sysctl.conf网络内核参数说明(转)

下面是我的理解,可能有误,仅供参考。

要调优,三次/四次握手必须烂熟于心。

client                  server (SYN_SENT)      —>  (SYN_RECV) (ESTABLISHED)   <— —>  (ESTABLISHED)

client(主动)            server (FIN_WAIT_1)    —>    (CLOSE_WAIT) (FIN_WAIT_2)    <— (TIME_WAIT)     <—    (LAST_ACK) —>    (CLOSED)

大家熟知的 SYN flooding/SYN spoofing 就是在 SYN_RECV 的状态下发起的进攻。这种由于 TCP/IP 协议引起的缺陷只能防治而不好根治,除非换了 TCP/IP。通过下面的方式,可以在一定程度上缓解 DDOS 攻击。

增大半连接的队列,即 backlog queue 人工干预以减少 SYS_RECV 的时间,可以降低第一个重传包的时间或者减少重传的次数

检测 SYN 攻击,可以使用 netstat 命令查看当前的连接类型以及连接数目,如果发现有大量的 SYN_RECV,就值得怀疑了: $ netstat -tuna | grep . . . → Read More: sysctl.conf网络内核参数说明(转)

HAProxy – route by domain name

——————by Sean Mcgary on September 28, 2013

http://seanmcgary.com/posts/haproxy—route-by-domain-name

 

I tend to build a lot of web applications in NodeJS using the Express.js webserver. When you have a few of these apps running on one server, you generally want to run them on unique ports and put some kind of proxy in front of . . . → Read More: HAProxy – route by domain name

convert mysql table engine myisam to innodb

#!/bin/bash if [ $# -ne 1 ]; then echo “usage: convert.sh database” exit 1 fi date db=$1 echo “Convert database $db” ; mysql -B -N -e “SELECT TABLE_NAME, ENGINE FROM information_schema.TABLES where TABLE_SCHEMA = ‘$db’ and engine=’myisam'” |awk ‘{print $1}’| while read table; \ do \ echo “+ Converting Table $table”; \ mysql . . . → Read More: convert mysql table engine myisam to innodb

Install NodeJS on Ubuntu Server

#sudo apt-get install python-software-properties python g++ make #sudo add-apt-repository ppa:chris-lea/node.js #sudo apt-get update #sudo apt-get install nodejs #apt-get install software-properties-common

//comment //npm is automatically installed with node.js in the latest version of node.

#node –version #npm –version

//will show the version,upgrade npm use the follow command.

#sudo npm install -g . . . → Read More: Install NodeJS on Ubuntu Server

install vmware-tools for ubuntu/linux server

Ubuntu server安裝VMware tools的步骤:

1.VMware操作环境中,点菜单Inventory -> Virtual Machin -> Guest ->Install / Upgrade Vmware Tools

 

2.在Guest os的Ubuntu server中安裝所需的套件。

aptitude install gcc build-essential linux-headers-`uname-r` psmisc

 

3.在Ubuntu server中安裝Vmware tools

mount /dev/cdrom /media/cdrom

cp VMwareTools-…..    /tmp/

tar zxvf VMwareTools-…..

cd vmware…..

./vmware-install.pl

4. reboot