##ss加密算法
常用算法aes-256-cfb速度较慢,在路由器等arm平台表现不佳。
用于arm平台时,采用算法rc4-md5即可。
"method":"rc4-md5"
为加速加密速度,安装m2crypto
yum install m2crypto
wujcheng
wujcheng
/ Shadowsocks服务端性能优化.md
Created
August 23, 2018 15:59
— forked from cyanife/Shadowsocks服务端性能优化.md
Shadowsocks服务端性能优化
wujcheng
/ flume_gcp.confg
Created
August 26, 2018 00:45
— forked from tsusanto/flume_gcp.confg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tier1.sources = filename-source1 | |
| tier1.channels = channel1 | |
| tier1.sinks = hdfs-sink1 | |
| tier1.channels.channel1.type = file | |
| tier1.channels.channel1.checkpointDir = /mnt/data/tenny/flume/checkpoint | |
| tier1.channels.channel1.dataDirs = /mnt/data/tenny/flume/data | |
| tier1.channels.channel1.capacity = 1000000 | |
| tier1.channels.channel1.transactionCapacity = 10000 |
wujcheng
/ nginx-dynamic-cache.conf
Created
August 26, 2018 02:42
— forked from ericksond/nginx-dynamic-cache.conf
nginx dynamic caching using proxy_store with reverse-proxy fallback
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # servers to proxy to | |
| upstream servers { | |
| server 10.0.0.1; | |
| server 10.0.0.2; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.domain.com; | |
| server_name www2.domain.com |
wujcheng
/ Naive-VPN.md
Created
August 26, 2018 04:52
— forked from evvil/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
wujcheng
/ ss-redir 透明代理.md
Created
September 10, 2018 23:18
— forked from wen-long/ss-redir 透明代理.md
ss-redir 透明代理.md
##ss-redir 的 iptables 配置(透明代理)
透明代理指对客户端透明,客户端不需要进行任何设置就使用了网管设置的代理规则
创建 /etc/ss-redir.json 本地监听 7777
运行ss-redir -v -c /etc/ss-redir.json
iptables -t nat -N SHADOWSOCKS
# 在 nat 表中创建新链
iptables -t nat -A SHADOWSOCKS -p tcp --dport 23596 -j RETURN
# 23596 是 ss 代理服务器的端口,即远程 shadowsocks 服务器提供服务的端口,如果你有多个 ip 可用,但端口一致,就设置这个
wujcheng
/ nodejs-ubuntu-bind-port-80.md
Created
September 11, 2018 14:51
— forked from drawveloper/nodejs-ubuntu-bind-port-80.md
Allow Node.js to bind to privileged ports without root access on Ubuntu
Only do this if you understand the consequences: all node programs will be able to bind on ports < 1024
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
Important: your node location may vary. Use which node to find it, or use it directly in the command:
wujcheng
/ wireguard.md
Created
September 24, 2018 12:18
— forked from cute/wireguard.md
1:设置
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
sudo sysctl -p
2:安装
https://www.wireguard.com/install/
wujcheng
/ tunnel.sh
Created
September 26, 2018 05:55
— forked from vishvananda/tunnel.sh
Script to set up an ipsec tunnel between two machines
For Example: ./tunnel.sh 10.10.10.1 10.10.10.2 192.168.0.1 192.168.0.2 would set up an ipsec tunnel over 10.10.10.1 address using 192.168.0.1 as a virtual address
passwordless sudo required for user on remote machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$4" == "" ]; then | |
| echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>" | |
| echo "creates an ipsec tunnel between two machines" | |
| exit 1 | |
| fi | |
| SRC="$1"; shift | |
| DST="$1"; shift |
wujcheng
/ qemu-networking.md
Created
January 1, 2019 04:00
— forked from extremecoders-re/qemu-networking.md
Setting up Qemu with a tap interface
wujcheng
/ nginx.conf
Created
January 8, 2019 00:35
— forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |