Skip to content

Instantly share code, notes, and snippets.

View vqiu's full-sized avatar
🌴
On vacation

shuhui.qiu vqiu

🌴
On vacation
3 followers · 14 following
View GitHub Profile
@vqiu
vqiu / nginx.tmpl
Created June 24, 2018 18:14 — forked from tzumby/nginx.tmpl
{{ $cfg := .Cfg }}
{{ $IsIPV6Enabled := .IsIPV6Enabled }}
{{ $healthzURI := .HealthzURI }}
{{ $backends := .Backends }}
{{ $proxyHeaders := .ProxySetHeaders }}
daemon off;
worker_processes {{ $cfg.WorkerProcesses }};
pid /run/nginx.pid;
{{ if ne .MaxOpenFiles 0 }}
@vqiu
vqiu / waf.lua
Created June 24, 2018 18:01 — forked from zahna/waf.lua
-- https://github.com/openresty/lua-nginx-module#nginx-api-for-lua
-- https://www.nginx.com/resources/wiki/modules/lua/
-- http://www.staticshin.com/programming/definitely-an-open-resty-guide/
-- access_by_lua_file /path/to/waf.lua;
-- examine request
ngx.req.read_body()
local request_method = ngx.req.get_method()
local get_args = ngx.req.get_uri_args()
local post_args, err = ngx.req.get_post_args()
@vqiu
vqiu / db.sql
Created June 24, 2018 17:42 — forked from kindy/db.sql
ngx_openresty file upload
" mysql中增加一数据库,名为nginx,编码为utf8
" 增加一表,名为 uploadfile 结构为
CREATE TABLE `uploadfile` (
`id` int(20) NOT NULL AUTO_INCREMENT,
`filehash` varchar(50) DEFAULT NULL,
`filename` varchar(100) DEFAULT NULL,
`filelen` varchar(50) DEFAULT NULL,
`contenthash` varchar(80) DEFAULT NULL,
PRIMARY KEY (`id`)
@vqiu
vqiu / OpenResty.md
Created June 24, 2018 17:41 — forked from JeOam/OpenResty.md
OpenResty Notes Navigation
@vqiu
vqiu / ngx.access_by_lua.md
Created June 24, 2018 17:27 — forked from qrtt1/ngx.access_by_lua.md

本來打算試著用 ngx_lua 取代原本用 C 實作的 access control,可是看完了「基本語法」想要找一些相關會用到的 library 都找不太到,像 lua-aws 雖然有人寫,但看起來不太完整。這樣就不能透過 lua script 存取 aws service 取得認證的資訊。

不過,想了想它網頁上 access_by_lua 的例子也沒有直接寫在裡面,就以 deleagte 的形式問了其它 uri:

location / {
    deny    192.168.1.1;
    allow   192.168.1.0/24;
    allow   10.1.1.0/16;
    deny    all;
@vqiu
vqiu / rdate.md
Created January 12, 2018 10:15
使用 rdate 替代ntp 功能

总有那么些蛋疼的机房,为了所谓的这安全,将NTP 服务器一刀切了。这时候时间同步就是一个问题,不过我们还可以使用 rdate 来解决。

yum -y install rdate
rdate -s time.nist.gov

cat > /etc/cron.daily/rdate << "EOF"
#!/bin/sh
rdate -s time.nist.gov
@vqiu
vqiu / docker-compose-tick.yml
Created December 3, 2017 11:42 — forked from cdelaitre/docker-compose-tick.yml
Monitor Docker Swarm with the InfluxData TICK Stack
version: '3'
services:
# FRONT
chronograf:
# Full tag list: https://hub.docker.com/r/library/chronograf/tags/
image: chronograf
deploy:
replicas: 1
placement:
constraints:
@vqiu
vqiu / setup-audit.sh
Created November 19, 2017 13:46 — forked from shichao-an/setup-audit.sh
#!/bin/bash
# Setup and enable auditd
# MUST REBOOT AFTER SETUP
#
# FUNCTIONALITIES:
#
# * Auditing user TTY
# aureport --tty
#
# * Auditing root commands (real uid)
@vqiu
vqiu / consul.lua
Created September 15, 2017 15:56 — forked from gmr/consul.lua
Dynamic Nginx upstream nodes using Consul
module("resty.consul", package.seeall)
_VERSION = '0.1.0'
function service_nodes(service)
local http = require "resty.http"
local json = require "cjson"
local hc = http:new()
local upstream = ""
@vqiu
vqiu / kerberos_setup.md
Created August 9, 2017 06:17 — forked from ashrithr/kerberos_setup.md
Set up kerberos on Redhat/CentOS 7

Installing Kerberos on Redhat 7

This installation is going to require 2 servers one acts as kerberos KDC server and the other machine is going to be client. Lets assume the FQDN's are (here cw.com is the domain name, make a note of the domain name here):

  • Kerberos KDC Server: kdc.cw.com
  • Kerberos Client: kclient.cw.com

Important: Make sure that both systems have their hostnames properly set and both systems have the hostnames and IP addresses of both systems in