#!/bin/bash
# Set iptables for clash redir mode
REDIR_PORT=1234
DNS_PORT=2253
UID_OWNER=1000
iptables -t nat -N CLASH
# The setup command allows filtering facts | |
# More info: https://docs.ansible.com/ansible/latest/modules/setup_module.html | |
# inventory_file = path to inventory file (if not normal role layout) | |
# host_group = group to query. use all for all hosts | |
ansible -i inventory_file host_group -m setup -a 'filter=ansible_distribution_version' | |
# For a Ubuntu Bionic Host the distribution facts look like this: | |
# "ansible_distribution": "Ubuntu", | |
# "ansible_distribution_file_parsed": true, | |
# "ansible_distribution_file_path": "/etc/os-release", |
The following is from scotthelme.co.uk
with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), you can tell the browser that it can only download content from the domains you explicitly allow http://www.html5rocks.com/en/tutorials/security/content-security-policy/ https://www.owasp.org/index.php/Content_Security_Policy I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
# 概述:一共三大部分配置。 | |
# 其中#注释掉的可以在需要的时候开启并修改,没有注释掉的(除了下面location示例)不要删掉,基本都是必须的配置项。 | |
###############################第一部分 全局配置############################ | |
#user nobody; 指定启动进程的用户,默认不用指定即可。 | |
#error_log logs/error.log; 配置日志输出,虽然叫error_log但是可以定义输出的级别,默认不写是ERROR级别 | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#pid logs/nginx.pid; 记录pid的文件,默认就是放到这个位置,可以修改。 |
Docker Desktop for Windows v2, which uses WSL2, stores all image and container files in a separate virtual volume (vhdx). This virtual hard disk file can automatically grow when it needs more space (to a certain limit). Unfortunately, if you reclaim some space, i.e. by removing unused images, vhdx doesn't shrink automatically.
wsl --shutdown
Optimize-VHD -Path "$($env:LOCALAPPDATA)\Docker\wsl\data\ext4.vhdx" -Mode Full
#!/bin/bash | |
set -e | |
set -o pipefail | |
# Add user to k8s using service account, no RBAC (must create RBAC after this script) | |
if [[ -z "$1" ]] || [[ -z "$2" ]]; then | |
echo "usage: $0 <service_account_name> <namespace>" | |
exit 1 | |
fi |
#!/bin/bash | |
# 你的代理服务器的 IP | |
PROXY_IP="1.2.3.4" | |
PROXY_IPSET="proxy_ipset" | |
INTERNAL_IPSET="internal_ipset" | |
GFW_IPSET="gfw_ipset" | |
CHINA_IPSET="china_ipset" | |
SNI_PORT=443 |
{ | |
"tabnine.experimentalAutoImports": true, | |
"remote.SSH.remotePlatform": { | |
"192.168.187.115": "linux", | |
"10.10.10.123": "linux", | |
"192.168.37.100": "linux" | |
}, | |
"go.toolsEnvVars": { | |
"GOFLAGS": "-mod=mod", | |
// "GOFLAGS": "-mod=vendor", |