• Posts
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
/etc/shadow and Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes
15 Rules of Channels and Their Implementation
5 DevSecOps open source projects to know
6 YAML Features most programmers don't know
6首國際最強公認催眠曲
[Community] Cisco UCS CIMC series
[Golang] Use build tags for different build configs
[Juniper Firewall] command
[Kubernetes] Service Overview
[Notes] Build an Ubuntu remote desktop environment on GCP
[Share] Keychain - Pendant from a Type 57 rifle bayonet scabbard
[Translated] Go inline strategy and limitations
A Brief Look at Go Iterators
A Concise Go embed Tutorial
A fast and powerful log viewer and processor that converts JSON logs or logfmt logs into a clear human-readable format.
A python script that allows your terminal to snow.
A10
Abount Ansible Hosts
Add SFTP user and share directory
Advanced macOS Command-Line Tools
Advanced Shell Scripting Techniques: Automating Complex Tasks with Bash
Aliyun CDN Cache Rules
An easy way to identify virtualization technology
An introduction to hacker tools: the tip of the iceberg
Ancient Time Units
Ansible Introduction
ansible.builtin.slurp - read file content
Applying HTTPS Certificates for CDN
Argo CD ApplicationSet Controller: The World Turns for Me!
Arp notes
Articles
Avalon (The Resistance: Avalon)
Avoiding the Top 10 NGINX Configuration Mistakes - NGINX
Back up databases with mydumper
Backup FortiOS config with Ansible - with RestAPI
Bash Bitwise Operators
Basic kubeadm usage notes (by request)
Best Practices for Writing Bash Scripts
Best V2Ray One-Click Install & Management Script
Bind JSON with jsoniter in Gin
BIRD and BGP: a beginner's kickoff
Black Hat Go
Build a Lightweight Docker Image for Your Go App? | IT Man
Build a Private Object Storage with Traefik v3 and MinIO in Docker
Bypass X-Frame-Options with Nginx
Cannot set command timeout per task with network_cli
Cloudflare Traffic sequence
Cloudflare Tunnel
Cloudflare Zero Trust
Common GitBook plugins
Common shell scripting tips
Configuring SSH Keys for Multiple GitHub Accounts
Container security fundamentals
Containers from scratch
Containers From Scratch by Golang (feat. Liz Rice)
Convert a List to a List of Dicts
Convert Cloudflare WARP to an HTTP Proxy
Convert Command Output to an Image
Convert your codebase into a single LLM prompt.
Create macOS DMG and Bootable ISO
CS Visualized: Useful Git Commands
Data Center Notes
Database Fundamentals
datavizproject
Day 19 BGP Protocol (1)
Day 28 - Introduction to Useful Third-Party Kubernetes Tools
Dedicated Server CPU Frequency Maximization Guide
Deploying OpenVPN with AD domain authentication
Do you understand the Nginx request processing flow?
Docker Containers Can't Access the Internet? NAT Configuration Guide for nftables
Docker Introduction
Docker Security Best Practices: Cheat Sheet
Docker Tips: Using Docker Config
docker-compose yaml problem
Dockertest: A Fast Way to Set Up Integration Test Environments
Draw Diagrams With Markdown
Elasticsearch Study Notes
Emoji Regular expression
Enable GitLab project integration: Mattermost slash commands
Everyone Needs an HTTP Proxy to Debug
Everything About MTU and MSS
Excessive Errors from `sentry.lang.javascript.processor: SoftTimeLimitExceeded()`
Expose your local web server to the internet with a public URL.
Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide
Fetch GraphQL schema information
Fighting DDoS: nginx, iptables, and fail2ban
Fighting ISP Cache Hijacking Again with iptables
Firewall Update
Fix Nginx 500 errors (too many open files, connection)
Fixing Disk Space Not Freed on Linux
Force file download with Nginx
Fortigate Management Interface in HA Mode
Getting Started with GitHub Actions
Gin documentation (Chinese)
Git force push
GitLab CI Can Automatically Check Code Quality! How to Use SonarQube for Code Quality Checks?
Gitlab-CI Introduction
Gluetun: Route Docker Containers Through a VPN, Disconnect on No Network
Go 1.21 GA PGO Optimization You Can't Grasp in One Read — A Try on WebP Server Go
Go AES Encryption and Decryption in Three Modes (CBC/ECB/CFB)
Go Articles
Go code refactoring : the 23x performance hunt
Go Generics Beginner Notes
Go High-Performance Programming Handbook (Long Read)
Go leetcode
Go Modules workflow for private Git repositories
Go Patterns
Go pprof in Practice
Go Practical Guide: Execute Lua Scripts with go-redis
Go Protobuf: The New Opaque API
Go string format
Go Style Decisions - Pass values
Go Tool Trace
go-mysql-elasticsearch-benchmarking
go-synctest
Golang benchmarks
Golang os/exec usage (notes)
Golang Service Exceeded File Handle Limit (too many open files)
Golang Tips
Google Cloud Platform(GCP): Access Linux Server using GUI running in GCP instance using Windows Remote Desktop Connection.
Google Infra
Google Search Operators: The Complete List (44 Advanced Operators)
GraphQL Introspection Query
HA command
Harden a Server with Fail2Ban + nftables
Hide Within Cloudflare's Global Network
High Performance Go Workshop
How Core Git Developers Configure Git
How Does Nginx Defend Against DDoS?
How Go Reads a 16GB File in 25 Seconds
How I configure my Git identities
How Nginx Hides Upstream Errors
How Terminals Work
How to automatically resize virtual box disk with vagrant
How to capture web pages and long screenshots with Chrome DevTools?
How to Choose a Go File Reading Approach
How to configure time zone and NTP on RHEL7/CentOS7
How to Create Temporary Files in Bash: mktemp and trap
How to deal with a 50GB large csv file in r language?
How to Delete Files With Names That Contain Non-printable Characters
How to deploy on remote Docker hosts with docker-compose
How to Detect RAID Information in Linux
How to Enable SNMP on a Switch
How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance
How to Make an iPhone Ringtone: Turn an MP3 into a Ringtone or Alarm
How to Make Output Overwrite the Same Line in a Terminal
How to use a here documents to write data to a file in bash script
How to Use which on an Aliased Command
htop explained
I can feel the speed — optimize zsh and oh my zsh cold start
I Replaced Redis with PostgreSQL (And It's Faster)
I use Zip Bombs to Protect my Server
Illustrating How Data Alignment Affects Memory Usage in Go
In 2020, use the latest NGINX ngx_http_geoip2 module to block IPs by country or region
Inspecting Web Views in macOS
Install Chrome OS
Install Font Libraries and Chinese Fonts on Linux CentOS 7
Install PowerDNS and PowerDNS-Admin on Ubuntu 22.04|20.04|18.04
Introduction to Git internals
Is there a regular expression to detect a valid regular expression?
iTerm2 features I find useful
Jinja docx template, avoiding new line in nested for
Juniper notes
Kubernetes Runtime Explained in Plain Language
Kubernetes Without kube-proxy
Let Zsh read macOS system proxy settings and set env vars
Lightweight Linux Distributions For Older PCs
Linkerd 2.8 - Build a Simple and Secure Multi-Cluster Kubernetes Architecture
Links
Little Git Tricks: Use .mailmap to Merge Different Authors
llamafile - Distribute and run LLMs with a single file.
LLM Visualization
LLMs Hackmd Docs
Load Balancing with iptables and ip rule
LocalStorage vs. IndexedDB vs. Cookies vs. OPFS vs. WASM-SQLite
LVM - lvg and lvol
Mac Niche App Recommendations and Workflow Share (2024)
macOS Tips & Tricks
Makefiles for Web Projects: Manage Your Environment Workflow
Marp教學：Markdown搭配VS Code做簡報，快速輸出為PPTX或PDF，提昇做簡報效率
Misspelling, missing collection, or incorrect module path for fortios_system_config_backup_restore
Monitoring HTTP Requests on a Network Interface in Real Time
More Powerful Go Execution Tracing
Mosdns-X
Mount a Synology NAS folder on CentOS 7
Mount AWS S3 Bucket On Amazon EC2
My Productivity Mac Settings and Apps
Netcat (Linux nc) Practical Examples for Network Admins
New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement
Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen
Nginx if 避坑指南
NGINX Native ACME Support: Rethinking TLS Automation from the Ground Up
Nginx notes
Nginx request_time and upstream_response_time explained
Nginx SSL/TLS configuration with TLSv1.2 and TLSv1.3 - ECDHE and strong ciphers suite (Openssl 1.1.1)
nginx 添加第三方nginx_upstream_check_module 模块实现健康状态检测
Objective-See: An Open Source Project Org for Apple Privacy and Security
OIDC(OpenID Connect) 简介
On High Availability Systems
onion-mirror
OpenResty + Redis: Block High-Frequency IPs
parqeye
Parse Command Line Arguments in Bash
Percona config
Pitfalls When Parsing Binary Data in Go
Pokemon Legends: Arceus - Two Playthroughs Completed
Printing ASCII Art in the Shell
Privacy Badger: A Free EFF Browser Extension to Block Online Tracking
Prometheus relabeling and linux metrics
Provisioning a Windows Server Vagrant box with IIS, .NET 4.5 and Octopus Deploy
Python install module issues
Python Numbers Every Programmer Should Know
Python Telegram Bot
Python's many command-line utilities
Quagga Routing - Install, Configure and setup BGP
RAID10 Total Failure: Mirror Drives in the Same Group Failed Together
Rainman Engineering Culture: Eight Interview Questions to Spot Excellence
Record Millisecond Precision in Nginx Access Logs
Reduce the Chance of Home Web Services Being Reported
Regex for Markdown Syntax
Relay V2Ray Traffic via Cloudflare
Replace Watchtower with WUD: Build a Controlled Docker Auto-Update Plan
Representative HTTP Status Codes
Route notes
Rules that terminal programs follow
Run llama3
Running GitHub Actions for Certain Commit Messages
Rust Easy! Modern Cross-platform Command Line Tools to Supercharge Your Terminal
Selectively Disabling HTTP/1.0 and HTTP/1.1
Sentry Source Code Development Notes
Set interface IP with netplan on Ubuntu 18.04
Set SSLKEYLOGFILE on MacBook to decrypt HTTPS traffic
Setting up JWT Authentication
Sharpen the Axe Before Cutting Wood: My Home Network Setup
Shell Script Best Practices
Shell Script Study Notes
Sign git commits with GPG
Simple A/B Testing with Nginx split_clients
Simulate Network Anomalies with TC and Netem
Smarter than 'Ctrl+F': Linking Directly to Web Page Content
Some Jenkinsfile examples
Some Software Design Principles
Speeding up the Rust edit-build-run cycle
SQL Join types explained visually
SQL queries don't start with SELECT
SSH certificate login guide
SSH failing with Error : fatal: daemon() failed: No such device
string field was converted to True (type string)
Struct Tricks Every Gopher Should Know
Style PowerShell with oh-my-posh
Super easy! Build a beautiful and handy zsh terminal
Supply chain attack
Surprisingly, you can view images in the Linux CLI?
Switch Firmware Update
Switch notes
Synology: Your NAS RAM Details at a Glance
Systemd Tutorial: Practical Part
Taide - training data
TaigiTube - Taiwanese Hokkien YouTube
Taiwanese Minnan Input Method App Launched: Mobile Devices Can Now Type Taiwanese
Take Screenshots with Selenium in Go
Tcpdump Usage Summary
Terraform Getting Started Notes
Terraform Provider Development Notes
Test Whether a Server Is Vulnerable to Shellshock Bug
The Art of Command Line
The One Billion Row Challenge in Go: from 1m45s to 3.4s in nine solutions
TIL: timeout in Bash scripts
Tools
Top 25 Nginx Tips and Tricks From Practical Experience
Tracking SQLite Database Changes in Git
Trellis Ansible Bad Interpreter Error
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes
Uncle Joe teaches Elastic - 30 - Elasticsearch optimization tips (4/4) - Shard optimization management
Understand the crypto trio: Encode, Encrypt, and Hash
Understanding Cilium Series (1): Introduction to Cilium
Upgrade database failed after ugrade to Zabbix 5...
Use Go Fuzzing to Write More Complete Unit Tests
Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps
Use Nginx and mod_pagespeed to Convert Images to WebP on the Fly
Use terminal and SSH to remote host
Using Python for multimedia: video, audio, and images
Using Vagrant to Deploy Multiple VMs on vSphere
Using Vim as a Diff Tool
Vagrantfile and Provider
vagrant筆記
Vim Tips - Edit Remote Files With Vim On Linux
vimrc Configuration Guide
VSCode Integration with DevSpace for Debugging!
WebP Cloud uses Cloudflare Workers to fetch content from the origin server in order to protect the origin server and start providing origin fetch time information.
What does `< <(command args)` mean in the shell?
What Happened To WebAssembly
What happens after you type a URL in the browser and press Enter?
What is the SHA256 that comes on the sshd entry in auth.log?
What the f*ck Python! 🐍
What to Do With Long Strings in YAML?
Why are QR Codes with capital letters smaller than QR codes with lower-case letters?
Why do browser user-agent strings always include Mozilla/5.0?
Why is this running?
Windows SSH Setup
WSL 2 .wslconfig configuration explained
Yongling Foundation AI Forum: How AI Shapes the Future of Humanity
Zsh Config Files and Priority
Zsh tab-completion not working
一張圖學會【拼音輸入法】
朋友旅行防止絕交檢查表
設定 Haproxy 以防止 DDOS 攻擊

OpenResty + Redis: Block High-Frequency IPs

OpenResty + Redis: Block High-Frequency IPs init_by_lua_block { redis = require "redis" client = redis.connect('127.0.0.1', 6379) } server { listen 8080; location / { access_by_lua_file /usr/local/nginx/conf/lua/block.lua; proxy_pass http://192.168.1.102:8000; } } -- Redis-based IP rate limiting / blocking for OpenResty (ngx_lua) -- NOTE: -- This script assumes a global `client` variable is used/stored. -- Make sure `redis` module is available and `client` is initialized somewhere. local function isConnected() return client:ping() end local function createRedisConnection() return redis.connect("127.0.0.1", 6379) end -- If the Redis connection fails, stop blocking (allow traffic) if pcall(isConnected) then -- already connected (or ping succeeded) else -- not connected; try reconnect if pcall(createRedisConnection) then -- Reconnect: this will reconnect Redis on every request -- For high traffic, consider disabling reconnect (skip pcall), and allow/terminate directly via ngx.exit client = createRedisConnection() else ngx.exit(ngx.OK) end end local ttl = 60 -- sampling window (seconds) local bktimes = 30 -- requests within window to trigger block local block_ttl = 600 -- block duration after trigger (seconds) local ip = ngx.var.remote_addr local ipvtimes = client:get(ip) if ipvtimes then if ipvtimes == "-1" then -- blocked return ngx.exit(403) else local last_ttl = client:ttl(ip) -- ngx.say("key exist.ttl is ", last_ttl) if last_ttl == -1 then client:set(ip, 0) client:expire(ip, ttl) -- ngx.say("ttl & vtimes recount") return ngx.exit(ngx.OK) end local vtimes = tonumber(client:get(ip)) + 1 if vtimes < bktimes then client:set(ip, vtimes) client:expire(ip, last_ttl) -- ngx.say(ip, " view ", vtimes, " times") return ngx.exit(ngx.OK) else -- ngx.say(ip, " will be block next time.") client:set(ip, -1) client:expire(ip, block_ttl) return ngx.exit(ngx.OK) end end else -- key does not exist client:set(ip, 1) -- ngx.say(ip, " view 1 times") client:expire(ip, ttl) return ngx.exit(ngx.OK) end

Thursday, June 27, 2019 Read

Terraform Getting Started Notes

Terraform Getting Started Notes

Wednesday, June 26, 2019 Read

設定 Haproxy 以防止 DDOS 攻擊

設定 Haproxy 以防止 DDOS 攻擊 TCP syn flood attacks vi /etc/sysctl.conf # Protection from SYN flood net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_max_syn_backlog = 1024 Slowloris like attacks defaults option http-server-close timeout http-request 5s timeout connect 5s timeout client 30s timeout server 10s timeout tunnel 1h 限制每一個 user 的連線數量 普通用戶瀏覽網站的網頁，或是從網站下載東西時，瀏覽器一般會建立 5-7 個 TCP 鏈接。當一個惡意 client 打開了大量 TCP 連線時，耗費大量資源，因此我們必須要限制同一個用戶的連線數量。 但如果有很多使用者，是從某一個私有網段，透過 NAT 的方式連線到 Server 時，且實際上我們也不知道，到底哪一個會是 NAT 的轉址後的 IP，不知道該將哪個 IP 設定為白名單，這樣的限制就會造成問題，因此我們認為實際的環境，這樣的設定應該要保留不處理。 以下是一個設定的範例，最重要的地方是在 frontend ft_web 區塊的設定。 global stats socket ./haproxy.stats level admin defaults option http-server-close mode http timeout http-request 5s timeout connect 5s timeout server 10s timeout client 30s listen stats bind 0.0.0.0:8880 stats enable stats hide-version stats uri / stats realm HAProxy Statistics stats auth admin:admin frontend ft_web bind 0.0.0.0:8080 # Table definition stick-table type ip size 100k expire 30s store conn_cur # Allow clean known IPs to bypass the filter tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst } # Shut the new connection as long as the client has already 10 opened tcp-request connection reject if { src_conn_cur ge 10 } tcp-request connection track-sc1 src # Split static and dynamic traffic since these requests have different impacts on the servers use_backend bk_web_static if { path_end .jpg .png .gif .css .js } default_backend bk_web # Dynamic part of the application backend bk_web balance roundrobin cookie MYSRV insert indirect nocache server srv1 192.168.1.2:80 check cookie srv1 maxconn 100 server srv2 192.168.1.3:80 check cookie srv2 maxconn 100 # Static objects backend bk_web_static balance roundrobin server srv1 192.168.1.2:80 check maxconn 1000 server srv2 192.168.1.3:80 check maxconn 1000 限制每個 user 產生新連線的速率 Limiting the connection rate per user 惡意的使用者會在短時間內建立很多連線，但如果產生新連線的速度太高，就會消耗掉過多的資源服務一個使用者。

Monday, June 17, 2019 Read

Kubernetes Runtime Explained in Plain Language

Kubernetes Runtime Explained in Plain Language

Thursday, June 13, 2019 Read

Do you understand the Nginx request processing flow?

Do you understand the Nginx request processing flow? 11 processing phases NGX_HTTP_POST_READ_PHASE: A phase after receiving the full HTTP headers. It is before URI rewrite. Very few modules register in this phase, and it is skipped by default. NGX_HTTP_SERVER_REWRITE_PHASE: The phase that modifies the URI before matching the location, used for redirects. This is where rewrite directives in the server block but outside location are executed. While reading request headers, nginx selects the virtual host by host and port.

Thursday, March 7, 2019 Read

Avalon (The Resistance: Avalon)

Avalon (The Resistance: Avalon) [Board Game Unboxing][Rules] Avalon KS Promo The Resistance: Avalon: Kickstarter Promo

Monday, December 24, 2018 Read

Install Font Libraries and Chinese Fonts on Linux CentOS 7

Install Font Libraries and Chinese Fonts on Linux CentOS 7 yum -y install fontconfig Now you can see the fonts and fontconfig directories under /usr/shared (they did not exist before). Before that we need to create a directory. First create /usr/shared/fonts/chinese. mkdir /usr/shared/fonts/chinese Copy the fonts you need and upload them to /usr/shared/fonts/chinese. Here I use SimSun and HeiTi (used in reports). You will see files with ttf and ttc extensions.

Tuesday, December 18, 2018 Read

What is the SHA256 that comes on the sshd entry in auth.log?

What is the SHA256 that comes on the sshd entry in auth.log? ssh-keygen -lf .ssh/id_rsa.pub cat .ssh/id_rsa.pub | awk '{ print $2 }' | # Only the actual key data without prefix or comments base64 -d | # decode as base64 sha256sum | # SHA256 hash (returns hex) awk '{ print $1 }' | # only the hex data xxd -r -p | # hex to bytes base64 # encode as base64

Monday, December 17, 2018 Read

What does `< <(command args)` mean in the shell?

What does < <(command args) mean in the shell? while IFS= read -r -d $'\0' file; do dosomethingwith "$file" # do something with each file done < <(find /bar -name *foo* -print0) <() is called process substitution in the manual, and is similar to a pipe but passes an argument of the form /dev/fd/63 instead of using stdin. < reads the input from a file named on command line. Together, these two operators function exactly like a pipe, so it could be rewritten as

Saturday, November 17, 2018 Read

Netcat (Linux nc) Practical Examples for Network Admins

Netcat (Linux nc) Practical Examples for Network Admins Send a test UDP packet to a remote server This command sends a UDP test packet to the specified host and port. The -w1 option sets the timeout to 1 second. echo -n "foo" | nc -u -w1 192.168.1.8 5000 Open a UDP port to receive data nc -lu localhost 5000 Port scanning on a remote host This command scans TCP ports in the ranges 1-1000 and 2000-3000 on the specified host to see which ports are open.

Friday, November 9, 2018 Read

vimrc Configuration Guide

vimrc Configuration Guide :set nu Show line numbers: useful for debugging. :set ai Auto-indent: if the previous line has two tab widths, pressing Enter keeps those two tab widths on the next line. :set cursorline Cursor line: underline the current line to help locate the cursor. :set bg=light Color scheme for light backgrounds. The default assumes a light background (white, etc), but if your terminal background is dark purple, text may disappear (for example, comments in dark blue). Change this to :set bg=dark. :set tabstop=4

Saturday, November 3, 2018 Read

Why do browser user-agent strings always include Mozilla/5.0?

Why do browser user-agent strings always include Mozilla/5.0? What does “Mozilla/5.0” in user agent string signify? History of the browser user-agent string Quick answer Because website developers may output special features when they detect a browser (Mozilla in this case). When other browsers also support those good features, they try to mimic Mozilla so the site outputs the same content instead of a degraded version.

Wednesday, October 17, 2018 Read

• ««
• «
• 22
• 23
• 24
• 25
• 26
• »
• »»