Skip to content

Instantly share code, notes, and snippets.

Arena Kanoksiri arenadoon

Block or report user

Report or block arenadoon

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@arenadoon
arenadoon / allow
Created Sep 4, 2019 — forked from Nilpo/allow
CSF Allow AND Ignore Cloudflare IPv4 IP's.
View allow
for i in `curl https://www.cloudflare.com/ips-v4`; do csf -a $i; done
@arenadoon
arenadoon / sysctl.conf
Created Aug 24, 2019 — forked from sokratisg/sysctl.conf
Tuned sysctl.conf for use by CentOS/RHEL 6.x or later
View sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Turn on execshield
# 0 completely disables ExecShield and Address Space Layout Randomization
# 1 enables them ONLY if the application bits for these protections are set to “enable”
# 2 enables them by default, except if the application bits are set to “disable”
# 3 enables them always, whatever the application bits
@arenadoon
arenadoon / nginx.conf
Created Aug 24, 2019 — forked from v0lkan/nginx.conf
Configuring NGINX for Maximum Throughput Under High Concurrency
View nginx.conf
user web;
# One worker process per CPU core.
worker_processes 8;
# Also set
# /etc/security/limits.conf
# web soft nofile 65535
# web hard nofile 65535
# /etc/default/nginx
View nginx.conf
user www-data;
worker_processes 1; # set to number of cores
worker_priority 15; # be nice
# todo: put these on tmpfs, slow write logs to non-volatile
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# set open fd limit to 81920
worker_rlimit_nofile 81920; # must be equal or higher as 'worker_processes' * 'worker_connections'
@arenadoon
arenadoon / gist:030dd273cfba8f66ad81ea60c9a9ef1f
Created Aug 22, 2019 — forked from Steven-Rose/gist:3943830
VI: Select all + delete, select all + copy
View gist:030dd273cfba8f66ad81ea60c9a9ef1f
Select all and delete (actually move to buffer)
:%d
Select all and copy to buffer
:%y
Use p to paste the buffer.
View gist:820e70d8d2e6c90ea8263465e8d92e37
http {
map $whitelist $limit {
default $binary_remote_addr;
1 "";
}
limit_conn_zone $limit zone=conn_limit_per_ip:10m;
limit_req_zone $limit zone=req_limit_per_ip:10m rate=5r/s;
server {
@arenadoon
arenadoon / nginx_cloudflare.conf
Created Aug 21, 2019 — forked from igortik/nginx_cloudflare.conf
Nginx & Cloudflare real IP configuration
View nginx_cloudflare.conf
# Look for client IP in the X-Forwarded-For header
real_ip_header X-Forwarded-For;
# Ignore trusted IPs
real_ip_recursive on;
# Trusted list
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
@arenadoon
arenadoon / nginx.conf
Created Aug 21, 2019 — forked from igortik/nginx.conf
Nginx optimized configuration with DDoS mitigation
View nginx.conf
user nginx;
# one(1) worker or equal the number of _real_ cpu cores. 4=4 core cpu
worker_processes 4;
# renice workers to reduce priority compared to system processes for
# machine health. worst case nginx will get ~25% system resources at nice=15
worker_priority -5;
You can’t perform that action at this time.