congdonglinux

#! /bin/sh

# Set up a default search path
PATH="/usr/bin:/bin"

CURL=`which curl`
if [ -z "$CURL" ]; then
  echo "curl not found"
  exit 1
fi

congdonglinux

-- a quick LUA access script for nginx to check IP addresses against an
-- `ip_blacklist` set in Redis, and if a match is found send a HTTP 403.
--
-- allows for a common blacklist to be shared between a bunch of nginx
-- web servers using a remote redis instance. lookups are cached for a
-- configurable period of time.
--
-- block an ip:
--   redis-cli SADD ip_blacklist 10.1.1.1
-- remove an ip:

congdonglinux

---
##prapare to install
    # for all nodes
    sudo useradd -d /home/ceph -m ceph
    sudo passwd ceph
    echo "ceph ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ceph
    sudo chmod 0440 /etc/sudoers.d/ceph
 
##admin-node node(ceph and root)
    ssh-keygen

congdonglinux

 http {

     map $http_user_agent $limit_bots {
         default '';
         ~*(google|bing|yandex|msnbot) $binary_remote_addr;
     }

     limit_req_zone $limit_bots zone=bots:10m rate=1r/m;

     server {

congdonglinux

# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

congdonglinux

Installing and using Percona XtraBackup

For MySQL/MariaDB database servers on Ubuntu.

Set-up and Install

Add Percona to your repository.

Backup your sources.

sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup

Edit your sources.

congdonglinux

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400,000 to 500,000 requests per second (clustered), most what i saw is 50,000 to 80,000 (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

• Stable version NGINX (deb/rpm)
• Mainline version NGINX (deb/rpm)

congdonglinux

#!/usr/bin/sh

# Flush Linux pagecache, dentrie & inode (cache)
# Reswaping 0B

MIN_MEMORY=78643200 # Reswap only if there is free RAM (75MB)
#PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#PATH=/bin:/sbin:$PATH

# Flush pagecache + reswaping 0B:

congdonglinux

--- check_mailman_qfiles.org	2013-05-13 17:01:56.000000000 +0900
+++ check_mailman_qfiles	2013-05-13 17:05:17.000000000 +0900
@@ -9,7 +9,6 @@
 
 use strict;
 use warnings;
-use File::Find::Rule;
 use Getopt::Long;
 
 my $qfiles_base = '/var/lib/mailman/qfiles';

congdonglinux

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Turn on execshield
# 0 completely disables ExecShield and Address Space Layout Randomization
# 1 enables them ONLY if the application bits for these protections are set to “enable”
# 2 enables them by default, except if the application bits are set to “disable”
# 3 enables them always, whatever the application bits