Skip to content

Instantly share code, notes, and snippets.

View iovcho's full-sized avatar

yyovchev iovcho

3 followers · 19 following
View GitHub Profile
@nathanctech
nathanctech / proxy-nginx-fxserver.md
Created May 1, 2020 14:23
FXServer Reverse Proxy

Proxying FiveM Connections using Nginx

As of server version 2377, support was added to FiveM to run a custom streaming proxy similar to cfx.re, but proxying the data connection (UDP) as well. This can be accomplished very easily with nginx acting as a proxy, and you can combine the caching proxy with it.

Requirements

  • Nginx 1.17+ (1.16 absolute minimum, guide tested on 1.17)
  • Server with reasonable network bandwidth (500mbps uplink strongly suggested)
  • FXserver version 2377 or later
  • SSL certificate for the domain you're using (highly recommended)
@pm-hwks
pm-hwks / netcat.sh
Created August 21, 2019 07:03
[Netcat network test] Netcat commands to test bandwidth between 2 linux servers #netcat #perf-test #linux #network
## Netcat server command
nc -l <unused port # > /dev/null
eg:
nc -l 1122 > /dev/null
## Netcat Client command
dd if=/dev/zero bs=9100004096 count=1 | nc <netcat server> <netcat port>
eg:
dd if=/dev/zero bs=9100004096 count=1 | nc 10.0.1.251 1122
@mikejsutherland
mikejsutherland / gwmonitor.sh
Last active February 22, 2020 17:51
Simple pfsense WAN connection monitor with auto reset and notification
#!/bin/sh
WWW="https://google.com"
DELAY=30
FAILLIMIT=2
ITERATION=5
www_test() {
RES=`curl -s -L -X HEAD -4 -o /dev/null --connect-timeout 30 -m 60 $WWW`
@mohanpedala
mohanpedala / nginx_performance_tuning.md
Last active April 30, 2024 11:50
NGINX Performance tuning

NGINX Performance Tuning

Content Compressions and Decompression

  • Documentation
    • NGINX http_gzip module
    • NGINX http_gunzip module
  • Enable gzip. by default, we’re not going to compress the responses that we’re getting from proxied servers or any piece of content that isn’t HTML.
  • But if one of our proxied servers happens to send us a pre-compressed response then we probably want to decompress it for clients that can’t handle gzip. In this situation, we’ll use the gunzip module 
    $ vim /etc/nginx/nginx.conf
@VirtuBox
VirtuBox / protect.conf
Created June 23, 2017 20:54
Nginx Configuration to block SQL Injection and similar attacks
location ~* "(eval\()" { deny all; }
location ~* "(127\.0\.0\.1)" { deny all; }
location ~* "([a-z0-9]{2000})" { deny all; }
location ~* "(javascript\:)(.*)(\;)" { deny all; }
location ~* "(base64_encode)(.*)(\()" { deny all; }
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
@kekru
kekru / add CA cert on CentOS Debian Ubuntu.md
Last active October 23, 2023 08:21
Add CA cert to local trust store on CentOS, Debian or Ubuntu
  • Open a webpage that uses the CA with Firefox
  • Click the lock-icon in the addressbar -> show information -> show certificate
  • the certificate viewer will open
  • click details and choose the certificate of the certificate-chain, you want to import to CentOS
  • click "Export..." and save it as .crt file
  • Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
  • run update-ca-trust extract
  • test it with wget https://thewebsite.org
@mattia-beta
mattia-beta / ddos.conf
Last active April 27, 2024 22:00
IPtables DDoS Protection for VPS
### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
@igortik
igortik / nginx.conf
Last active July 15, 2023 04:09
Nginx optimized configuration with DDoS mitigation
user nginx;
# one(1) worker or equal the number of _real_ cpu cores. 4=4 core cpu
worker_processes 4;
# renice workers to reduce priority compared to system processes for
# machine health. worst case nginx will get ~25% system resources at nice=15
worker_priority -5;
@wpscholar
wpscholar / vagrant-cheat-sheet.md
Last active April 25, 2024 12:11
Vagrant Cheat Sheet

Typing vagrant from the command line will display a list of all available commands.

Be sure that you are in the same directory as the Vagrantfile when running these commands!

Creating a VM

  • vagrant init -- Initialize Vagrant with a Vagrantfile and ./.vagrant directory, using no specified base image. Before you can do vagrant up, you'll need to specify a base image in the Vagrantfile.
  • vagrant init <boxpath> -- Initialize Vagrant with a specific box. To find a box, go to the public Vagrant box catalog. When you find one you like, just replace it's name with boxpath. For example, vagrant init ubuntu/trusty64.

Starting a VM

  • vagrant up -- starts vagrant environment (also provisions only on the FIRST vagrant up)
@denji
denji / nginx-tuning.md
Last active May 3, 2024 03:57
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.