#####从零开始配置 Ansible 控制 VPS
#####准备: 首先,手上有一台新安装的 Ubuntu 14.04, 设置 ssh 登录所需
$ cd ~/.ssh
$ ssh-keygen -t rsa -C “remark”
# 添加好新产生 `.pub` 文件到 VPS 后,删除这个 `.pub`
wujcheng
wujcheng
/ VPS-status.md
Created
August 17, 2018 15:05
— forked from yylzcom/VPS-status.md
VPS在线情况比较
其实一直用UptimeRobot监控,很早也就想把在线数据推荐公布出来方便大家选择,终于发现了StatusPage这个好东西。
#在线时间数据: http://www.gubo.org/status/ 当中除了香港的以外,几乎没有一个的宕机是能感觉得到的,不少是我自己编译模块或者重启导致的宕机。都是我非常满意的VPS。
#VPS 推荐列表: http://www.gubo.org/?p=1415 用的VPS都是美国西海岸或者香港的VPS,都是低价OpenVZ构架(512M $30/yr),用来建站或者梯子用,稳定即可。所以从来没有跑过什么benchmark这类的东西,其实跑了分也不会太高。
wujcheng
/ Naive-VPN.md
Created
August 17, 2018 15:36
— forked from klzgrad/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
wujcheng
/ vim-cheatsheet.md
Created
August 18, 2018 00:27
— forked from azadkuh/vim-cheatsheet.md
vim / vimdiff cheatsheet - essential commands
wujcheng
/ vimdiff.md
Created
August 18, 2018 00:27
— forked from mattratleph/vimdiff.md
vimdiff cheat sheet
##git mergetool
In the middle file (future merged file), you can navigate between conflicts with ]c and [c.
Choose which version you want to keep with :diffget //2 or :diffget //3 (the //2 and //3 are unique identifiers for the target/master copy and the merge/branch copy file names).
:diffupdate (to remove leftover spacing issues)
:only (once you’re done reviewing all conflicts, this shows only the middle/merged file)
wujcheng
/ Ubuntu_Dnsmasq_pdnsd实现无快速污染DNS解析.md
Created
August 18, 2018 09:39
— forked from vialib/Ubuntu_Dnsmasq_pdnsd实现无快速污染DNS解析.md
Ubuntu Dnsmasq + pdnsd 实现无快速污染DNS解析
wujcheng
/ macOS reinstall.md
Created
August 18, 2018 11:20
— forked from BB9z/macOS reinstall.md
Mac OS X 系统重置后,参考配置恢复笔记
迁移文件,powertoys,system,config
- 首先安装 brew,中间可能会提示安装 Command line tool,必须先安装。命令
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
wujcheng
/ dnscrypt.csv
Created
August 18, 2018 14:58
— forked from lenage/dnscrypt.csv
DNScrypt server list
We can make this file beautiful and searchable if this error is corrected: It looks like row 5 should actually have 14 columns, instead of 6 in line 4.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name,Full name,Description,Location,Coordinates,URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record | |
| 4armed,4ARMED,DNSCrypt Server provided by www.4armed.com,France,,https://www.4armed.com,1,yes,yes,no,51.254.115.48:443,2.dnscrypt-cert.dnscrypt.4armed.io,FD3E:5887:63EA:17A9:1AF8:4325:DE82:1507:6ED0:01AB:2F9E:55DE:689B:F491:4D8E:526E, | |
| cisco,Cisco OpenDNS,Remove your DNS blind spot,Anycast,,https://www.opendns.com,1,no,no,no,208.67.220.220:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79, | |
| cisco-familyshield,Cisco OpenDNS with FamilyShield,Blocks web sites not suitable for children,Anycast,,https://www.opendns.com/home-internet-security/parental-controls/,1,no,no,no,208.67.220.123:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79, | |
| cisco-ipv6,Cisco OpenDNS over IPv6,Cisco OpenDNS IPv6 sandbox,Anycast,,https://www.op |
wujcheng
/ nginx 反向代理 blog.conf
Created
August 19, 2018 04:30
— forked from loveshizuka/nginx 反向代理 blog.conf
在 vps 用 nginx 反向代理 wordpress/blogger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nginx/sites-available/blog.shellexy.info | |
| server { | |
| resolver 8.8.8.8; | |
| listen 80; | |
| server_name blog.shellexy.info; | |
| #access_log off; | |
| access_log /var/log/nginx/blog.shellexy.info.access.log; | |
| location / { | |
| #避免远方启用压缩导致无法替换纯文本 | |
| proxy_set_header Accept-Encoding ""; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server | |
| { | |
| listen 443 ssl; | |
| listen 80; | |
| server_name gdgdocs.org www.gdgdocs.org; | |
| ssl_certificate /home/certs/www.gdgdocs.org_conbined.crt; | |
| ssl_certificate_key /home/certs/www.gdgdocs.org_nopass.key; | |
| ssl_protocols SSLv3 TLSv1; | |
| ssl_ciphers HIGH:!aNULL:!MD5; |