BBR
# check bbr enabled
sysctl net.ipv4.tcp_available_congestion_control
# enable bbr:
sudo nano /etc/sysctl.conf
# refresh configuration
sudo sysctl -p
写入末尾 (/etc/sysctl.conf)
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
nginx
sudo yum install epel-release # add the CentOS 7 EPEL repository
sudo yum install nginx
sudo systemctl start nginx # 启动 nginx
sudo systemctl enable nginx # 开机启动
nginx配置文件: /etc/nginx/nginx.conf, conf_structure.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mofu.ltd;
include /etc/nginx/default.d/*.conf;
location = / {
return 301 https://app.mofu.ltd;
}
location /api/ {
proxy_pass http://localhost:3000/;
}
location / {
proxy_pass http://localhost:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mofu.ltd;
ssl_certificate "/root/certificate/1_mofu.ltd_bundle.crt";
ssl_certificate_key "/root/certificate/2_mofu.ltd.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location = / {
return 301 https://app.mofu.ltd;
}
location /api/ {
proxy_pass http://localhost:3000/;
}
location / {
proxy_pass http://localhost:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
给443端口启用HSTS:LINK
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
nginx config in racknerd
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name _;
return 444;
}
server {
listen 80;
listen [::]:80;
server_name mofu.ltd www.mofu.ltd;
location / {
root /var/www/;
}
}
server {
listen 80;
listen [::]:80;
server_name ad.mofu.ltd;
location / {
proxy_pass http://localhost:2114/;
}
}
server {
listen 443 ssl;
server_name mofu.ltd www.mofu.ltd;
ssl_certificate /root/certs/mofu.ltd_bundle.crt;
ssl_certificate_key /root/certs/mofu.ltd.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /var/www/;
}
location /tracker {
proxy_pass http://localhost:6666/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
runtime
nohup [command] & #命令后台改执行
forever start -a -l forever.log -o out.log -e err.log dist/index.js
forever stop dist/index.js
shell
#!/bin/bash
/root/mofu-server
forever stop dist/index.js
forever start -a -l forever.log -o out.log -e err.log dist/index.js
/root # 结束后切回来
使用source run-mofu-server.sh
fish shell
NVM: github.com/FabioAntune…, with oh-my-fish.
sshd
延长ssh超时终止会话的时间. 更改/etc/ssh/sshd_config
#ClientAliveInterval 600
#ClientAliveCountMax 3
超过ClientAliveInterval秒发送空包到客户端, 并且ClientAliveCountMax次后没回应则断开连接. 此处更改后为1800s也就是30分钟.
sudo systemctl reload sshd # 然后重载 sshd
ssh local forwarding (tunnel)
ssh -L 2333:VM-8-7-centos:27017 root@81.70.241.86
ssh -L 27017:127.0.0.1:27017 ubuntu@v.mofu.ltd -i ~/.ssh/mofu.key
访问本地2333端口即可通过ssh隧道请求到远程服务器27017端口.
ssh proxy
ssh ubuntu@a.mofu.ltd -i ./ssh/amazon.pem -D 127.0.0.1:2333
本地的2333端口是socks5代理,直接转发流量到vps。
iptables
refs: iptables的使用 和 编写 iptables 规则。
# 查看输入请求策略
iptables -nL INPUT --line-numbers
# 允许所有来源(source)的请求到目的地端口(dport)的tcp协议
iptables -I INPUT -p tcp --dport 2334 -j ACCEPT
# 删除第一条输入策略的规则
iptables -D INPUT 1
# -I INPUT 插入输入表 -s 请求来源地址段
iptables -I INPUT -p tcp --dport 2334 -s 61.183.81.139/24 -j ACCEPT
备份恢复。
iptables-save > /root/iptables.save.backup
iptables-restore < /root/iptables.save.backup
crontab
crontab -e
添加一行,每天凌晨4点重启服务:
0 4 * * * systemctl restart shadowsocks-libev.service
pm2
pm2 start --interpreter ~/.bun/bin/bun tracker/socket.bun.js
