liwsakilive / gist:ce1d1c6d69e667370e8bb6b761d23408

Created April 23, 2016 07:16

opeopenvpn-install

	#!/bin/bash
	# Slightly modified version from https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh
	# Run with sudo ./openvpn-install.sh and not sudo sh ./openvpn-install.sh as read command has issues with external triggering of scripts
	# OpenVPN road warrior installer for Debian, Ubuntu and CentOS

	# This script will work on Debian, Ubuntu, CentOS and probably other distros
	# of the same families, although no support is offered for them. It isn't
	# bulletproof but it will probably work if you simply want to setup a VPN on
	# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and
	# universal as possible.

liwsakilive / nginx_domain.conf

Created July 4, 2018 10:47

magento use nginx reverse proxy protection

	proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m
	inactive=24h max_size=1g;
	limit_req_zone $binary_remote_addr zone=clientlimit:10m rate=5r/s;
	limit_conn_zone $binary_remote_addr zone=name:10m;

	server {
	listen 80;
	server_name _;
	set $do_not_cache "0";
	set $bypass "0";

liwsakilive / nginx-magento.conf

Last active July 24, 2018 06:55 — forked from peerapach/nginx-magento.conf

	proxy_buffering on;

	proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;

	limit_req_zone $binary_remote_addr zone=five_per_second:10m rate=5r/s;
	limit_req_zone $binary_remote_addr zone=ten_per_one_minute:10m rate=10r/m;

	server {
	listen 80;
	server_name www.yourdomain.com;

liwsakilive / iptables-udp-flood.txt

Created April 13, 2019 19:42 — forked from thoward/iptables-udp-flood.txt

Prevent UDP flood

	# Outbound UDP Flood protection in a user defined chain.
	iptables -N udp-flood
	iptables -A OUTPUT -p udp -j udp-flood
	iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN
	iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: '
	iptables -A udp-flood -j DROP

liwsakilive / ddos.conf

Last active August 13, 2019 08:07 — forked from mattia-beta/ddos.conf

IPtables DDoS Protection

	### 1: Drop invalid packets ###
	/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP

	### 2: Drop TCP packets that are new and are not SYN ###
	/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

	### 3: Drop SYN packets with suspicious MSS value ###
	/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP

	### 4: Block packets with bogus TCP flags ###

liwsakilive / 60-zercle.conf

Created August 15, 2019 19:15 — forked from bouroo/60-sysctl.conf

Kernel tuning for dedicated linux server. /etc/sysctl.d/60-zercle.conf

	# Kernel sysctl configuration file for Linux
	# https://www.kernel.org/doc/Documentation/sysctl/
	#
	# Original by Michiel Klaver <https://klaver.it/linux/sysctl.conf>
	# Modify by Kawin Viriyaprasopsook <[email protected]>
	#
	# The following is suitable for dedicated web server, mail, file server, KVM server etc.
	# place file in /etc/sysctl.d/60-zercle.conf
	# and run sysctl --system

liwsakilive / nginx-tuning.md

Created August 17, 2019 17:58 — forked from denji/nginx-tuning.md

NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

liwsakilive / rdo-pike-packstack

Created April 10, 2020 07:42

	wget http://mirror.centos.org/altarch/7/extras/aarch64/Packages/centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm
	wget http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-storage-common-2-2.el7.centos.noarch.rpm
	wget https://cbs.centos.org/kojifiles/packages/centos-release-openstack-pike/1/0.el7/x86_64/centos-release-openstack-pike-1-0.el7.x86_64.rpm
	wget https://cbs.centos.org/kojifiles/packages/centos-release-qemu-ev/1.0/2.el7/noarch/centos-release-qemu-ev-1.0-2.el7.noarch.rpm
	wget http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm

	rpm -ivh centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm
	rpm -ivh centos-release-storage-common-2-2.el7.centos.noarch.rpm
	rpm -ivh centos-release-qemu-ev-1.0-2.el7.noarch.rpm
	rpm -ivh centos-release-virt-common-1-1.el7.centos.noarch.rpm

liwsakilive / kolla-ansible-db-only

Created April 29, 2021 06:39

	---
	# You can use this file to override _any_ variable throughout Kolla.
	# Additional options can be found in the
	# 'kolla-ansible/ansible/group_vars/all.yml' file. Default value of all the
	# commented parameters are shown here, To override the default value uncomment
	# the parameter and change its value.

	ansible_python_interpreter: /usr/bin/python3

	###############

liwsakilive / gist:63f50af41a5b00d236a02ae44d2987fb

Created January 25, 2022 18:41 — forked from lovellfelix/gist:7aa7edfc45605650913c

Convert p2v vmware vmdk to kvm

	#Convert vmware image to raw format image file
	qemu-img convert -f vmdk -p -O raw machine.name.vmdk /opt/machine-name.img

	#DD image into logical volume
	dd if=machine-name.img of=/dev/vg_vmstore/lv_001-prod-machine-name-win001

	#Use create virtual machine with existing disk

Liwsaki Live liwsakilive

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance