这篇文章记录了一些杂项
方便自己翻看的一些东西
需要自取
解决一些问题的nginx配置模板
server {
listen 80;
server_name pari.cafe;
root /www/wwwroot/pari.cafe;
location / {
return 301 https://$server_name$request_uri;
}
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
access_log /www/wwwlogs/pari.cafe.log;
error_log /www/wwwlogs/pari.cafe.error.log;
}
server {
listen 443 ssl http2;
server_name pari.cafe;
ssl_certificate /www/server/panel/vhost/cert/pari.cafe/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/pari.cafe/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#PROXY-START/
location / {
proxy_pass https://ddv4.flymc.cc:65443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
# set $static_file2fQNkIPc 0;
# if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
# {
# set $static_file2fQNkIPc 1;
# expires 1m;
# }
#if ( $static_file2fQNkIPc = 0 )
# {
# add_header Cache-Control no-cache;
# }
}
#PROXY-END/
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$1$is_args$args;
#access_log /www/wwwlogs/pari.cafe_purge_cache.log;
}
#引用反向代理规则,注释后配置的反向代理将无效
#include /www/server/panel/vhost/nginx/proxy/pari.cafe/*.conf;
access_log /www/wwwlogs/pari.cafe.log;
error_log /www/wwwlogs/pari.cafe.error.log;
}
docker-compose in Debian
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build
Certbot
certbot certonly \
-d flymc.cc -d *.flymc.cc -d pari.cafe -d *.pari.cafe \
--manual \
--preferred-challenges "dns-01" \
--server "https://dv.acme-v02.api.pki.goog/directory" \
--domains "flymc.cc"
--domains "*.flymc.cc"
--domains "pari.cafe"
--domains "*.pari.cafe"
certbot certonly --preferred-challenges dns --manual -d *.closure.ac.cn -d closure.ac.cn --server https://acme-v02.api.letsencrypt.org/directory
AES 8 8
UKF2bB3AFf/5DLevXeSDP3Xw8m2DUm6iz08VtyeMQ5ROvIfbtPcMXCcBkycvX1zHNLAkh/BsrVXzWMkwh0upC5sVoaEmokk1sqOCDQZpfBUjn4KYphns/XloVze/2K9zUiri18wWYX5r4flxxRrGmVbKkwTF77Wr5Goj5kVDCeTHc8LM+GGR6SS84xdweICx8vt/LCVRXh6Zk6vFbiW579KnG/X6Usx9jrIJwr56Lo/tYrY5N0UBgHLbmn+tNSievt3LQ9v+kh7Zrgt6KJ0iZJYRLC9NgIIoU7c/pfLy893dkEtxYkNiQp4jMprTGKPy9cRs7cmKmgVNSc24EvPRBY5MZVt4yrrIN185qHcUsTgXFLGtg/eDqk0Rq9uWAKhQXTBxWm1zgb17
s3fs挂载对象存储
echo access key:screctkey > ${HOME}/.passwd-s3fs
chmod 600 ${HOME}/.passwd-s3fs
s3fs neko-main /neko-main -o passwd_file=${HOME}/.passwd-s3fs
s3fs drive-data /www/data -o passwd_file=${HOME}/.passwd-s3fs -o url=https://s3.ap-northeast-1.wasabisys.com/ -o use_path_request_style
nping test / hping3
nping --tcp-connect -rate=1000000 -c 4294967295 -q ip/domain -p 443 --badsum-ip -H -N --quiet
hping3 -S --flood -V [target] --rand-source -d 1024 -t 128 -w 1
trojan-go api
trojan-go -api-addr 127.0.0.1:10808 -api set -modify-profile -target-hash 8dfa51d7637f5ed3b6a5c83124eb3787279d6916f9d3128e59712e07 \
-ip-limit 4 \
-upload-speed-limit 10485760 \
-download-speed-limit 10485760
trojan-go -api-addr 127.0.0.1:10808 -api list
循环get计划任务
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
step=1
for (( i = 0; i < 120; i=(i+step) )); do
curl -sS -H "X-Forwarede-For: 127.0.0.1" -H 'Cache-Control: no-cache, no-store' --connect-timeout 10 -m 60 -k '[url]'
echo "----------------------------------------------------------------------------"
endDate=`date +"%Y-%m-%d %H:%M:%S"`
echo "★[$endDate] Successful"
echo "----------------------------------------------------------------------------"
sleep .5
done
exit 0
smartdns cfg
# Add custom settings here.
# set log level
# log-level [level], level=fatal, error, warn, notice, info, debug
# log-level error
# log-size k,m,g
# log-size 128k
# log-file /var/log/smartdns.log
# log-num 2
# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]
response-mode fastest-response
speed-check-mode tcp:80,ping,tcp:443
serve-expired yes
serve-expired-ttl 86400
server 10.0.0.101 -group cn
server 10.0.0.101 -group neko
server 223.5.5.5 -group cn
server 119.29.29.29 -group cn
server 223.6.6.6 -group cn
server 8.8.4.4 -group neko
server 8.8.8.8 -group neko
server-tls 8.8.8.8 -group neko
server-tls 8.8.4.4 -group neko
server-tls dot.alidns.com -group cn
server-tls sophie.flymc.cc -group cn
server-tls sophie.flymc.cc -group neko
server-https https://dns.alidns.com/dns-query -group cn
server-https https://doh.pub/dns-query -group cn
server-https https://8.8.8.8/dns-query -group neko
server-https https://8.8.4.4/dns-query -group neko
conf-file /tmp/etc/smartdns/passwall.conf
# Add custom settings here.
# set log level
# log-level [level], level=fatal, error, warn, notice, info, debug
# log-level error
# log-size k,m,g
# log-size 128k
# log-file /var/log/smartdns.log
# log-num 2
# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]
response-mode first-ping
speed-check-mode none
serve-expired yes
serve-expired-ttl 3600
server 10.0.0.101 -group cn -no-cache
server 8.8.4.4 -group neko -group cn
server 8.8.8.8 -group neko -group cn
server 9.9.9.11 -group neko -exclude-default-group
server-tcp 10.0.0.101 -group cn -no-cache
server-tcp 8.8.4.4 -group neko -group cn
server-tcp 8.8.8.8 -group neko -group cn
server-tcp 9.9.9.11 -group neko -exclude-default-group
server-tls sophie.flymc.cc -group neko -group cn
server-tls 8.8.8.8 -group neko -group cn
server-tls 8.8.4.4 -group neko -group cn
server-tls dns11.quad9.net -group neko -exclude-default-group
server-https https://8.8.8.8/dns-query -group neko -group cn
server-https https://8.8.4.4/dns-query -group neko -group cn
server-https https://dns11.quad9.net/dns-query -group neko -exclude-default-group
conf-file /tmp/etc/smartdns/passwall.conf
宝塔/aa optimization
echo "" > /www/server/panel/script/site_task.py
rm -rf /www/server/panel/logs/request/*
chattr +i /www/server/panel/script/site_task.py
chattr +i -R /www/server/panel/logs/request
Comments NOTHING