Skip to content

Instantly share code, notes, and snippets.

View shlink-docker-compose.yaml
@phlinhng
phlinhng / cfworkers_reverse_proxy.js
Last active Jul 16, 2021
fw: universal reverse proxy template
View cfworkers_reverse_proxy.js
// 需要反代的地址
const upstream = 'api.github.com'
// 反代地址的子路径
const upstreamPath = '/'
// 反代网站的移动端域名
const upstreamMobile = 'api.github.com'
// 是否使用 https
const useHttps = true
View github-to-jsdelivr.js
let github2jsdelivr = (_url) => {
regex = {"blob": /(.+)github.com\/(.+)\/(.+)\/blob\/(.+)\/(.+)/,
"tree": /(.+)github.com\/(.+)\/(.+)\/blob\/(.+)\/(.+)/};
if(_url.match(regex.tree)){
return _url.replace(regex.tree, "$1cdn.jsdelivr.net/gh/$2/$3@$4/$5");
}else if(_url.match(regex.blob)){
return _url.replace(regex.blob, "$1cdn.jsdelivr.net/gh/$2/$4@$4/$5");
}else{
return _url;
}
@phlinhng
phlinhng / cloudflare-ddns.sh
Last active Jun 18, 2021
Cloudflare DDNS Script
View cloudflare-ddns.sh
#!/bin/bash
zone_name=$1
record_name=$2
api_key=$3
current_ip=`curl -s https://api.ipify.org`
zone_id=`curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \
-H "Authorization: Bearer ${api_key}" -H "Content-Type: application/json" \
| jq -r ".result | .[] | select(.name == \"${zone_name}\") | .id"`
View ufw-blacklist.sh
#!/bin/bash
# censys.io (https://support.censys.io/hc/en-us/articles/360038378552-Frequently-Asked-Questions)
echo "74.120.14.0/24" >> /tmp/cen_ips
echo "162.142.125.0/24" >> /tmp/cen_ips
echo "167.248.133.0/24" >> /tmp/cen_ips
echo "192.35.168.0/23" >> /tmp/cen_ips
for cenip in `cat /tmp/cen_ips`; do ufw deny from $cenip to any comment 'censys scanners'; done
@phlinhng
phlinhng / a-clash-tproxy-gateway.md
Last active Jun 7, 2021
Clash as transparent proxy gateway via TPROXY
View a-clash-tproxy-gateway.md

Notes

  1. If your local network use public IP ranges instead of private ones, make sure to add respecive RETURN rules to iptables to prevent looping issue
  2. Set clash as DHCP's only DNS server to allow domain-based filter (shunting) rules work
  3. Use lsof -i udp:53 to check if clash's DNS module work fine, otherwise you may have to kill systemd-resolved and any other processes occupying the UDP 53 port
  4. The given scripts will NOT hangle the traffic of gateway itself since it is not recommend to do so. If you want to redirect the egress traffic of the gateway, the following material may be useful

Reference

View disable-ipv6.sh
sysctl -w "net.ipv6.conf.enp0s31f6.disable_ipv6=1" # change enp0s1f6 to your main interface i.e. eth0
echo "net.ipv6.conf.enp0s31f6.disable_ipv6=1" >> /etc/sysctl.conf # save sysctl conf
echo "precedence ::ffff:0:0/96 100" >> /etc/gai.conf # disable ipv6 dns record
@phlinhng
phlinhng / swap-1G.sh
Last active May 26, 2021
Create swap file for linux VPS
View swap-1G.sh
dd if=/dev/zero of=/swapfile bs=1024 count=1048576 # allocate space
chmod 600 /swapfile # set permission
mkswap /swapfile # make swap
swapon /swapfile # enable swap
echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab # make swap permanent
sysctl -w "vm.swappiness=10" # set swap percentage
echo "vm.swappiness=10" | tee -a /etc/sysctl.conf # make systctl permanent
View wgcf-tutorial.md

1. 更換內核至 5.6 以上版本

Debian / Ubuntu 系可直接運行以下指令,安裝 xanmod-edge 內核後重啟。此內核安裝完後會自動啟用 BBR,無需手動配置。

echo 'deb http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-kernel.list
wget -qO - https://dl.xanmod.org/gpg.key | apt-key --keyring /etc/apt/trusted.gpg.d/xanmod-kernel.gpg add -
apt update && apt upgrade -y && apt install linux-xanmod-edge -y

2. 安裝 wireguard-tools 與 resolvconf

apt install wireguard-tools resolvconf -y
View rex_puzzle.py
# -*- coding: utf-8 -*-
# 暴力美學 2.0 - 以空間換時間
from itertools import permutations
candA, candB, candC = [], [], []
for item in permutations(range(1,10)):
if(item[2] != 9): # 排除第3位是9的
candA.append(item)