Skip to content

Instantly share code, notes, and snippets.

View sonufrienko's full-sized avatar
✌️

Sergii Onufriienko sonufrienko

✌️
123 followers · 34 following
View GitHub Profile
@sonufrienko
sonufrienko / nginx-tuning.md
Created February 21, 2018 18:20 — forked from denji/nginx-tuning.md
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@sonufrienko
sonufrienko / nginx.conf
Created June 13, 2018 20:22 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@sonufrienko
sonufrienko / network
Created January 13, 2019 20:34
# count and group ports
netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n
@sonufrienko
sonufrienko / promisify.js
Created January 19, 2019 10:19
Custom JavaScript Promisify function
const promisify = f => (...args) =>
new Promise((resolve, reject) => {
f(...args, (err, res) => {
if(err) {
return reject(err);
}
return resolve(res);
});
});
@sonufrienko
sonufrienko / watch
Created February 14, 2019 12:30
nodemon Internal watch failed: watch ENOSPC
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
@sonufrienko
sonufrienko / kafka-cheat-sheet.md
Created February 24, 2019 09:58 — forked from ursuad/kafka-cheat-sheet.md
Quick command reference for Apache Kafka

Kafka Topics

List existing topics

bin/kafka-topics.sh --zookeeper localhost:2181 --list

Describe a topic

bin/kafka-topics.sh --zookeeper localhost:2181 --describe --topic mytopic

Purge a topic

bin/kafka-topics.sh --zookeeper localhost:2181 --alter --topic mytopic --config retention.ms=1000

... wait a minute ...

@sonufrienko
sonufrienko / generate-keys.sh
Last active March 23, 2019 12:06
# Generate private and public keys
# RSA 2048
# Quiet mode
# Without a passphrase
ssh-keygen -t rsa -b 2048 -q -N '' -m PEM -f private.key \
&& rm private.key.pub \
&& openssl rsa -in private.key -pubout -outform PEM -out public.key
@sonufrienko
sonufrienko / aws-alb-modify-rule.sh
Created March 25, 2019 09:06
Blue/Green Deployments. Switch ECS target group on ALB.
# Get all Rules from Listener
aws elbv2 describe-rules \
--listener-arn {alb-listener-arn}
# Get Rule
aws elbv2 describe-rules \
--rule-arn {alb-rule-arn}
# Modify Rule
aws elbv2 modify-rule \
@sonufrienko
sonufrienko / node-on-ec2-port-80.md
Last active May 2, 2020 14:24 — forked from kentbrew/node-on-ec2-port-80.md
How I Got Node.js Talking on EC2's Port 80

The Problem

Standard practices say no non-root process gets to talk to the Internet on a port less than 1024. How, then, could I get Node talking on port 80 on EC2? (I wanted it to go as fast as possible and use the smallest possible share of my teeny tiny little micro-instance's resources, so proxying through nginx or Apache seemed suboptimal.)

One possibly-right way:

Add a port forwarding rule via iptables.

First, I listed the rules currently running on the NAT (Network Address Translation) table:

@sonufrienko
sonufrienko / aws-client-vpn.md
Last active April 14, 2022 09:48
AWS Client VPN

Create Certificates

git clone https://github.com/OpenVPN/easy-rsa
cd easy-rsa/easyrsa3
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa build-server-full server nopass
./easyrsa build-client-full client1.domain.tld nopass