC7BE186E3100B099F98308BA5DFC57E3ADC8DBDA334AD6F006
Session-ID-ctx:
Resumption PSK: FB03F12785AB46C850CB131C049C35559C08FFB06BFAE8529AC96F333FC59E3A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
···

Start Time: 1647937881
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
200 Welcome

2022.3.22 我扔了个 pr 过去，如果他们接的话 tls1.3 就可以用了

https://github.com/linuxserver/docker-nzbget/pull/144

2022.3.22 更新：经测试 NZBGet 不支持 TLS1.3 协议，但支援 TLS1.2 ，因此 `Cipher` 建议设置为 `ECDHE-ECDSA-AES128-GCM-SHA256`(文档已修正)。

2022.3.21 更新：补充 NZBGet 程序缓存及下载队列的图片。

2022.3.21 更新：新增影片质量配置。

@FrankAdler 而且维护也不用我手动干，docker watchtower 会全自动化地拉取新的 image 。

@FrankAdler 所以才会有 sqlite3 这种代码来实现自动化，总不能真的手动去 webui 上一个个配吧

@YAFEIML 卡倒不至于，CPU 够好不会卡的。

@tautcony 本来设计就是一键脚本，只是文档要这么写而已。