Skip to content

Instantly share code, notes, and snippets.

@denji
denji / nginx-tuning.md
Last active November 5, 2024 10:10
NGINX tuning for best performance

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@jeoliva
jeoliva / gist:a3c4ef62b7f52926d0f339b395c0cd0c
Last active December 13, 2022 07:47
Get Keyframe interval (GOP size) of a stream/video using ffprobe
ffprobe -of compact -select_streams v -show_packets [VIDEO_FILE OR STREAM_URL] | grep K$ | awk 'BEGIN{FS="|";last=-1}{split($5,a,"="); if(last != -1) {print "Keframe pos: " a[2] ", Interval: " a[2]-last " seconds"} else {print "Keyframe: " a[2]}; last=a[2]}'
@theseanl
theseanl / README.md
Last active March 3, 2024 08:43
Collecting popup/popunder scripts.

Collecting popup/popunder scripts.

Obnoxious ones

  1. dai0eej.bid, found in http://www.nowvideo.li/video/81e35ec6727ee
  2. onclasrv.com, found in https://thehiddenbay.xyz/

Ordinary ones

  1. watchmygf.me, found in http://www.watchmygf.me/
@mattia-beta
mattia-beta / ddos.conf
Last active November 14, 2024 09:20
IPtables DDoS Protection for VPS
### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
@mustafaturan
mustafaturan / network-tweak.md
Last active September 26, 2024 17:36
Linux Network Tweak for 2 million web socket connections

Sample config for 2 million web socket connection

    sysctl -w fs.file-max=12000500
    sysctl -w fs.nr_open=20000500
    # Set the maximum number of open file descriptors
    ulimit -n 20000000

    # Set the memory size for TCP with minimum, default and maximum thresholds 
 sysctl -w net.ipv4.tcp_mem='10000000 10000000 10000000'
Email: [email protected]
SN: GAWAE-FCWQ3-P8NYB-C7GF7-NEDRT-Q5DTB-MFZG6-6NEQC-CRMUD-8MZ2K-66SRB-SU8EW-EDLZ9-TGH3S-8SGA
@fntlnz
fntlnz / udp.c
Last active December 19, 2023 08:48
XDP Drop udp example
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#define SEC(NAME) __attribute__((section(NAME), used))
SEC("dropper_main")
int dropper(struct xdp_md *ctx) {
int ipsize = 0;
@peerapach
peerapach / iptables-ddos-protection.txt
Created October 24, 2018 12:19
Build Your Own DDoS Protection With Linux & IPtables
DEV=eth0
PORT=80
### Use SYNPROXY ###
/sbin/iptables -t raw -A PREROUTING -i $DEV -p tcp -m tcp --syn --dport $PORT -j CT --notrack
/sbin/iptables -t mangle -A INPUT -i $DEV -p tcp -m conntrack --ctstate INVALID,UNTRACKED --dport $PORT -j SYNPROXY \
--sack-perm --timestamp --wscale 7 --mss 1460
/sbin/iptables -t mangle -A INPUT -i $DEV -p tcp -m conntrack --ctstate INVALID --dport $PORT -j DROP
@luckylooke
luckylooke / recaptcha_fallback.js
Created August 21, 2019 13:24
Google recaptcha wrapper for grecaptcha.execute() with version 2 fallback.
function execute(action, callback) {
// create real promise, because execute method does not return the real one
// (missing documentation what actually returns)
const promise = new Promise((resolve, reject) => {
grecaptcha.ready(() =>
grecaptcha.execute(key, { action }).then(token => {
resolve(token);
},
reject)
);
@ArrayIterator
ArrayIterator / geoip_update.php
Created May 6, 2020 20:18
Maxmind GeoIP Updater (Based PHP)
#!/usr/bin/env php
<?php
/**
* GeoIP Legacy Download & Updated from https://www.miyuru.lk/geoiplegacy
* Change $path or put on /usr/share/GeoIP
* This script will replace GeoIP.dat, GeoIPCity.dat & GeoIPASNum.dat
* NGINX CONFIG:
http {
.... // etc
geoip_country /usr/share/GeoIP/GeoIP.dat;