rainly

/**
 * Bear Theme with Typora
 *
 * @version : 0.0.1
 * @update  : 2018/09/08
 * @homepage: https://gist.github.com/Kenshin/e5adc79da3149315bdfd72a35b70d65e
 * @license : MIT https://github.com/kenshin/mduikit/blob/master/LICENSE
 * @author  : Kenshin Wang <[email protected]>
 * 
 * @copyright 2018

rainly

=====server side /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <privkey>
ListenPort = 24444
SaveConfig = false
Address = 10.0.0.1/32
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]

rainly

公司一台2个CPU共8核的服务器访问量上来后top里load高达8到17,但cpu占用却只有Cpu(s): 50%us,可能是static模式下启动php-fpm全起在第一个cpu上了,尝试把nginx的进程指定到第二个cpu上,负载马上降到2左右了:

有8个核心的话可以把nginx分到第二个cpu的1,3,5,7这4个核上, php5-fpm则默认跑在第一个cpu的0,2,4,6核心, 在nginx.conf里:
worker_processes 4;
worker_cpu_affinity 00000010 00001000 00100000 10000000;   #不要用worker_cpu_affinity 10101010; 不均衡
sudo service nginx restart
第二个cpu的具体核心序号要先看看核心分布:
grep -P '^physical id' /proc/cpuinfo
比如4*2核不超线程的可能是:01 01 01 01 也可能是 00 11 00 11, 还可能是10 10 10 10(奇怪的是这些机器不论01先后,0号cpu的负载总是比1号大得多)
4*2核超线程的可能是:0000 1111 0000 1111

rainly

在top里看到某个php进程占用cpu很高想知道对应的request url:
php 5.3以上有fpm status page功能(http://php.net/manual/en/install.fpm.configuration.php#pm.status-path), 但是从网页访问的,
改用cgi-fcgi从命令行访问比较安全方便, cgi-fcgi就是cgi(nginx) to fcgi(php5-fpm)的意思

sudo vi /etc/php5/fpm/pool.d/www.conf
#解除注释 pm.status_path = /status
sudo service php5-fpm restart

sudo apt-get install libfcgi0ldbl     #centos是yum install fcgi  (先sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm  及  sudo yum upgrade ca-certificates --disablerepo=epel)
sudo SCRIPT_FILENAME=. SCRIPT_NAME=/status QUERY_STRING="full" REQUEST_METHOD=GET cgi-fcgi -bind -connect /var/run/php5-fpm.sock | grep -A7 <pid>

rainly

#boot into exist linux in /dev/sda1
#download iso file into for example: /home/malcolm/Downloads/lubuntu-18.04-desktop-amd64.iso
#sudo subl /boot/grub/grub.cfg:
    menuentry 'Lubuntu 18.04 ISO' {
       set isofile='/home/malcolm/Downloads/lubuntu-18.04-desktop-amd64.iso'
       loopback loop (hd0,1)$isofile
       linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile noprompt noeject
       initrd (loop)/casper/initrd.lz
    }
#sudo reboot

rainly

参考链接：

• SHELL编程之特殊符号

• SHELL编程之常用技巧

• Bash exec 与重定向

• Linux Shell多进程并发控制

• Bash脚本实现批量作业并行化

• What is the best way to ensure only one instance of a Bash script is running?

rainly

虚拟机有 2 台

» virsh list --title --all
 Id    Name               State      Title
--------------------------------------------------
 5     vm-01             running    192.168.2.110
 6     vm-02             running    192.168.2.111

rainly

# User and group used by worker processes
user www-data;

# Ideally # of worker processes = # of CPUs or cores
# Set to auto to autodetect
# max_clients = worker_processes * worker_connections
worker_processes auto;

pid /run/nginx.pid;

rainly

# User ssh configuration file ~/.ssh/config
# Gist https://gist.github.com/terrywang/3997931
# man ssh_config for more information
# Inspired by the blog post below to fight the NSA
# https://stribika.github.io/2015/01/04/secure-secure-shell.html

# Github needs diffie-hellman-group-exchange-sha1 some of the time but not always
# Host github.com
#     KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

rainly

sudo apt-get install libssl-dev
git clone https://github.com/proftpd/proftpd.git
cd proftpd
./configure --with-modules=mod_digest             #开启这个模块可以支持xcrc远程快速比较
make
sudo make install
sudo vi /usr/local/etc/proftpd.conf
#在"Port 21"下面加上:
SocketBindTight                 on                #因为通过kcptun通道走, 不需要监听外网ip, 只要127.0.0.1即可
DefaultAddress                  127.0.0.1