Online.net Pro-4-M Benchmark

online的这台机器好像和esxi 有兼容性问题,不管了,先测试再说。

安装好ESXi,在使用vmware native driver 的情况下:

———————————————————————-
CPU model : Intel(R) Xeon(R) CPU E3-1245 v5 @ 3.50GHz
Number of cores : 4
CPU frequency : 3504.000 MHz
Total size of Disk : 47.0 GB (1.2 GB Used)
Total amount of Mem : 3902 MB (165 MB Used)
Total amount of Swap : 3967 MB (0 MB Used)
System uptime : 0 days, 0 hour 3 min
Load average : 0.52, 0.20, 0.08
OS : CentOS 7.6.1810
Arch : x86_64 (64 Bit)
Kernel : 3.10.0-957.el7.x86_64
———————————————————————-
I/O speed(1st run) : 499 MB/s
I/O speed(2nd run) : 498 MB/s
I/O speed(3rd run) : 497 MB/s
Average I/O speed : 498.0 MB/s

阿里轻量云香港

阿里轻量云香港测试IP为149.129.84.1,新加坡测试IP: 149.129.49.31

移动联通直连,但是电信去程为NTT,回程为CN2

被用来服务国内的移动和联通客户还是很不错的

阿里轻量云和普通ECS的区别就是没有内网IP(自带的内网IP无法和ECS的内网互联),另外也没有那2G的防御

同样的腾讯云香港的测试IP为119.28.11.12

还有华为云香港的测试IP为159.138.33.92

GCP的CDN 35.244.179.64

K2P刷官改

K2P A2版因为强大的可玩性,遭到了很多玩家的吹捧,而事实上也确实如此,记住K2P 要收的话一定要收A2版

如果侧重于玩,那么openwrt无疑是最好的选择,可是如果仅仅是为了跑稳定的服务,那么K2P官改无疑是最好的选择.

K2P的破解,随着K2P自带系统的不断升级,越来越难,现在的K2P一般自带的是V22.5.7.85

本方法适用于最新的K2P MTK 22.8.5.189、22.10.2.23、22.10.2.24固件。

一般来说,只需使用下面的第一个工具,刷入breed然后下载固件,在breed里刷入固件即可

更多

Bind 的 forwarding 和 recursion

很少接触bind的各种服务,可是几乎每年都会用到一次两次,每次都得重新搜索bind 的文档,太麻烦了。。下面是在stackoverflow上看到关于bind 的forwarding 和 recursion 的描述,写的很好.

Forwarding: just passes the DNS query to another DNS server (e.g. your ISP’s). Home routers use forwarding to pass DNS queries from your home network’s clients to your ISP’s DNS servers. For example, for foo.example.com, a forwarding DNS server would first check its cache (did it already ask this question before), and if the answer is not in its cache, it would ask its forwarder (your ISP’s DNS server) for the answer, which would respond with either a cached response, or would perform recursion until it figured out the answer.

Recursion: or caching server, the DNS server receiving the query takes it upon itself to figure out the answer to that query by recursively querying authoritative DNS servers for that domain. For example, for foo.example.com, a recursor would first query the root servers for what DNS servers are responsible for the .com TLD, then it would ask those servers for example.com, then it would query the servers for example.com for foo.example.com, finally getting the answer to the original query.

In terms of security, you should separate recursors/forwarders (typically DNS servers used to service a bunch of clients) and authoritative DNS servers (typically these are responsible ONLY for answering queries re: domains that they are authoritative for – these servers will NOT perform recursive queries for anyone).

在centos 7上安装bind 并把它设置为resursor server 最简单了,直接 yum install bind bind-utils就可以了,bind 的默认named.conf 就是一个完整只适用于本机localhost 的 resursor server 设置

防止阿里云备案被撤销

鉴于国内BT的备案的制度,阿里云更为甚之。。。

在阿里云备案的域名,如果没有把IP指向阿里云,也被会阿里云警告

因此最好的办法就是把IP只想阿里云并且模拟一些流量

打开centos 的crontab,可以设置如下crojob,来模拟真实的流量:

0 2 * * * curl -s www.domain1.com > /dev/null 2>&1 >/dev/null 2>&1
0 3 * * * curl -s www.domain2.com > /dev/null 2>&1 >/dev/null 2>&1
0 4 * * * curl -s www.domain3.cn > /dev/null 2>&1 >/dev/null 2>&1
0 5 * * * curl -s www.domain4.cn > /dev/null 2>&1 >/dev/null 2>&1

国内cloud安装军哥LNMP1.6

02-18-2019 Updated: 军哥已经修复了这个问题. 

 

军哥的LNMP准时在1月1号更新了,之前一直在国外的cloud上安装,所以没有遇到任何问题

但是今天在阿里云的深圳机房上安装,确发现了一个小的问题

具体说来就是在LNMP1.6上安装boost的时候,boost 的安装被写入了mysql 的config,mysql 会自动从internet上下boost并且安装配置boost.

问题就出现这里,mysql下载boost,是从sourceforge上下载boost

下载地址:

http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz

阿里云连sourceforge速度超慢,时间一长就会被程序自动timeout了, 不得不说这是国内的悲哀。。。

解决这个办法还是比较简单的,就是提前下载号boost1.59到/root/lnmp1.6/src下面,也就是你的lnmp文件夹下面的src里面就可以了

下载地址:

http://soft.vpser.net/lib/boost/

需要注意的是,lnmp1.6需要是tar.bz2的boost

删除阿里云自带的云盾,监控服务等等

其他的系统我不太清楚,但是aliyun的centos模板自带许多阿里云的服务,比如说云盾,cloudwatch等等,而这些往往是我们不愿意透露出去的,因此需要一上来就删掉这些服务,而这些服务往往还像牛皮癣,很难删的完完整整

下面的操作都是在aliyun 深圳机房的一台安装了centos 7的轻量云上操作的

卸载阿里云监控

wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
sudo ./uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
sudo ./quartz_uninstall.sh

其实quartz的uninstall中已经包含了aegis的卸载命令

删除残留

sudo pkill aliyun-service
sudo rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
sudo rm -rf /usr/sbin/aliyun*
sudo rm -rf /etc/systemd/system/aliyun.service
sudo rm -rf /usr/local/aegis*

 

屏蔽云盾IP

如果用iptables,可用如下命令

iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP

如果用防火墙,可以直接屏蔽下面的IP

140.205.201.0/28
140.205.201.16/29
140.205.201.32/28
140.205.225.192/29
140.205.225.200/30
140.205.225.184/29
140.205.225.183/32
140.205.225.206/32
140.205.225.205/32

最后删除云监控cloudwatch 需要注意的是,centos安装的是go版本的云监控

可以参考这个官方页面

http://help.aliyun.com/document_detail/97929.html

也可以直接使用下面的命令:

/usr/local/cloudmonitor/CmsGoAgent.linux-amd64 stop && \
/usr/local/cloudmonitor/CmsGoAgent.linux-amd64 uninstall && \
rm -rf /usr/local/cloudmonitor

如果你的centos安装的是java版本的话,可以使用

/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh stop
/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh remove && \
rm -rf /usr/local/cloudmonitor

nginx 带query string argument 的URL 跳转

nginx 自带的三个命令,  return, rewrite, try-files功能非常强大,基本可以完成各式各样的跳转, 比如下面的:

server {

    listen 80;

   server_name example.com;

   return 301 https://www.example.com$uri;

}

这样就完成了一个不带www的domain转向带SSL以及www前缀的domain的跳转

$uri: 按照nginx官方文档的话来说,就是current normalized URI in REQUEST

$request_uri: full original request URI (with arguments)

这里很明显就看到了$uri和$request_uri的区别,$uri 是 normalized的,换句话说,就是

  1. 去除了?以及后面的query参数
  2. encoded URL被 decoded

因此这里就出现了一个问题: exapmle.com/test.php?a=b 会跳转到https://www.example.com/test.php, query string丢失了,解决的办法很简单

return 301 https://www.example.com$uri$is_args$args
或者
return 301 https://www.example.com$request_uri

$is_args is an emprt string if there are no arguments, or a ? to signify the start of the query string.

$args then adds the arguments,

CentOS7安装Smokeping2.7.3

准备把国内的一些服务外迁,这里正好做个网络监控来监控以下,smokeping部署在aliyun Hong Kong B区

首先需要删除ECS Centos7中自带的一些阿里云监控

卸载安骑士以及监控:

wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh

 

wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
./quartz_uninstall.sh

可以使用

ps -aux |grep aliyun

来查看是否还有活动的aliyun 服务进程

删除残留服务:

pkill aliyun-service
rm -rf /etc/init.d/agentwatch
rm -rf /usr/sbin/aliyun*
rm -rf /usr/local/aegis*
rm -rf /etc/systemd/system/aliyun*

这样才算基本完成删除的aliyun的残留服务

某些文章上还会写有屏蔽云盾的IP,有时间还是得看看log来查看是不是有必要屏蔽云盾的IP

iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP
iptables -I INPUT -s 140.205.225.195/32 -j DROP
iptables -I INPUT -s 140.205.225.204/32 -j DROP

这篇文章到了这里才算是完成了服务器的初始清理工作

在安装之前我们需要关闭selinux, firewall, 同步一下时间

yum -y install ntpdate
ntpdate 0.pool.ntp.org
sestatus

或者从www.ntppool.org中选择一个

下面开始进入安装工作 ,其实在作者的官方网站把过程写的清清楚楚:

https://oss.oetiker.ch/smokeping/doc/smokeping_install.en.html
  1. 安装epel package
yum install epel-release -y

    2. 安装development tools

yum groupinstall "Development tools" -y

     3. 安装fping (smokeping 2.7.2以上需要fping4.0以上,因此需要手动编译)

cd ~
wget https://fping.org/dist/fping-4.2.tar.gz
tar -zxvf fping-4.2.tar.gz
cd fping-4.2
./configure
make
make install

安装好的fping位于/usr/local/sbin/fping

      4. 安装echoping (预防以后需要做tcp ping)

cd ~
wget https://fossies.org/linux/misc/old/echoping-6.0.2.tar.gz
tar -zxvf echoping-6.0.2.tar.gz
cd echoping-6.0.2
yum install -y popt-devel openssl openssl-devel
./configure --with-ssl --without-libidn
make
make install

安装好的echoping位于/usr/local/bin/echoping

        5 安装需要的package

cd ~
yum install rrdtool rrdtool-perl curl bind-utils gcc make vim gcc-c++ -y
yum install perl-core -y

        6. 安装apache, 注意smokeping是fcgi程序,因此apache 需要安装mod_fcgid, http的版本是2.4.6,

yum install httpd httpd-devel
yum install mod_fcgid
systemctl enable httpd

        7. 安装nginx, nginx的版本是1.12.2

yum install nginx -y

systemctl enable nginx

service nginx start

    8 安装smokeping

cd ~

wget https://oss.oetiker.ch/smokeping/pub/smokeping-2.7.3.tar.gz

tar -zxvf smokeping-2.7.3.tar.gz

cd smokeping-2.7.3

./configure --prefix=/opt/smokeping PERL5LIB=/usr/lib64/perl5/

/usr/bin/gmake install

 

注意,如果我们不加上 ./configure –prefix=/opt/smokeping PERL5LIB=/usr/lib64/perl5/,会提示下面的:

 

** Ready to install Smokeping ******************************

Settings:

PERL5LIB = not set
PERL = /usr/bin/perl

The Smokeping Makefiles use GNU make functionality.
Continue installation with

/usr/bin/gmake install

 

如果我们加上PERL5LIB=/usr/lib64/perl5的话,会显示如下:

** Ready to install Smokeping ******************************

Settings:

PERL5LIB = /usr/lib64/perl5/
PERL = /usr/bin/perl

The Smokeping Makefiles use GNU make functionality.
Continue installation with

/usr/bin/gmake install

9 初始化smokeping, 我们需要建立三个文件夹,data用来存放rrd文件,var用来存放smokeping的pid, log用来存放smokeping.log

cd /opt/smokeping

mkdir data var log

chmod 777 data var log

touch log/smokeping.log

rename config file and set permission

cd /opt/smokeping/etc/

for foo in *.dist; do cp $foo `basename $foo .dist`; done

chmod 600 /opt/smokeping/etc/smokeping_secrets.dist

配置config文件

编辑/opt/smokeping/etc/config, 配置从github上download

10 设置apache

把/opt/smokeping/htdoc下面的文件copy到/var/www/html去

同时

mkdir cache

chmod 777 cache

把smokeping.fcgi.dist改名放到cgi-bin下面

11 编辑apache 配置文件

设置Listen 80 为

Listen 8080

设置 /var/www/html

AllowOverride All

设置/var/www/cgi-bin

AllowOverride All

 

12 配置nginx

配置文件:

server{
listen 80;
server_name www.xxxxxx.com;
index index.html index.htm index.php default.html default.htm default.php;
access_log off;
error_log /var/log/nginx/www.xxxxxx.com.error.log;
location / {
proxy_pass http://127.0.0.1:8080;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 6 32k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
client_max_body_size 50m;
}
}

13 进入/var/www/html, 设置.htaccess

RewriteEngine On
RewriteRule ^$ /cgi-bin/smokeping.fcgi [NC,L]

14. 写入smokeping自启动文件

编辑/etc/systemd/system/smokeping.service

[Unit]
Description=Latency Logging and Graphing System
After=syslog.target network.target

[Service]
ExecStart=/opt/smokeping/bin/smokeping
ExecReload=/bin/kill -HUP $MAINPID
StandardError=syslog
Type=forking
PIDFile=/opt/smokeping/var/smokeping.pid


[Install]
WantedBy=multi-user.target



设置完整个以后

别忘了重启daemon

systemctl daemon-reload

 

 

下面主要是slave的安装设置:

15) 对于slave来说, apache 和nginx 是不需要安装的, 启动文件也需要做一些修改, 编辑/etc/systemd/system/smokeping.service,

[Unit]
Description=Latency Logging and Graphing System
After=syslog.target network.target

[Service]
ExecStart=/opt/smokeping/bin/smokeping --master-url=http://xxx.xxx.xxx/cgi-bin/smokeping.fcgi --cache-dir=/opt/smokeping/cache/ --shared-secret=/opt/smokeping/etc/secret.txt --pid-dir=/opt/smokeping/var --logfile=/opt/smokeping/smokeping.log
ExecReload=/bin/kill -HUP $MAINPID
StandardError=syslog
Type=forking
PIDFile=/opt/smokeping/var/smokeping.pid


[Install]
WantedBy=multi-user.target

 

设置完systemd以后,我们需要重启daemon

systemctl daemon-reload

16 ) 设置slave 的secret

cd /opt/smokeping/etc

vi secret.txt

chmod 640 secret.txt

注意的是,如果这台slave 的secret是iamhippo的话,secret.txt 里面只需要写iamhippo, 其余的都不需要, 另外别忘了设置这个文件的权限,600

17) 设置slave 的hostname

slave 的hostname 需要和master 的secret.txt相对应

AWS centos7 设置hostname 的话,需要用

hostnamectl set-hostname www.iamhippo

18)

 

 

在Master上的设置:

在/opt/smokeping/etc/config 中添加slave 部分:

*** Slaves ***
secrets=/opt/smokeping/etc/smokeping_secrets

+awssg
display_name = AWS_SG
location = SG
color = ff0000

+awsjp
display_name = AWS_JP
location = JP
color = ff0000

在底部target这里,加上

*** Targets ***

slaves = zeus ares

然后reload smokeping和httpd

systemctl reload smokeping

systemctl reload httpd

这个配置简单易懂, smokeping_secrets里面配置secrets,格式是host:secrets

如果按照图上的slave来说,就应该是

awssg:XXXXXX

awsjp:XXXXXX

awssg和awsjp 是 slave 的hostname