nginx反向代理使用substitutions4nginx替换内容

需要重新编译一下nginx

git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module

./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --add-module=/root/ngx_http_substitutions_filter_module
make

mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
cp objs/nginx /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx -t
make upgrade

反向代理1024配置

server{
    listen 80;
    server_name t66y.aenes.com;
    rewrite ^(.*) https://t66y.aenes.com$1 permanent;
    }
server{
    listen 443;
    server_name t66y.aenes.com;

    ssl on;
    ssl_certificate /root/t66y/t66y.crt;
    ssl_certificate_key /root/t66y/t66y.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;

    location /{
    rewrite https://t66y.aenes.com https://t66y.aenes.com/index.php;
    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header User-Agent $http_user_agent;
    proxy_set_header Host "t66y.com";
    proxy_set_header Referer https://t66y.aenes.com;
    proxy_pass http://t66y.com;
    proxy_set_header Accept-Encoding "";
    subs_filter 't66y.com' 't66y.aenes.com';
    subs_filter 'http://173.236.54.236' 'https://t66y.aenes.com/css';
    subs_filter '<div class="tips" style="width:auto">' '<div class="tips" style="display:none;">';
        }
    location /css {
    proxy_pass http://173.236.54.236/;
    }
    }

Router OS 屏蔽暴力破解IP

输入一下命令即可
ssh服务

/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

/ip firewall filter add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no

ftp服务。

/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"

/ip firewall filter add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m

/ip firewall filter add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h

Linux下批量添加IP

有时候,我们购买了100个以上的IP,难道都要一个一个的来写配置文件吗?Linux这么批量添加IP?可否做到一个配置文件即可?可以!
一.Centos下。
可以在/etc/sysconfig/network-scripts下创建一个range文件

vi /etc/sysconfig/network-scripts/ifcfg-eth0-range0

输入一下

DEVICE=eth0
BOOTPROTO=static
IPADDR_START=64.120.228.163
IPADDR_END=64.120.228.166
CLONENUM_START=8
NETMASK=255.255.255.248
ONBOOT=yes

CLONENUM_START — 网络克隆接口的启始号. # eg “1″ 生成的网络接口会从 eth0:1开始。
IPADDR_START=起始IP
IPADDR_END=结尾IP

然后重启网络让IP生效: service network restart
二.Debian下
debian下不支持centos这种格式,我们写了个脚本来批量添加ip。

# !/bin/bash
for ((i=0;i<=101;i=i+1));
do
    echo "auto eth0:$i">>/etc/network/interfaces
    echo "iface eth0:$i inet static">>/etc/network/interfaces
    let j=$i+3
    echo -e "\taddress 104.238.202.$j">>/etc/network/interfaces
    echo -e "\tnetmask 255.255.255.128">>/etc/network/interfaces
    echo -e "\tgateway 104.238.202.1">>/etc/network/interfaces
    echo "  ">>/etc/network/interfaces
done

当然脚本里面的数值你需要自己改动一下。
如果脚本报错Syntax error: Bad for loop variable,你需要把系统默认的shell从dash换成bash。

dpkg-reconfigure dash

选择No即可