Skip to content

Instantly share code, notes, and snippets.

@kerus1024
kerus1024 / Harbor Docker registry Cache via nginx proxy cache.conf
Last active March 9, 2024 07:10
Harbor Docker registry Cache via nginx proxy cache
client_max_body_size 0;
location ~ "^/v2/.*/manifests/[a-zA-Z0-9\_][a-zA-Z0-9\-\_\.]{0,127}$" {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache proxycache;
@kerus1024
kerus1024 / nginx-tuning.md
Created January 18, 2024 08:09 — forked from denji/nginx-tuning.md
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@kerus1024
kerus1024 / iptables-cheatsheet.md
Created October 13, 2023 07:46 — forked from mcastelino/iptables-cheatsheet.md
iptables-cheatsheet

The netfilter hooks in the kernel and where they hook in the packet flow

The figure below calls out

  • The netfilter hooks
  • The order of table traversal
@kerus1024
kerus1024 / setup_go-mmproxy.bash
Created June 17, 2023 07:57
Setup go-mmproxy
go get github.com/path-network/go-mmproxy
mkdir -p /svc/mmproxy
cp $HOME/go/bin/go-mmproxy /svc/mmproxy/
cat > /svc/mmproxy/path-prefixes.txt <<EOF
127.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
EOF
@kerus1024
kerus1024 / haproxy.cfg
Created June 17, 2023 07:46
Bind SSH port with HTTPS SNI Routing using HAProxy
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd list eners
stats timeout 30s
user haproxy
group haproxy
daemon
@kerus1024
kerus1024 / Debian Linux Reduce AMD CPU Power Consumption by using governor and disabling cpu boost.bash
Created December 26, 2022 15:32
Debian Linux Reduce AMD CPU Power Consumption by using governor and disabling cpu boost
#!/bin/bash
# Set to Governor default
sudo apt-get update -y
sudo apt-get install -y cpufrequtils
# Disable AMD Boost
echo "0" | sudo tee /sys/devices/system/cpu/cpufreq/boost
#!/bin/bash
# https://www.geeksforgeeks.org/access-control-listsacl-linux/
cid=111
pct set $cid -mp0 /mnt/pve/storage1/native,mp=/storage1
setfacl -Rm g:100033:rwx,d:g:100033:rwx /mnt/pve/storage1/lxcdisk/
# setfacl -m u:100000:rw -m g:100000:rw /dev/net/tun
#!/bin/bash
get_lxc_list=`pvesh ls /nodes/localhost/lxc | awk '{ print $2 }'`
lxc_list=($get_lxc_list)
for container_id in "${lxc_list[@]}"
do
echo CT : $container_id
pct exec $container_id 'hostname' &
@kerus1024
kerus1024 / install-openresty.bash
Last active December 4, 2022 15:59
Openresty Install on Debian/Ubuntu
#!/bin/bash
#
# Openresty Installation
# working on debian 11, ubuntu 22.04
#
# Define Some Variables
set -ex
ORIGIN_WORK_DIRECTORY="$(pwd)"
SOURCE_WORK_DIRECTORY="/opt"
@kerus1024
kerus1024 / proxmox-macip-filter.sh
Created November 19, 2022 18:04
Proxmox MAC/IP Filter
#!/bin/bash
ebtables -F INPUT
ebtables -F FORWARD
CHAINNAME=MY_MACFILTER
ebtables -F $CHAINNAME 2>/dev/null
ebtables -D $CHAINNAME 2>/dev/null
ebtables -N $CHAINNAME
ebtables -A INPUT -j $CHAINNAME