phlinhng

version: '3.5'

services:
  shlink-frontend:
    image: shlinkio/shlink-web-client:stable
    container_name: shlink-frontend
    restart: unless-stopped
    depends_on:
      - shlink-backend
      - shlink-db

phlinhng

// 需要反代的地址
const upstream = 'api.github.com'
// 反代地址的子路径
const upstreamPath = '/'
// 反代网站的移动端域名
const upstreamMobile = 'api.github.com'

// 是否使用 https
const useHttps = true

phlinhng

let github2jsdelivr = (_url) => {
  regex = {"blob": /(.+)github.com\/(.+)\/(.+)\/blob\/(.+)\/(.+)/,
  "tree": /(.+)github.com\/(.+)\/(.+)\/blob\/(.+)\/(.+)/};
  if(_url.match(regex.tree)){
    return _url.replace(regex.tree, "$1cdn.jsdelivr.net/gh/$2/$3@$4/$5");
  }else if(_url.match(regex.blob)){
    return _url.replace(regex.blob, "$1cdn.jsdelivr.net/gh/$2/$4@$4/$5");
  }else{
    return _url;
  }

phlinhng

#!/bin/bash

zone_name=$1
record_name=$2
api_key=$3
current_ip=`curl -s https://api.ipify.org`

zone_id=`curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \
  -H "Authorization: Bearer ${api_key}" -H "Content-Type: application/json" \
  | jq -r ".result | .[] | select(.name == \"${zone_name}\") | .id"`

phlinhng

#!/bin/bash

# censys.io (https://support.censys.io/hc/en-us/articles/360038378552-Frequently-Asked-Questions)
echo "74.120.14.0/24" >> /tmp/cen_ips
echo "162.142.125.0/24" >> /tmp/cen_ips
echo "167.248.133.0/24" >> /tmp/cen_ips
echo "192.35.168.0/23" >> /tmp/cen_ips

for cenip in `cat /tmp/cen_ips`; do ufw deny from $cenip to any comment 'censys scanners'; done

phlinhng

Notes

1. If your local network use public IP ranges instead of private ones, make sure to add respecive RETURN rules to iptables to prevent looping issue
2. Set clash as DHCP's only DNS server to allow domain-based filter (shunting) rules work
3. Use lsof -i udp:53 to check if clash's DNS module work fine, otherwise you may have to kill systemd-resolved and any other processes occupying the UDP 53 port
4. The given scripts will NOT hangle the traffic of gateway itself since it is not recommend to do so. If you want to redirect the egress traffic of the gateway, the following material may be useful

Reference

• https://www.wogong.net/blog/2020/11/clash-transparent-proxy
• https://github.com/Dreamacro/clash/pull/1049
• https://xtls.github.io/documents/level-2/transparent_proxy/transparent_proxy/

phlinhng

sysctl -w "net.ipv6.conf.enp0s31f6.disable_ipv6=1" # change enp0s1f6 to your main interface i.e. eth0
echo "net.ipv6.conf.enp0s31f6.disable_ipv6=1" >> /etc/sysctl.conf # save sysctl conf
echo "precedence ::ffff:0:0/96  100" >> /etc/gai.conf # disable ipv6 dns record

phlinhng

dd if=/dev/zero of=/swapfile bs=1024 count=1048576 # allocate space
chmod 600 /swapfile # set permission
mkswap /swapfile # make swap
swapon /swapfile # enable swap
echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab # make swap permanent
sysctl -w "vm.swappiness=10" # set swap percentage
echo "vm.swappiness=10" | tee -a /etc/sysctl.conf # make systctl permanent

phlinhng

1. 更換內核至 5.6 以上版本

Debian / Ubuntu 系可直接運行以下指令，安裝 xanmod-edge 內核後重啟。此內核安裝完後會自動啟用 BBR，無需手動配置。

echo 'deb http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-kernel.list
wget -qO - https://dl.xanmod.org/gpg.key | apt-key --keyring /etc/apt/trusted.gpg.d/xanmod-kernel.gpg add -
apt update && apt upgrade -y && apt install linux-xanmod-edge -y

2. 安裝 wireguard-tools 與 resolvconf

apt install wireguard-tools resolvconf -y

phlinhng

# -*- coding: utf-8 -*-
# 暴力美學 2.0 - 以空間換時間

from itertools import permutations

candA, candB, candC = [], [], []

for item in permutations(range(1,10)):
    if(item[2] != 9): # 排除第3位是9的
        candA.append(item)