立大香酥雞塊

https://www.mobile01.com/newsdetail/23483/fried-chicken-nugget-blind-taste-test-2017

python 3 pandas matplotlib.pyplot

寫程式這麼久，python真的有夠難寫的，網路上一堆範例都有語法上的錯誤或不完整的，後來經由大陸某教學網終於成功

https://morvanzhou.github.io/tutorials/data-manipulation/np-pd/3-8-pd-plot/


1、donwload python3 from python website

2、create aaa.py   put context

import pandas as pd
import numpy as np
import matplotlib.pyplot as plt 

ts = pd.Series(np.random.randn(1000), index=pd.date_range('1/1/2000', periods=1000))
ts = ts.cumsum()
print(ts)

ts.plot()

plt.show()  //This is best important!!

3、python aaa.py  then see error. Usually is package not install. So  just pip install

import matplotlib.pyplot as plt      # pip install matplotlib
import pandas as pd        # pip install pandas

see screen have notis, just follow install.

windows docker go

1、go
mkdir directory  aaa

create file go_httpserver.go

	package main
	import (
	"fmt"
	"net/http"
	)
	func handler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "Welcome to my Website!!!\n %s", r.URL.Path[1:])
	}
	func main() {
	http.HandleFunc("/", handler)
	http.ListenAndServe("0.0.0.0:80", nil)
	}

view raw gistfile1.txt hosted with ❤ by GitHub

package main
import (
  "fmt"
  "net/http"
)

func handler(w http.ResponseWriter, r *http.Request) {
  fmt.Fprintf(w, "Welcome to my Website!!!\n %s", r.URL.Path[1:])
}

func main() {
  http.HandleFunc("/", handler)
  http.ListenAndServe("0.0.0.0:80", nil)
}

set GOARCH=amd64

set GOOS=linux

go build go_httpserver.go   => get linux go program

2、create docker image

2.1  install docker toolbox Link  

2.2  run kitematic then see left-down   DOCKER CLI  , click it, then 

2.2.1 create directory bbb

2.2.2 create Dockerfile

FROM scratch
ADD go_httpserver /
ENTRYPOINT ["/go_httpserver"]

docker buid -t testdockergoweb:v1 .

2.2.3  use kitematic left-up  +NEW  ->  My Images -> CREATE just crate image

2.2.4  now Containers list have testdockergoweb running.  see right-up Settings

-> Hostname / Ports -> change 

DOCKER PORT  80   

PUBLISHED IP:PORT   port->3111

SAVE

then

click  PUBLISHED IP:PORT  list have bule link.    

3、export docker image

in DOCKER CLI   -> docker export testdockergoweb > testdockergoweb.tar

眼光費

http://stockresearchsociety.blogspot.tw/2017/12/1211414.html

• 做短線、想做差價前，就下虛擬單 你寫下來進入點， 要出時寫下賣出點，十次實驗，對的機率有7成以上，可以做差價 

• 如果你的公司值20元，一年能賺3元，目前股價60元，你能說，一年賺3元，本益比20倍，所以60元很便宜，說這種話，我聽了都覺得很好笑。一年能賺3元，公司值20元，你要年年賺3元賺13.x年才賺到到60元，結果你竟然在一季賺了0.75元，你就開始幻想這樣的賺法13年後你就回本。

• 巴非特之所以不敗，原因很簡單，公司值20元，他在股價打7折、8折時，14~16元然後看出這家公司體質改善了，未來會賺錢，走上正確的方向機率很大，巴非特就大力的買在那個價格，然後用時間去換報酬，這樣的投資才是最安全的，沒有被一些人拿走未來15年，20年的獲利當眼光費。

• 投資為什麼常常會賠錢？因為你沒有估價的能力，也沒有耐心，也不會為你的投資做長久的設想，所以很容易一時亂了手腳

• 眼光費

加回匯率因素，XXX淨值約19.7元，目前看一年能賺1~1.2元，我20投資XXX，我等一年，XXX賺1~1.2元，我等兩年XXX賺2~2.4元，兩年後，三年後XXX獲利穩定後，一般世俗的眼光費套在XXX上，大家再選一個氣氛很好，如財報很好或是大盤氣氛很好的時間點，隨隨便便也是一個很大的報酬率，除了本身公司獲利你穩賺的股息外，總是能等到別人給你10~15年獲利當眼光費的一天，一等到你就賺了10~15年的獲利了嗎？要最大化你在XXX最大的報酬，絕對不會是20，21，21元去賣掉覺得自已賺好多，你要最大化XXX的獲利，一定是在一年後，兩年後的某一天，而那一天只要XXX持續優化的情況下，一定會到來，那時才會是你得到最大報酬率的時候

全球海底光缆分布地图

https://www.submarinecablemap.com/

Azure function

headers: {
  'Content-Type': 'application/json'
},
body: {
  ip: (
    req.headers['x-forwarded-for'].split(":")[0]
    //req.headers['x-forwarded-for'] //||
    //req.connection.remoteAddress ||
    //req.socket.remoteAddress //||
    //req.connection.socket.remoteAddress
  )
}

[轉]IMF GDP

https://www.youtube.com/watch?v=4ExDkvchC6Q  3:06開始

GDP2萬多，但實質購買力是5萬

有錢人存了很多錢

國外被掏空，經濟競爭力沒了，老闆不想產業升級

[轉]第一次在 GCP Storage 放置靜態網頁就上手

https://coder.tw/?p=7626

1. install gcloud

2. gcloud auth login  `email`  #login auth email, get rights for change 公開
2.1 gcloud auth revoke `email`   #remove auth email

https://cloud.google.com/sdk/gcloud/reference/auth/login


設定 Bucket 新上傳的檔案預設公開，只能針對 Bucket 設定，不朔及既往 

gsutil defacl set public-read gs://s.ntust.me

設定某資料夾（or Bucket）底下所有檔案、目錄為公開

gsutil acl set -r public-read gs://s.ntust.me/iatp

股

1. 每季報告
• 第四季：因為明年3月才會公布財報，所以第三季公佈後到明年3月，近半年時間，是沒有任何依據，第3季公佈成績好，自然可以撐到明年3月，公佈成績不好，也是同樣不好到明年3月，除非有特殊情況，否則沒人看第四季的。
2. 外資
• 在大洗盤，把散戶洗走：外資看好這支股票，為了增加獲利，壓低股價，嚇散戶自願出場，買下低成本股票，增加持有股數，等待最終獲利。 
• 這段期間不可能讓成本上升，就算上升也會想盡辨法壓低，如果壓不下來，外資持有成本也同樣壓不下來，獲利就不能提高。
• 一般散戶受不了壓力，就直接出場，因為這是長時間，非短期操作。
• 要補單要在大盤情況也不好大跌跟補單

nginx proxy pass [ best practices ] 2 for sysctl tcp

．https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/



http://www.queryadmin.com/1654/tuning-linux-kernel-tcp-parameters-sysctl/

https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/
Don't USE

net.ipv4.tcp_tw_recycle=1
—don’t use it—it was already broken for users behind NAT, but if you upgrade your kernel, it will be broken for everyone.

net.ipv4.tcp_timestamps=0
—don’t disable them unless you know all side-effects and you are OK with them. For example, one of non-obvious side effects is that you will loose window scaling and SACK options on syncookies.



https://read01.com/zh-tw/KBgmj7.html
Don't USE

net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1  /*Only you know, sometime can do*/



***********sysctl**************
net.ipv4.tcp_mtu_probing=1

# Increase number of max open-files
fs.file-max = 150000

# Increase max number of PIDs
kernel.pid_max = 4194303

# Increase range of ports that can be used
net.ipv4.ip_local_port_range = 1024 65535

# https://tweaked.io/guide/kernel/
# Forking servers, like PostgreSQL or Apache, scale to much higher levels of concurrent connections if this is made larger
kernel.sched_migration_cost_ns=5000000

# https://tweaked.io/guide/kernel/
# Various PostgreSQL users have reported (on the postgresql performance mailing list) gains up to 30% on highly concurrent workloads on multi-core systems
kernel.sched_autogroup_enabled = 0

# https://github.com/ton31337/tools/wiki/tcp_slow_start_after_idle---tcp_no_metrics_save-performance
# Avoid falling back to slow start after a connection goes idle
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_no_metrics_save=0

# https://github.com/ton31337/tools/wiki/Is-net.ipv4.tcp_abort_on_overflow-good-or-not%3F
net.ipv4.tcp_abort_on_overflow=0

# Enable TCP window scaling (enabled by default)
# https://en.wikipedia.org/wiki/TCP_window_scale_option
net.ipv4.tcp_window_scaling=1

# Enables fast recycling of TIME_WAIT sockets.
# (Use with caution according to the kernel documentation!)
#net.ipv4.tcp_tw_recycle = 1

# Allow reuse of sockets in TIME_WAIT state for new connections
# only when it is safe from the network stack’s perspective.
#net.ipv4.tcp_tw_reuse = 1

# Turn on SYN-flood protections
net.ipv4.tcp_syncookies=1

# Only retry creating TCP connections twice
# Minimize the time it takes for a connection attempt to fail
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_orphan_retries=2

# How many retries TCP makes on data segments (default 15)
# Some guides suggest to reduce this value
net.ipv4.tcp_retries2=8

# Optimize connection queues
# https://www.linode.com/docs/web-servers/nginx/configure-nginx-for-optimized-performance
# Increase the number of packets that can be queued
net.core.netdev_max_backlog = 3240000
# Max number of "backlogged sockets" (connection requests that can be queued for any given listening socket)
net.core.somaxconn = 50000
# Increase max number of sockets allowed in TIME_WAIT
net.ipv4.tcp_max_tw_buckets = 1440000
# Number of packets to keep in the backlog before the kernel starts dropping them
# A sane value is net.ipv4.tcp_max_syn_backlog = 3240000
net.ipv4.tcp_max_syn_backlog = 3240000

# TCP memory tuning
# View memory TCP actually uses with: cat /proc/net/sockstat
# *** These values are auto-created based on your server specs ***
# *** Edit these parameters with caution because they will use more RAM ***
# Changes suggested by IBM on https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Welcome%20to%20High%20Performance%20Computing%20%28HPC%29%20Central/page/Linux%20System%20Tuning%20Recommendations
# Increase the default socket buffer read size (rmem_default) and write size (wmem_default)
# *** Maybe recommended only for high-RAM servers? ***
net.core.rmem_default=16777216
net.core.wmem_default=16777216
# Increase the max socket buffer size (optmem_max), max socket buffer read size (rmem_max), max socket buffer write size (wmem_max)
# 16MB per socket - which sounds like a lot, but will virtually never consume that much
# rmem_max over-rides tcp_rmem param, wmem_max over-rides tcp_wmem param and optmem_max over-rides tcp_mem param
net.core.optmem_max=16777216
net.core.rmem_max=16777216
net.core.wmem_max=16777216
# Configure the Min, Pressure, Max values (units are in page size)
# Useful mostly for very high-traffic websites that have a lot of RAM
# Consider that we already set the *_max values to 16777216
# So you may eventually comment these three lines
net.ipv4.tcp_mem=16777216 16777216 16777216
net.ipv4.tcp_wmem=4096 87380 16777216
net.ipv4.tcp_rmem=4096 87380 16777216

# Keepalive optimizations
# By default, the keepalive routines wait for two hours (7200 secs) before sending the first keepalive probe,
# and then resend it every 75 seconds. If no ACK response is received for 9 consecutive times, the connection is marked as broken.
# The default values are: tcp_keepalive_time = 7200, tcp_keepalive_intvl = 75, tcp_keepalive_probes = 9
# We would decrease the default values for tcp_keepalive_* params as follow:
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 9

# The TCP FIN timeout belays the amount of time a port must be inactive before it can reused for another connection.
# The default is often 60 seconds, but can normally be safely reduced to 30 or even 15 seconds
# https://www.linode.com/docs/web-servers/nginx/configure-nginx-for-optimized-performance
net.ipv4.tcp_fin_timeout = 7


***********sysctl**************


==PS==
．net.ipv4.tcp_slow_start_after_idle & net.ipv4.tcp_no_metrics_save
https://github.com/ton31337/tools/wiki/tcp_slow_start_after_idle---tcp_no_metrics_save-performance

bbr Kernel 4.9.51

aws linux 官方

https://aws.amazon.com/tw/amazon-linux-ami/2017.09-release-notes/



ubuntu

https://segmentfault.com/a/1190000008395823
https://farer.org/2017/05/18/build-kernel-with-bbr-on-ec2-amazon-linux/

修改/etc/sysctl.conf文件，加入如下两行:

net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr





檢查

cat /proc/sys/net/ipv4/tcp_congestion_control

[轉]AndroidUSB網路共享造成部分Windows視窗卡住/凍結的解決方案

https://home.gamer.com.tw/creationDetail.php?sn=3296359

雞肉 炸

張安爾 雞肉切太大塊了。差不多骰子牛肉大小。雞肉醃好裹地瓜粉（不需要返潮）油溫180度時雞肉丟下去快速撥開撥散後撈起放一下。等油溫再回到180時再回炸一分鐘就好 要起鍋時再丟九層塔下去一秒就可以了

完了 教會你們我就要失業了🤣⋯⋯

10G

https://www.pcdvd.com.tw//showthread.php?t=1137311

https://world.taobao.com/item/546382206714.htm?spm=a312a.7700714.0.0.7060fa67elnvUR#detail

[轉]vga

https://www.mobile01.com/topicdetail.php?f=232&t=5312570&p=2#17

move to ionic3

1、update every things to ionic3  uninstall, install , update npm....etc

2、use ionic 3, create new project, run, sure can run on android.

3、copy old config.xml data to new config.xml

4、change new project src -> src1, then copy old project src.

4.1、 code have any  ionic-native  change @ionic-native/xxxxxxxxx

4.2 、src/app/app.module.ts

．top add import { BrowserModule } from '@angular/platform-browser';

．import、providers same 4.1


4.3、copy new project src/index.html 、 src/service-worker.js

then try   ionic cordova android --emulator

[轉]在大陸來往近10年定居5年，而去年我回台灣了。

https://www.mobile01.com/topicdetail.php?f=651&t=5310046

https://www.mobile01.com/topicdetail.php?f=651&t=5310046#10

https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=2#11

https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=2#14

https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=2#15


https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=3#26

https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=4#40

https://www.mobile01.com/topicdetail.php?f=651&t=5310046&p=18#176

nginx proxy pass [ best practices ]

1、/etc/nginx/nginx.conf

worker_processes 1; #auto;


events {
        worker_connections 3000;  #786;
        # multi_accept on;
}

http {

        server_tokens off;  #open this line
        resolver 8.8.8.8 8.8.4.4 valid=300s;  #resolver dns server

        proxy_cache_path          /var/cache/proxy-nginx levels=1:2 keys_zone=proxy-cache:10m max_size=3g inactive=1d use_temp_path=off;

        add_header X-Cache $upstream_cache_status; #讓Header顯示是否有Cache：HIT命中 MISS失敗  BYPASS略過

        proxy_headers_hash_max_size 51200;  #add this line

        proxy_headers_hash_bucket_size 6400;  #add this line

        log_format  main  '$remote_addr $status $request $body_bytes_sent [$time_local]  $http_user_agent $http_referer  $http_x_forwarded_for $upstream_addr $upstream_status $upstream_cache_status $upstream_response_time';
        access_log /var/log/nginx/access.log main buffer=1m;   #or maybe note # because disk space

        log_format cache_status '[$time_local] "$request" $upstream_cache_status';
        access_log /var/log/nginx/cache_access.log  cache_status;

        

        gzip_proxied any;  #open this line, because CDN

2、/etc/nginx/proxy_params      put all or maybe find document for practices

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Port $server_port;

client_max_body_size 100M;

client_body_buffer_size 1m;

proxy_intercept_errors on;

proxy_buffering on;

proxy_buffer_size 128k;

proxy_buffers 256 16k;

proxy_busy_buffers_size 256k;

proxy_temp_file_write_size 256k;

proxy_max_temp_file_size 0;

proxy_read_timeout 300;

------------------
#slice 1m; # for slice_range

proxy_cache_key $scheme$host$proxy_host$request_uri;  # $slice_range
#proxy_cache_key "$scheme://$host$request_uri";
#proxy_cache_key $host:$server_port$uri$is_args$args; #通过key来hash，定义KEY的值

#proxy_cache_valid 15m;
proxy_cache_valid 200 301 302 304 1h; #206 -> slice_range
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Range $slice_range; #for slice_range
proxy_cache_revalidate on;

# Set some good timeouts
proxy_connect_timeout       300;
proxy_send_timeout          300;
proxy_read_timeout          300;
send_timeout                300;

#proxy_cache_min_uses 3; #只要统一个url,在磁盘文件删除之前，总次数访问到达3次，就开始缓存。
proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment; # 如果任何一个参数值不为空，或者不等于0，nginx就不会查找缓存，直接进行代理转发

------------------
aio threads;
aio_write on;
------------------

open_file_cache max=10000;

open_file_cache_min_uses 2;
open_file_cache_errors on;



2.1、SSL
．/etc/nginx/snippets/ssl-example.com.conf

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #crt
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #key


．/etc/nginx/snippets/ssl-params.conf

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
#resolver 8.8.8.8 8.8.4.4 valid=300s;  #move to nginx.conf http
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

3、/etc/nginx/sites-available/default

# Default server configuration

#server1

server {

        set $ds_host_ip  'xxx.xxx.xxx.xxx';  #destination host ip
        set $ds_hostname 'ooo.ooo.ooo.ooo'; #destination hostname

        listen 80 reuseport;

        #listen [::]:80 default_server;

        #root /var/www/html;

        #index index.html index.htm index.nginx-debian.html;

        #server_name _;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;
                proxy_pass http://$ds_hostname:$server_port;

                include /etc/nginx/proxy_params;

                
                #try_files $uri $uri/ =404;

        }

        location /nginx_status { 

                stub_status on; 

                access_log off; 

        }

}

server {
        set $ds_host_ip  'xxx.xxx.xxx.xxx';
        set $ds_hostname 'ooo.ooo.ooo.ooo';


    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com www.example.com;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;
                proxy_pass http://$ds_hostname:$server_port;

                include /etc/nginx/proxy_params;

}

location /nginx_status {
stub_status on;
access_log off;
}

    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

}

#server2

server {

        set $ds_host_ip  'xxx.xxx.xxx.xxx';

        listen 8881 reuseport;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;
                

                include /etc/nginx/proxy_params;

        }

}

#server3

server {

        set $ds_host_ip  'xxx.xxx.xxx.xxx';

        listen 3333 reuseport;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;
                

                include /etc/nginx/proxy_params;

        }

}

server {

        set $ds_host_ip  'xxx.xxx.xxx.xxx';

        listen 81 reuseport;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;
                

                include /etc/nginx/proxy_params;

        }

}                      

server {

        set $ds_host_ip  'xxx.xxx.xxx.xxx';

        listen 8080 reuseport;

        location / {

                proxy_pass http://$ds_host_ip:$server_port;

                include /etc/nginx/proxy_params;

        }

}


=====  =====
/etc/security/limits.conf
* soft nproc 65535 

* hard nproc 65535 

* soft nofile 65535 

* hard nofile 65535

echo "net.core.somaxconn=1024" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf

echo "net.ipv4.ip_forward=0" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf


===== =====

iptables限制tcp连接和频率

#单个IP在60秒内只允许新建20个连接
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m recent --set --name DEFAULT --rsource

#控制单个IP的最大并发连接数为20
-I INPUT -p tcp --dport 80 -m connlimit  --connlimit-above 20 -j REJECT

#每个IP最多20个初始连接
-A INPUT -p tcp --syn -m connlimit --connlimit-above 20 -j DROP



http://seanlook.com/2015/05/17/nginx-location-rewrite/
http://xyz.cinc.biz/2016/06/nginx-if-and-host-get-variable.html
http://siwei.me/blog/posts/nginx-built-in-variables

https://www.52os.net/articles/nginx-anti-ddos-setting.html
https://www.52os.net/articles/nginx-anti-ddos-setting-2.html

https://gagor.pl/2016/01/optimize-nginx-for-performance/

------------------
https://gryzli.info/2017/05/09/nginx-configuring-reverse-proxy-caching/
https://www.nginx.com/blog/nginx-high-performance-caching/
https://guides.wp-bullet.com/how-to-configure-nginx-reverse-proxy-wordpress-cache-apache/
https://tweaked.io/guide/nginx-proxying/
http://www.jianshu.com/p/625c2b15dad5
http://phl.iteye.com/blog/2256857
https://gist.github.com/regadas/7381125


https://calomel.org/nginx.html

Building the Nginx Reverse Proxy example

make clean; ./configure --with-file-aio --without-http_autoindex_module --without-http_browser_module --without-http_geo_module --without-http_empty_gif_module --without-http_map_module --without-http_memcached_module --without-http_userid_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_split_clients_module --without-http_uwsgi_module --without-http_scgi_module --without-http_referer_module --without-http_upstream_ip_hash_module && make && make install



----------------------------------------------
．https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/

Deploying Brotli for static content

cloudflare/ngx_brotli_module  https://github.com/cloudflare/ngx_brotli_module

https://www.mobile01.com/topicdetail.php?f=506&t=5147355

--auto nginx mod CENTMIN MOD
https://centminmod.com/


．https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/


https://cipherli.st/

On ssl_session_tickets dropbox & cipherli.st have different way............. maybe use cipherli.st

TLS

#ssl_session_tickets on;
#ssl_session_timeout 1h;
#ssl_session_ticket_key /run/nginx-ephemeral/nginx_session_ticket_curr;
#ssl_session_ticket_key /run/nginx-ephemeral/nginx_session_ticket_prev;
#ssl_session_ticket_key /run/nginx-ephemeral/nginx_session_ticket_next;
http://fangpeishi.com/optimizing-tls-record-size.html
http://fangpeishi.com/optimizing-tls-record-size.html


．https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/

ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';

ssl_prefer_server_ciphers on;

AIO

aio threads;
aio_write on;
http://www.infoq.com/cn/articles/thread-pools-boost-performance-9x


．https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/

Open file cache

open_file_cache max=10000;
open_file_cache_min_uses 2;
open_file_cache_errors on;
http://blog.justwd.net/snippets/nginx/nginx-open-file-cache/




．auto nginx mod CENTMIN MOD
https://centminmod.com/



======clern cache=======
https://leokongwq.github.io/2016/11/25/nginx-cache.html

Port Forwarding Gateway via iptables on Linux On AWS

Better way is Amazon Linux and
Enhanced Networking on Linux  C3、C4、M4

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sriov-networking.html

I think is better for performace.

iptraf

Port Forwarding Gateway via iptables on Linux

1、
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#NATSG

1.1、Create instance form ami ：ami-vpc-nat-hvm    choese best new
***NAT AMI***

1.2、

Check．IPv4 forwarding is enabled and ICMP redirects are disabled in /etc/sysctl.d/10-nat-settings.conf

IPv4 forwarding =1


Run．A script located at /usr/sbin/configure-pat.sh runs at startup and configures iptables IP masquerading.
Here have problem, so must delete  POSTROUTING

sudo iptables -t nat -D POSTROUTING 1

2、
https://holtstrom.com/michael/blog/post/400/Port-Forwarding-Gateway-via-iptables-on-Linux.html

eth0 10.0.0.219  52.78.165.129

eth1 10.0.1.149

web server 10.0.1.249

iptables -vxnL --line-numbers
iptables -t nat -vxnL --line-numbers

watch -n 1 sudo iptables -vxnL --line-numbers
watch -n 1 sudo iptables -t nat -vxnL --line-numbers

===Start===
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.219 --dport 888 \
     -j DNAT --to-destination 10.0.1.249:80

☆ iptables -t nat -A POSTROUTING -j MASQUERADE     //key point, can't use out eth0



===抓封包===
tcpdump -i eth0 -p tcp and port 888 -n -v

===刪除===
iptables -D INPUT 2
iptables -t nat -D PREROUTING 2
iptables -t nat -D POSTROUTING 2




===無用===
iptables -A FORWARD -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -d 10.0.1.249 -j ACCEPT

iptables -A FORWARD -d 10.0.1.249 -p tcp --dport 80 -j ACCEPT


iptables -t nat -A POSTROUTING -j SNAT --to-source 10.0.0.219
===無用===


===無用  這行解決 telnet localhost 888===
iptables -t nat -A OUTPUT -p tcp -o lo --dport 888 -j DNAT --to 10.0.1.249:80

視訊到手機網頁 技術整理

rtmp to rtsp to h5 MotionJPEG

https://github.com/agsh/rtsp-ffmpeg

this is ok

html5 rtmp stream

https://blog.gmem.cc/research-on-html5-video-surveillance

JSMpeg – MPEG1 Video & MP2 Audio Decoder in JavaScript for ios stream

First try this demo can play on ios

http://jsmpeg.com/

Second

https://github.com/phoboslab/jsmpeg#encoding-videoaudio-for-jsmpeg


view-stream.html    (nodejs localhost:8080 maybe can see)

websocket-relay.js  this is use node.js then get ws server

Import !!

ffmpeg -re -i rtmp://xxx.xxx.xxx.xxx/live/ooo -f mpegts -codec:v mpeg1video -bf 0 -codec:a mp2 -s 640x360 -r 30  -q 4 -muxdelay 0.001 http://localhost:8081/password  

-re 參數表示以視頻實際播放速率解碼，不加這個參數一般會導致直播速率變得飛快
-re一定要加，代表按照帧率发送，否则ffmpeg会一股脑地按最高的效率发送数据。

-muxdelay 0.001   reduce lag   (maybe no use)

-q  4   Need test

You're setting -q 1, which is the best possible quality. Try setting it to 4 or 8 instead.

compression_level (-q)
Set algorithm quality. Valid arguments are integers in the 0-9 range, with 0 meaning highest quality but slowest, and 9 meaning fastest while producing the worst quality. Can put more than 9.

mpegts this is see error, then find some guy say use mpegts. 

Don't use mpeg1video
https://github.com/phoboslab/jsmpeg/issues/149

localhost:8081/password   this is "node websocket-relay.js"  screen have notify, just try

Example:  node websocket-relay.js password 8081 8080

https://github.com/phoboslab/jsmpeg#example-setup-for-streaming-raspberry-pi-live-webcam

image optimization

https://images.guide/

mariadb galera cluster ubuntu 16 diy

https://www.howtoforge.com/tutorial/how-to-install-and-configure-galera-cluster-on-ubuntu-1604/

nginx proxy pass

see  http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices.html
http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices-2-for.html


server {
  listen 80;
  server_name aaaa.bbbbb.com;
  location /
    {
        proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        proxy_pass http://xxx.xxx.xxx.xxx:80;
    }
}

proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Original-Host $http_host;
proxy_set_header X-Original-Scheme $scheme;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;

client_max_body_size 10m;
client_body_buffer_size 128k;

# client_body_temp_path /var/nginx/client_body_temp;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
#proxy_send_lowat 12000;

proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

# proxy_temp_path /var/nginx/proxy_temp;

proxy_ignore_client_abort on;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;

proxy_max_temp_file_size 128m;

大陸 vps 測試

https://raw.githubusercontent.com/oooldking/script/master/superspeed.sh

#!/usr/bin/env bash
#
# Description: Test your server's network with Speedtest to China
#
# Copyright (C) 2017 - 2017 Oldking
#
# URL: https://www.oldking.net/305.html
#

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
SKYBLUE='\033[0;36m'
PLAIN='\033[0m'

# check root
[[ $EUID -ne 0 ]] && echo -e "${RED}Error:${PLAIN} This script must be run as root!" && exit 1

# check python
if [ ! -e '/usr/bin/python' ]; then
echo -e
read -p "${RED}Error:${PLAIN} python is not install. You must be install python command at first.\nDo you want to install? [y/n]" is_install
if [[ ${is_install} == "y" || ${is_install} == "Y" ]]; then
if [ "${release}" == "centos" ]; then
yum -y install python
else
apt-get -y install python
fi
else
exit
fi

fi

# check wget
if [ ! -e '/usr/bin/wget' ]; then
echo -e
read -p "${RED}Error:${PLAIN} wget is not install. You must be install wget command at first.\nDo you want to install? [y/n]" is_install
if [[ ${is_install} == "y" || ${is_install} == "Y" ]]; then
if [ "${release}" == "centos" ]; then
yum -y install wget
else
apt-get -y install wget
fi
else
exit
fi
fi


clear
echo "#############################################################"
echo "# Description: Test your server's network with Speedtest #"
echo "# Intro: https://www.oldking.net/305.html #"
echo "# Author: Oldking #"
echo "# Github: https://github.com/oooldking #"
echo "#############################################################"
echo
echo "测试服务器到"
echo -ne "1.中国电信 2.中国联通 3.中国移动 4.本地默认 5.全面测速"

while :; do echo
read -p "请输入数字选择： " telecom
if [[ ! $telecom =~ ^[1-5]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done

if [[ ${telecom} == 1 ]]; then
telecomName="电信"
echo -e "\n选择最靠近你的方位"
echo -ne "1.北方 2.南方"
while :; do echo
read -p "请输入数字选择： " pos
if [[ ! $pos =~ ^[1-2]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
echo -e "\n选择最靠近你的城市"
if [[ ${pos} == 1 ]]; then
echo -ne "1.郑州 2.襄阳"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^[1-2]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=4595
cityName="郑州"
fi
if [[ ${city} == 2 ]]; then
num=12637
cityName="襄阳"
fi
fi
if [[ ${pos} == 2 ]]; then
echo -ne "1.上海 2.杭州 3.南宁 4.南昌 5.长沙 6.深圳 7.重庆 8.成都"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^[1-8]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=3633
cityName="上海"
fi
if [[ ${city} == 2 ]]; then
num=7509
cityName="杭州"
fi
if [[ ${city} == 3 ]]; then
num=10305
cityName="南宁"
fi
if [[ ${city} == 4 ]]; then
num=7230
cityName="南昌"
fi
if [[ ${city} == 5 ]]; then
num=6132
cityName="长沙"
fi
if [[ ${city} == 6 ]]; then
num=5081
cityName="深圳"
fi
if [[ ${city} == 7 ]]; then
num=6592
cityName="重庆"
fi
if [[ ${city} == 8 ]]; then
num=4624
cityName="成都"
fi
fi
fi

if [[ ${telecom} == 2 ]]; then
telecomName="联通"
echo -ne "\n1.北方 2.南方"
while :; do echo
read -p "请输入数字选择： " pos
if [[ ! $pos =~ ^[1-2]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
echo -e "\n选择最靠近你的城市"
if [[ ${pos} == 1 ]]; then
echo -ne "1.沈阳 2.长春 3.哈尔滨 4.天津 5.济南 6.北京 7.郑州 8.西安 9.太原 10.宁夏 11.兰州 12.西宁"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^(([1-9])|(1([0-2]{1})))$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=5017
cityName="沈阳"
fi
if [[ ${city} == 2 ]]; then
num=9484
cityName="长春"
fi
if [[ ${city} == 3 ]]; then
num=5460
cityName="哈尔滨"
fi
if [[ ${city} == 4 ]]; then
num=5475
cityName="天津"
fi
if [[ ${city} == 5 ]]; then
num=5039
cityName="济南"
fi
if [[ ${city} == 6 ]]; then
num=5145
cityName="北京"
fi
if [[ ${city} == 7 ]]; then
num=5131
cityName="郑州"
fi
if [[ ${city} == 8 ]]; then
num= 4863
cityName="西安"
fi
if [[ ${city} == 9 ]]; then
num=12868
cityName="太原"
fi
if [[ ${city} == 10 ]]; then
num=5509
cityName="宁夏"
fi
if [[ ${city} == 11 ]]; then
num=4690
cityName="兰州"
fi
if [[ ${city} == 12 ]]; then
num=5992
cityName="西宁"
fi
fi
if [[ ${pos} == 2 ]]; then
echo -ne "1.上海 2.杭州 3.南宁 4.合肥 5.南昌 6.长沙 7.深圳 8.广州 9.重庆 10.昆明 11.成都"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^(([1-9])|(1([0-1]{1})))$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=5083
cityName="上海"
fi
if [[ ${city} == 2 ]]; then
num=5300
cityName="杭州"
fi
if [[ ${city} == 3 ]]; then
num=5674
cityName="南宁"
fi
if [[ ${city} == 4 ]]; then
num=5724
cityName="合肥"
fi
if [[ ${city} == 5 ]]; then
num=5079
cityName="南昌"
fi
if [[ ${city} == 6 ]]; then
num=4870
cityName="长沙"
fi
if [[ ${city} == 7 ]]; then
num=10201
cityName="深圳"
fi
if [[ ${city} == 8 ]]; then
num=3891
cityName="广州"
fi
if [[ ${city} == 9 ]]; then
num=5726
cityName="重庆"
fi
if [[ ${city} == 10 ]]; then
num=5103
cityName="昆明"
fi
if [[ ${city} == 11 ]]; then
num=2461
cityName="成都"
fi
fi
fi

if [[ ${telecom} == 3 ]]; then
telecomName="移动"
echo -ne "\n1.北方 2.南方"
while :; do echo
read -p "请输入数字选择： " pos
if [[ ! $pos =~ ^[1-2]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
echo -e "\n选择最靠近你的城市"
if [[ ${pos} == 1 ]]; then
echo -ne "1.西安"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^[1]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=5292
fi
fi
if [[ ${pos} == 2 ]]; then
echo -ne "1.上海 2.宁波 3.无锡 4.杭州 5.合肥 6.成都"
while :; do echo
read -p "请输入数字选择： " city
if [[ ! $city =~ ^[1-6]$ ]]; then
echo "输入错误! 请输入正确的数字!"
else
break
fi
done
if [[ ${city} == 1 ]]; then
num=4665
cityName="上海"
fi
if [[ ${city} == 2 ]]; then
num=6715
cityName="宁波"
fi
if [[ ${city} == 3 ]]; then
num=5122
cityName="无锡"
fi
if [[ ${city} == 4 ]]; then
num=4647
cityName="杭州"
fi
if [[ ${city} == 5 ]]; then
num=4377
cityName="合肥"
fi
if [[ ${city} == 6 ]]; then
num=4575
cityName="成都"
fi
fi
fi

# install speedtest
if [ ! -e './speedtest.py' ]; then
wget https://raw.github.com/sivel/speedtest-cli/master/speedtest.py > /dev/null 2>&1
fi
chmod a+rx speedtest.py

result() {
download=`cat speed.log | awk -F ':' '/Download/{print $2}'`
upload=`cat speed.log | awk -F ':' '/Upload/{print $2}'`
hostby=`cat speed.log | awk -F ':' '/Hosted/{print $1}'`
latency=`cat speed.log | awk -F ':' '/Hosted/{print $2}'`
clear
echo "$hostby"
echo "延迟 : $latency"
echo "上传 : $upload"
echo "下载 : $download"
echo -ne "\n当前时间: "
echo $(date +%Y-%m-%d" "%H:%M:%S)
}

speed_test(){
temp=$(python speedtest.py --server $1 --share 2>&1)
is_down=$(echo "$temp" | grep 'Download')
if [[ ${is_down} ]]; then
local REDownload=$(echo "$temp" | awk -F ':' '/Download/{print $2}')
local reupload=$(echo "$temp" | awk -F ':' '/Upload/{print $2}')
local relatency=$(echo "$temp" | awk -F ':' '/Hosted/{print $2}')
temp=$(echo "$relatency" | awk -F '.' '{print $1}')
if [[ ${temp} -gt 1000 ]]; then
relatency=" 000.000 ms"
fi
local nodeName=$2

printf "${YELLOW}%-17s${GREEN}%-18s${RED}%-20s${SKYBLUE}%-12s${PLAIN}\n" "${nodeName}" "${reupload}" "${REDownload}" "${relatency}"
else
local cerror="ERROR"
fi
}

if [[ ${telecom} =~ ^[1-3]$ ]]; then
python speedtest.py --server ${num} --share 2>/dev/null | tee speed.log 2>/dev/null
is_down=$(cat speed.log | grep 'Download')

if [[ ${is_down} ]]; then
result
echo "测试到 ${cityName}${telecomName} 完成！"
rm -rf speedtest.py
rm -rf speed.log
else
echo -e "\n${RED}ERROR:${PLAIN} 当前节点不可用，请更换其他节点，或换个时间段再测试。"
fi
fi

if [[ ${telecom} == 4 ]]; then
python speedtest.py | tee speed.log
result
echo "本地测试完成！"
rm -rf speedtest.py
rm -rf speed.log
fi

if [[ ${telecom} == 5 ]]; then
echo ""
printf "%-14s%-18s%-20s%-12s\n" "Node Name" "Upload Speed" "Download Speed" "Latency"
start=$(date +%s)
speed_test '12637' '襄阳电信'
speed_test '5081' '深圳电信'
speed_test '3633' '上海电信'
speed_test '4624' '成都电信'
speed_test '5017' '沈阳联通'
speed_test '4863' '西安联通'
speed_test '5083' '上海联通'
speed_test '5726' '重庆联通'
speed_test '5192' '西安移动'
speed_test '4665' '上海移动'
speed_test '6715' '宁波移动'
speed_test '4575' '成都移动'
end=$(date +%s)
rm -rf speedtest.py
echo ""
time=$(( $end - $start ))
if [[ $time -gt 60 ]]; then
min=$(expr $time / 60)
sec=$(expr $time % 60)
echo -ne "花费时间：${min} 分 ${sec} 秒"
else
echo -ne "花费时间：${time} 秒"
fi
echo -ne "\n当前时间: "
echo $(date +%Y-%m-%d" "%H:%M:%S)
echo "全面测试完成！"
fi

[轉]Linux服务器被黑遭敲诈，3小时紧急逆袭！

http://www.yunweipai.com/archives/22780.html

#查看是否为管理员增加或者修改

find / -type f -perm 4000

#显示文件中查看是否存在系统以外的文件

rpm -Vf /bin/ls

rpm -Vf /usr/sbin/sshd

rpm -Vf /sbin/ifconfig

rpm -Vf /usr/sbin/lsof

#检查系统是否有elf文件被替换

#在web目录下运行

grep -r “getRuntime” ./

#查看是否有木马

find . -type f -name “*.jsp” | xargs grep -i  “getRuntime”

#运行的时候被连接或者被任何程序调用

find . -type f -name “*.jsp” | xargs grep -i  “getHostAddress”

#返回ip地址字符串

find . -type f -name “*.jsp” | xargs grep -i  “wscript.shell”

#创建WshShell对象可以运行程序、操作注册表、创建快捷方式、访问系统文件夹、管理环境变量

find . -type f -name “*.jsp” | xargs grep -i  “gethostbyname”

#gethostbyname()返回对应于给定主机名的包含主机名字和地址信息的hostent结构指针

find . -type f -name “*.jsp” | xargs grep -i  “bash”

#调用系统命令提权

find . -type f -name “*.jsp” | xargs grep -i  “jspspy”

#Jsp木马默认名字

find . -type f -name “*.jsp” | xargs grep -i  “getParameter”

fgrep – R “admin_index.jsp” 20120702.log > log.txt

#检查是否有非授权访问管理日志

#要进中间件所在日志目录运行命令

fgrep – R “and1=1″*.log>log.txt

fgrep – R “select “*.log>log.txt

fgrep – R “union “*.log>log.txt

fgrep – R “../../”*.log >log.txt

fgrep – R “Runtime”*.log >log.txt

fgrep – R “passwd”*.log >log.txt

#查看是否出现对应的记录

fgrep – R “uname -a”*.log>log.txt

fgrep – R “id”*.log>log.txt

fgrep – R “ifconifg”*.log>log.txt

fgrep – R “ls -l”*.log>log.txt

#查看是否有shell攻击

#以root权限执行

cat /var/log/secure

#查看是否存在非授权的管理信息

tail -n 10  /var/log/secure

last cat /var/log/wtmp

cat /var/log/sulog

#查看是否有非授权的su命令

cat /var/log/cron

#查看计划任务是否正常

tail -n 100 ~./bash_history | more

查看临时目录是否存在攻击者入侵时留下的残余文件

ls -la /tmp

ls -la /var/tmp

#如果存在.c .py .sh为后缀的文件或者2进制elf文件。

历史记录和相关访问日志已经被删除，痕迹清除。

安装chrootkit检查是否有rootkit

mkdir chrootkit

cd chrootkit/

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar zxvf chkrootkit.tar.gz 

cd chkrootkit-0.50/

ls

yum install -y glibc-static

make sense

./chkrootkit

vi /etc/motd 发现

[轉]OVS (Open vSwitch) 心得 楊金龍

https://www.facebook.com/dominic16y/posts/1378435818935569




今天跑去台中聽了OVS (Open vSwitch)講座，收獲頗豐(真的值回車票價了!)，這個東西我自己的研究可能要花好幾個月的時間，還不一定能抓對方向或抓到重點，講師今天一個下午就把所有關鍵的問題都提到了，比如說你linux bridge 用的好好的幹嘛要轉到ovs來，這是大家都會關心的問題。

底下一些重點整理:
1.linux bridge效能很好，沒有什麼特殊的需求的話，不用轉到OVS去。
2.linux bridge效能的極限，kernel 跑不滿10G的頻寬(大約7G/s左右)，若你不用10G的網路的話，linux bridge很好用。
3.OVS原生的效能比linux bridge效能差
4.OVS必須要另外加DPDK才能夠跑滿10G頻寬。(大約可跑到15~20G/s)
5.OVS單台機器沒有什麼用，它的功能跟linux bridge一樣
6.OVS必須要多台，並加上controller才能發揮它真正的功能
7.controller 推薦ONOS、OVN
8.OVS支援所有L2的功能(和靜態路由L3功能)，它要使用controller之後，就可以不用STP，可充份利用所有頻寬，也不怕looping所造成的廣播風暴。

srs rtmp forward (push) out || pull in push out

master 192.168.105.20 srs.conf

isten              1935;
max_connections     1000;
srs_log_tank        console; #file; #console;
srs_log_file        ./objs/srs.log;
daemon              off; #on or delete this line
http_api {
    enabled         on;

    listen          1985;

}

http_server {

    enabled         on;

    listen          8080;

    dir             ./objs/nginx/html;

}

stats {

    network         0;

    disk            sda sdb xvda xvdb;

}

vhost __defaultVhost__ {

    ingest livestream {

        enabled      on;

        input {

            type    stream;

            url     rtmp://xxx.ooo.xxx.ooo/live/nna1

        }

        ffmpeg      ./objs/ffmpeg; #if no build, just install then link -s

        engine {

            enabled off;

            output  rtmp://127.0.0.1:[port]/live?vhost=[vhost]/nna2 #this push back this server

        }

    }

    forward         192.168.105.21:1935;

    gop_cache       off;

    queue_length    10;

    min_latency     on;

    mr {

        enabled     off;

    }

    mw_latency      100;

    tcp_nodelay     on;

}

slave 192.168.105.21 srs.conf

listen              1935;

max_connections     1000;

srs_log_tank        file; #console;

srs_log_file        ./objs/srs.log;

#daemon              off;

#http_api {

#    enabled         on;

#    listen          1985;

#}

#http_server {

#    enabled         on;

#    listen          8080;

#    dir             ./objs/nginx/html;

#}

#stats {

#    network         0;

#    disk            sda sdb xvda xvdb;

#}

vhost __defaultVhost__ {

}

==========finsih===========for test======

obs push video to master   rtmp://192.168.105.20/live/obs1

master player  rtmp://192.168.105.20/live/obs1 

slave player  rtpm://192.168.105.21/live/obs1

***srs pull rtmp nna1 then push localhost nna2 ***

check rtmp://xxx.ooo.xxx.ooo/live/nna1 first

master player rtmp://192.168.105.20/live/nna2

slave player rtmp://192.168.105.21/live/nna2

PS:

1、debug just  

a. daemon off   

b. srs_log_tank console;

then see screen have any error msg. Some info like restart ffmpeg.


2、if slave can't play, just use port :1935


============
go-oryx

linux usb boot windows

https://www.pendrivelinux.com/yumi-multiboot-usb-creator/

https://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

[轉]在Ubuntu 使用 Lets Encrypt 與 Nginx

https://blog.technologyofkevin.com/?p=591


see http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices.html
http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices-2-for.html

docker db Volumes

http://dockone.io/article/128

http://container42.com/2014/11/18/data-only-container-madness/


http://dockone.io/article/129



在volume产生时，是docker run的准备阶段（create），而执行entrypoint.sh则是在启动阶段（start）

clustercontrol install finish

ssh-copy-id  better use root


ssh-copy-id  finish


Reboot clustercontrol server


======sysbench======

[sysbench]

select

sysbench --num-threads=128 --report-interval=3 --max-requests=0 --max-time=300 --test=/usr/share/sysbench/tests/include/oltp_legacy/select.lua --mysql-table-engine=innodb --oltp-table-size=5000000 --mysql-user=root --mysql-password="E<8r)^t-E<8r)^t-"  --oltp-tables-count=1 --db-driver=mysql --mysql-host=192.168.xxx.xxx --mysql-port=3306 prepare

sysbench --num-threads=128 --report-interval=3 --max-requests=0 --max-time=300 --test=/usr/share/sysbench/tests/include/oltp_legacy/select.lua --mysql-table-engine=innodb --oltp-table-size=5000000 --mysql-user=root --mysql-password="E<8r)^t-E<8r)^t-"  --oltp-tables-count=1 --db-driver=mysql --mysql-host=192.168.xxx.xxx --mysql-port=3306 run



Oltp  read/write

* 产生数据
sysbench --num-threads=128 --report-interval=3 --max-requests=0 --max-time=300 --test=/usr/share/sysbench/tests/include/oltp_legacy/oltp.lua --mysql-table-engine=innodb --oltp-table-size=5000000 --mysql-user=root --mysql-password="E<8r)^t-E<8r)^t-"  --oltp-tables-count=1 --db-driver=mysql --mysql-host=192.168.xxx.xxx --mysql-port=3306 prepare


* 执行
sysbench --num-threads=128 --report-interval=3 --max-requests=0 --max-time=300 --test=/usr/share/sysbench/tests/include/oltp_legacy/oltp.lua --mysql-table-engine=innodb --oltp-table-size=5000000 --mysql-user=root --mysql-password="E<8r)^t-E<8r)^t-"  --oltp-tables-count=1 --db-driver=mysql --mysql-host=192.168.xxx.xxx --mysql-port=3306 run


*清除
最後面改成 cleanup

Operating System User clustercontrol

https://severalnines.com/docs/requirements.html#operating-system-user

firebase hosts cloudflare

ERR_TOO_MANY_REDIRECTS




Or



Error 526

SSL   change Full  or Full (strict)

just try

go gae telegram bot telegrambot

https://blog.sean.taipei/2017/05/telegram-bot
https://github.com/cortinico/telebotgae


Use this token to access the HTTP API:
445067055:AAG8Lz1EL---------------------------------


．https://api.telegram.org/bot<Token>/<Method Name>
https://api.telegram.org/bot445067055:445067055:AAG8Lz1EL---------------------------------/getMe
https://api.telegram.org/bot445067055:445067055:AAG8Lz1EL---------------------------------/getUpdates



．https://api.telegram.org/bot<Token>/sendMessage?chat_id=<Chat_id>&text=<Message>

chat_id 使用者送訊息給telegram bot後，去getUpdates，就會有chat id

https://api.telegram.org/bot445067055:AAG8Lz1EL---------------------------------/sendMessage?chat_id=265----------&text=Hello+World



．https://api.telegram.org/bot<Token>/setWebhook?url=<Url>

刪除是用 deleteWebhook
取得Webhook資料 getWebhookInfo

https://api.telegram.org/bot[API_KEY]/setWebhook?url=https://[PROJECT-ID].appspot.com

https://api.telegram.org/bot445067055:AAG8Lz1EL---------------------------------/setWebhook?url=https://xxx---bot-17------.appspot.com

inscapsula cdn ddos free plans

https://www.incapsula.com/pricing-and-plans.html


最近才知道  Incapsula 蠻有名的，有免費試用喔


免費的額度是

頻寬 5Mb/s

1個月2T以內

[轉]async 、 await es6 promise javqscript

https://hackmd.io/s/Bko9gUGYZ

ip firewall filiter raw input forward

https://www.mobile01.com/topicdetail.php?f=110&t=3205444&p=574#5738


ip firewall filter是在nat動作後

ip firewall raw在nat動作前



當封包透過nat進來後會分兩個路徑: 1.提供路由器(Router)自用 2.給區域網路的電腦使用

若要指定給路由器(Router),進入chain使用input
若要指定給區域網路的電腦,chain則一律用forward

一般病毒防護都著重在區網的桌機,所以要在firewall filter進行過濾,chain設為forward即可.

RouterOS路由器的smb伺服器預設是關閉的,所以若沒開啟不太需要再新增一筆chain=input封鎖項目.



/ip firewall raw操作:
在nat之前的意思即,封包在進入路由器前就先判定有敵意.
所以在這操作即不管這封包最終是路由器使用,還是給區網的電腦操作一律都先行丟棄,這樣明白吧XD


input/forward都是在nat後的動作,所以在firewall raw看不到這兩個chain.

prerouting是在nat前的動作,所以在firewall filter看不到這個chain.

[轉][RouterOS] 上傳流量爆頻寬 DNS

https://tlcheng.wordpress.com/tag/rb750gr3/

go gae mux static html css js images

1、裝官方gcloud工具
2、裝python 2.7
3、到官方工具目錄 ..........\Local\Google\Cloud SDK\google-cloud-sdk
3-1、設定path   //執行 install.bat 會有說明

source

在原本開發go的目錄執行下面指令及可，但要特別注意 出現套件未安裝的話 go get github.com/xxxx  裝一裝就行了


dev_appserver.py app.yaml  //這裡要特注意，因為是local測試，會出錯！因為init()問題，如果是用flexible就不會，但又要改app.yaml

gcloud app deploy

gcloud app browse

======
gcloud init //reset project id


注意：gae flexible environment vs standard environment
https://cloud.google.com/appengine/docs/the-appengine-environments
所以要用 standard environment


====================
https://www.slideshare.net/takuyaueda967/gaegoweb

elk Elasticsearch Logstash and Kibana fortigate ubuntu

https://www.rosehosting.com/blog/install-and-configure-the-elk-stack-on-ubuntu-16-04/

https://www.elastic.co/guide/en/logstash/current/configuration.html

https://dotblogs.com.tw/supershowwei/2016/05/25/185741


install finish

1、/etc/logstash/conf.d/    put some logstash conf

2、ubuntu have logstash listen error, so nano /etc/logstash/startup.options
LS_USER = root

3、/usr/share/logstash/bin# ./system-install        reuse LS_USER for config


注意：

 mutate {
        add_field => {
            "logTime" => "%{+YYYY-MM-dd} %{time}"
        }

[轉]Docker工具新手入門 用指令熟悉容器生命週期

http://netadmin.com.tw/article_content.aspx?sn=1708010003&jump=2

aws linux partition resize

http://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux


1、AWS console  EC2 resizse

2、login EC2


2.1、 lsblk       get info to disk size.  Is resize ok?

2.2  resize2fs /dev/xvda1

If 2.2 finish, then resize faild.  follow 2.3

2.3  parted /dev/xvda

2.3.1  parted> print all     -> get disk real size
2.3.2  parted> resizepart
2.3.3  parted> 1
2.3.4 parted End?>put size is 2.3.1
2.3.5 parted>exit

then 2.2 again. If ok then 2.1 check age.

PS：
2.3.4  

End?> -1

-1 最大磁碟空間

[轉]Easy Middleware in Go

https://dev.to/kevburnsjr/easy-middleware-in-go

[轉]Go + Microservices = Go kit

https://peter.bourgon.org/applied-go-kit/#1

[轉]bestpractices.slide

https://talks.golang.org/2013/bestpractices.slide#19

[轉]Standard Package Layout

https://medium.com/@benbjohnson/standard-package-layout-7cdbc8391fc1

[轉]Go best practices, six years in

https://peter.bourgon.org/go-best-practices-2016/

go control docker

https://blog.kowalczyk.info/article/w4re/using-mysql-in-docker-for-local-testing-in-go.html

https://github.com/kjk/go-cookbook/tree/master/start-mysql-in-docker-go

[轉]谁吃了我的Linux内存?

http://colobu.com/2017/03/07/what-is-in-linux-cached/#more


slabtop -s c

======================

pcstat

https://github.com/tobert/pcstat

#!/bin/bash



#you have to install pcstat

if [ ! -f /data0/brokerproxy/pcstat ]

then

    echo "You haven't installed pcstat yet"

    echo "run \"go get github.com/tobert/pcstat\" to install"

    exit

fi



#find the top 10 processs' cache file

ps -e -o pid,rss|sort -nk2 -r|head -10 |awk '{print $1}'>/tmp/cache.pids

#find all the processs' cache file

#ps -e -o pid>/tmp/cache.pids



if [ -f /tmp/cache.files ]

then

    echo "the cache.files is exist, removing now "

    rm -f /tmp/cache.files

fi



while read line

do

    lsof -p $line 2>/dev/null|awk '{print $9}' >>/tmp/cache.files 

done</tmp/cache.pids





if [ -f /tmp/cache.pcstat ]

then

    echo "the cache.pcstat is exist, removing now"



    rm -f /tmp/cache.pcstat

fi



for i in `cat /tmp/cache.files`

do



    if [ -f $i ]

    then



        echo $i >>/tmp/cache.pcstat

    fi

done



/data0/brokerproxy/pcstat  `cat /tmp/cache.pcstat`



rm -f /tmp/cache.{pids,files,pcstat}