rampageX rampageX

## nginx-tuning.md

      
              1 file
            
          
              670 forks
            
          
              69 comments
            
          
              2363 stars
            
          
                denji
                / nginx-tuning.md
            
            
              Last active
              May 19, 2024 10:23
            
              
                NGINX tuning for best performance
              
          
    Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

  
## web-servers.md

      
              1 file
            
          
              936 forks
            
          
              236 comments
            
          
              5954 stars
            
          
                willurd
                / web-servers.md
            
            
              Last active
              May 17, 2024 16:24
            
              
                Big list of http static server one-liners
              
          
    Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
Discussion on reddit.
Python 2.x

$ python -m SimpleHTTPServer 8000

  
## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

## reclaimWindows10.ps1
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
###

## reset.css
/* http://meyerweb.com/eric/tools/css/reset/
   v2.0-modified | 20110126
   License: none (public domain)
*/

html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,

## 00-README.txt
$ LD_PRELOAD=$PWD/sendmsg.so dig twitter.com @8.8.8.8
;; Warning: Message parser reports malformed message packet. <-- malformed 因为把压缩指针当作域名一部分了
;; Question section mismatch: got twitter.com/RESERVED0/CLASS256

; <<>> DiG 9.9.5-3-Ubuntu <<>> twitter.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44722
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

## gen_Corefile.sh
#!/bin/sh
echo 'use "curl -sSL git.io/corefile | bash" to update Corefile'
echo "remember to change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly"
china=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
apple=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
google=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
bogus=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done |  paste -sd " " -`
cat>Corefile

## Disable Turbo ROG Zephyrus
This guide already exists on the internet, but only on Reddit. So I'm also putting it here for redundancy's sake because it could vanish at any time. I also fixed a typo that prevented people from copying the registry path.

-- Unlocking Option --
1. Press Win+R
2. Type "regedit" and click OK
3. In the top bar, paste the following path:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7
4. Double click "Attributes"
5. Change the key from 1 to 2.

## Naive-VPN.md

      
              1 file
            
          
              73 forks
            
          
              12 comments
            
          
              226 stars
            
          
                klzgrad
                / Naive-VPN.md
            
            
              Created
              November 17, 2014 00:43
            
              
                朴素VPN：一个纯内核级静态隧道
              
          
    朴素VPN：一个纯内核级静态隧道

由于路由管控系统的建立，实时动态黑洞路由已成为最有效的封锁手段，TCP连接重置和DNS污染成为次要手段，利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置（Linux内核），即可永久稳定运行，不需要任何用户态守护进程。所有流量转换和加密全部由内核完成，原生性能，开销几乎没有。静态配置，避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT，移动的内网用户可以使用此方法。支持广泛，基于L2TPv3标准，Linux内核3.2+都有支持，其他操作系统原则上也能支持。但有两个局限：需要root权限；一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN，内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN，但是这种协议无法穿越NAT，因此必须利用UDP封装。内核3.18将支持Foo-over-UDP，在UDP里面直接封装IP，与静态的L2TP-over-UDP很类似。
创建一个朴素VPN


## openssl_speed_aes_gcm_chacha20_poly1305.md

      
              1 file
            
          
              1 fork
            
          
              79 comments
            
          
              28 stars
            
          
                voluntas
                / openssl_speed_aes_gcm_chacha20_poly1305.md
            
            
              Last active
              March 29, 2024 15:09
            
              
                $ openssl speed -evp aes-gcm | chacha20-poly1305 の結果を集めるスレ
              
          
    $ openssl speed -evp aes-128-gcm | chacha20-poly1305 の結果を集めるスレ

AES-CBC が早いけど、AES-GCM/AES-CTR が遅かったり、Ryzen が爆速だったり、
ChaCha20-Poly1305 が ARM で早かったりするという噂の真相が知りたいです。コメントに適当にべたべた結果を貼ってください。
ちなみに Apple M2 おかしいくらい早いです。
CPU 情報はできれば詳細なのがほしいです。
OpenSSL のバージョンは 3.1 系の最新版でお願いします。
	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
	###
	###
	### UPDATE: For Win 11, I recommend using this tool in place of this script:
	### https://christitus.com/windows-tool/
	### https://github.com/ChrisTitusTech/winutil
	### https://www.youtube.com/watch?v=6UQZ5oQg8XA
	### iwr -useb https://christitus.com/win \| iex
	###
	###
	/* http://meyerweb.com/eric/tools/css/reset/
	v2.0-modified \| 20110126
	License: none (public domain)
	*/

	html, body, div, span, applet, object, iframe,
	h1, h2, h3, h4, h5, h6, p, blockquote, pre,
	a, abbr, acronym, address, big, cite, code,
	del, dfn, em, img, ins, kbd, q, s, samp,
	small, strike, strong, sub, sup, tt, var,
	$ LD_PRELOAD=$PWD/sendmsg.so dig twitter.com @8.8.8.8
	;; Warning: Message parser reports malformed message packet. <-- malformed 因为把压缩指针当作域名一部分了
	;; Question section mismatch: got twitter.com/RESERVED0/CLASS256

	; <<>> DiG 9.9.5-3-Ubuntu <<>> twitter.com @8.8.8.8
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44722
	;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
	#!/bin/sh
	echo 'use "curl -sSL git.io/corefile \| bash" to update Corefile'
	echo "remember to change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly"
	china=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf \| while read line; do awk -F '/' '{print $2}' \| grep -v '#' ; done \| paste -sd " " -`
	apple=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf \| while read line; do awk -F '/' '{print $2}' \| grep -v '#' ; done \| paste -sd " " -`
	google=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf \| while read line; do awk -F '/' '{print $2}' \| grep -v '#' ; done \| paste -sd " " -`
	bogus=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf \| grep "=" \| while read line; do awk -F '=' '{print $2}' \| grep -v '#' ; done \| paste -sd " " -`
	cat>Corefile
	This guide already exists on the internet, but only on Reddit. So I'm also putting it here for redundancy's sake because it could vanish at any time. I also fixed a typo that prevented people from copying the registry path.

	-- Unlocking Option --
	1. Press Win+R
	2. Type "regedit" and click OK
	3. In the top bar, paste the following path:
	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7
	4. Double click "Attributes"
	5. Change the key from 1 to 2.