分类目录归档:VPS

centos6 新更新源

国外
sed -i "s/enabled=1/enabled=0/g" /etc/yum/pluginconf.d/fastestmirror.conf && mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old && curl -k -o /etc/yum.repos.d/CentOS-Base.repo https://static.lty.fun/%E5%85%B6%E4%BB%96%E8%B5%84%E6%BA%90/SourcesList/Centos-6-Vault-Official.repo && yum install wget -y

国内
sed -i "s/enabled=1/enabled=0/g" /etc/yum/pluginconf.d/fastestmirror.conf && mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old && curl -k -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo && yum install wget -y

Yankee Scalable-Reactive TCP

For Debian 8/Ubuntu 16 ONLY.

Linux-headers is required to get compilation done.
This module is supported in kernel version after 4.9 .

(Latest version – 2.2.1)

  1. export MOD=react_rc2
  2. apt-get install make gcc-4.9 -y
  3. wget -O ./tcp_$MOD.c
    https://gist.github.com/anonymous/27b7ea6e93acdd23b097ab1a399c1287/raw/00c318f613856ed400c556126b851d18369e936b/tcp_react_rc2.c
  4. echo “obj-m:=tcp_$MOD.o” > Makefile
  5. make -C /lib/modules/$(uname -r)/build M=`pwd` modules CC=”/usr/bin/gcc-4.9 -Ofast” &&
  6. insmod tcp_$MOD.ko &&
  7. sysctl -w net.ipv4.tcp_congestion_control=$MOD

复制代码

(Other optimization – Recommended)

  1. wget -qO-
    https://gist.github.com/anonymous/63ada7904c29d685575716c2f5302f06/raw/93eb01e62f3a4f22390b2200ddb709987f9ed201/sysctl.conf|sysctl
    -p –
  2. ulimit -SHn 10240000
  3. echo “$(cat /etc/security/limits.conf | grep -v -E ‘(soft|hard).*nofile’)” > /etc/security/limits.conf
  4. echo -e “*               soft    nofile           10240000\n* 
                 hard    nofile           10240000” >>
    /etc/security/limits.conf
  5. # setting fair queue
  6. export PATH_EXEC=/etc/init.d/tc-fq.sh
  7. cat>$PATH_EXEC<<‘EOF’
  8. sysctl net.core.default_qdisc=noqueue &&
  9. tc qdisc del dev eth0 root fq
  10. tc qdisc del dev eth0 root pfifo_fast
  11. tc qdisc del dev eth0 root red limit 42949672 avpkt 1000
  12. tc qdisc add dev eth0 root red limit 42949672 avpkt 1440 probability 0.01 bandwidth 1000Mbit min 187605 max 862816
  13. sysctl -w net.core.default_qdisc=red
  14. EOF
  15. chmod +x $PATH_EXEC
  16. $PATH_EXEC
  17. tc -s -d qdisc show
  18. echo “$(cat /etc/rc.local | grep -v -E ‘(‘$PATH_EXEC’)|(exit 0)’)” > /etc/rc.local
  19. echo -e “\n$PATH_EXEC\nexit 0” >> /etc/rc.local
/* React congestion control */

#include <linux/module.h>
#include <net/tcp.h>
#include <linux/win_minmax.h>

#define BW_SCALE 24

#define REACT_SCALE 8
#define REACT_UNIT (1 << REACT_SCALE)

#define REACT_INIT_CWND 25

#define DO_CONDITIONAL_OPT(a, b, c) ((c) ^ ((!(a) - 1) & ((b) ^ (c))))

#define REACT_MIN(a, b) DO_CONDITIONAL_OPT((a) < (b), a, b)
#define REACT_MAX(a, b) DO_CONDITIONAL_OPT((a) > (b), a, b)
#define REACT_MAX3(a, b, c) REACT_MAX(REACT_MAX(a, b), c)

#define REACT_SGN32(x) -(-((x) >> 31) | (-(x) >> 31))

/* window length of min_rtt filter (in sec): */
static const u32 react_min_rtt_win_sec = 10;

static const int react_high_gain = REACT_UNIT * 2885 / 1000 + 1;
static const int react_drain_gain = REACT_UNIT * 3 / 4;
static const int react_cwnd_gain = REACT_UNIT * 2;
static const int react_probe_gain = REACT_UNIT * 3 / 2;

static const u8 react_full_bw_cnt = 3;

/* sampling windows size react_grad used for smoothing moving: */
static unsigned int window __read_mostly = 4;
/* Window length of bw filter (in rounds): */
static unsigned int react_bw_rtts __read_mostly = 15;

module_param(window, int, 0444);
MODULE_PARM_DESC(window, "gradient window size (power of two <= 256)");
module_param(react_bw_rtts, uint, 0644);
MODULE_PARM_DESC(react_bw_rtts, "window length of bw filter (in rounds)");

struct cdg_minmax {
	union {
		struct {
			s32 min;
			s32 max;
		};
		u64 v64;
	};
};

enum react_state {
	CDG_UNKNOWN = 0,
	CDG_NONFULL = 1,
	CDG_FULL = 2
};

/* React congestion control block */
struct react {
	struct cdg_minmax rtt;
	struct cdg_minmax rtt_prev;
	struct cdg_minmax *gradients;
	struct cdg_minmax gsum;
	struct minmax bw;	/* Max recent delivery rate in pkts/uS << 24 */
	u32 cwnd_gain,
		pacing_gain,
		min_rtt_us,	        /* min RTT in min_rtt_win_sec window */
		rtt_seq,
		min_rtt_stamp,	        /* timestamp of min_rtt_us */
		next_rtt_delivered; /* scb->tx.delivered at end of round */
	u16 rtt_cnt;	    /* count of packet-timed rounds elapsed */
	u8  tail,
		state,
		full_bw_cnt;
	bool drain_queue,
		round_restart,
		packet_conservation;
};

static inline u32 react_max_bw(struct react *ca)
{
	return minmax_get(&ca->bw);
}

static inline u64 react_rate_bytes_per_sec(struct sock *sk, u64 rate, int gain)
{
	rate *= tcp_mss_to_mtu(sk, tcp_sk(sk)->mss_cache);
	rate *= gain;
	rate >>= REACT_SCALE;
	rate *= USEC_PER_SEC;
	return rate >> BW_SCALE;
}

static inline void react_set_pacing_rate(struct sock *sk, u64 bw, int gain)
{
	u64 rate = bw;

	rate = react_rate_bytes_per_sec(sk, rate, gain);
	rate = REACT_MIN(rate, sk->sk_max_pacing_rate);
	sk->sk_pacing_rate = REACT_MAX(rate, sk->sk_pacing_rate);
}

/* Find target cwnd. Right-size the cwnd based on min RTT and the
* estimated bottleneck bandwidth:
*
* cwnd = bw * min_rtt * gain = BDP * gain
*
* The key factor, gain, controls the amount of queue. While a small gain
* builds a smaller queue, it becomes more vulnerable to noise in RTT
* measurements (e.g., delayed ACKs or other ACK compression effects). This
* noise may cause BBR to under-estimate the rate.
*/

static u32 react_target_cwnd(struct sock *sk, struct react *ca, int gain)
{
	u64 w;
	u32 bw, cwnd;

	if (unlikely(ca->min_rtt_us == ~0U))	 /* no valid RTT samples yet? */
		return REACT_INIT_CWND;  /* be safe: cap at default initial cwnd */

	bw = react_max_bw(ca);

	w = (u64)bw * ca->min_rtt_us;

	cwnd = ((w * gain) >> (BW_SCALE + REACT_SCALE)) + 18;

	/* Reduce delayed ACKs by rounding up cwnd to the next even number. */
	cwnd = (cwnd + 1) & ~1U;

	return cwnd;
}

static inline void react_set_cwnd(struct sock *sk, const struct rate_sample *rs, int gain)
{
	struct tcp_sock *tp = tcp_sk(sk);
	struct react *ca = inet_csk_ca(sk);
	u32 cwnd = tp->snd_cwnd, target_cwnd;

	target_cwnd = DO_CONDITIONAL_OPT(ca->packet_conservation, REACT_MAX(cwnd, tcp_packets_in_flight(tp) + rs->acked_sacked), react_target_cwnd(sk, ca, gain));

	cwnd = REACT_MAX(target_cwnd, 4);

	tp->snd_cwnd = REACT_MIN(cwnd, tp->snd_cwnd_clamp);
	tp->rcv_ssthresh = TCP_INFINITE_SSTHRESH;
	tp->rcv_wnd = REACT_MAX(cwnd, tp->rcv_wnd);

	ca->packet_conservation = 0;
}


static void react_check_drain(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	bool non_cong = (ca->state != CDG_FULL);

	if (!ca->drain_queue && !ca->round_restart) {
		struct tcp_sock *tp = tcp_sk(sk);
		u32 inflight = REACT_MIN(tcp_packets_in_flight(tp), rs->prior_in_flight);
		ca->cwnd_gain = DO_CONDITIONAL_OPT(non_cong, react_high_gain, react_cwnd_gain);
		if (inflight < tp->snd_cwnd)
			ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, react_high_gain, react_probe_gain);
		else
			ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, react_probe_gain, REACT_UNIT);
	}
	else if (ca->drain_queue && !ca->round_restart) {
		ca->cwnd_gain = react_high_gain;
		ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, REACT_UNIT, react_drain_gain);
		ca->state = CDG_UNKNOWN;
		ca->packet_conservation = 1;
	}
	ca->round_restart = 0;
}

/* We use the delay gradient as a congestion signal. */
static void react_grad(struct react *ca)
{
	s32 gmin = ca->rtt.min - ca->rtt_prev.min;
	s32 gmax = ca->rtt.max - ca->rtt_prev.max;

	if (ca->gradients) {
		ca->gsum.min += gmin - ca->gradients[ca->tail].min;
		ca->gsum.max += gmax - ca->gradients[ca->tail].max;
		ca->gradients[ca->tail].min = gmin;
		ca->gradients[ca->tail].max = gmax;
		ca->tail = (ca->tail + 1) & (window - 1);
		gmin = ca->gsum.min;
		gmax = ca->gsum.max;
	}

	gmin += 32;
	gmax += 32;

	if (gmin > 0 && gmax <= 0)
		ca->state = CDG_FULL;
	else if ((gmin > 0 && gmax > 0) || gmax < 0) {
		ca->state = CDG_NONFULL;
		ca->full_bw_cnt = 0;
	}
}

static void react_update_rtt_grad(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	if (likely(rs->rtt_us)) {
		ca->rtt.min = REACT_MIN(DO_CONDITIONAL_OPT(ca->rtt.min > 0, ca->rtt.min, 1), rs->rtt_us);
		ca->rtt.max = REACT_MAX(ca->rtt.max, rs->rtt_us);
	}

	if (after(tcp_sk(sk)->snd_una, ca->rtt_seq + 1) && ca->rtt.v64) {
		if (ca->rtt_prev.v64)
			react_grad(ca);
		ca->rtt_seq = tcp_sk(sk)->snd_nxt;
		ca->rtt_prev = ca->rtt;
		ca->rtt.v64 = 0;
	}
}

static void react_update_min_rtt(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	bool filter_expired;

	/* Track min RTT seen in the min_rtt_win_sec filter window: */
	filter_expired = after(tcp_time_stamp,
		ca->min_rtt_stamp + react_min_rtt_win_sec * HZ);
	if (rs->rtt_us >= 0 &&
		(rs->rtt_us <= ca->min_rtt_us || filter_expired)) {
		ca->min_rtt_us = rs->rtt_us;
		ca->min_rtt_stamp = tcp_time_stamp;
	}

	ca->drain_queue = (filter_expired || (ca->state == CDG_FULL && ca->full_bw_cnt >= react_full_bw_cnt));
}

static void react_update_bw(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	u64 bw, bw_thresh;

	if (rs->delivered < 0 || rs->interval_us <= 0)
		return; /* Not a valid observation */

				/* See if we've reached the next RTT */
	if (!before(rs->prior_delivered, ca->next_rtt_delivered)) {
		ca->next_rtt_delivered = tcp_sk(sk)->delivered;
		ca->rtt_cnt++;
	}

	/* Divide delivered by the interval to find a (lower bound) bottleneck
	* bandwidth sample. Delivered is in packets and interval_us in uS and
	* ratio will be <<1 for most connections. So delivered is first scaled.
	*/
	bw = ((u64)rs->delivered << BW_SCALE);
	do_div(bw, rs->interval_us);

	bw_thresh = (((u64)react_max_bw(ca) >> 3) * 9);

	++ca->full_bw_cnt;
	if (bw >= bw_thresh) {
		ca->full_bw_cnt = 0;
		ca->state = CDG_UNKNOWN;
	}

	ca->full_bw_cnt = REACT_MIN(ca->full_bw_cnt, react_full_bw_cnt);

	/* If this sample is application-limited, it is likely to have a very
	* low delivered count that represents application behavior rather than
	* the available network rate. Such a sample could drag down estimated
	* bw, causing needless slow-down. Thus, to continue to send at the
	* last measured network rate, we filter out app-limited samples unless
	* they describe the path bw at least as well as our bw model.
	*
	* So the goal during app-limited phase is to proceed with the best
	* network rate no matter how long. We automatically leave this
	* phase when app writes faster than the network can deliver :)
	*/
	if (!rs->is_app_limited || bw >= react_max_bw(ca)) {
		/* Incorporate new sample into our max bw filter. */
		minmax_running_max(&ca->bw, react_bw_rtts, (u32)ca->rtt_cnt, bw);
	}
}


static inline void react_update_model(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	react_update_bw(sk, rs, ca);
	react_update_min_rtt(sk, rs, ca);
	react_update_rtt_grad(sk, rs, ca);
	react_check_drain(sk, rs, ca);
}

static void react_main(struct sock *sk, const struct rate_sample *rs)
{
	struct react *ca = inet_csk_ca(sk);

	react_update_model(sk, rs, ca);

	react_set_cwnd(sk, rs, ca->cwnd_gain);
	react_set_pacing_rate(sk, react_max_bw(ca), ca->pacing_gain);
}

static void react_set_state(struct sock *sk, u8 new_state)
{
	struct react *ca = inet_csk_ca(sk);

	switch (new_state) {
	case TCP_CA_Loss:
		if (ca->state != CDG_FULL)
			/* Reset zero-window probe timer to push pending frames. */
			inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
				tcp_probe0_base(sk), TCP_RTO_MAX);
		ca->round_restart = 1;
		ca->pacing_gain = react_high_gain;
		ca->full_bw_cnt = 0;
		break;
	case TCP_CA_Recovery:
		if (ca->state != CDG_NONFULL) {
			ca->packet_conservation = 1;
			ca->next_rtt_delivered = tcp_sk(sk)->delivered;
		}
		break;
	default:
		break;
	}
}

static void react_init(struct sock *sk)
{
	struct react *ca = inet_csk_ca(sk);
	struct tcp_sock *tp = tcp_sk(sk);

	/* We silently fall back to window = 1 if allocation fails. */
	ca->gradients = kcalloc(window, sizeof(ca->gradients[0]),
		GFP_NOWAIT | __GFP_NOWARN);
	ca->rtt_seq = tp->snd_nxt;

	ca->min_rtt_stamp = tcp_time_stamp;
	ca->min_rtt_us = tcp_min_rtt(tp);

	ca->state = CDG_NONFULL;

	ca->full_bw_cnt = 0;

	ca->rtt_cnt = 0;
	ca->next_rtt_delivered = 0;

	ca->round_restart = 1;
	ca->packet_conservation = 0;

	ca->pacing_gain = react_high_gain;
	ca->cwnd_gain = react_high_gain;

	minmax_reset(&ca->bw, (u32)ca->rtt_cnt, 0);  /* init max bw to 0 */
}

static void react_cwnd_event(struct sock *sk, const enum tcp_ca_event ev)
{
	struct react *ca = inet_csk_ca(sk);
	struct cdg_minmax *gradients;

	switch (ev) {
	case CA_EVENT_TX_START:
		ca->state = CDG_NONFULL;
		ca->pacing_gain = react_high_gain;
		ca->cwnd_gain = react_high_gain;
		ca->round_restart = 1;
		break;
	case CA_EVENT_CWND_RESTART:
		gradients = ca->gradients;
		if (gradients)
			memset(gradients, 0, window * sizeof(gradients[0]));
		memset(ca, 0, sizeof(*ca));
		ca->state = CDG_UNKNOWN;
		ca->gradients = gradients;
		ca->rtt_seq = tcp_sk(sk)->snd_nxt;
		break;
	default:
		break;
	}
}

static u32 react_undo_cwnd(struct sock *sk)
{
	return tcp_sk(sk)->snd_cwnd;
}

static void react_release(struct sock *sk)
{
	struct react *ca = inet_csk_ca(sk);

	kfree(ca->gradients);
}

static u32 react_sndbuf_expand(struct sock *sk)
{
	return 3;
}

static u32 react_ssthresh(struct sock *sk)
{
	return TCP_INFINITE_SSTHRESH;
}

static struct tcp_congestion_ops react_cong_ops __read_mostly = {
	.flags = TCP_CONG_NON_RESTRICTED,
	.name = "react_rc2",
	.owner = THIS_MODULE,
	.init = react_init,
	.cong_control = react_main,
	.cwnd_event = react_cwnd_event,
	.release = react_release,
	.sndbuf_expand = react_sndbuf_expand,
	.undo_cwnd = react_undo_cwnd,
	.ssthresh = react_ssthresh,
	.set_state = react_set_state,
};

static int __init react_register(void)
{
	BUILD_BUG_ON(sizeof(struct react) > ICSK_CA_PRIV_SIZE);
	return tcp_register_congestion_control(&react_cong_ops);
}

static void __exit react_unregister(void)
{
	tcp_unregister_congestion_control(&react_cong_ops);
}

module_init(react_register);
module_exit(react_unregister);

MODULE_AUTHOR("Neal Cardwell <ncardwell@google.com>");
MODULE_AUTHOR("Yuchung Cheng <ycheng@google.com>");
MODULE_AUTHOR("Kenneth Klette Jonassen");
MODULE_LICENSE("Dual BSD/GPL");
MODULE_DESCRIPTION("TCP React");

from

https://www.hostloc.com/forum.php?mod=viewthread&tid=374117

dnscrypt-proxy

wget -O dnscrypt-proxy.sh https://raw.githubusercontent.com/ylx2016/reinstall/master/dnscrypt-proxy.sh && chmod +x dnscrypt-proxy.sh && ./dnscrypt-proxy.sh
dnsmasq_install=1
if [[ ${dnsmasq_install} == 1 ]]; then
  if [[ ! -d /etc/dnscrypt-proxy/ ]]; then
    mkdir /etc/dnscrypt-proxy/
  fi
ipv6_true="false"
block_ipv6="true"
if [[ -n ${myipv6} ]]; then
  ping -6 ipv6.google.com -c 2 || ping -6 2620:fe::10 -c 2
  if [[ $? -eq 0 ]]; then
    ipv6_true="true"
    block_ipv6="false"
  fi
fi
rm -rf /etc/dnscrypt-proxy/dnscrypt-proxy.toml
if [[ ! -d /var/log/dnscrypt-proxy/ ]]; then
    mkdir /var/log/dnscrypt-proxy/
fi    
cat > '/etc/dnscrypt-proxy/dnscrypt-proxy.toml' << EOF
#!!! Do not change these settings unless you know what you are doing !!!
listen_addresses = ['127.0.0.1:53','[::1]:53']
#user_name = 'nobody'
max_clients = 51200
ipv4_servers = true
ipv6_servers = $ipv6_true
dnscrypt_servers = true
doh_servers = true
require_dnssec = false
require_nolog = true
require_nofilter = true
#disabled_server_names = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
force_tcp = false
timeout = 5000
keepalive = 30
lb_estimator = true
log_level = 2
use_syslog = true
log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
cert_refresh_delay = 86400
tls_disable_session_tickets = false
#tls_cipher_suite = [4865]
fallback_resolvers = ['1.1.1.1:53', '8.8.8.8:53']
ignore_system_dns = true
netprobe_timeout = 60
netprobe_address = '1.1.1.1:53'
# Maximum log files size in MB - Set to 0 for unlimited.
log_files_max_size = 1024
# How long to keep backup files, in days
log_files_max_age = 7
# Maximum log files backups to keep (or 0 to keep all backups)
log_files_max_backups = 0
block_ipv6 = false
## Immediately respond to A and AAAA queries for host names without a domain name
block_unqualified = true
## Immediately respond to queries for local zones instead of leaking them to
## upstream resolvers (always causing errors or timeouts).
block_undelegated = true
## TTL for synthetic responses sent when a request has been blocked (due to
## IPv6 or blacklists).
reject_ttl = 600
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
#[local_doh]
#
#listen_addresses = ['127.0.0.1:3001']
#path = "/dns-query"
#cert_file = "/etc/certs/${domain}_ecc/fullchain.cer"
#cert_key_file = "/etc/certs/${domain}_ecc/${domain}.key"
[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'
  format = 'tsv'

#[blacklist]

  #blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'

[sources]
  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
  [sources.'public-resolvers']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
  cache_file = 'public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''
  [sources.'opennic']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md', 'https://download.dnscrypt.info/dnscrypt-resolvers/v3/opennic.md']
  cache_file = 'opennic.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''
  ## Anonymized DNS relays
  [sources.'relays']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md']
  cache_file = 'relays.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''
EOF
rm -rf /etc/systemd/system/dnscrypt-proxy.service
  cat > '/etc/systemd/system/dnscrypt-proxy.service' << EOF
[Unit]
Description=DNSCrypt client proxy
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki
After=network.target
Before=nss-lookup.target netdata.service
Wants=nss-lookup.target

[Service]
#User=nobody
NonBlocking=true
ExecStart=/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
LimitNOFILE=51200
LimitNPROC=51200
Restart=on-failure
RestartSec=3s
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable dnscrypt-proxy.service
clear
colorEcho ${INFO} "Install dnscrypt-proxy ing"
if [[ $(systemctl is-active dnsmasq) == active ]]; then
    systemctl stop dnsmasq
    systemctl disable dnsmasq
fi
dnsver=$(curl -s "https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
curl -LO --progress-bar https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/${dnsver}/dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
tar -xvf dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
rm dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
cd linux-x86_64
cp -f dnscrypt-proxy /usr/sbin/dnscrypt-proxy
chmod +x /usr/sbin/dnscrypt-proxy
cd ..
rm -rf linux-x86_64
setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/dnscrypt-proxy
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md -q --show-progress
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md -q --show-progress
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md -q --show-progress
fi
chmod -R 755 /etc/dnscrypt-proxy/
clear
if [[ $dnsmasq_install -eq 1 ]]; then
            if [[ $dist = ubuntu ]]; then
                 systemctl stop systemd-resolved
                 systemctl disable systemd-resolved
             fi
            if [[ $(systemctl is-active dnsmasq) == active ]]; then
                systemctl stop dnsmasq
                systemctl disable dnsmasq
            fi
rm /etc/resolv.conf
touch /etc/resolv.conf
echo "nameserver 127.0.0.1" > '/etc/resolv.conf'
#echo "options edns0 single-request-reopen" > '/etc/resolv.conf'
#cat > '/etc/resolv.conf' << EOF
#nameserver 127.0.0.1
#options edns0 single-request-reopen
#EOF
        systemctl start dnscrypt-proxy
fi

#centos7 修改 /etc/sysconfig/network-scripts/ifcfg-eth0
#追加DNS1=127.0.0.1
#debian/Ubuntu  修改vim /etc/resolvconf/resolv.conf.d/head
#nameserver 127.0.0.1
#https://zhuanlan.zhihu.com/p/34027883
#方法2 https://imlonghao.com/17.html
#nano /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
###!/bin/sh
#make_resolv_conf(){
#    :
#}
#chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
##
#

from https://github.com/johnrosen1

用alpine基于smartdns建立本地DNS服务器

因为是虚拟机下使用,下载虚拟机专用的镜像

https://alpinelinux.org/downloads/    Virtual板块下载86_64镜像

当前 http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-virt-3.12.1-x86_64.iso


创建虚拟机 当前alpine内核是5.4,虚拟机创建及初始化过程略过

apk update && apk upgrade && apk add sudo nano

下载并安装smartdns  from https://github.com/pymumu/smartdns

wget https://github.com/pymumu/smartdns/releases/download/Release33/smartdns.1.2020.09.08-2235.x86_64-linux-all.tar.gz
tar xvf smartdns.1.2020.09.08-2235.x86_64-linux-all.tar.gz && cd smartdns && chmod +x ./install && mkdir mkdir /etc/default && ./install -i
rc-service smartdns stop
mv /etc/smartdns/smartdns.conf /etc/smartdns/smartdns.conf.bak
nano /etc/smartdns/smartdns.conf
server-name smartdns
bind :53
bind-tcp :53
cache-size 1536
prefetch-domain yes
serve-expired yes
log-level info
server-tls 208.67.222.222:853   
#server-https https://dns.twnic.tw/dns-query   
server-tls 45.32.55.94:853   
server-https https://cloudflare-dns.com/dns-query   
server-https https://neatdns.ustclug.org/resolve   
server-https https://doh.dns.sb/dns-query   
server-https https://public.dns.iij.jp/dns-query   
server-https https://dns.rubyfish.cn/dns-query   
server-https https://dns.dns-over-https.com/dns-query   
server-https https://jp.tiar.app/dns-query   
server-https https://i.233py.com/dns-query   
server 223.5.5.5:53   
server 114.114.114.114:53   
conf-file /tmp/whitelist.conf
conf-file /tmp/blacklist.conf
ipset /tracker.publicbt.com/block
ipset /tracker.publicbt.com/b-
address /tracker.publicbt.com/-
address /publicbt.com/-
address /www.publicbt.com/-
address /*.publicbt.com/-

取消DHCP DNS自动覆盖

nano /usr/share/udhcpc/default.script
用#注释RESOLV_CONF="/etc/resolv.conf"

修改本地DNS为127.0.0.1

nano /etc/resolv.conf
nameserver 127.0.0.1

启动smartdns并测试

/usr/sbin/smartdns
测试
nslookup -querytype=ptr smartdns

开机启动,默认的服务没法启动,未知

/usr/sbin/smartdns

nano /etc/local.d/init_nextcloud.start
#!/bin/sh
/usr/sbin/smartdns
chmod +x /etc/local.d/init_nextcloud.start

rc-update add local

添加守护

apk add monit
mv /etc/monitrc /etc/monitrc.bak
nano /etc/monitrc
set daemon  10   #10s循环监控
set logfile syslog
check process smartdns with pidfile /var/run/smartdns.pid
start program = "/usr/sbin/smartdns" with timeout 10 seconds
stop program = "/usr/bin/killall smartdns" with timeout 10 seconds
chmod 0700 /etc/monitrc
测试守护配置
monit  -t
启动
rc-service monit start
monit start all
#忽略有个报错
添加启动
rc-update add monit 


wordpress处理cdnjs加载慢的问题

我这里用的是nginx替代字符串的方法,在appnode下仅供参考

location ~ ^/.+\.php(/|$) {
sub_filter '//cdnjs.cloudflare.com/ajax/libs' '//cdn.staticfile.org';
sub_filter '//cdn.datatables.net' '//cdn.staticfile.org/datatables';
sub_filter_once off;
........

centos6 人人影视web

#需要安装screen
#安装unrar
wget https://forensics.cert.org/cert-forensics-tools-release-el6.rpm
rpm -Uvh cert-forensics-tools-release*rpm
yum --enablerepo=forensics install unrar
#下载源码
cd /root/
wget http://appdown.rrys.tv/rrshareweb_linux.rar
unrar x rrshareweb_linux.rar
tar -zxvf rrshareweb_centos6_64.tar.gz
cd rrshareweb
#建立bash脚本
nano start.sh
#!/bin/bash
screen -d -m -S rrshareweb /root/rrshareweb/rrshareweb
#设置权限
chmod +x start.sh
#启动
bash start.sh
#设置域名
#宝塔添加网站,不需要数据库,设置反向代理添加127.0.0.1:3001,启用反向代理
#添加开机启动
nano /etc/rc.d/rc.local
#添加
bash /root/rrshareweb/start.sh

谷歌BBR加速记录

需要更换内核,目前内核是测试版本

Centos6
http://elrepo.org/people/ajb/devel/kernel-ml/el6/x86_64/RPMS/
Centos7
http://elrepo.org/people/ajb/devel/kernel-ml/el7/x86_64/RPMS/

洛杉矶VPS测试CENTOS7

 

	







  • rpm -ivh http://elrepo.org/people/ajb/devel/kernel-ml/el7/x86_64/RPMS/kernel-ml-4.9.0-0.rc8.el7.elrepo.x86_64.rpm --force
  • grub2-set-default 'CentOS Linux (4.9.0-0.rc8.el7.elrepo.x86_64) 7 (Core)'
    
    grub2-editenv list   #当前启动项
    
    reboot
    
    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
    sysctl -p 查看sysctl net.ipv4.tcp_available_congestion_control lsmod | grep bbr

    以上是测试版 已经无效了,下面是正式版

    http://elrepo.org/linux/kernel/el7/x86_64/RPMS/

    http://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-4.9.0-1.el7.elrepo.x86_64.rpm

     
    
    rpm -ivh http://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-4.9.0-1.el7.elrepo.x86_64.rpm --force 

    grub2-set-default 'CentOS Linux (4.9.0-1.el7.elrepo.x86_64) 7 (Core)'
    grub2-editenv list #当前启动项
    reboot

    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

    sysctl -p
    查看sysctl net.ipv4.tcp_available_congestion_control
    lsmod | grep bbr

    以上不用看了

    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
    
    rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
    
    yum --enablerepo=elrepo-kernel install kernel-ml
    
    #查看内核
    awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
    #设置内核
    grub2-set-default 0
    reboot
    nano /etc/sysctl.conf
    
    net.core.default_qdisc = fq
    net.ipv4.tcp_congestion_control = bbr
    
    sysctl -p
    #查看生效
    lsmod | grep bbr
    
    #删除旧的内核
    rpm -qa | grep kernel
    yum autoremove kernel-3.10.0-327.13.1.el7.x86_64 
    

    或者使用一键更换内核

    wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh

    CentOS使用yum update更新时不升级内核           

    cp /etc/yum.conf    /etc/yum.conf.bak
    nano /etc/yum.conf  在[main]的最后添加
    exclude=kernel*
    

    不能加exclude=centos-release*  不然无效

    AMH4.2 二次开发版本新地址

    多PHP版本

    wget http://soft.im/WebPanel/AMH4.5/amh.sh && chmod 775 amh.sh && ./amh.sh 2>&1 | tee amh.log
    或者 
    wget http://soft.vpskk.com/amh/files/4.5/amh.sh && chmod 775 amh.sh && ./amh.sh 2>&1 | tee amh.log  
    
    wget http://blog.ylx.me/amh.sh && chmod 775 amh.sh && ./amh.sh 2>&1 | tee amh.log
    
    

    洋葱版本

    https://maicong.me/t/145

    screen -S installAMH
    cd ~
    rm -rf amh*
    wget https://coding.net/u/maicong/p/AMH-4.2/git/raw/master/amh-mc.sh
    bash amh-mc.sh 2>&1 | tee amh-mc.log