[https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks]

/etc/sysctl.d/local.conf

# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
 
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
 
# for high-latency network
net.ipv4.tcp_congestion_control = hybla
 
# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

sysctl --system

作者: reistlin
来源: http://www.reistlin.com/blog/444
更新时间: 2024.01
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

UO Outlands [https://uooutlands.com]
UO Razor Assistant [https://www.razorce.com]

# Auto Lumberjacking v1.2
# By REISTLIN
 
# Auto Recall ON/OFF
@setvar! AutoRecall 1
 
// Disparalyze
if paralyzed
    if findtype "pouch" backpack
        yell "[pouch"
    else
        overhead "* 没有 Trapped Pouch *" 38     
    endif
endif
 
// Auto Recall
if AutoRecall = 1
    if insysmsg "Distance to destination" or insysmsg "Now tracking"
        // Cancel Target
        if targetexists
            hotkey "Clear Target Queue"
            hotkey "Cancel Current Target"
        endif
 
        // Interrupt Current Action
        hotkey "> Interrupt"
 
        // Rune Book
        if findtype "runebook" backpack
            overhead "* 开始传送 *" 88
            dclicktype "runebook"
            waitforgump 1551740969
            gumpresponse 2
            stop
        endif
 
        // Outlands Requirement
        if findtype "Recall rune" backpack
            if skill "Magery" >= 40
                // Recall Scroll
                if findtype "Recall" backpack
                    overhead "* 开始传送(卷轴) *" 88
                    dclicktype "Recall"
                    waitfortarget
                    targettype "Recall rune"
                    stop                
                endif
                // Spell Book
                if findtype "Spellbook" backpack and findtype "Black Pearl%s%" backpack and findtype "Blood Moss" backpack and findtype "Mandrake Root%s%" backpack
                    overhead "* 开始传送(魔法) *" 88
                    cast "Recall"
                    waitfortarget
                    targettype "Recall rune"
                    stop
                endif
            else
                overhead "* 魔法技能不够 *" 38
            endif
        else
            overhead "* 没有传送符文 *" 53    
        endif
    endif
endif
 
// Check Tracking Buff
if not findbuff "tracking"
    skill "tracking"
    waitforgump 4267467659 
    gumpresponse 6
    wait 1000
    gumpclose 4267467659
    overhead "* 追踪中 *"
endif
 
// Check Left Hand
if lhandempty
    if findtype "hatchet" backpack
        dclicktype "hatchet" backpack
        wait 500
    else
        overhead "* 没有伐木工具 *" 38
        break
    endif
endif
 
// Check Over Weight
if weight > maxweight
    overhead "* 已超重 *" 38
else
    dclick "hands"
    waitfortarget 500
    target "self"
endif
 
// Report Status
if insysmsg "You chop some"
    overhead "* 伐木中 *" 88
elseif insysmsg "You broke your axe"
    overhead "* 伐木工具损坏 *" 38
elseif insysmsg "You do not see any harvestable resources nearby" or insysmsg "You cannot produce any wood from that"
    overhead "* 没有伐木资源 *" 53
elseif insysmsg "Harvesting is not allowed in this area"
    overhead "* 禁止伐木区域 *" 53
endif
 
wait 2000
 
loop

作者: reistlin
来源: http://www.reistlin.com/blog/443
更新时间: 2024.01
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

UO Outlands [https://uooutlands.com]
UO Razor Assistant [https://www.razorce.com]

# Auto Mining v1.2
# By REISTLIN
 
# Auto Recall ON/OFF
@setvar! AutoRecall 1
 
// Disparalyze
if paralyzed
    if findtype "pouch" backpack
        yell "[pouch"
    else
        overhead "* 没有 Trapped Pouch *" 38    
    endif
endif
 
// Auto Recall
if AutoRecall = 1
    if insysmsg "Distance to destination" or insysmsg "Now tracking"
        // Cancel Target
        if targetexists
            hotkey "Clear Target Queue"
            hotkey "Cancel Current Target"
        endif
 
        // Interrupt Current Action
        hotkey "> Interrupt"
 
        // Rune Book
        if findtype "runebook" backpack
            overhead "* 开始传送 *" 88
            dclicktype "runebook"
            waitforgump 1551740969
            gumpresponse 2
            stop
        endif
 
        // Outlands Requirement
        if findtype "Recall rune" backpack
            if skill "Magery" >= 40
                // Recall Scroll
                if findtype "Recall" backpack
                    overhead "* 开始传送(卷轴) *" 88
                    dclicktype "Recall"
                    waitfortarget
                    targettype "Recall rune"
                    stop                
                endif
                // Spell Book
                if findtype "Spellbook" backpack and findtype "Black Pearl%s%" backpack and findtype "Blood Moss" backpack and findtype "Mandrake Root%s%" backpack
                    overhead "* 开始传送(魔法) *" 88
                    cast "Recall"
                    waitfortarget
                    targettype "Recall rune"
                    stop
                endif
            else
                overhead "* 魔法技能不够 *" 38
            endif
        else
            overhead "* 没有传送符文 *" 53    
        endif
    endif
endif
 
// Check Tracking Buff
if not findbuff "tracking"
    skill "tracking"
    waitforgump 4267467659 
    gumpresponse 6
    wait 1000
    gumpclose 4267467659
    overhead "* 追踪中 *" 
endif
 
// Check Right Hand
if rhandempty
    if findtype "pickaxe" backpack
        dclicktype "pickaxe" backpack
        wait 500
    else
        overhead "* 没有采矿工具 *" 38 
        break
    endif
endif
 
// Check Over Weight
if weight > maxweight
    overhead "* 已超重 *" 38
else
    dclick "hands"
endif
 
// Report Status
if insysmsg "You dig some"
    overhead "* 采矿中 *" 88
elseif insysmsg "You have worn out your tool"
    overhead "* 采矿工具损坏 *" 38
elseif insysmsg "You do not see any harvestable resources nearby"
    overhead "* 没有采矿资源 *" 53
elseif insysmsg "Harvesting is not allowed in this area"
    overhead "* 禁止采矿区域 *" 53
endif
 
wait 2000
 
loop

bg3.png

一,下载字体:[ Microsoft Yahei Mono.ttf ]

D:\Steam\SteamaAps\common\Baldurs Gate 3\Data\Public\Game\GUI\Assets\Fonts\Microsoft-Yahei-Mono.ttf

二,配置文件:Keyboard.Fonts.xaml(键盘)

D:\Steam\SteamaAps\common\Baldurs Gate 3\Data\Public\Game\GUI\Theme\Keyboard.Fonts.xaml

<ResourceDictionary
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    xmlns:System="clr-namespace:System;assembly=mscorlib"
    xmlns:sys="clr-namespace:System;assembly=mscorlib">
    <FontFamily x:Key="DefaultFont">pack://application:,,,/GustavNoesisGUI;component/Assets/Fonts/#Microsoft Yahei Mono</FontFamily>
    <FontFamily x:Key="SpecialFont">pack://application:,,,/GustavNoesisGUI;component/Assets/Fonts/#Microsoft Yahei Mono</FontFamily>
</ResourceDictionary>

三,配置文件:Controller.Fonts.xaml(手柄)

D:\Steam\SteamaAps\common\Baldurs Gate 3\Data\Public\Game\GUI\Theme\Controller.Fonts.xaml

<ResourceDictionary
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">
    <FontFamily x:Key="DefaultFont">pack://application:,,,/GustavNoesisGUI;component/Assets/Fonts/#Microsoft Yahei Mono</FontFamily>
    <FontFamily x:Key="SpecialFont">pack://application:,,,/GustavNoesisGUI;component/Assets/Fonts/#Microsoft Yahei Mono</FontFamily>
</ResourceDictionary>

作者: reistlin
来源: http://www.reistlin.com/blog/439
更新时间: 2023.07
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

azerothcore.gif

AzerothCore 主页:https://www.azerothcore.org
AzerothCore Wiki 文档:https://www.azerothcore.org/wiki/home
Eluna Lua Engine 主页:https://github.com/azerothcore/mod-eluna
Eluna Lua Engine API 文档:https://www.azerothcore.org/pages/eluna/index.html

一,安装 MySQL 8.0.33

wget https://dev.mysql.com/get/mysql-apt-config_0.8.24-1_all.deb -O /tmp/mysql-apt-config_all.deb
DEBIAN_FRONTEND=noninteractive dpkg -i /tmp/mysql-apt-config_all.deb
apt-get update

二,安装编译环境

apt-get install git clang cmake make gcc g++ libmysqlclient-dev libssl-dev libbz2-dev libreadline-dev libncurses-dev libboost-all-dev mysql-server p7zip

三,通过 alternatives 设置 clang 版本

update-alternatives --install /usr/bin/cc cc /usr/bin/clang 100
update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang 100

四,通过 git clone 下载 AzerothCore,同时安装 mod-ah-bot 和 mod-eluna

cd /home/reistlin
mkdir AzerothCore
git clone https://github.com/azerothcore/azerothcore-wotlk.git --branch master --single-branch AzerothCore --depth 1
cd AzerothCore/modules
git clone https://github.com/azerothcore/mod-ah-bot.git
git clone https://github.com/azerothcore/mod-eluna.git

五,编译安装

cd /home/reistlin/AzerothCore
mkdir build
cd build
cmake ../ -DCMAKE_INSTALL_PREFIX=/home/reistlin/azerothcore/ -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DWITH_WARNINGS=1 -DTOOLS_BUILD=all -DSCRIPTS=static -DMODULES=static
make -j 8
make install

作者: reistlin
来源: http://www.reistlin.com/blog/438
更新时间: 2023.07
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

windows.gif

一,下载 Microsoft.VCLibs.140.00_14.0.26706.0.x86.x64.zip

二,运行 Windows PowerShell

32 位系统:

Add-AppxPackage -Path D:\Microsoft.VCLibs.140.00_14.0.26706.0_x86__8wekyb3d8bbwe.Appx

64 位系统:

Add-AppxPackage -Path D:\Microsoft.VCLibs.140.00_14.0.26706.0_x64__8wekyb3d8bbwe.Appx

三,重新启动

解决 Windows 10 LTSC 启动缺少 VCLib 导致 AppXSVC 服务 CPU 占用高、微软拼音输入法不显示候选词问题。

作者: reistlin
来源: http://www.reistlin.com/blog/436
更新时间: 2023.05
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

linux.gif

一,升级 CentOS 6 openssl 1.0.2u

查看 CentOS 6 openssl 版本,默认为 1.0.1e
也可以用 yum info openssl 查看 CentOS6 默认版本信息

[reistlin@reistlin ~]$ openssl version  
OpenSSL 1.0.1e-fips 11 Feb 2013

wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz --no-check-certificate
tar zxvf openssl-1.0.2u.tar.gz
cd openssl-1.0.2u
./config
make depend
make
make test
make install

默认安装路径:/usr/local/ssl/bin/openssl

安装完成后再次确认版本,升级成功

[reistlin@reistlin ~]$ openssl version
OpenSSL 1.0.2u  20 Dec 2019

二,安装 libressl 2.7.5

wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.5.tar.gz --no-check-certificate
tar zxvf libressl-2.7.5.tar.gz
cd libressl-2.7.5
./configure --prefix=/usr/local
make
make install

vim /etc/ld.so.conf
 
/usr/local/lib
/usr/local/lib64

ldconfig -v

三,安装 CentOS 6 Python 3.8.9

wget https://www.python.org/ftp/python/3.8.9/Python-3.8.9.tgz
tar zxvf Python-3.8.9.tgz
cd Python-3.8.9

vim Modules/Setup

取消下面 4 行注释,启用 libressl

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
        -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
        -L$(SSL)/lib -lssl -lcrypto

./configure --prefix=/usr/local/python3 --enable-optimizations --with-openssl=/usr/local/ssl/
make
make install

四,解决 CentOS 6 编译安装 Python 3.8.9 openSSL 报错问题:

Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

作者: reistlin
来源: http://www.reistlin.com/blog/434
更新时间: 2023.02
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

linux.gif

一,Ubuntu 16.04.7 配置(VMware x86 64bit)

1,下载安装 Ubuntu 16.04,内核版本 4.4(非常重要!需要与群晖 Synology DSM 6.2.4 版本一致

uname -a
Linux ubuntu 4.4.0-186-generic #216-Ubuntu SMP Wed Jul 1 05:34:05 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/os-release
 
NAME="Ubuntu"
VERSION="16.04.7 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.7 LTS"
VERSION_ID="16.04"

2,安装 ubuntu 编译环境

apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev pkg-config

3,交叉编译安装 libsodium-1.0.16,安装路径: /usr

下载 Synology DSM 6.2.4 Tool Chains 环境
选择 DS220+ 对应的 Intel x86 Linux 4.4.59 (GeminiLake) 目录
选择 geminilake-gcc493_glibc220_linaro_x86_64-GPL.txz 下载

wget https://sourceforge.net/projects/dsgpl/files/Tool%20Chain/DSM%206.2.4%20Tool%20Chains/Intel%20x86%20Linux%204.4.59%20%28GeminiLake%29/geminilake-gcc493_glibc220_linaro_x86_64-GPL.txz/download
tar Jxvf geminilake-gcc493_glibc220_linaro_x86_64-GPL.txz
cd x86_64-pc-linux-gnu

配置环境变量,启用 DSM 6.2.4 Tool Chains 交叉编译 libsodium-1.0.16

export PATH="/root/x86_64-pc-linux-gnu/bin:$PATH"
export CC=/root/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-gcc
export LD=/root/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-ld
export RANLIB=/root/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-ranlib
export CFLAGS="-I/root/x86_64-pc-linux-gnu/x86_64-pc-linux-gnu/include"
export LDFLAGS="-L/root/x86_64-pc-linux-gnu/x86_64-pc-linux-gnu/lib"

交叉编译安装 libsodium-1.0.16,安装路径: /usr

wget https://download.libsodium.org/libsodium/releases/old/libsodium-1.0.16.tar.gz
tar zxvf libsodium-1.0.16.tar.gz
cd libsodium-1.0.16
./configure --prefix=/usr
make
make install
ldconfig

4,编译安装 mbedtls-2.6.1,安装路径: /usr

wget https://codeload.github.com/Mbed-TLS/mbedtls/tar.gz/refs/tags/mbedtls-2.6.1
tar zxvf mbedtls-mbedtls-2.6.1.tar.gz
cd mbedtls-mbedtls-2.6.1
make SHARED=1 CFLAGS="-O2 -fPIC"
make DESTDIR=/usr install
ldconfig

5,编译安装 shadowsocks-libev,安装路径: /root/shadowsocks

wget https://github.com/shadowsocks/shadowsocks-libev/releases/download/v3.3.5/shadowsocks-libev-3.3.5.tar.gz
tar zxvf shadowsocks-libev-3.3.5.tar.gz 
cd shadowsocks-libev-3.3.5
autoreconf --install --force
./configure --prefix=/root/shadowsocks --with-sodium-include=/usr/include --with-sodium-lib=/usr/lib --with-mbedtls-include=/usr/include --with-mbedtls-lib=/usr/lib
make
make install

注意!./configure 需要指定 libsodium-1.0.16 和 mbedtls-2.6.1 的 include 和 lib 路径,否则 make 时会报错

ss_local-aead.o: In function `aead_cipher_decrypt'''':
/root/pkgs/shadowsocks-libev-3.3.5/src/aead.c:239: undefined reference to `crypto_aead_xchacha20poly1305_ietf_decrypt''''
ss_local-aead.o: In function `aead_cipher_encrypt'''':
/root/pkgs/shadowsocks-libev-3.3.5/src/aead.c:192: undefined reference to `crypto_aead_xchacha20poly1305_ietf_encrypt''''
collect2: error: ld returned 1 exit status

6,复制 ubuntu 系统 so 文件到 /root/shadowsocks/lib/ 目录,用于后续群晖 DSM 6.2.4 系统正常运行依赖。总计 4 个文件:

libev.so.4.0.0
libpcre.so.3.13.2
libsodium.so.23.1.0
libmbedcrypto.so.0

cd /root/shadowsocks/lib/
cp -a /usr/lib/x86_64-linux-gnu/libev.so.4.0.0 .
cp -a /lib/x86_64-linux-gnu/libpcre.so.3.13.2 .
cp -a /usr/lib/libsodium.so.23.1.0 .
cp -a /usr/lib/libmbedcrypto.so.0 .

7,新建 shell 脚本,用于后续 so 文件 symbolic link 到群晖 DSM 6.2.4 系统 /usr/lib/ 目录

vim /root/shadowsocks/lib/libshadowsocks-libev.sh
 
#!/bin/sh
 
ln -s /root/shadowsocks/lib/libev.so.4.0.0 /usr/lib/libev.so.4
ln -s /root/shadowsocks/lib/libpcre.so.3.13.2 /usr/lib/libpcre.so.3
ln -s /root/shadowsocks/lib/libsodium.so.23.1.0 /usr/lib/libsodium.so.23
ln -s /root/shadowsocks/lib/libmbedcrypto.so.0 /usr/lib/libmbedcrypto.so.0

chmod 755 /root/shadowsocks/lib/libshadowsocks-libev.sh

8,完成所有配置,压缩打包 /root/shadowsocks 目录为 shadowsocks.tar.gz,下载。

cd /root
tar zcvf shadowsocks.tar.gz shadowsocks

二,群晖 DS220+ 配置(Synology DS220+ Intel Celeron J4025 Geminilake)

1,将 shadowsocks.tar.gz 上传至群晖 DS220+

2,切换群晖 root 用户

sudo -i

3,进入 root 目录,解压缩 shadowsocks.tar.gz
运行 shadowsocks/lib 目录下的 libshadowsocks-libev.sh
将 so 文件 symbolic link 到 /usr/lib/

cd /root
tar zxvf shadowsocks.tar.gz
cd shadowsocks/lib
./libshadowsocks-libev.sh

4,正式启动,运行 ss-local,-c 参数指定 jsoin 配置文件,-f 参数指定 pid 文件
默认加密方法:chacha20-ietf-poly1305

cd /root/shadowsocks/bin/
./ss-local -c /root/shadowsocks/etc/ss.json -f /root/shadowsocks/etc/ss.pid

作者: reistlin
来源: http://www.reistlin.com/blog/432
更新时间: 2023.01
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

linux.gif

Lets Encrypt 是一家免费、开放、自动化的证书颁发机构(CA),为公众的利益而运行。它是一项由 Internet Security Research Group (ISRG) 提供的服务。

免费:任何拥有域名的人都可以使用 Lets Encrypt 免费获取受信的证书。

自动化:运行于服务器上的软件可以与 Lets Encrypt 直接交互,以便轻松获取证书,安全地配置它,并自动进行续期。

安全:Lets Encrypt 将成为一个推动 TLS 安全最佳实践发展的平台,无论是作为一个证书颁发机构(CA)还是通过帮助网站运营商正确地保护其服务器。

透明:所有颁发或吊销的证书将被公开记录,供任何人查阅。

开放:自动签发和续订协议已经发布作为其他人可以采用的开放标准。

乐于合作:就像互联网底层协议本身一样,Lets Encrypt 是为了让整个互联网社区受益而做出的共同努力,它不受任何单一组织的控制。Lets Encrypt 是为了让整个互联网社区受益而做出的共同努力,它不受任何单一组织的控制。

通过 acme.sh 实现 ACME (Automatic Certificate Management Environment) 协议,生成免费 SSL 证书并自动 Renew 续期。

自动化证书管理环境(ACME)是用于自动验证 X.509 证书的域验证,安装和管理的标准协议。 ACME 协议由 Internet 安全研究小组设计,并在 IETF RFC 8555。作为具有许多可用的客户端实现的文档齐全的开放标准,ACME 被广泛用作企业证书自动化解决方案。

一,下载安装 acme.sh

curl https://get.acme.sh | sh -s email=test@reistlin.com

默认安装路径:~/.acme.sh/
举例:/home/reistlin/.acme.sh/

二,设置证书颁发机构 Lets Encrypt

acme.sh --set-default-ca --server letsencrypt

三,生成证书

acme.sh --issue -d reistlin.com -d www.reistlin.com --webroot /home/wwwroot/

-d 参数指定默认域名和 www 域名
--webroot 参数指定网站根目录

举例:申请成功,证书保存在 /home/reistlin/.acme.sh/reistlin.com_ecc 目录

2023年 01月 30日 星期一 17:24:39 CST] Your cert is in: /home/reistlin/.acme.sh/reistlin.com_ecc/reistlin.com.cer
[2023年 01月 30日 星期一 17:24:39 CST] Your cert key is in: /home/reistlin/.acme.sh/reistlin.com_ecc/reistlin.com.key
[2023年 01月 30日 星期一 17:24:39 CST] _on_issue_success

四,配置证书

举例:Nginx SSL 配置

server {
    listen       443 ssl http2;
    server_name  reistlin.com  *.reistlin.com;
 
    ssl_certificate            /etc/nginx/conf.d/reistlin.com.cer;
    ssl_certificate_key        /etc/nginx/conf.d/reistlin.com.key;
    ssl_session_cache          shared:SSL:1m;
    ssl_session_timeout        5m;
}

五,自动续期

Lets Encrypt 免费 SSL 证书有效期 90 天,通过 acme.sh 配置系统 crontab 任务自动 Renew 续期:

系统 crontab 任务:

crontab -l
15 0 * * * "/home/reistlin/.acme.sh"/acme.sh --cron --home "/home/reistlin/.acme.sh" > /dev/null

crontab 每天 0 点 15 分自动检测证书有效性,到期自动 Renew 续期:

[2023年 01月 30日 星期一 21:26:51 CST] ===Starting cron===
[2023年 01月 30日 星期一 21:26:51 CST] Renew: "reistlin.com"
[2023年 01月 30日 星期一 21:26:51 CST] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[2023年 01月 30日 星期一 21:26:51 CST] Skip, Next renewal time is: 2023-03-30T09:24:39Z
[2023年 01月 30日 星期一 21:26:51 CST] Add "--force" to force to renew.
[2023年 01月 30日 星期一 21:26:51 CST] Skipped reistlin.com_ecc
[2023年 01月 30日 星期一 21:26:51 CST] ===End cron===

作者: reistlin
来源: http://www.reistlin.com/blog/431
更新时间: 2018.01
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

redhat.gifcentos.gif

# install RPM

yum install autoconf automake apr-util bind-utils curl gcc httpd-tools jwhois libtool libgssapi-devel lrzsz make mtr ntsysv openldap-devel openssl-devel pam-devel perl rpm-build screen sysstat tcpdump tcp_wrappers-devel tcp_wrappers-libs vim wget zlib-devel

# add user

useradd -u 500 reistlin; echo "密码" | passwd reistlin --stdin

# disable ipv6

echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network

# disable iptables

sed -i "/SELINUX/s/enforcing/disabled/" /etc/selinux/config
/etc/init.d/iptables stop
iptables -P INPUT ACCEPT
iptables -F
chkconfig iptables off
chkconfig ip6tables off

# libraries

echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf

# DNS

cat >>/etc/resolv.conf <<EOF
 
# Google DNS
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF

# timezone

cp -a /etc/localtime /etc/localtime.default
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# profile

cat >>/etc/profile <<EOF
 
# HisttimeFormat
HISTFILESIZE=2048
HISTSIZE=2048
HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
export HISTTIMEFORMAT
 
# Editor
export EDITOR=vim
 
# LANG
export LANG=zh_CN.UTF-8
EOF

# crontab

cat >>/var/spool/cron/root <<EOF
 
# m h  dom mon dow   command
#* * * * * /root/crontab/nginx.sh > /dev/null 2>&1
#* * * * * /root/crontab/php-fpm.sh > /dev/null 2>&1
#* * * * * /root/crontab/mysqld.sh > /dev/null 2>&1
#* * * * * /root/crontab/stunnel.sh > /dev/null 2>&1
#* * * * * /root/crontab/squid.sh > /dev/null 2>&1
#* * * * * /root/crontab/ss5.sh > /dev/null 2>&1
#* * * * * /root/crontab/kcp.ss.sh > /dev/null 2>&1
#* * * * * /root/crontab/kcp.squid.sh > /dev/null 2>&1
 
# NTP
59 1 * * * /usr/sbin/ntpdate 0.centos.pool.ntp.org > /dev/null 2>&1
59 2 * * * /usr/sbin/ntpdate 1.centos.pool.ntp.org > /dev/null 2>&1
59 3 * * * /usr/sbin/ntpdate 2.centos.pool.ntp.org > /dev/null 2>&1
EOF

# sshd

sed -i "s/#Port 22/Port 端口/" /etc/ssh/sshd_config
sed -i "s/#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/" /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i "s/#StrictModes yes/StrictModes yes/" /etc/ssh/sshd_config

# logrotate

sed -i "s/rotate 1/rotate 6/" /etc/logrotate.conf
sed -i "s/rotate 4/rotate 12/" /etc/logrotate.conf