nuxt3 build .env !!

You want Build time use .env setting context. Two way:

1. source .env

package.json > "build": "source .env && nuxt build"

2. eval $(grep '^NUXT_' .env)

package.json > "build": "eval $(grep '^PROD_' .env) && nuxt build"

^RROD_ can replace by yourself

.env file inside

PROD_API_URL=https://ooxxooxx

nuxt 3 $fetch x-www-form-urlencode blob

file download

  const pdf = async () => {
    const download_url = new URL("/api/pdf")
    download_url.search = new URLSearchParams({'order_id': '20241101001'}).toString();
    
    try {
      const blob = await $fetch(download_url.toString(), {
        method: 'GET',
        headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
        },
      })
    
      const link = document.createElement('a');
      link.href = URL.createObjectURL(blob);
      link.setAttribute('download', '20241101001.pdf');
      document.body.appendChild(link);
      link.click()

      document.body.removeChild(link);
    } catch (error) {
      console.log(error)
    }
  }

file print

  var iframe = document.createElement('iframe');
  iframe.style.display = 'none';
  iframe.src = url;
  document.body.appendChild(iframe);
  iframe.contentWindow.focus();
  iframe.contentWindow.print();

Alpine qemu-guest-agent no such package

> apk add qemu-guest-agent

ERROR: unable to select packages:
  qemu-guest-agent (no such package):
    required by: world[qemu-guest-agent]

Only way: Change Alpine repositores.

# https://wiki.alpinelinux.org/wiki/Repositories

> setup-apkrepos -cf

or

http://alpine.ccns.ncku.edu.tw/alpine/v3.20/main

#http://dl-cdn.alpinelinux.org/alpine/v3.20/community

http://alpine.cs.nycu.edu.tw/v3.20/main

http://alpine.cs.nycu.edu.tw/v3.20/community

Alpine Linux image with Cloud-Init ready for Proxmox

[轉]How to prepare Alpine Linux image with Cloud-Init ready for Proxmox

https://5wire.co.uk/how-to-prepare-alpine-linux-image-with-cloud-init-ready-for-proxmox/

[轉]Enable cloud-init for a Alpine VM on proxmox

https://gist.github.com/longtian/499261f4c68f0fb40b481bb1e74aa8ca

systemd wstunnel

Create /etc/systemd/system/wstunnel.service

[Unit]
Description=Wstunnel Server Service
After=network.target

[Service]
Type=simple
Restart=on-failure
RestartSec=5s
LimitNOFILE=1048576

ExecStart=/usr/bin/wstunnel server wss://[::]:1234 -r aabbccddeeff

[Install]
WantedBy=multi-user.target

systemctl daemon-reload

systemctl enable wstunnel.service

systemctl start wstunnel.service

systemctl status wstunnel.service

[轉]Debian: fail2ban + nftables

https://blog.cyberfront.org/index.php/2021/10/27/debian-fail2ban/

=====

https://github.com/fail2ban/fail2ban/issues/3292

# /etc/fail2ban/jail.local
[DEFAULT]
default_backend = systemd
logtarget = SYSTEMD-JOURNAL

# /etc/fail2ban/jail.d/named.conf
[named-refused-tcp]
backend = systemd

How to check

1. journalctl -r

2. less /var/log/fail2ban.log

3. fail2ban-client status or fail2ban-client status sshd or fail2ban-client status ooxxooxx

2 files in one command Create SSL for wildcard domain selfsigned

https://gist.github.com/dasgoll/5c7c02f363e7aeaff2837d650d985cc7

EX: *.ccdd.com

openssl req  -subj "/C=cd/CN=*.ccdd.com" -x509 -nodes -days 365 -newkey rsa:2048 -keyout ccdd-wildcard-selfsigned.key -out ccdd-wildcard-selfsigned.crt

awesome-tunneling

https://github.com/anderspitman/awesome-tunneling

nftables template

https://wiki.gbe0.com/en/linux/firewalling-and-filtering/nftables/template-inbound-outbound

#!/usr/sbin/nft -f

## Clear/flush all existing rules
flush ruleset

# Main inet family filtering table
table inet filter {

  # Rules for forwarded traffic
  chain forward {
    type filter hook forward priority 0; policy drop

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "Forward - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

  # Rules for input traffic
  chain input {
    type filter hook input priority 0; policy drop

    ## Permit inbound traffic to loopback interface
    iif lo \
      accept \
      comment "Permit all traffic in from loopback interface"

    ## Permit established and related connections
    ct state established,related \
      counter \
      accept \
      comment "Permit established/related connections"

    ## Log and drop new TCP non-SYN packets
    tcp flags != syn ct state new \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - New !SYN: " \
      comment "Rate limit logging for new connections that do not have the SYN TCP flag set"
    tcp flags != syn ct state new \
      counter \
      drop \
      comment "Drop new connections that do not have the SYN TCP flag set"

    ## Log and drop TCP packets with invalid fin/syn flag set
    tcp flags & (fin|syn) == (fin|syn) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - TCP FIN|SIN: " \
      comment "Rate limit logging for TCP packets with invalid fin/syn flag set"
    tcp flags & (fin|syn) == (fin|syn) \
      counter \
      drop \
      comment "Drop TCP packets with invalid fin/syn flag set"

    ## Log and drop TCP packets with invalid syn/rst flag set
    tcp flags & (syn|rst) == (syn|rst) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - TCP SYN|RST: " \
      comment "Rate limit logging for TCP packets with invalid syn/rst flag set"
    tcp flags & (syn|rst) == (syn|rst) \
      counter \
      drop \
      comment "Drop TCP packets with invalid syn/rst flag set"

    ## Log and drop invalid TCP flags
    tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - FIN:" \
      comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) < (fin)"
    tcp flags & (fin|syn|rst|psh|ack|urg) < (fin) \
      counter \
      drop \
      comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) < (fin)"

    ## Log and drop invalid TCP flags
    tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
      limit rate 100/minute burst 150 packets \
      log prefix "IN - FIN|PSH|URG:" \
      comment "Rate limit logging for invalid TCP flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"
    tcp flags & (fin|syn|rst|psh|ack|urg) == (fin|psh|urg) \
      counter \
      drop \
      comment "Drop TCP packets with flags (fin|syn|rst|psh|ack|urg) == (fin|psh|urg)"

    ## Drop traffic with invalid connection state
    ct state invalid \
      limit rate 100/minute burst 150 packets \
      log flags all prefix "IN - Invalid: " \
      comment "Rate limit logging for traffic with invalid connection state"
    ct state invalid \
      counter \
      drop \
      comment "Drop traffic with invalid connection state"

    ## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
    ip protocol icmp icmp type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit inbound IPv4 echo (ping) limited to 2000 PPS"

    ## Permit all other inbound IPv4 ICMP
    ip protocol icmp \
      counter \
      accept \
      comment "Permit all other IPv4 ICMP"

    ## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
    icmpv6 type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit inbound IPv6 echo (ping) limited to 2000 PPS"

    ## Permit all other inbound IPv6 ICMP
    meta l4proto { icmpv6 } \
      counter \
      accept \
      comment "Permit all other IPv6 ICMP"

    ## Permit inbound traceroute UDP ports but limit to 500 PPS
    udp dport 33434-33524 \
      limit rate 500/second \
      counter \
      accept \
      comment "Permit inbound UDP traceroute limited to 500 PPS"

    ## Permit inbound SSH
    tcp dport ssh ct state new \
      counter \
      accept \
      comment "Permit inbound SSH connections"

    ## Permit inbound HTTP and HTTPS
    tcp dport { http, https } ct state new \
      counter \
      accept \
      comment "Permit inbound HTTP and HTTPS connections"

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "IN - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

  # Rules for output traffic
  chain output {
    type filter hook output priority 0; policy drop

    ## Permit outbound traffic to loopback interface
    oif lo \
      accept \
      comment "Permit all traffic out to loopback interface"

    ## Permit established and related connections
    ct state established,related \
      counter \
      accept \
      comment "Permit established/related connections"

    ## Drop traffic with invalid connection state
    ct state invalid \
      limit rate 100/minute burst 150 packets \
      log flags all prefix "OUT - Invalid: " \
      comment "Rate limit logging for traffic with invalid connection state"
    ct state invalid \
      counter \
      drop \
      comment "Drop traffic with invalid connection state"

    ## Permit IPv4 ping/ping responses but rate limit to 2000 PPS
    ip protocol icmp icmp type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit outbound IPv4 echo (ping) limited to 2000 PPS"

    ## Permit all other outbound IPv4 ICMP
    ip protocol icmp \
      counter \
      accept \
      comment "Permit all other IPv4 ICMP"

    ## Permit IPv6 ping/ping responses but rate limit to 2000 PPS
    icmpv6 type { echo-reply, echo-request } \
      limit rate 2000/second \
      counter \
      accept \
      comment "Permit outbound IPv6 echo (ping) limited to 2000 PPS"

    ## Permit all other outbound IPv6 ICMP
    meta l4proto { icmpv6 } \
      counter \
      accept \
      comment "Permit all other IPv6 ICMP"

    ## Permit outbound traceroute UDP ports but limit to 500 PPS
    udp dport 33434-33524 \
      limit rate 500/second \
      counter \
      accept \
      comment "Permit outbound UDP traceroute limited to 500 PPS"

    ## Allow outbound HTTP and HTTPS connections
    tcp dport { http, https } ct state new \
      counter \
      accept \
      comment "Permit outbound HTTP and HTTPS connections"

    ## Permit outbound DNS requests
    meta l4proto { tcp, udp } th dport 53 \
      counter \
      accept \
      comment "Permit outbound TCP and UDP DNS requests"

    ## Allow outbound NTP requests
    udp dport 123 \
      counter \
      accept \
      comment "Permit outbound NTP requests"

    ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute
    ## The default policy will be applied to unmatched traffic
    limit rate 60/minute burst 100 packets \
      log prefix "OUT - Drop: " \
      comment "Log any unmatched traffic"

    ## Count the unmatched traffic
    counter \
      comment "Count any unmatched traffic"
  }

}

cloudflare tunnel rdp

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/rdp/#connect-to-rdp-server-with-cloudflared-access

This document is bad for understand.

Important

1. Server (be control) need connect to cloudflare tunnel.
2. Client need connect to cloudflare tunnel too.

Server - tunnel - cloudflare - tunnel - Client

Server
Follow cloudflare document “1. Connect the server to Cloudflare”. This is correct.

Client
cloudflare document “2. Connect as a user” have problems

cloudflared access rdp --hostname rdp.example.com --url rdp://localhost:3389

--hostname => --tunnel-host

cloudflared access rdp --tunnel-host rdp.example.com --url rdp://localhost:3389

Then Rdp Client connect localhost:3389

Clinet PC opne port 3389, rdp client use this port –connect to– cloudflare rdp.example.com –pass to– Server rdp://localhost:3389

Result

> cloudflared access rdp --tunnel-host rdp.example.com --url localhost:3389
2024-09-12T04:36:46Z INF Start Websocket listener host=localhost:3389

promox ve helper-Scripts

https://tteck.github.io/Proxmox/#proxmox-ve-tools

laravel Production-ready

1. https://serversideup.net/open-source/spin/

2. Laravel sail https://laravel.com/docs/11.x/installation#choosing-your-sail-services

3. shinsenter laravel https://github.com/shinsenter/php/pkgs/container/laravel

Livewire resize But...

https://hugo-indol-chi.vercel.app/2024/08/livewire-resize-but.../

php artisan config:cache

https://serversideup.net/open-source/docker-php/docs/laravel/laravel-automations#php-artisan-configcache

This command caches all configuration files into a single file, which can then be quickly loaded by Laravel. Once the configuration is cache, the .env file will no longer be loaded.

LiveWire meteor.js LiveView

Before using LiveWire, JavaScript was always the language used for both frontend and backend development. When choosing a framework, one of the most important factors to consider is validation.

Validation is a crucial and time-consuming aspect of development. It needs to be performed on the frontend, backend, and when modifying the database through input, update, or delete operations. In some cases, the validation process may be performed twice. Typically, the backend performs validation using the same language. This makes validation a reusable function. On the other hand, the frontend often uses JavaScript, which is a different language.

This is where Meteor.js comes in as the best option. It provides all the necessary packages for full-stack development through npm. However, there was a drawback at that time - Node.js 14 was considered too old due to its use of fibers. The combination of Meteor.js and Node.js 14 made it difficult to separate concerns. Fortunately, Meteor.js v3 has made a comeback.

At present, Livewire offers similar advantages by allowing validation to be performed using the same backend function and the same PHP language. Additionally, it provides automatic rendering with two-way binding.

As for LiveView, I am still trying to understand how it works. At this point, I have two questions: Can frontend validation be performed using backend functions? The answer is yes. Can frontend developers easily modify and work together with Vue, React, Alpine, and other frameworks? I don't have an answer to that yet.

PS

If I had to replace Meteor.js today
https://medium.com/@alexandre.penombre/if-i-had-to-replace-meteor-js-today-6647f4bd99b3

In 2024, It’s Simple to Redo a Lightweight Meteor.js...

config env get name and value

use github.com/spf13/viper Get env data

config.go

type urls struct {
    Demo1 string `mapstructure:"demo1"`
    Demo2 string `mapstructure:"demo2"`
}

type NotifyHttps struct {
    Name    string  `mapstructure:"name"`
    Token   string  `mapstructure:"token"`
    Urls    urls    `mapstructure:"urls"`
}

type env struct {
    NotifyHttp   NotifyHttps `mapstructure:"notify_https"`
}

.env

notify_https:
  name: order_comfire
  token: 123456abcdef
  urls:
    demo1: localhost:8888
    demo2: localhost:8443

notify.go

refUrls := reflect.ValueOf(config.Env.NotifyHttps.Urls)
urlNum := refUrls.NumField()

for i := 0; i < urlNum; i++ {
  url := refUrls.Field(i).String()
  if url != "" {
    // notify url 
    // record refUrls.Type().Field(i).Name be notify.
  }
}

copilot

現在試用了一下，發現...

一開始覺得沒用，後來好像又有用，但現在又發現無用

主要好是

1. 預測一些你可能要做的操作，給一段程試碼，不一定會對，但對的情況下，只要按tab，就省得打

2. 有些程式碼看起有點重覆，可以請它優化，有些寫法是ok的，按下tab也是能省一些時間

壞

只要是系統比較多功能或架構，像我試預約系統，基本上只能產生一個殼而己，更細部的都不太行，而且建議到後面 ai會自己白痴掉，自己卡自己的code

我們進階需要的是架構和整個細部，不是殼

先進的stream server

https://github.com/ZLMediaKit/ZLMediaKit

https://github.com/q191201771/lal

Cart Rule

Cart Rule

serversideup VPS-Benchmarks-for-Self-hosters

https://521dimensions.notion.site/VPS-Benchmarks-for-Self-hosters-c6eca7c5f16d4bb8aeb989174fc58ffe

Hetzner Cloud

prohosting24 https://prohosting24.net/genoa 這間評價可，高防、效能不錯，無限流量，但用太多會限流，或是被踢掉，不能有法

Unmarshal dynamic JSON based on a type key

https://play.golang.com/p/BPWVd0WAfqR

package main

import (
	"encoding/json"
	"fmt"
)

var bodyA = []byte(`{ 
  "type": "A",
  "data": { "name": "Johnny" }
}`)

var bodyB = []byte(`{ 
  "type": "B",
  "data": { "nickname": "J." }
}`)

type TypeA struct {
	Name string `json:"name"`
}

type TypeB struct {
	Nickname string `json:"nickname"`
}

func main() {
	req := struct {
		Type string `json:"type"`
		Data any    `json:"data"`
	}{}

	err := json.Unmarshal(bodyA, &req) // bodyB
	if err != nil {
		panic(err)
	}

	switch req.Type {
	case "A":
		req.Data = new(TypeA)
	case "B":
		req.Data = new(TypeB)
	}

	err = json.Unmarshal(bodyA, &req) // bodyB
	if err != nil {
		panic(err)
	}

	message, _ := json.Marshal(&req)
	fmt.Println(string(message))
}

insomnia

Auth Bearer

Enviornment

{
	"token": "Bearer **Response -> Body Attribute**",
}

At Bearer -> Token -> "type Response, wait then"

Attribute： choose Body Attribute with $.access_token

Request：choose real login url

Filter (JSONPath or XPath)：$.access_token

More detail need to see other website tech.

Golang Concurrency

https://notes.shichao.io/gopl/ch9/

Two dimensional Array unique

$goods = [
  1 => [
    'id' => 12,
    'price' => 77,
  ],
  2 => [
    'id' => 43,
    'price' => 855,
  ],
  4 => [
    'id' => 34,
    'price' => 1,
  ],
];

$goods_unique_ids_keys = array_keys(array_unique(array_column($goods, 'id')));
$goods_filter_datas = array_filter($goods, fn($key) => in_array($key, $goods_unique_ids_keys), ARRAY_FILTER_USE_KEY);