此内容被密码保护
暂无回复
需要重新编译一下nginx
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --add-module=/root/ngx_http_substitutions_filter_module
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
cp objs/nginx /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx -t
make upgrade
反向代理1024配置
server{
listen 80;
server_name t66y.aenes.com;
rewrite ^(.*) https://t66y.aenes.com$1 permanent;
}
server{
listen 443;
server_name t66y.aenes.com;
ssl on;
ssl_certificate /root/t66y/t66y.crt;
ssl_certificate_key /root/t66y/t66y.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
location /{
rewrite https://t66y.aenes.com https://t66y.aenes.com/index.php;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Host "t66y.com";
proxy_set_header Referer https://t66y.aenes.com;
proxy_pass http://t66y.com;
proxy_set_header Accept-Encoding "";
subs_filter 't66y.com' 't66y.aenes.com';
subs_filter 'http://173.236.54.236' 'https://t66y.aenes.com/css';
subs_filter '<div class="tips" style="width:auto">' '<div class="tips" style="display:none;">';
}
location /css {
proxy_pass http://173.236.54.236/;
}
}
sed流编辑器是shell中处理文本内容的一大利器。sed命令从文本流中读取一行文本到模式空间中进行相应的命令、或脚本处理,因此在处理换行符时会有点特殊。
输入一下命令即可
ssh服务
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
/ip firewall filter add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no
ftp服务。
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"
/ip firewall filter add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
/ip firewall filter add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h
有时候,我们购买了100个以上的IP,难道都要一个一个的来写配置文件吗?Linux这么批量添加IP?可否做到一个配置文件即可?可以!
一.Centos下。
可以在/etc/sysconfig/network-scripts下创建一个range文件
vi /etc/sysconfig/network-scripts/ifcfg-eth0-range0
输入一下
DEVICE=eth0
BOOTPROTO=static
IPADDR_START=64.120.228.163
IPADDR_END=64.120.228.166
CLONENUM_START=8
NETMASK=255.255.255.248
ONBOOT=yes
CLONENUM_START — 网络克隆接口的启始号. # eg “1″ 生成的网络接口会从 eth0:1开始。
IPADDR_START=起始IP
IPADDR_END=结尾IP
然后重启网络让IP生效: service network restart
二.Debian下
debian下不支持centos这种格式,我们写了个脚本来批量添加ip。
# !/bin/bash
for ((i=0;i<=101;i=i+1));
do
echo "auto eth0:$i">>/etc/network/interfaces
echo "iface eth0:$i inet static">>/etc/network/interfaces
let j=$i+3
echo -e "\taddress 104.238.202.$j">>/etc/network/interfaces
echo -e "\tnetmask 255.255.255.128">>/etc/network/interfaces
echo -e "\tgateway 104.238.202.1">>/etc/network/interfaces
echo " ">>/etc/network/interfaces
done
当然脚本里面的数值你需要自己改动一下。
如果脚本报错Syntax error: Bad for loop variable,你需要把系统默认的shell从dash换成bash。
dpkg-reconfigure dash
选择No即可