From 0e1da8905f06f862cf683a37d93ce6d8b679c3ac Mon Sep 17 00:00:00 2001 From: wener Date: Tue, 2 Apr 2024 18:27:33 +0800 Subject: [PATCH] update --- notes/db/kv/kv-awesome.md | 4 +- notes/db/kv/redis/README.md | 6 +- .../postgresql/postgres-supabase.md | 14 + .../relational/postgresql/postgresql-faq.md | 12 + notes/dev/dev-awesome.md | 1 + notes/dev/dict.md | 39 +- notes/dev/std/unicode/unicode-faq.md | 27 +- notes/devops/kubernetes/distro/k3s/k3s-faq.md | 44 ++ .../kubernetes/distro/k3s/k3s-upgrade.md | 8 +- .../kubernetes/network/apisix-ingress.md | 46 +- notes/devops/web/haproxy/haproxy-conf.md | 29 -- notes/devops/web/haproxy/haproxy-logging.md | 157 +++++++ notes/devops/web/nginx/nginx-faq.md | 2 + notes/evolve/ruankao/README.md | 7 + notes/languages/diagram/d2.md | 28 ++ notes/ops/admin/high-performance.md | 20 - notes/os/linux/shell/ssh/ssh-faq.md | 32 ++ notes/os/linux/sys/limits.md | 1 + notes/os/linux/sys/sysctl.md | 147 +++++- notes/platform/wechat/wechat-miniprogram.md | 19 +- notes/reference/size.md | 24 +- notes/service/cn/README.md | 25 +- notes/service/cn/tax/README.md | 42 ++ notes/service/dns/dnsmasq/dnsmasq-faq.md | 2 +- notes/service/dns/powerdns/README.md | 427 +----------------- notes/service/dns/powerdns/as/README.md | 215 +++++++++ .../dns/powerdns/as/powerdns-as-backend.md | 56 +++ .../dns/powerdns/as/powerdns-as-config.md | 176 ++++++++ notes/service/observability/vector.md | 2 + notes/service/service-awesome.md | 24 +- notes/web/browser/chrome/chrome-version.md | 51 ++- notes/web/design/color.md | 5 + notes/web/dev/prettier.md | 12 +- notes/web/dev/turborepo.md | 2 +- notes/web/dev/web-dev-awesome.md | 1 + .../web/framework/{taro.md => taro/README.md} | 69 +-- notes/web/framework/taro/taro-faq.md | 79 ++++ notes/web/script/js/js-awesome.md | 48 +- notes/web/script/lib/floating-ui.md | 41 +- notes/web/script/typescript/typescript-faq.md | 2 +- notes/web/style/{css.md => css/README.md} | 0 notes/web/style/{ => css}/css-awesome.md | 0 notes/web/style/css/css-color.md | 17 + notes/web/style/{ => css}/css-faq.md | 28 ++ notes/web/style/{ => css}/css-font.md | 0 .../web/style/{ => css}/css-fragmentation.md | 0 notes/web/style/{ => css}/css-in-js.md | 0 notes/web/style/{ => css}/css-layout.md | 3 + notes/web/style/{ => css}/css-rule.md | 0 notes/web/style/{ => css}/css-selector.md | 0 notes/web/style/{ => css}/css-tools.md | 0 notes/web/style/{ => css}/css-unit.md | 0 notes/web/style/daisy.md | 15 +- notes/web/style/tailwindcss/README.md | 64 +-- 54 files changed, 1414 insertions(+), 659 deletions(-) create mode 100644 notes/devops/web/haproxy/haproxy-logging.md create mode 100644 notes/languages/diagram/d2.md delete mode 100644 notes/ops/admin/high-performance.md create mode 100644 notes/service/cn/tax/README.md create mode 100644 notes/service/dns/powerdns/as/README.md create mode 100644 notes/service/dns/powerdns/as/powerdns-as-backend.md create mode 100644 notes/service/dns/powerdns/as/powerdns-as-config.md rename notes/web/framework/{taro.md => taro/README.md} (58%) create mode 100644 notes/web/framework/taro/taro-faq.md rename notes/web/style/{css.md => css/README.md} (100%) rename notes/web/style/{ => css}/css-awesome.md (100%) create mode 100644 notes/web/style/css/css-color.md rename notes/web/style/{ => css}/css-faq.md (96%) rename notes/web/style/{ => css}/css-font.md (100%) rename notes/web/style/{ => css}/css-fragmentation.md (100%) rename notes/web/style/{ => css}/css-in-js.md (100%) rename notes/web/style/{ => css}/css-layout.md (94%) rename notes/web/style/{ => css}/css-rule.md (100%) rename notes/web/style/{ => css}/css-selector.md (100%) rename notes/web/style/{ => css}/css-tools.md (100%) rename notes/web/style/{ => css}/css-unit.md (100%) diff --git a/notes/db/kv/kv-awesome.md b/notes/db/kv/kv-awesome.md index e1deb244eae..57a7c4d1d50 100644 --- a/notes/db/kv/kv-awesome.md +++ b/notes/db/kv/kv-awesome.md @@ -18,7 +18,9 @@ title: KV DB Awesome ## 服务 -- Redis +- [placeholderkv/placeholderkv](./redis/placeholderkv.md) + - Redis 最后的 BSD fork +- [Redis](./redis/README.md) - [FoundationDB](https://github.com/apple/foundationdb) - [FoundationDB/awesome-foundationdb](https://github.com/FoundationDB/awesome-foundationdb) - [microsoft/FASTER](https://github.com/microsoft/FASTER) diff --git a/notes/db/kv/redis/README.md b/notes/db/kv/redis/README.md index 8cf144e262b..0db3bea35b7 100644 --- a/notes/db/kv/redis/README.md +++ b/notes/db/kv/redis/README.md @@ -5,7 +5,11 @@ title: Redis # Redis - [redis/redis](https://github.com/redis/redis) - - BSD-3, C + - RSALv2, SSPLv1, C + - 7.2 BSD-3 -> RSALv2, SSPLv1 + - BSD fork + - [PlaceHolderKV](./placeholderkv.md) + - https://codeberg.org/redict/redict - 支持的数据类型: string, bitmap, hll, list, pub/sub, hash, set, sorted set, stream - Redis Stack 扩展: bloom, cuckoo, count-min, graph, json, suggest, search, t-digest, timeserial, top-k - 参考 diff --git a/notes/db/relational/postgresql/postgres-supabase.md b/notes/db/relational/postgresql/postgres-supabase.md index 95a72a20ddc..538f19ea6f3 100644 --- a/notes/db/relational/postgresql/postgres-supabase.md +++ b/notes/db/relational/postgresql/postgres-supabase.md @@ -16,6 +16,20 @@ title: Supabase PostgreSQL Image - 扩展 - [supabase/supautils](https://github.com/supabase/supautils) +```bash +# 注意 superuser 为 supabase_admin 密码和 postgres 相同 +# 建议登录为 supabase_admin 然后 alter user postgres with superuser +PASSWORD=$(uuidgen | tr -d '[[:space:]]') +docker run -d --restart=always \ + -e POSTGRES_PASSWORD=$PASSWORD \ + -p 5432:5432 \ + -e POSTGRES_INITDB_ARGS="--encoding=UTF-8 --lc-collate=C --lc-ctype=C" \ + -v /data/postgres/data:/var/lib/postgresql/data \ + --name postgres supabase/postgres:15.1.1.33 \ + -clisten_addresses=* \ + -cshared_preload_libraries=pg_stat_statements,pg_stat_monitor,pgaudit,plpgsql,plpgsql_check,pg_cron,pg_net,timescaledb,auto_explain,pg_tle +``` + ```conf unix_socket_directories = '/var/run/postgresql' session_preload_libraries = 'supautils' diff --git a/notes/db/relational/postgresql/postgresql-faq.md b/notes/db/relational/postgresql/postgresql-faq.md index 1f9be474224..77741d3bfac 100644 --- a/notes/db/relational/postgresql/postgresql-faq.md +++ b/notes/db/relational/postgresql/postgresql-faq.md @@ -894,3 +894,15 @@ on conflict(value) do update set (label,extensions)= (excluded.label,excluded.ex ## for update nowait - FOR UPDATE cannot be applied to the nullable side of an outer join - mikroorm LockMode.PESSIMISTIC_WRITE_OR_FAIL + +## permission denied to set session authorization + +```sql +-- 获取当前的 superuser +SELECT usename +FROM pg_catalog.pg_user +WHERE usesuper = true; +``` + +- ⚠️注意 [supabase](./postgres-supabase.md) 的 pg superuser 是 supabase_admin + - supabase_admin 密码和 postgres 相同,登录后 `ALTER USER postgres WITH SUPERUSER` diff --git a/notes/dev/dev-awesome.md b/notes/dev/dev-awesome.md index 82eb605264e..49ffbfcc2ef 100644 --- a/notes/dev/dev-awesome.md +++ b/notes/dev/dev-awesome.md @@ -122,6 +122,7 @@ tags: - [boyter/scc](https://github.com/boyter/scc) ```bash +brew install scc # -M '[.]pb[.]' -M 'generated' scc --exclude-dir={vendor,.gen,node_modules} -M '_test.go' --no-gen . ``` diff --git a/notes/dev/dict.md b/notes/dev/dict.md index a5febecf921..0928e1b29de 100644 --- a/notes/dev/dict.md +++ b/notes/dev/dict.md @@ -702,6 +702,21 @@ tags: - 达成活动可能有一定条件 - 例如 A 转变为 B 还是 C 取决于一定条件 - 活动底层也是通过事件驱动 +## notes vs comment vs remark + +- notes + - 简单信息 + - 个人参考或者提醒 + - 对话、会议、演讲的总结,对某个主题的思考和观察 + - 使用场景:学习、会议记录、个人备忘录,或者任何需要记录关键信息的场合。 +- comment + - 对某个话题、事件或意见的评价或解释 + - 包含个人的看法、批评、或者解释 + - 强调能 reply + - 使用场景:在线讨论、代码评审、书籍或文章边注,或者任何需要提供反馈、见解的地方。 +- remark + - 暗示了观点的智慧或机智,但也可以是比较普通的评论。 + ## Supplier vs. Provider vs. Vendor 建议同等对待 “服务商”和“供应商”。 @@ -964,6 +979,7 @@ tags: - status - 等待处理, 正在进行, 暂时延迟, 即将完成 --- + - 参考 - Dynamic365 entity state & status - Status (statecode) - Status Reason (statuscode) @@ -1194,14 +1210,29 @@ tags: 虽然传统翻译里用 “命名空间” 翻译 namespace 概念,但是认为如果就是指代 “Namespace”,那 “名字空间” 更合适。 -## area vs region vs district +## area vs region vs district vs location vs address + +- 抽象层级 region > area > district > location > address + +--- - area - - 小区域范围 + - 小区域 + - 面积或区域的广泛概念,可以指自然地理区域、行政划分、或者某个具体的空间或场所。 + - 通常用于泛指一个较大的地理、社会或功能区域,不特指具体的行政单位。例如,可以说“住宅区”、“商业区”等。 - region - - 大的地理位置区域 + - 大区域 + - 区域,常指较大的地理或行政区域,可以跨越多个国家或包含多个州、省。 + - 常用于描述具有某种共同地理特征、文化特征或经济特征的大片区域。例如,亚马逊雨林、中东地区等。 - district - - 行政区划 + - 区或地区,一般指一个较小的行政划分单元,如城市的一部分或乡镇。 + - 在行政管理、选举、商业等多个领域中有特定含义。例如,学区(教育行政区域)、商业区。 +- location + - 位置,指一个点或者一个很小的区域在空间上的具体位置。 + - 通常用于指明某个具体的地点或地理位置,无论是通过描述、坐标还是其他方式。例如,“我们公司的位置在市中心。” +- address + - 地址,更具体、更正式地标识某个位置或场所的信息。 + - 用于邮件寄送、定位、识别某个特定的住所、建筑或机构等。它通常包括街道名、门牌号、城市、州/省、国家和邮政编码等信息。 ## mobile vs phone vs tel diff --git a/notes/dev/std/unicode/unicode-faq.md b/notes/dev/std/unicode/unicode-faq.md index ead620e2119..afaccbc6989 100644 --- a/notes/dev/std/unicode/unicode-faq.md +++ b/notes/dev/std/unicode/unicode-faq.md @@ -19,8 +19,16 @@ echo '你好!' | iconv -f UTF-8 -t GB2312 - | hexdump -C - BMP - Basic Multilingual Plane - 基本多文种平面 - U+0000 to U+FFFF +- SIP - Supplementary Ideographic Plane + - 补充表意文字平面 + - Plane 2 - 第二辅助平面 + - U+20000 to U+2A6DF +- TIP - Tertiary Ideographic Plane + - 第三辅助平面 + - Plane 3 + - U+2A700 to U+2B73F -## 中文 +## CJK **中文** @@ -34,16 +42,29 @@ echo '你好!' | iconv -f UTF-8 -t GB2312 - | hexdump -C /[\u4e00-\u9fa5\u3400-\u4DBF]|[\u{20000}-\u{2A6DF}]/u ``` -- 扩展A区(Extension A) +- 中日韩统一表意文字(U+4E00-U+9FA5) - `/[\u4e00-\u9fa5]/` + - 20902 + - 〇 U+3007 - 特殊修正 +- 扩展A区(Extension A) - U+3400-U+4DB5 - 6,582 - 罕见汉字、少数民族汉字 -- 扩展B区(Extension B) + - 中日韩统一表意文字扩展区A + - https://en.wikipedia.org/wiki/CJK_Unified_Ideographs_Extension_A +- 扩展B区(Extension B) - U+20000-U+2A6D6 - A+B - 42,711 - 罕见、古老汉字 - 扩展C区(U+2A700到U+2B73F) - 扩展D区(U+2B740到U+2B81F) - 扩展E区(U+2B820到U+2CEAF) - 扩展F区(U+2CEB0到U+2EBEF) +- 中日韩统一表意文字 + - https://en.wikipedia.org/wiki/CJK_Unified_Ideographs + +| 区块名 | 码位数 | 未分配 | 编码范围 | +| ------------------------- | ------ | ------ | --------------- | +| 中日韩统一表意文字 | 20,992 | 0 | U+4E00-U+9FA5 | +| 中日韩统一表意文字扩展区A | 6,592 | 0 | U+3400-U+4DB5 | +| 中日韩统一表意文字扩展区B | 42,720 | 0 | U+20000-U+2A6DF | ## 200b diff --git a/notes/devops/kubernetes/distro/k3s/k3s-faq.md b/notes/devops/kubernetes/distro/k3s/k3s-faq.md index cd78633cad0..6f81dff1789 100644 --- a/notes/devops/kubernetes/distro/k3s/k3s-faq.md +++ b/notes/devops/kubernetes/distro/k3s/k3s-faq.md @@ -32,6 +32,50 @@ ETCDCTL_API=3 etcdctl --endpoints=unix:///var/lib/rancher/k3s/server/kine.sock g # ETCDCTL_API=3 etcdctl --endpoints=unix:///var/lib/rancher/k3s/server/kine.sock get / --prefix ``` +## DNS 问题 + +```bash +nslookup kubernetes.default + +# 确保网络正常 +ping 1.1.1.1 +``` + +- 确保 coredns 能联网 +- kube-dns.kube-system.svc.cluster.local + - 10.43.0.10 + - coredns + +## flannel 网络问题 + +```bash +# 排查 host 路由 +route -n + +cat /run/flannel/subnet.env + +# host +ping 10.42.0.1 + +# 排查 pod 网络 +tcpdump -i cni0 -nn -s0 -v -l host +``` + +```ini title="subnet.env" +FLANNEL_NETWORK=10.42.0.0/16 +FLANNEL_SUBNET=10.42.0.1/24 +FLANNEL_MTU=1450 +FLANNEL_IPMASQ=true +``` + +## pod 之间网络不通 + +```bash +iptables -P FORWARD ACCEPT +``` + +- https://github.com/k3s-io/k3s/issues/8809 + ## containerd 配置 - /var/lib/rancher/k3s/agent/etc/containerd/config.toml diff --git a/notes/devops/kubernetes/distro/k3s/k3s-upgrade.md b/notes/devops/kubernetes/distro/k3s/k3s-upgrade.md index b8bd88eb084..270cadfa13a 100644 --- a/notes/devops/kubernetes/distro/k3s/k3s-upgrade.md +++ b/notes/devops/kubernetes/distro/k3s/k3s-upgrade.md @@ -1,6 +1,6 @@ --- tags: -- Upgrade + - Upgrade --- # K3S 升级 {#upgrade} @@ -13,8 +13,7 @@ rc-update del k3s reboot # 升级 -k3s -v # 当前版本 -cp $(which k3s) k3s.last # backup +k3s -v # 当前版本 sudo apk add jq @@ -35,7 +34,8 @@ sha256sum -c sha256sum-${ARCH}.txt --ignore-missing cp k3s$SUFFIX k3s.$VERSION_K3S chmod +x k3s.$VERSION_K3S -sudo cp k3s.$VERSION_K3S $(which k3s) +cp $(which k3s) k3s.last # backup +sudo cp k3s.$VERSION_K3S $(which k3s) # replace sudo k3s check-config k3s -v diff --git a/notes/devops/kubernetes/network/apisix-ingress.md b/notes/devops/kubernetes/network/apisix-ingress.md index 62a53df4e87..b1a70f0f5d7 100644 --- a/notes/devops/kubernetes/network/apisix-ingress.md +++ b/notes/devops/kubernetes/network/apisix-ingress.md @@ -4,6 +4,18 @@ title: Apisix Ingress # Apisix Ingress +:::caution + +- 不建议使用 +- 依赖 etcd + - etcd 难维护 + - helm 直接启动的 etcd 可能会有各种问题 - 可能导致无法启动 + - 没必要为了 apisix 专门去维护 etcd + - etcd 非常吃 IO - IO 慢的时候 CPU 非常高 +- 建议尝试 kong - 使用现有的 DB 作为 backend + +::: + - Helm - https://charts.apiseven.com apisix - apisix 依赖 apisix-dashboard, apisix-ingress-controller, etcd @@ -48,23 +60,23 @@ spec: ```yaml annotations: - k8s.apisix.apache.org/enable-cors: "true" - k8s.apisix.apache.org/cors-allow-origin: "https://foo.com,http://bar.com:8080" - k8s.apisix.apache.org/cors-allow-headers: "Host: https://bar.com:8080" - k8s.apisix.apache.org/cors-allow-methods: "GET,POST" - k8s.apisix.apache.org/allowlist-source-range: "10.0.5.0/16,127.0.0.1,192.168.3.98" - k8s.apisix.apache.org/blocklist-source-range: "127.0.0.1,172.17.0.0/16" - k8s.apisix.apache.org/http-allow-methods: "GET,POST" - k8s.apisix.apache.org/http-block-method: "PUT,DELETE" - k8s.apisix.apache.org/rewrite-target-regex: "/app/(.*)" - k8s.apisix.apache.org/rewrite-target-regex-template: "/$1" - k8s.apisix.apache.org/http-to-https: "true" - k8s.apisix.apache.org/use-regex: "true" - k8s.apisix.apache.org/enable-websocket: "true" - k8s.apisix.apache.org/enable-response-rewrite: "true" - k8s.apisix.apache.org/response-rewrite-status-code: "404" - k8s.apisix.apache.org/response-rewrite-body: "bar-body" - k8s.apisix.apache.org/response-rewrite-body-base64: "true" + k8s.apisix.apache.org/enable-cors: 'true' + k8s.apisix.apache.org/cors-allow-origin: 'https://foo.com,http://bar.com:8080' + k8s.apisix.apache.org/cors-allow-headers: 'Host: https://bar.com:8080' + k8s.apisix.apache.org/cors-allow-methods: 'GET,POST' + k8s.apisix.apache.org/allowlist-source-range: '10.0.5.0/16,127.0.0.1,192.168.3.98' + k8s.apisix.apache.org/blocklist-source-range: '127.0.0.1,172.17.0.0/16' + k8s.apisix.apache.org/http-allow-methods: 'GET,POST' + k8s.apisix.apache.org/http-block-method: 'PUT,DELETE' + k8s.apisix.apache.org/rewrite-target-regex: '/app/(.*)' + k8s.apisix.apache.org/rewrite-target-regex-template: '/$1' + k8s.apisix.apache.org/http-to-https: 'true' + k8s.apisix.apache.org/use-regex: 'true' + k8s.apisix.apache.org/enable-websocket: 'true' + k8s.apisix.apache.org/enable-response-rewrite: 'true' + k8s.apisix.apache.org/response-rewrite-status-code: '404' + k8s.apisix.apache.org/response-rewrite-body: 'bar-body' + k8s.apisix.apache.org/response-rewrite-body-base64: 'true' # 可以通过 Prefix 路由 # path: /helloworld.Greeter/SayHello k8s.apisix.apache.org/upstream-scheme: grpcs diff --git a/notes/devops/web/haproxy/haproxy-conf.md b/notes/devops/web/haproxy/haproxy-conf.md index 5b6b40e6116..4888652d6bd 100644 --- a/notes/devops/web/haproxy/haproxy-conf.md +++ b/notes/devops/web/haproxy/haproxy-conf.md @@ -350,35 +350,6 @@ hdr(host) hdr_end(host) -i .wener.me hdr_beg(host) -i .wener.me -## Logging - -```haproxy -global - # syslog UNIX socket - log /dev/log local0 - - # 本地 syslog server - log 127.0.0.1 local1 notice - # log 到 hostname 为 rsyslog 的服务器 - log rsyslog:514 local0 - - # stdout - 用于容器环境 - log stdout format raw local0 - log stdout format raw daemon debug - -defaults - log global - mode http - option httplog - -backend s1 - mode tcp - option tcplog -``` - -- https://www.haproxy.com/documentation/hapee/latest/onepage/#8 -- https://www.haproxy.com/documentation/hapee/latest/observability/logging/overview/ -- https://www.haproxy.com/blog/introduction-to-haproxy-logging/ ## 参考 diff --git a/notes/devops/web/haproxy/haproxy-logging.md b/notes/devops/web/haproxy/haproxy-logging.md new file mode 100644 index 00000000000..185277456df --- /dev/null +++ b/notes/devops/web/haproxy/haproxy-logging.md @@ -0,0 +1,157 @@ +--- +tags: + - Logging +--- + +# HAProxy Logging + +```haproxy +global + # syslog UNIX socket + log /dev/log local0 + + # 本地 syslog server + log 127.0.0.1 local1 notice + # log 到 hostname 为 rsyslog 的服务器 + log rsyslog:514 local0 + + # stdout - 用于容器环境 + log stdout format raw local0 + log stdout format raw daemon debug + +defaults + log global + mode http + option httplog + +backend s1 + mode tcp + option tcplog +``` + +- https://www.haproxy.com/documentation/hapee/latest/onepage/#8 +- https://www.haproxy.com/documentation/hapee/latest/observability/logging/overview/ +- https://www.haproxy.com/blog/introduction-to-haproxy-logging/ + +## Log format + +- https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#8.2.2 + +**TCP log format** + + +``` +mode tcp +option tcplog +``` + +``` +log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq" +``` + +``` +Feb 6 12:12:56 localhost haproxy[14387]: 10.0.1.2:33313 [06/Feb/2009:12:12:51.443] fnt bck/srv1 0/0/5007 212 -- 0/0/0/0/3 0/0 +``` + +``` + Field Format Extract from the example above + 1 process_name '[' pid ']:' haproxy[14387]: + 2 client_ip ':' client_port 10.0.1.2:33313 + 3 '[' accept_date ']' [06/Feb/2009:12:12:51.443] + 4 frontend_name fnt + 5 backend_name '/' server_name bck/srv1 + 6 Tw '/' Tc '/' Tt* 0/0/5007 + 7 bytes_read* 212 + 8 termination_state -- + 9 actconn '/' feconn '/' beconn '/' srv_conn '/' retries* 0/0/0/0/3 + 10 srv_queue '/' backend_queue 0/0 +``` + +**HTTP log format** + +``` +mode http +option httplog +``` + +等同于 + +``` +log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" +``` + +``` +Jan 27 21:52:56 localhost hapee-lb[3098]: 192.168.50.1:61818 [27/Jan/2021:21:52:56.086] fe_main be_servers/s1 0/0/1/1/2 200 517 - - ---- 1/1/0/0/0 0/0 {1wt.eu} {} "GET / HTTP/1.1" +``` + +**CLF log format** + +``` +mode http +option httplog clf +``` + +等同于 + +``` +log-format "%{+Q}o %{-Q}ci - - [%trg] %r %ST %B \"\" \"\" %cp %ms %ft %b %s %TR %Tw %Tc %Tr %Ta %tsc %ac %fc %bc %sc %rc %sq %bq %CC %CS %hrl %hsl" +``` + +**HTTPS log format** + +``` +mode http +option httpslog +``` + +等同于 + +``` +log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %[ssl_fc_sni]/%sslv/%sslc" +``` + +``` +Feb 6 12:14:14 localhost hapee-lb[3098]: 192.168.50.1:61818 [27/Jan/2021:21:52:56.086] fe_main be_servers/s1 0/0/1/1/2 200 517 - - ---- 1/1/0/0/0 0/0 {1wt.eu} {} "GET / HTTP/1.1" 0/0/0/0/0 1wt.eu/TLSv1.3/TLS_AES_256_GCM_SHA384 +``` + +- https://www.haproxy.com/documentation/haproxy-enterprise/administration/logs/ + +## Custom log format + +``` +global + setenv HAPROXY_TCP_LOG_FMT "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq" + setenv HAPROXY_HTTP_LOG_FMT "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" + setenv HAPROXY_HTTPS_LOG_FMT "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %[ssl_fc_sni]/%sslv/%sslc" + +defaults + http-request set-var(txn.mypath) path + log-format "$HAPROXY_HTTP_LOG_FMT %[var(txn.mypath)]" +``` + + +## SNI + +``` +tcp-request inspect-delay 3s +tcp-request content capture req.ssl_sni len 100 +log-format "%[capture.req.hdr(0)]" +``` + +## JSON + +``` +log-format '{"host":"%H","ident":"haproxy","pid":%pid,"time":"%Tl","haproxy":{"conn":{"act":%ac,"fe":%fc,"be":%bc,"srv":%sc},"queue":{"backend":%bq,"srv":%sq},"time":{"tq":%Tq,"tw":%Tw,"tc":%Tc,"tr":%Tr,"tt":%Tt},"termination_state":"%tsc","retries":%rc,"network":{"client_ip":"%ci","client_port":%cp,"frontend_ip":"%fi","frontend_port":%fp},"ssl":{"version":"%sslv","ciphers":"%sslc"},"request":{"method":"%HM","hu":"%HU",hp:"%HP",hq:"%HQ","protocol":"%HV","header":{"host":"%[capture.req.hdr(0),json(utf8s)]","xforwardfor":"%[capture.req.hdr(1),json(utf8s)]","referer":"%[capture.req.hdr(2),json(utf8s)]"}},"name":{"backend":"%b","frontend":"%ft","server":"%s"},"response":{"status_code":%ST,"header":{"xrequestid":"%[capture.res.hdr(0),json(utf8s)]"}},"bytes":{"uploaded":%U,"read":%B}}}' +``` + +``` +frontend whatever + capture request header Host len 40 + capture request header X-Forwarded-For len 50 + capture request header Referer len 200 + capture request header User-Agent len 200 + + capture response header X-Request-ID len 50 +``` + +- https://gist.github.com/vr/c9e158e298e6e316544c399b2ff3ef22 diff --git a/notes/devops/web/nginx/nginx-faq.md b/notes/devops/web/nginx/nginx-faq.md index 9448baf3f49..5d529e03cb3 100644 --- a/notes/devops/web/nginx/nginx-faq.md +++ b/notes/devops/web/nginx/nginx-faq.md @@ -82,3 +82,5 @@ stream { } } ``` + +## closed keepalive connection (104: Connection reset by peer) diff --git a/notes/evolve/ruankao/README.md b/notes/evolve/ruankao/README.md index 2f5078ddf96..e0c2dcb786c 100644 --- a/notes/evolve/ruankao/README.md +++ b/notes/evolve/ruankao/README.md @@ -24,3 +24,10 @@ id: ruankao | ^ | | | | 信息系统管理工程师 | | 初级 | 程序员 | 网络管理员 | 电子商务技术员 | 信息系统运行管理员 | 信息处理技术员 | | ^ | | 多媒体应用制作技术员 | | 网页制作员 | + +- 上海考点 + - 2906 上海市信息化培训协会 + - 3030 上海市申信信息技术专修学院 + - 6262 上海市业余科技学院 + - 2919 上海浦东软件园 + - 4545 上海复源科华人才事务咨询中心 diff --git a/notes/languages/diagram/d2.md b/notes/languages/diagram/d2.md new file mode 100644 index 00000000000..721556da731 --- /dev/null +++ b/notes/languages/diagram/d2.md @@ -0,0 +1,28 @@ +--- +title: D2 +--- + +# D2 + +- [terrastruct/d2](https://github.com/terrastruct/d2) + - MPLv2, Golang +- 参考 + - https://play.d2lang.com + - [layout engine](https://d2lang.com/tour/layouts) + - dagre + - directed graph + - 基于 graphviz dot + - SQL Table 不能指向具体行 + - 开发不活跃,不怎么维护 + - elk - Eclipse Layout Kernel + - 在维护 + - tala - Terrastruct's AutoLayout Approach + - 付费,需要 license - US$240 for 12 months https://buy.stripe.com/bIYeXL3cT2Lr23e5ko + - by Terrastruct - d2 开发者 + - https://terrastruct.com/tala/ + - [terrastruct/tala](https://github.com/terrastruct/tala) + - https://text-to-diagram.com + + diff --git a/notes/ops/admin/high-performance.md b/notes/ops/admin/high-performance.md deleted file mode 100644 index 8ea7d5ff1d4..00000000000 --- a/notes/ops/admin/high-performance.md +++ /dev/null @@ -1,20 +0,0 @@ -# 高性能 - -## 网络链接 -当考虑并发数的时候,先不考虑业务,可直接考虑服务的承载能力,以下以百万并发计算. - -```bash -# 查看 Socket 的内存缓冲配置 -sysctl -A | grep net | grep mem -``` - -输出分别为读缓冲,写缓冲和每个缓冲的 最低,默认和最大值, - -``` -net.ipv4.tcp_mem = 384666 512891 769332 -net.ipv4.tcp_rmem = 4096 87380 6291456 -net.ipv4.tcp_wmem = 4096 16384 4194304 -net.ipv4.udp_mem = 384666 512891 769332 -``` - -‽ diff --git a/notes/os/linux/shell/ssh/ssh-faq.md b/notes/os/linux/shell/ssh/ssh-faq.md index 824c526d478..04361694a62 100644 --- a/notes/os/linux/shell/ssh/ssh-faq.md +++ b/notes/os/linux/shell/ssh/ssh-faq.md @@ -293,3 +293,35 @@ sudo -E -s - --preserve-env=SSH_AUTH_SOCK ## expecting SSH2_MSG_KEX_ECDH_REPLY + +## SNI Routing + + +``` +Host *.ssh + ProxyCommand openssl s_client -quiet -servername %h -connect gateway:443 +``` + +**nginx** + +``` +stream { + tcp_nodelay on; + resolver 8.8.8.8; + resolver_timeout 5s; + map $ssl_server_name $srv_name { + ~(.+)\.ssh $1:22; + default unix:/run/nginx.sock; + } + server { + listen 443 ssl; + ssl_certificate /path/to/your/cert; + ssl_certificate_key /path/to/your/key; + ssl_preread on; + proxy_ssl off; + proxy_pass $srv_name; + } +} +``` + +- **double-encrypted** diff --git a/notes/os/linux/sys/limits.md b/notes/os/linux/sys/limits.md index 822004270a9..0d58a9757e5 100644 --- a/notes/os/linux/sys/limits.md +++ b/notes/os/linux/sys/limits.md @@ -32,6 +32,7 @@ cat /proc/sys/fs/nr_open # 1048576 - 1024*1024 - nofile hard limit 最大值 cat /proc/sys/fs/file-nr # 已分配 0 最大 # 19778411 +# 26367207 sysctl fs.file-max # sysctl -w fs.file-max=19778411 ``` diff --git a/notes/os/linux/sys/sysctl.md b/notes/os/linux/sys/sysctl.md index 5b4fbd45ff9..d6ceb6e2d57 100644 --- a/notes/os/linux/sys/sysctl.md +++ b/notes/os/linux/sys/sysctl.md @@ -19,22 +19,135 @@ title: sysctl - [proudier/sysctl-explorer](https://github.com/proudier/sysctl-explorer) ```bash -sysctl -p # 加载 文件 - 默认为 /etc/sysctl.conf -sysctl --system # 加载所有系统配置 +sysctl -p # 加载 文件 - 默认为 /etc/sysctl.conf +sysctl -p /etc/sysctl.d/99-tuning.conf # 加载指定文件 +sysctl --system # 加载所有系统配置 ``` -```ini -net.ipv4.tcp_fwmark_accept =0 +## tuning.conf + +> 面向服务器 + +```conf +fs.file-max = 2097152 +fs.inotify.max_user_instances = 8192 -net.ipv4.tcp_keepalive_time = 75 # 在第一次keep alive请求发送后,不活动连接的时间 -net.ipv4.tcp_keepalive_probes = 9 # 在这个连接被认为是断开之前,keep alive请求被重发的次数 -net.ipv4.tcp_keepalive_intvl = 7200 # keep alive探测的时间间隔 +net.ipv4.tcp_timestamps=0 +net.ipv4.tcp_rmem=10240 131072 12582912 +net.ipv4.tcp_wmem=10240 131072 12582912 + +net.core.netdev_max_backlog=250000 +net.core.rmem_max=12582912 +net.core.wmem_max=12582912 +net.core.optmem_max=4194304 ``` -## tuning.conf +```bash +sysctl net.ipv4.{tcp_fin_timeout,tcp_timestamps,tcp_sack,tcp_rmem,tcp_wmem,tcp_low_latency,tcp_adv_win_scale} net.core.netdev_max_backlog net.core.{rmem_max,wmem_max,rmem_default,wmem_default,optmem_max} +sysctl fs.inotify.max_user_instances fs.file-max + +sysctl vm.{max_map_count,swappiness,dirty_{ratio,background_ratio}} +``` + +**AlpineLinux 3.19** + +| conf | default | tuned | note | +| ----------------------------- | ------------------: | --------------------- | -------------------------- | +| net.ipv4.tcp_timestamps | 1 | 0 | +| net.ipv4.tcp_sack | 1 | | +| net.ipv4.tcp_rmem | 4096 131072 6291456 | 10240 131072 12582912 | 4k 128k 6M -> 16k 128k 12M | +| net.ipv4.tcp_wmem | 4096 16384 4194304 | 10240 88064 12582912 | 4k 16k 4M -> 16k 86k 12M | +| net.ipv4.tcp_low_latency | 0 | 1 | +| net.ipv4.tcp_adv_win_scale | 1 | | +| net.ipv4.tcp_keepalive_time | 7200 | | seconds | +| net.ipv4.tcp_keepalive_probes | 9 | | +| net.ipv4.tcp_keepalive_intvl | 75 | | seconds | +| net.core.netdev_max_backlog | 1000 | 250000 | +| net.core.rmem_max | 212992 | 12582912 | 208k -> 4M | +| net.core.wmem_max | 212992 | 12582912 | +| net.core.rmem_default | 212992 | | +| net.core.wmem_default | 212992 | | +| net.core.optmem_max | 20480 | 4194304 | 20k -> 4M | +| fs.file-max | 799457 | 2097152 | ~10K -> ~2M | +| fs.inotify.max_user_instances | 128 | 8192 | +| net.ipv4.tcp_fin_timeout | 60 | | seconds | +| vm.max_map_count | 65530 | +| vm.swappiness | 60 | +| vm.dirty_ratio | 20 | +| vm.dirty_background_ratio | 10 | + +| value | for | +| --------- | ---: | +| 4096 | 4k | +| 10240 | 10k | +| 88064 | 86k | +| 212992 | 208k | +| 4194304 | 4M | +| 12582912 | 12M | +| 134217728 | 128M | + +- SACK - Selective Acknowledgments ```conf +# 全局范围内可打开的文件描述符的最大数量 +fs.file-max = 2097152 +# 每个用户可以创建多达 8192 个监控实例 +fs.inotify.max_user_instances = 8192 + +# VM - Virtual Memory - 虚拟内存 vm.max_map_count=262144 + +# less swapping +vm.swappiness = 10 +vm.dirty_ratio = 60 +vm.dirty_background_ratio = 2 + +# 禁用 TCP 时间戳选项 - 提高 CPU 利用率 +# 默认开启 +net.ipv4.tcp_timestamps=0 +# 启用 TCP 选择确认选项 - 提高吞吐量 +# 允许接收方告知发送方哪些数据被成功接收,哪些需要重传。这可以提高在网络条件不稳定时的 TCP 性能。 +# 默认 开启 +net.ipv4.tcp_sack=1 +# 增加处理器输入队列的最大长度 +# 这个参数用于调整网络设备在被内核处理之前能够排队的数据包的最大数量。增加这个值可以在高速网络环境下防止数据包丢失。 +net.core.netdev_max_backlog=250000 +# 使用 setsockopt() 增加 TCP 最大和默认缓冲区大小 +# 用于调整 TCP 套接字接收和发送缓冲区的最大值和默认值,以及其他选项缓冲区的最大值 +# 增加这些值可以在大容量传输中提高性能。 +net.core.rmem_max=4194304 # SO_RCVBUFFORCE - max recv window +net.core.wmem_max=4194304 # SO_SNDBUFFORCE - max send window +net.core.rmem_default=4194304 +net.core.wmem_default=4194304 +net.core.optmem_max=4194304 + +# 增加内存阈值以防止数据包丢失 +# TCP 套接字的接收和发送缓冲区大小, 最小值、默认值和最大值 +net.ipv4.tcp_rmem="4096 87380 4194304" +net.ipv4.tcp_wmem="4096 65536 4194304" + +# 启用 TCP 的低延迟模式 +# 使 TCP 尽可能减少延迟,适合对时延敏感的应用,如在线游戏或语音通话。 +net.ipv4.tcp_low_latency=1 +# TCP 窗口缩放和应用程序缓冲区的比例设置 +# 1 表示 TCP 窗口大小和应用程序缓冲区将平均分配缓冲区空间。 +net.ipv4.tcp_adv_win_scale=1 + +# 内核是否接受具有 fwmark(防火墙标记)的 TCP 连接 +net.ipv4.tcp_fwmark_accept =0 + +# 75s 内没有数据传输,发送 keepalive 请求 +net.ipv4.tcp_keepalive_time = 75 +# 发多少次 keepalive 请求后,认为对方已经断开连接 +net.ipv4.tcp_keepalive_probes = 9 +# 认为对方已经断开连接的时间 2h +net.ipv4.tcp_keepalive_intvl = 7200 + + +# 调整 TCP 连接在关闭过程中等待状态变为完全关闭的时间 +# 控制了 TCP 连接在发送最后一个 FIN 包(表示连接关闭的信号)后,还需要等待对方回应 ACK(确认)包的时间 +# 等待 60 秒的时间让连接正常关闭 +net.ipv4.tcp_fin_timeout = 60 ``` ## bbr.conf @@ -53,3 +166,21 @@ fs.inotify.max_user_instances=8192 **相关错误信息** > failed to create inotify: No file descriptors available + +## 网络链接 + +当考虑并发数的时候,先不考虑业务,可直接考虑服务的承载能力,以下以百万并发计算. + +```bash +# 查看 Socket 的内存缓冲配置 +sysctl -A | grep net | grep mem +``` + +输出分别为读缓冲,写缓冲和每个缓冲的 最低,默认和最大值, + +``` +net.ipv4.tcp_mem = 384666 512891 769332 +net.ipv4.tcp_rmem = 4096 87380 6291456 +net.ipv4.tcp_wmem = 4096 16384 4194304 +net.ipv4.udp_mem = 384666 512891 769332 +``` diff --git a/notes/platform/wechat/wechat-miniprogram.md b/notes/platform/wechat/wechat-miniprogram.md index db1999ecca7..828e5b5e281 100644 --- a/notes/platform/wechat/wechat-miniprogram.md +++ b/notes/platform/wechat/wechat-miniprogram.md @@ -32,6 +32,11 @@ title: 微信小程序 ::: +- https://mp.weixin.qq.com/ 登录后台 +- https://mp.weixin.qq.com/cgi-bin/wx + +## 分析 + ```js console.assert(globalThis === window); const global = { @@ -44,8 +49,14 @@ const global = { }; ``` -- https://mp.weixin.qq.com/ 登录后台 -- https://mp.weixin.qq.com/cgi-bin/wx +- 内部编译器 + + - wcc + - wxml -> js + - wcsc + - wxss -> js + +- https://zhaomenghuan.js.org/blog/wechat-miniprogram-principle-analysis.html ## wx @@ -140,3 +151,7 @@ require() of ES Module ansi-styles from chalk not supported - chalk 5 is ESM - chalk 4 is CJS + +## render webview vs skyline + +- https://developers.weixin.qq.com/miniprogram/dev/framework/runtime/skyline/custom-route.html diff --git a/notes/reference/size.md b/notes/reference/size.md index de5fcea3789..92541447942 100644 --- a/notes/reference/size.md +++ b/notes/reference/size.md @@ -18,18 +18,18 @@ title: Size - 3.37 inch × 2.125 inch × 0.0625 - [ISO/IEC 7810](https://en.wikipedia.org/wiki/ISO/IEC_7810) - ID-1 -| Social | Size | -| --------------- | -----------: | -| FB Page Cover | 1640×664 px | -| FB Shared Image | 1200×630 px | -| FB Event Image | 1920×1080 px | -| FB Group Header | 1640×856 px | -| Instagram | 1080×1080 px | -| Insta Story | 1080×1920 px | -| Youtube Profile | 800×800 px | -| Youtube Cover | 2560×1440 px | -| Twitter Profile | 400×400 px | -| Twitter Header | 1500×500 px | +| Social | Size | Ratio | +| --------------- | -----------: | ------ | +| FB Page Cover | 1640×664 px | 1:2.46 | +| FB Shared Image | 1200×630 px | 1:1.91 | +| FB Event Image | 1920×1080 px | 16:9 | +| FB Group Header | 1640×856 px | 1:1.91 | +| Instagram | 1080×1080 px | 1:1 | +| Insta Story | 1080×1920 px | 9:16 | +| Youtube Profile | 800×800 px | 1:1 | +| Youtube Cover | 2560×1440 px | 16:9 | +| Twitter Profile | 400×400 px | 1:1 | +| Twitter Header | 1500×500 px | 3:1 | | Print | Size | Pixel | pt | | ------------- | ---------: | --------- | -------------- | diff --git a/notes/service/cn/README.md b/notes/service/cn/README.md index f2ed2e7c92c..8870aedc1d5 100644 --- a/notes/service/cn/README.md +++ b/notes/service/cn/README.md @@ -4,6 +4,29 @@ title: CN # CN +| phone | for | url | +| ----- | ------------------------------ | ------------------------- | +| 121XX | 公共信息服务电话 | +| 12123 | 全国交管服务电话 | +| 123XX | 党政机关服务电话 | +| 12345 | 政府服务热线 | +| 12333 | 人力资源和社会保障公益服务电话 | https://www.12333.gov.cn/ | + +- CTID - 居民身份证网上凭证 +- 五险一金 + - 养老保险 + - 医疗保险 + - 失业保险 + - 工伤保险 + - 生育保险 + - 住房公积金 +- 三险一金 + - 基本养老保险 + - 基本医疗保险 + - 失业保险 + - 住房公积金 +- https://zh.wikipedia.org/wiki/中国大陆服务电话号码 + ## gov | abbr. | stand for | zh | @@ -30,7 +53,7 @@ title: CN | http://wenshu.court.gov.cn | 中国裁判文书网 | | http://zxgk.court.gov.cn | 中国执行信息公开网 | | http://rmft.court.gov.cn | 全国人民法庭信息网 | -| https://www.gjzwfw.gov.cn | +| https://www.gjzwfw.gov.cn | | https://www.cods.org.cn/ | 全国组织机构统一社会信用代码数据服务中心 | - http://www.gov.cn/fuwu/index.htm diff --git a/notes/service/cn/tax/README.md b/notes/service/cn/tax/README.md new file mode 100644 index 00000000000..61e9582f66d --- /dev/null +++ b/notes/service/cn/tax/README.md @@ -0,0 +1,42 @@ +--- +title: Tax +--- + +# Tax + +## 个人 + +- 专项扣除 + - 子女教育 + - 继续教育 + - 住房贷款利息 + - 住房租金 + - 赡养老人 + - 3岁以下子女托育 +- 扣除项目 + - 年金 + - 商业健康保险 + - 税延养老保险 + - 允许扣除的费用 + - 个人养老金 + - 起亚 + +1、在年度汇算申报时,您可重新选择将全年一次性奖金收入并入综合所得计税,也可以选择其中一笔奖金单独计税。 +2、奖金计税方式的选择,将会影响汇算的税款计算结果。请您根据自身情况进行选择。 +“全年一次性奖金”计税方式 + +全部并入综合所得计税 +若选择此项,将会把所有的“全年一次性奖金”并入综合所得申报中 + +单独计税 +选择其中一笔单独计税,其余将全部并入综合所得申报中 + +``` +根据《财政部 税务总局关于延续实施全年一次性奖金等个人所得税优惠政策的公告》(财政部 税务总局公告2021年第42号)规定: + +一、《财政部 税务总局关于个人所得税法修改后有关优惠政策衔接问题的通知》(财税 〔2018〕 164号)规定的全年一次性奖金单独计税优惠政策,执行期限延长至2023年12月31日;上市公司股权激励单独计税优惠政策,执行期限延长至2022年12月31日。 + +根据《财政部 税务总局关于延续实施外籍个人津补贴等有关个人所得税优惠政策的公告》(财政部 税务总局公告2021年第43号)规定: + +《财政部 税务总局关于个人所得税法修改后有关优惠政策衔接问题的通知》(财税 〔2018〕 164号) 规定的外籍个人有关津补贴优惠政策、中央企业负责人任期激励单独计税优惠政策,执行期限延长至2023年12月31日。 +``` diff --git a/notes/service/dns/dnsmasq/dnsmasq-faq.md b/notes/service/dns/dnsmasq/dnsmasq-faq.md index 87a1c663b81..ce6d0bd6b64 100644 --- a/notes/service/dns/dnsmasq/dnsmasq-faq.md +++ b/notes/service/dns/dnsmasq/dnsmasq-faq.md @@ -9,10 +9,10 @@ tags: ## dnsmasq: failed to create inotify: No file descriptors available ```bash +# 128 sysctl fs.inotify.max_user_instances sudo sysctl fs.inotify.max_user_instances=8192 - ``` - k8s 相关问题 diff --git a/notes/service/dns/powerdns/README.md b/notes/service/dns/powerdns/README.md index 906cdee8297..0906adbb229 100644 --- a/notes/service/dns/powerdns/README.md +++ b/notes/service/dns/powerdns/README.md @@ -5,439 +5,18 @@ title: PowerDNS # PowerDNS - [PowerDNS/pdns](https://github.com/PowerDNS/pdns) -- [PowerAdmin](http://www.poweradmin.org/) 网页管理工具 -- PowerDNS Authoritative Server + - GPLv2, C +- [Authoritative Server](./as/README.md) - PowerDNS Recursor - PowerDNS DNSdist - PowerDNS Cloud Control - PowerDNS Dstore - PowerDNS Lightning Stream - ZoneControl -- Auth server [settings](https://doc.powerdns.com/md/authoritative/settings/) -- https://doc.powerdns.com/authoritative/indexTOC.html -- 特性 - - 多种后端 - - 多种复制方式 - - 修改不需要重启 - - 定制缓存 - - Supermaster - - 当为一个节点设置了 Supermaster 后,在主节点上创建 zone,所有子节点会自动创建相应的 zone, 并发起一个 AXFR 请求 - - bind 中需要手动为所有子节点添加 zone -- NOTES - - 当找到一条匹配的后不会再尝试使用通配符查找 - - 例如 \*.example.org A 192.168.1.1, test.example.org TXT Test, 当查询 ANY test.example.org 只会返回 TXT - 参考 - - [Backend writers' guide](https://doc.powerdns.com/md/appendix/backend-writers-guide/) - - https://doc.powerdns.com/ -- pdnsutil - - 域名管理工具 - - 通过修改 DB - 可以远程使用 + - [PowerAdmin](http://www.poweradmin.org/) 网页管理工具 -```bash -brew install pdns # macOS 安装 - -# SQLite3 -# https://doc.powerdns.com/authoritative/backends/generic-sqlite3.html -# 将 Schema 保存到 schema.sqlite3 -sqlite3 powerdns.sqlite .read schema.sqlite3 -# 在前台启动, 之所以修改 端口和 socket-dir 是因为可能会没有权限 -pdns_server --daemon=no --launch=gsqlite3 --local-port=5300 --socket-dir=`pwd`/socket -# 将配置文件写入到 pdns.conf -# launch=gsqlite3 -# local-port=5300 -# socket-dir=./socket -# gsqlite3-database=powerdns.sqlite -# 使用配置文件启动 -pdns_server --daemon=yes --config-dir=. - -pdns_server --daemon=no --launch=remote --local-port=5300 --socket-dir=`pwd`/socket - -# pdns_control 用于操作实例 -# 简化 pdns_control 操作 -alias pc="pdns_control --config-dir=`pwd`" -# 退出服务 -pc quite -# 获取当前的配置 -pc current-config - -# pdnsutil 用于操作后端数据, 即便没有启动 server 也可以 -# 简化 pdnsutil 操作 -alias pu="pdnsutil --config-dir=`pwd`" -# 添加用于测试的记录 -pu add-record i.wener.me @ A 127.0.0.1 -pu add-record i.wener.me dev A 127.0.0.1 - -# 测试添加的记录 -dig @127.0.0.1 -p 5300 dev.i.wener.me - -# 常用操作 -# 创建 -pdnsutil create-zone mydomain.com -# 检测现有的问题 -pdnsutil check-zone mydomain.com -# add-record ZONE NAME TYPE [ttl] content - - -# Playground -docker run --rm -it -p 5353:53 --entrypoint bash wener/pdns:edge - -``` - -## Get Start - -```bash -docker run --rm -it -p 80:80 -p 53:53 -p 53:53/udp -v $PWD:/host -w /host wener/dns bash - -# 用于接口请求 -API_KEY=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32) -WEBSERVER_PASSWORD=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32) -# /etc/pdns/pdns.conf 标准配置目录 -cat < /etc/pdns/pdns.conf -# backend -launch=gsqlite3 -gsqlite3-database=$PWD/pdns.sqlite -# handle dnssec -gsqlite3-dnssec - -# server -local-port=53 -local-address=0.0.0.0 -daemon=yes -guardian=yes - -# dyndns -dnsupdate=yes -allow-dnsupdate-from= - -# web/api -webserver=yes -webserver-address=0.0.0.0 -webserver-password=$WEBSERVER_PASSWORD -webserver-loglevel=normal -webserver-port=80 - -api=yes -api-key=$API_KEY - -# soa default -default-soa-name=ns1.wener.me -default-soa-edit= -default-soa-edit-signed= -default-soa-mail= -soa-expire-default=604800 -soa-minimum-ttl=3600 -soa-refresh-default=10800 -soa-retry-default=3600 -EOF -# 初始化 sqlite -curl -LO https://raw.githubusercontent.com/PowerDNS/pdns/master/modules/gsqlite3backend/schema.sqlite3.sql -sqlite3 pdns.sqlite ".read schema.sqlite3.sql" - -# 前台启动 -pdns_server --daemon=no - -# 从另外一个会话操作 - -# 重启 - 修改配置后可以使用 -pdns_control cycle - -# 域名管理 -pdnsutil create-zone wener.me -# 添加记录 - ns1.wener.tech 实际上就是需要指向当前的服务器 -pdnsutil add-record wener.me @ NS ns1.wener.tech -pdnsutil add-record wener.me @ A 127.0.0.1 -pdnsutil add-record wener.me app A 127.0.0.1 -# 检查 -pdnsutil check-all-zones -# 所有的记录 -sqlite3 pdns.sqlite "select * from records" - -# 将三级域名作为 zone -pdnsutil create-zone svc.wener.me -pdnsutil add-record svc.wener.me @ NS ns1.wener.tech -pdnsutil add-record svc.wener.me @ A 127.0.0.1 -# 在上级添加 NS 记录 -pdnsutil add-record wener.me svc NS ns1.wener.tech - -# NSUPDATE -# -------------------- -# 上级启用 TSIG -pdnsutil activate-tsig-key wener.me admin master -# 下级启用 TSIG slave -pdnsutil activate-tsig-key svc.wener.me admin slave -# 单域名配置 -pdnsutil generate-tsig-key svc-admin hmac-md5 -pdnsutil set-meta svc.wener.me TSIG-ALLOW-DNSUPDATE svc-admin -pdnsutil set-meta svc.wener.me ALLOW-DNSUPDATE-FROM 0.0.0.0/0 - -# 查看 -pdnsutil list-tsig-keys -# 启用的配置信息 -sqlite3 pdns.sqlite "select * from domainmetadata" - -SECRET=$(sqlite3 pdns.sqlite "select secret from tsigkeys where name='svc-admin'") -# DNS UPDATE -# 默认只支持 hmac-md5 -nsupdate < /etc/pdns/pdns.conf +# backend +launch=gsqlite3 +gsqlite3-database=$PWD/pdns.sqlite +# handle dnssec +gsqlite3-dnssec + +# server +local-port=53 +local-address=0.0.0.0 +daemon=yes +guardian=yes + +# dyndns +dnsupdate=yes +allow-dnsupdate-from= + +# web/api +webserver=yes +webserver-address=0.0.0.0 +webserver-password=$WEBSERVER_PASSWORD +webserver-loglevel=normal +webserver-port=80 + +api=yes +api-key=$API_KEY + +# soa default +default-soa-name=ns1.wener.me +default-soa-edit= +default-soa-edit-signed= +default-soa-mail= +soa-expire-default=604800 +soa-minimum-ttl=3600 +soa-refresh-default=10800 +soa-retry-default=3600 +EOF +# 初始化 sqlite +curl -LO https://raw.githubusercontent.com/PowerDNS/pdns/master/modules/gsqlite3backend/schema.sqlite3.sql +sqlite3 pdns.sqlite ".read schema.sqlite3.sql" + +# 前台启动 +pdns_server --daemon=no + +# 从另外一个会话操作 + +# 重启 - 修改配置后可以使用 +pdns_control cycle + +# 域名管理 +pdnsutil create-zone wener.me +# 添加记录 - ns1.wener.tech 实际上就是需要指向当前的服务器 +pdnsutil add-record wener.me @ NS ns1.wener.tech +pdnsutil add-record wener.me @ A 127.0.0.1 +pdnsutil add-record wener.me app A 127.0.0.1 +# 检查 +pdnsutil check-all-zones +# 所有的记录 +sqlite3 pdns.sqlite "select * from records" + +# 将三级域名作为 zone +pdnsutil create-zone svc.wener.me +pdnsutil add-record svc.wener.me @ NS ns1.wener.tech +pdnsutil add-record svc.wener.me @ A 127.0.0.1 +# 在上级添加 NS 记录 +pdnsutil add-record wener.me svc NS ns1.wener.tech + +# NSUPDATE +# -------------------- +# 上级启用 TSIG +pdnsutil activate-tsig-key wener.me admin master +# 下级启用 TSIG slave +pdnsutil activate-tsig-key svc.wener.me admin slave +# 单域名配置 +pdnsutil generate-tsig-key svc-admin hmac-md5 +pdnsutil set-meta svc.wener.me TSIG-ALLOW-DNSUPDATE svc-admin +pdnsutil set-meta svc.wener.me ALLOW-DNSUPDATE-FROM 0.0.0.0/0 + +# 查看 +pdnsutil list-tsig-keys +# 启用的配置信息 +sqlite3 pdns.sqlite "select * from domainmetadata" + +SECRET=$(sqlite3 pdns.sqlite "select secret from tsigkeys where name='svc-admin'") +# DNS UPDATE +# 默认只支持 hmac-md5 +nsupdate <`, ``, `