welcome: please sign in
location: Memo

备忘录

目录

  1. 备忘录
查看所有

nginx 1.9.11 开始支持 dynamic module, 自己编译的 lua_module 过不去,所以换到自带的 perl_module 需要注意的是,perl_set 必须在 server{} 以外使用。所以 miktex 访问 CTAN 的大小写问题如下解决:

perl_set $uri_lowercase 'sub {
        my $r =  shift;
        return lc($r->uri);
}';

location /CTAN {
        root /srv/mirror;
        autoindex on;
        try_files $uri $uri/ $uri_lowercase $uri_lowercase/ =404;
}

MiKTeX 非常XX地请求 CJK 宏包时使用 /CTAN/....../CJK.tar.lzma, 而实际存储的是 /CTAN/..../cjk.tar.lzma 所以使用以下代码解决:

location /CTAN {
        set_by_lua $uri_lowercase "return string.lower(ngx.var.uri)";
        root /srv/mirror;
        autoindex on;
        try_files $uri $uri/ $uri_lowercase $uri_lowercase/ =404;
}

这样有个问题,lower_uri 会变成 /ctan/.../cjk.tar.lzma,所以需要再建立个软链接 ctan -> CTAN 或者改进那段lua小代码。

server {
        listen 80;
        listen [::]:80;

        server_name mirrors.* mirror.* mirror2.* mirrors4.* mirrors6.* mirrors-i.*;
        
        if ($host ~ "mirrors\.(4|6)\.(.*)") {
                return 301 https://mirrors$1.$2$request_uri;
        }
        if ($host ~ "mirrors\.(i)\.(.*)") {
                return 301 https://mirrors-$1.$2$request_uri;
        }

        if ($http_user_agent ~ "Mozilla/5.0\ ") { 
                return 301 https://$host$request_uri;
        }
        
        location = / {
                return 301 https://$host$request_uri;
        }
        
        include /etc/nginx/conf.d/mirrors_body.confi;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name mirrors.* mirror.* mirror2.* mirrors4.* mirrors6.* mirrors-i.*;
        
        include /etc/nginx/conf.d/mirrors_body.confi;
}

HAProxy如下配置:

defaults
        log     global
        mode    tcp

frontend googlesource-in
        bind 127.0.0.1:4242
        default_backend googlesource-out

backend googlesource-out
        server server1 2404:6800:4008:c03::52:443 maxconn 20480

Nginx 如此配置:

location / {
    proxy_pass https://127.0.0.1:4242/;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host "android.googlesource.com";
    proxy_http_version 1.1;
    proxy_read_timeout 2d;
    proxy_redirect off;
}

在机器A上:

modprobe l2tp_eth
ip l2tp add tunnel tunne_id 1000 peer_tunnel_id 2000 remote $remote_ip local $local_ip udp_sport $port udp_dport $port
ip l2tp add session name l2tpeth0 tunnel_id 1000 session_id 3000 peer_session_id 4000
ip link set dev l2tpeth0 mtu 6000 # jumbo frame
ip addr add ...

机器B上:

modprobe l2tp_eth
ip l2tp add tunnel tunne_id 2000 peer_tunnel_id 1000 remote $remote_ip local $local_ip udp_sport $port udp_dport $port
ip l2tp add session name l2tpeth0 tunnel_id 2000 session_id 4000 peer_session_id 3000
ip link set dev l2tpeth0 mtu 6000 # jumbo frame
ip addr add ...

ip l2tp show tunnel
ip l2tp show session
ip l2tp del tunnel tunel_id xxxx
ip l2tp del session tunnel_id xxxx session_id xxxx

iptables, ip6tables 加入以下规则

-A OUTPUT -j TRAFFIC_ACCT
-A TRAFFIC_ACCT -p tcp -m tcp --sport 9418 -m comment --comment git-daemon
-A TRAFFIC_ACCT -p tcp -m tcp --sport 80 -m comment --comment http
-A TRAFFIC_ACCT -p tcp -m tcp --sport 443 -m comment --comment https
-A TRAFFIC_ACCT -p tcp -m tcp --sport 873 -m comment --comment rsync

用以下 munin 脚本监控

   1 #!/bin/bash
   2 # ln -s /path/to/this/script.sh service_traffic_IPv4
   3 # ln -s /path/to/this/script.sh service_traffic_IPv6
   4 
   5 traffic_type=${0##*service_traffic_}
   6 
   7 case $1 in 
   8 config)
   9     echo "graph_title ${traffic_type} Service Traffic"  
  10     echo 'graph_args --base 1000'
  11     echo 'graph_vlabel bits out per ${graph_period} by service'
  12     echo 'graph_category network'
  13     
  14     echo 'git.label git'
  15     echo 'git.type DERIVE'
  16     echo 'git.draw AREA'
  17     echo 'git.cdef git,8,*'
  18     echo 'git.min 0'
  19     
  20     echo 'http.label http'
  21     echo 'http.type DERIVE'
  22     echo 'http.draw STACK'
  23     echo 'http.cdef http,8,*'
  24     echo 'http.min 0'
  25     
  26     echo 'https.label https'
  27     echo 'https.type DERIVE'
  28     echo 'https.draw STACK'
  29     echo 'https.cdef https,8,*'
  30     echo 'https.min 0'
  31     
  32     echo 'rsync.label rsync'
  33     echo 'rsync.type DERIVE'
  34     echo 'rsync.draw STACK'
  35     echo 'rsync.cdef rsync,8,*'
  36     echo 'rsync.min 0'
  37 
  38     exit 0;;
  39 esac
  40 
  41 traffic_type=$(echo $traffic_type | tr '[:upper:]' '[:lower:]')
  42 
  43 case $traffic_type in
  44 ipv4)
  45     IPTABLES=iptables
  46     ;;
  47 ipv6)
  48     IPTABLES=ip6tables
  49     ;;
  50 esac
  51 
  52 services=(git http https rsync)
  53 for service in ${services[@]}
  54 do
  55     out_bytes=$($IPTABLES -L TRAFFIC_ACCT -vnx| grep "$service"'[ \-]' | awk '{print $2}')
  56     echo "${service}.value $out_bytes"
  57 done
  58 
  59 # vim: sw=4 sts=4 ts=4 expandtab
  60 

Memo (2011-07-22 11:32:41由xiaq编辑)