这篇文章记录了一些杂项

方便自己翻看的一些东西

需要自取

解决一些问题的nginx配置模板

server {
    listen 80;
    server_name pari.cafe;
    root /www/wwwroot/pari.cafe;

    location / {
        return 301 https://$server_name$request_uri;
    }

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    access_log  /www/wwwlogs/pari.cafe.log;
    error_log  /www/wwwlogs/pari.cafe.error.log;
}

server {
	listen 443 ssl http2;
    server_name pari.cafe;

    ssl_certificate    /www/server/panel/vhost/cert/pari.cafe/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/pari.cafe/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497 https://$host$request_uri;
	#SSL-END


    #PROXY-START/

    location / {
        proxy_pass https://ddv4.flymc.cc:65443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;
        # proxy_hide_header Upgrade;

        add_header X-Cache $upstream_cache_status;

        #Set Nginx Cache
    
    
       # set $static_file2fQNkIPc 0;
       # if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
       # {
       # 	set $static_file2fQNkIPc 1;
       # 	expires 1m;
        #    }
        #if ( $static_file2fQNkIPc = 0 )
       # {
      #  add_header Cache-Control no-cache;
       # }
    }

    #PROXY-END/

    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$1$is_args$args;
        #access_log  /www/wwwlogs/pari.cafe_purge_cache.log;
    }
	#引用反向代理规则，注释后配置的反向代理将无效
	#include /www/server/panel/vhost/nginx/proxy/pari.cafe/*.conf;

    access_log  /www/wwwlogs/pari.cafe.log;
    error_log  /www/wwwlogs/pari.cafe.error.log;
}

docker-compose in Debian

COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build

Certbot

certbot certonly \
        -d flymc.cc -d *.flymc.cc -d pari.cafe -d *.pari.cafe \
	    --manual \
	    --preferred-challenges "dns-01" \
	    --server "https://dv.acme-v02.api.pki.goog/directory" \
            --domains "flymc.cc"
            --domains "*.flymc.cc"
	    --domains "pari.cafe"
	    --domains "*.pari.cafe"


certbot certonly --preferred-challenges dns --manual -d *.closure.ac.cn -d closure.ac.cn --server https://acme-v02.api.letsencrypt.org/directory



AES 8 8
UKF2bB3AFf/5DLevXeSDP3Xw8m2DUm6iz08VtyeMQ5ROvIfbtPcMXCcBkycvX1zHNLAkh/BsrVXzWMkwh0upC5sVoaEmokk1sqOCDQZpfBUjn4KYphns/XloVze/2K9zUiri18wWYX5r4flxxRrGmVbKkwTF77Wr5Goj5kVDCeTHc8LM+GGR6SS84xdweICx8vt/LCVRXh6Zk6vFbiW579KnG/X6Usx9jrIJwr56Lo/tYrY5N0UBgHLbmn+tNSievt3LQ9v+kh7Zrgt6KJ0iZJYRLC9NgIIoU7c/pfLy893dkEtxYkNiQp4jMprTGKPy9cRs7cmKmgVNSc24EvPRBY5MZVt4yrrIN185qHcUsTgXFLGtg/eDqk0Rq9uWAKhQXTBxWm1zgb17

s3fs挂载对象存储

echo access key:screctkey > ${HOME}/.passwd-s3fs

chmod 600 ${HOME}/.passwd-s3fs

s3fs neko-main /neko-main -o passwd_file=${HOME}/.passwd-s3fs

s3fs drive-data /www/data -o passwd_file=${HOME}/.passwd-s3fs -o url=https://s3.ap-northeast-1.wasabisys.com/ -o use_path_request_style

nping test / hping3

nping --tcp-connect -rate=1000000 -c 4294967295 -q ip/domain -p 443 --badsum-ip -H -N --quiet
hping3 -S --flood -V [target] --rand-source -d 1024 -t 128 -w 1

trojan-go api

trojan-go -api-addr 127.0.0.1:10808 -api set -modify-profile -target-hash 8dfa51d7637f5ed3b6a5c83124eb3787279d6916f9d3128e59712e07 \
    -ip-limit 4 \
    -upload-speed-limit 10485760 \
    -download-speed-limit 10485760

trojan-go -api-addr 127.0.0.1:10808 -api list

循环get计划任务

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
step=1
for (( i = 0; i < 120; i=(i+step) )); do
curl -sS -H "X-Forwarede-For: 127.0.0.1" -H 'Cache-Control: no-cache, no-store' --connect-timeout 10 -m 60 -k '[url]' 
echo "----------------------------------------------------------------------------"
endDate=`date +"%Y-%m-%d %H:%M:%S"`
echo "★[$endDate] Successful"
echo "----------------------------------------------------------------------------"
sleep .5
done
exit 0

smartdns cfg

# Add custom settings here.

# set log level
# log-level [level], level=fatal, error, warn, notice, info, debug
# log-level error

# log-size k,m,g
# log-size 128k

# log-file /var/log/smartdns.log
# log-num 2

# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]

response-mode fastest-response
speed-check-mode tcp:80,ping,tcp:443

serve-expired yes
serve-expired-ttl 86400

server 10.0.0.101 -group cn
server 10.0.0.101 -group neko
server 223.5.5.5 -group cn
server 119.29.29.29 -group cn
server 223.6.6.6 -group cn
server 8.8.4.4 -group neko
server 8.8.8.8  -group neko

server-tls 8.8.8.8  -group neko
server-tls 8.8.4.4  -group neko
server-tls dot.alidns.com -group cn
server-tls sophie.flymc.cc -group cn
server-tls sophie.flymc.cc -group neko

server-https https://dns.alidns.com/dns-query -group cn
server-https https://doh.pub/dns-query -group cn
server-https https://8.8.8.8/dns-query -group neko
server-https https://8.8.4.4/dns-query -group neko

conf-file /tmp/etc/smartdns/passwall.conf




# Add custom settings here.

# set log level
# log-level [level], level=fatal, error, warn, notice, info, debug
# log-level error

# log-size k,m,g
# log-size 128k

# log-file /var/log/smartdns.log
# log-num 2

# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]

response-mode first-ping
speed-check-mode none

serve-expired yes
serve-expired-ttl 3600

server 10.0.0.101  -group cn -no-cache
server 8.8.4.4 -group neko  -group cn
server 8.8.8.8  -group neko  -group cn
server 9.9.9.11 -group neko -exclude-default-group

server-tcp 10.0.0.101  -group cn -no-cache
server-tcp 8.8.4.4 -group neko  -group cn
server-tcp 8.8.8.8  -group neko  -group cn
server-tcp 9.9.9.11 -group neko -exclude-default-group

server-tls sophie.flymc.cc  -group neko  -group cn
server-tls 8.8.8.8  -group neko  -group cn
server-tls 8.8.4.4  -group neko  -group cn
server-tls dns11.quad9.net -group neko -exclude-default-group

server-https https://8.8.8.8/dns-query -group neko  -group cn
server-https https://8.8.4.4/dns-query -group neko  -group cn
server-https https://dns11.quad9.net/dns-query -group neko -exclude-default-group

conf-file /tmp/etc/smartdns/passwall.conf

宝塔/aa optimization

echo "" > /www/server/panel/script/site_task.py
rm -rf /www/server/panel/logs/request/*
chattr +i /www/server/panel/script/site_task.py
chattr +i -R /www/server/panel/logs/request