• Posts
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
/etc/shadow and Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes
15 Rules of Channels and Their Implementation
5 DevSecOps open source projects to know
6 YAML Features most programmers don't know
6首國際最強公認催眠曲
[Community] Cisco UCS CIMC series
[Golang] Use build tags for different build configs
[Juniper Firewall] command
[Kubernetes] Service Overview
[Notes] Build an Ubuntu remote desktop environment on GCP
[Share] Keychain - Pendant from a Type 57 rifle bayonet scabbard
[Translated] Go inline strategy and limitations
A Brief Look at Go Iterators
A Concise Go embed Tutorial
A fast and powerful log viewer and processor that converts JSON logs or logfmt logs into a clear human-readable format.
A python script that allows your terminal to snow.
A10
Abount Ansible Hosts
Add SFTP user and share directory
Advanced macOS Command-Line Tools
Advanced Shell Scripting Techniques: Automating Complex Tasks with Bash
Aliyun CDN Cache Rules
An easy way to identify virtualization technology
An introduction to hacker tools: the tip of the iceberg
Ancient Time Units
Ansible Introduction
ansible.builtin.slurp - read file content
Applying HTTPS Certificates for CDN
Argo CD ApplicationSet Controller: The World Turns for Me!
Arp notes
Avalon (The Resistance: Avalon)
Avoiding the Top 10 NGINX Configuration Mistakes - NGINX
Back up databases with mydumper
Backup FortiOS config with Ansible - with RestAPI
Bash Bitwise Operators
Basic kubeadm usage notes (by request)
Best Practices for Writing Bash Scripts
Best V2Ray One-Click Install & Management Script
Bind JSON with jsoniter in Gin
BIRD and BGP: a beginner's kickoff
Black Hat Go
Build a Lightweight Docker Image for Your Go App? | IT Man
Build a Private Object Storage with Traefik v3 and MinIO in Docker
Bypass X-Frame-Options with Nginx
Cannot set command timeout per task with network_cli
Cloudflare Traffic sequence
Cloudflare Tunnel
Cloudflare Zero Trust
Common GitBook plugins
Common shell scripting tips
Configuring SSH Keys for Multiple GitHub Accounts
Container security fundamentals
Containers from scratch
Containers From Scratch by Golang (feat. Liz Rice)
Convert a List to a List of Dicts
Convert Cloudflare WARP to an HTTP Proxy
Convert Command Output to an Image
Convert your codebase into a single LLM prompt.
Create macOS DMG and Bootable ISO
CS Visualized: Useful Git Commands
Data Center Notes
Database Fundamentals
datavizproject
Day 19 BGP Protocol (1)
Day 28 - Introduction to Useful Third-Party Kubernetes Tools
Dedicated Server CPU Frequency Maximization Guide
Deploying OpenVPN with AD domain authentication
Do you understand the Nginx request processing flow?
Docker Containers Can't Access the Internet? NAT Configuration Guide for nftables
Docker Introduction
Docker Security Best Practices: Cheat Sheet
Docker Tips: Using Docker Config
docker-compose yaml problem
Dockertest: A Fast Way to Set Up Integration Test Environments
Draw Diagrams With Markdown
Elasticsearch Study Notes
Emoji Regular expression
Enable GitLab project integration: Mattermost slash commands
Everyone Needs an HTTP Proxy to Debug
Everything About MTU and MSS
Excessive Errors from `sentry.lang.javascript.processor: SoftTimeLimitExceeded()`
Expose your local web server to the internet with a public URL.
Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide
Fetch GraphQL schema information
Fighting DDoS: nginx, iptables, and fail2ban
Fighting ISP Cache Hijacking Again with iptables
Firewall Update
Fix Nginx 500 errors (too many open files, connection)
Fixing Disk Space Not Freed on Linux
Force file download with Nginx
Fortigate Management Interface in HA Mode
Getting Started with GitHub Actions
Gin documentation (Chinese)
Git force push
GitLab CI Can Automatically Check Code Quality! How to Use SonarQube for Code Quality Checks?
Gitlab-CI Introduction
Gluetun: Route Docker Containers Through a VPN, Disconnect on No Network
Go 1.21 GA PGO Optimization You Can't Grasp in One Read — A Try on WebP Server Go
Go AES Encryption and Decryption in Three Modes (CBC/ECB/CFB)
Go Articles
Go code refactoring : the 23x performance hunt
Go Generics Beginner Notes
Go High-Performance Programming Handbook (Long Read)
Go leetcode
Go Modules workflow for private Git repositories
Go Patterns
Go pprof in Practice
Go Practical Guide: Execute Lua Scripts with go-redis
Go Protobuf: The New Opaque API
Go string format
Go Style Decisions - Pass values
Go Tool Trace
go-mysql-elasticsearch-benchmarking
go-synctest
Golang benchmarks
Golang os/exec usage (notes)
Golang Service Exceeded File Handle Limit (too many open files)
Golang Tips
Google Cloud Platform(GCP): Access Linux Server using GUI running in GCP instance using Windows Remote Desktop Connection.
Google Infra
Google Search Operators: The Complete List (44 Advanced Operators)
GraphQL Introspection Query
HA command
Harden a Server with Fail2Ban + nftables
Hide Within Cloudflare's Global Network
High Performance Go Workshop
How Core Git Developers Configure Git
How Does Nginx Defend Against DDoS?
How Go Reads a 16GB File in 25 Seconds
How I configure my Git identities
How Nginx Hides Upstream Errors
How Terminals Work
How to automatically resize virtual box disk with vagrant
How to capture web pages and long screenshots with Chrome DevTools?
How to Choose a Go File Reading Approach
How to configure time zone and NTP on RHEL7/CentOS7
How to Create Temporary Files in Bash: mktemp and trap
How to deal with a 50GB large csv file in r language?
How to Delete Files With Names That Contain Non-printable Characters
How to deploy on remote Docker hosts with docker-compose
How to Detect RAID Information in Linux
How to Enable SNMP on a Switch
How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance
How to Make an iPhone Ringtone: Turn an MP3 into a Ringtone or Alarm
How to Make Output Overwrite the Same Line in a Terminal
How to use a here documents to write data to a file in bash script
How to Use which on an Aliased Command
htop explained
I can feel the speed — optimize zsh and oh my zsh cold start
I Replaced Redis with PostgreSQL (And It's Faster)
I use Zip Bombs to Protect my Server
Illustrating How Data Alignment Affects Memory Usage in Go
In 2020, use the latest NGINX ngx_http_geoip2 module to block IPs by country or region
Inspecting Web Views in macOS
Install Chrome OS
Install Font Libraries and Chinese Fonts on Linux CentOS 7
Install PowerDNS and PowerDNS-Admin on Ubuntu 22.04|20.04|18.04
Introduction to Git internals
Is there a regular expression to detect a valid regular expression?
iTerm2 features I find useful
Jinja docx template, avoiding new line in nested for
Juniper notes
Kubernetes Runtime Explained in Plain Language
Kubernetes Without kube-proxy
Let Zsh read macOS system proxy settings and set env vars
Lightweight Linux Distributions For Older PCs
Linkerd 2.8 - Build a Simple and Secure Multi-Cluster Kubernetes Architecture
Little Git Tricks: Use .mailmap to Merge Different Authors
llamafile - Distribute and run LLMs with a single file.
LLM Visualization
LLMs Hackmd Docs
Load Balancing with iptables and ip rule
LocalStorage vs. IndexedDB vs. Cookies vs. OPFS vs. WASM-SQLite
LVM - lvg and lvol
Mac Niche App Recommendations and Workflow Share (2024)
macOS Tips & Tricks
Makefiles for Web Projects: Manage Your Environment Workflow
Marp教學：Markdown搭配VS Code做簡報，快速輸出為PPTX或PDF，提昇做簡報效率
Misspelling, missing collection, or incorrect module path for fortios_system_config_backup_restore
Monitoring HTTP Requests on a Network Interface in Real Time
More Powerful Go Execution Tracing
Mosdns-X
Mount a Synology NAS folder on CentOS 7
Mount AWS S3 Bucket On Amazon EC2
My Productivity Mac Settings and Apps
Netcat (Linux nc) Practical Examples for Network Admins
New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement
Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen
Nginx if 避坑指南
NGINX Native ACME Support: Rethinking TLS Automation from the Ground Up
Nginx notes
Nginx request_time and upstream_response_time explained
Nginx SSL/TLS configuration with TLSv1.2 and TLSv1.3 - ECDHE and strong ciphers suite (Openssl 1.1.1)
nginx 添加第三方nginx_upstream_check_module 模块实现健康状态检测
Objective-See: An Open Source Project Org for Apple Privacy and Security
OIDC(OpenID Connect) 简介
On High Availability Systems
onion-mirror
OpenResty + Redis: Block High-Frequency IPs
parqeye
Parse Command Line Arguments in Bash
Percona config
Pitfalls When Parsing Binary Data in Go
Pokemon Legends: Arceus - Two Playthroughs Completed
Printing ASCII Art in the Shell
Privacy Badger: A Free EFF Browser Extension to Block Online Tracking
Prometheus relabeling and linux metrics
Provisioning a Windows Server Vagrant box with IIS, .NET 4.5 and Octopus Deploy
Python install module issues
Python Numbers Every Programmer Should Know
Python Telegram Bot
Python's many command-line utilities
Quagga Routing - Install, Configure and setup BGP
RAID10 Total Failure: Mirror Drives in the Same Group Failed Together
Rainman Engineering Culture: Eight Interview Questions to Spot Excellence
Record Millisecond Precision in Nginx Access Logs
Reduce the Chance of Home Web Services Being Reported
Regex for Markdown Syntax
Relay V2Ray Traffic via Cloudflare
Replace Watchtower with WUD: Build a Controlled Docker Auto-Update Plan
Representative HTTP Status Codes
Route notes
Rules that terminal programs follow
Run llama3
Running GitHub Actions for Certain Commit Messages
Rust Easy! Modern Cross-platform Command Line Tools to Supercharge Your Terminal
Selectively Disabling HTTP/1.0 and HTTP/1.1
Sentry Source Code Development Notes
Set interface IP with netplan on Ubuntu 18.04
Set SSLKEYLOGFILE on MacBook to decrypt HTTPS traffic
Setting up JWT Authentication
Sharpen the Axe Before Cutting Wood: My Home Network Setup
Shell Script Best Practices
Shell Script Study Notes
Sign git commits with GPG
Simple A/B Testing with Nginx split_clients
Simulate Network Anomalies with TC and Netem
Smarter than 'Ctrl+F': Linking Directly to Web Page Content
Some Jenkinsfile examples
Some Software Design Principles
Speeding up the Rust edit-build-run cycle
SQL Join types explained visually
SQL queries don't start with SELECT
SSH certificate login guide
SSH failing with Error : fatal: daemon() failed: No such device
string field was converted to True (type string)
Struct Tricks Every Gopher Should Know
Style PowerShell with oh-my-posh
Super easy! Build a beautiful and handy zsh terminal
Supply chain attack
Surprisingly, you can view images in the Linux CLI?
Switch Firmware Update
Switch notes
Synology: Your NAS RAM Details at a Glance
Systemd Tutorial: Practical Part
Taide - training data
TaigiTube - Taiwanese Hokkien YouTube
Taiwanese Minnan Input Method App Launched: Mobile Devices Can Now Type Taiwanese
Take Screenshots with Selenium in Go
Tcpdump Usage Summary
Terraform Getting Started Notes
Terraform Provider Development Notes
Test Whether a Server Is Vulnerable to Shellshock Bug
The Art of Command Line
The One Billion Row Challenge in Go: from 1m45s to 3.4s in nine solutions
TIL: timeout in Bash scripts
Top 25 Nginx Tips and Tricks From Practical Experience
Tracking SQLite Database Changes in Git
Trellis Ansible Bad Interpreter Error
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes
Uncle Joe teaches Elastic - 30 - Elasticsearch optimization tips (4/4) - Shard optimization management
Understand the crypto trio: Encode, Encrypt, and Hash
Understanding Cilium Series (1): Introduction to Cilium
Upgrade database failed after ugrade to Zabbix 5...
Use Go Fuzzing to Write More Complete Unit Tests
Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps
Use Nginx and mod_pagespeed to Convert Images to WebP on the Fly
Use terminal and SSH to remote host
Using Python for multimedia: video, audio, and images
Using Vagrant to Deploy Multiple VMs on vSphere
Using Vim as a Diff Tool
Vagrantfile and Provider
vagrant筆記
Vim Tips - Edit Remote Files With Vim On Linux
vimrc Configuration Guide
VSCode Integration with DevSpace for Debugging!
WebP Cloud uses Cloudflare Workers to fetch content from the origin server in order to protect the origin server and start providing origin fetch time information.
What does `< <(command args)` mean in the shell?
What Happened To WebAssembly
What happens after you type a URL in the browser and press Enter?
What is the SHA256 that comes on the sshd entry in auth.log?
What the f*ck Python! 🐍
What to Do With Long Strings in YAML?
Why are QR Codes with capital letters smaller than QR codes with lower-case letters?
Why do browser user-agent strings always include Mozilla/5.0?
Why is this running?
Windows SSH Setup
WSL 2 .wslconfig configuration explained
Yongling Foundation AI Forum: How AI Shapes the Future of Humanity
Zsh Config Files and Priority
Zsh tab-completion not working
一張圖學會【拼音輸入法】
朋友旅行防止絕交檢查表
設定 Haproxy 以防止 DDOS 攻擊

RAID10 Total Failure: Mirror Drives in the Same Group Failed Together

RAID10 Total Failure: Mirror Drives in the Same Group Failed Together RAID

Wednesday, August 1, 2018 Read

Applying HTTPS Certificates for CDN

dehydrated letsencrypt-cloudflare-hook Since we cannot upload files to the CDN server, we cannot use file validation to apply for HTTPS certificates. Fortunately, Let’s Encrypt supports the dns-01 challenge via DNS validation. We use Dehydrated with the CloudFlare hook to apply for HTTPS certificates. # First clone the dehydrated repository git clone https://github.com/lukas2511/dehydrated # In the cloned dehydrated directory, create a config file. See the example config file: # https://github.com/dehydrated-io/dehydrated/blob/master/docs/examples/config # Append Cloudflare info to the end of the config file echo "export CF_EMAIL=user@example.com" >> config echo "export CF_KEY=K9uX2HyUjeWg5AhAb" >> config # Clone the Cloudflare hook mkdir hooks git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare # Install dependencies pip install -r hooks/cloudflare/requirements-python-2.txt # Create domains.txt, one domain per line [root@db-slave01 dehydrated]# cat domains.txt apk.kosungames.com sp-res.kosungames.com cpweb.kosungames.com # Request HTTPS certificates ./dehydrated -c -k hooks/cloudflare/hook.py # Use a Python script to upload the certificates. The script must be in the dehydrated directory. #!/usr/bin/env python from aliyunsdkcore import client from aliyunsdkcdn.request.v20141111 import SetDomainServerCertificateRequest import uuid def upload(domain): cli = client.AcsClient("LTAI7zSXga2D", "ed03Mt9xcNkRgmadx0XtpyDje", "cn-hongkong") request = SetDomainServerCertificateRequest.SetDomainServerCertificateRequest() request.set_accept_format("json") request.set_DomainName(domain) request.set_CertName(domain + str(uuid.uuid1())) #request.set_CertName(domain) #certificate = open("certs/" + domain + "/fullchain.pem").read() certificate = open("certs/" + domain + "/cert.pem").read() with open("certs/" + domain + "/chain.pem") as f: f.readline() f.readline() chain = f.read() certificate += chain key = open("certs/" + domain + "/privkey.pem").read() request.set_ServerCertificateStatus('on') request.set_ServerCertificate(certificate) request.set_PrivateKey(key) result = cli.do_action_with_exception(request) domain_file="domains.txt" with open(domain_file) as f: for line in f: domain = line.split()[0] upload(domain)

Tuesday, July 24, 2018 Read

Record Millisecond Precision in Nginx Access Logs

Nginx access logs can record millisecond timestamps, but they are milliseconds since EPOCH, for example 1503544071.865. Another variable, $time_local, records a second-level time format, for example 24/Aug/2017:11:07:51 +0800. Under heavy traffic, we need a millisecond-precision format like 24/Aug/2017:11:07:51.865 +0800. This can be done with Lua. First, define a variable named time_millis in nginx.conf and initialize it to empty. This is similar to providing a fallback self-signed certificate when using auto-ssl.

Tuesday, July 24, 2018 Read

HA command

load merge relative terminal # On a brand-new device without HA enabled, you must define the cluster ID. # Cluster ID must be unique and cannot duplicate other SRX, because HA creates a virtual MAC address and this ID affects it. Duplicates may cause MAC duplication and unexpected errors. # request system zeroize # The following commands must be run in `>` mode. set chassis cluster cluster-id <ID range 0~255> node 0 # This is on node 0 set chassis cluster cluster-id <ID range 0~255> node 1 # This is on node 1 # On the secondary node, run this command. request chassis cluster configuration-synchronize # After reboot, you will see Hold or standby; check whether the cluster is up. show chassis cluster status # This appears only after RETH interfaces are created; you must configure first. show chassis cluster interfaces # The following commands are run in config mode; build the config first. --- # The backup-router is for the HA standby device management interface (fxp) so it can respond to routing; by default the standby does not enable the routing engine, so this is required. set groups node0 system host-name SRX-node0 set groups node0 system backup-router 10.10.0.254 set groups node0 system backup-router destination 0.0.0.0/0 set groups node0 interfaces fxp0 unit 0 family inet address 10.10.0.2/24 set groups node1 system host-name SRX-node1 set groups node1 system backup-router 10.10.0.254 set groups node1 system backup-router destination 0.0.0.0/0 set groups node1 interfaces fxp0 unit 0 family inet address 10.10.0.3/24 set apply-groups "${node}" set system time-zone Asia/Taipei set chassis cluster control-link-recovery set chassis cluster reth-count 10 set chassis cluster heartbeat-interval 2000 # It is recommended to enable IPv6 during setup using the following command, because enabling IPv6 later requires a reboot. set security forwarding-options family inet6 mode flow-based # Interface numbers vary by chassis model. # The easiest way is to check how many slots the device has. For example, SRX550HM has expansion 0-8, so HA starts at 9, hence ge-9/x/x. set chassis cluster redundancy-group 0 node 0 priority 150 set chassis cluster redundancy-group 0 node 1 priority 100 set chassis cluster redundancy-group 0 interface-monitor ge-0/0/3 weight 150 set chassis cluster redundancy-group 0 interface-monitor ge-0/0/5 weight 150 set chassis cluster redundancy-group 0 interface-monitor ge-9/0/3 weight 100 set chassis cluster redundancy-group 0 interface-monitor ge-9/0/5 weight 100 set chassis cluster redundancy-group 1 node 0 priority 150 set chassis cluster redundancy-group 1 node 1 priority 100 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 150 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 150 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/3 weight 100 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/5 weight 100 # This is the data sync setting for redundancy group 1; you must set it to enable the ge-0/0/2 heartbeat link. set interfaces fab0 fabric-options member-interfaces ge-0/0/2 set interfaces fab1 fabric-options member-interfaces ge-9/0/2 # Add interfaces to the reth group. set interfaces ge-0/0/3 gigether-options redundant-parent reth0 set interfaces ge-0/0/4 gigether-options redundant-parent reth0 set interfaces ge-9/0/3 gigether-options redundant-parent reth0 set interfaces ge-9/0/4 gigether-options redundant-parent reth0 set interfaces ge-0/0/5 gigether-options redundant-parent reth1 set interfaces ge-9/0/5 gigether-options redundant-parent reth1 set interfaces reth0 vlan-tagging # You must add RETH to the data sync group, otherwise it will not work. set interfaces reth0 redundant-ether-options redundancy-group 1 # Note: SRX uses LACP passive mode, but the switch must use LACP active mode. set interfaces reth0 redundant-ether-options lacp passive set interfaces reth0 redundant-ether-options lacp periodic slow set interfaces reth1 redundant-ether-options redundancy-group 1 set interfaces reth1 unit 0 family inet address 202.99.240.100/26

Saturday, July 21, 2018 Read

Fighting DDoS: nginx, iptables, and fail2ban

Fighting DDoS: nginx, iptables, and fail2ban

Friday, July 20, 2018 Read

[Juniper Firewall] command

The following commands are run in operational mode, or use run show in configuration mode. Show current firewall session count show security flow session | match 10.22.12.104 show security flow session source-prefix 10.22.12.104 Clear current sessions clear security flow session all Query OID show snmp mib walk decimal 1.3.6.1.2.1.2.2.1.2 Check current software version show system software Check system uptime show system uptime Check hardware cards and serial numbers show chassis haredware Check current hardware status show chassis environment Show routing table

Wednesday, June 27, 2018 Read

Switch Firmware Update

Preparation: Plug in the console. Copy the update file to the USB drive. Before starting, use show version to check the current version Update SOP: Insert the USB with the update file into the switch. The screen will show the detected device name. Copy the update file from USB to the switch flash: copy usbflash0(device name):<update-file> flash: Press Enter and confirm the file name, then press Enter again. A stream of ccccccccc means it is copying. After it finishes, use dir flash to verify the update file exists. conf t to enter config mode, then boot system flash:<update-file> to set the new IOS image. exit config mode, then show boot to confirm the new IOS is selected. write memory to apply settings to the running config. Run reload. It takes about 15-20 minutes. After it finishes, check the version to confirm the upgrade. copy usbflash0:cat.bin flash: copy usbflash0:cat.bin flash0-2: software install file flash:cat.bin switch 1-2 software clean

Thursday, June 14, 2018 Read

Firewall Update

Preparation: Plug in the console. Copy the update file to the USB drive. Before starting, use show version to check the current version Update SOP: start shell su to root Create a directory: mkdir /var/tmp/usb (name can be anything) Insert the USB. Note the number after da, currently da1. Mount it: mount -t msdos /dev/da1s1 /var/tmp/usb (if da0, then use da0s1, etc.) After it finishes, cd /cf/var/tmp/usb/da2s1/ (usb) ls (junos-srxsme-15.1X49-D120.3-domestic.tgz) Switch the CLI to operational mode request system software add /var/tmp/usb/da2s1/junos-srxsme-15.1X49-D120.3-domestic.tgz request system reboot show version

Tuesday, June 12, 2018 Read

Best V2Ray One-Click Install & Management Script

Best V2Ray One-Click Install & Management Script v2ray

Thursday, February 8, 2018 Read

How to Enable SNMP on a Switch

How to Enable SNMP on a Switch Use snmp-server as the main command. C3750(Config)#snmp-server community RO This is the shared secret for SNMP communication. RO means Read Only (SNMP tools are not allowed to modify settings). RW means Read and Write (SNMP tools can modify settings). C3750(config)#snmp-server group SNMP_ROA v3 priv match exact SNMP group name: SNMP_ROA Version: v3 Highest priv level C3750(config)#snmp-server user cater SNMP_ROA v3 auth MD5 cisco12345 priv des56 test12345

Sunday, February 4, 2018 Read

A10

A10 Link Aggregation Health Monitor use TCL A10 SSL Offload Cipher Suite Support List Compression A10 RAM Cache 加速 A10 NAT A10 configuration template A10 Link Aggregation 802.3ad LACP A10 trunk can config a maximnm of 16 LACP trunks per device. interface ethernet 1 lacp trunk 1 mode active lacp timeout long ! interface ethernet 2 lacp trunk 1 mode active lacp timeout long Static Link Aggregation None LACP. Up to 8 static trunks.

Wednesday, January 10, 2018 Read

Representative HTTP Status Codes

Representative HTTP Status Codes

Friday, December 15, 2017 Read

• ««
• «
• 22
• 23
• 24
• 25
• 26
• »
• »»