Haproxy1.6 configuration file

Standard
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        maxconn     6000
        daemon
        tune.ssl.default-dh-param 2048
 
defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
 
listen stats
   bind 0.0.0.0:8080
   mode http
   stats enable
   stats hide-version
   stats realm Haproxy\ Statistics
   stats uri /stats
   stats auth username:password
 
frontend http_yemaosheng
    bind *:80
    mode http
    default_backend web-nodes
 
frontend https_yemaosheng
     #cat yemaosheng.crt yemaosheng.key | tee yemaosheng.pem
     bind *:443 ssl crt /root/yemaosheng.pem
     mode http
     option httpclose
     option forwardfor
     reqadd X-Forwarded-Proto:\ https
     default_backend web-nodes
 
backend web-nodes
    mode http
    balance roundrobin
    option forwardfor
    server web-1 10.0.1.2:80 check
    server web-2 10.0.1.3:80 check

List all azure containers in Python

Standard
from azure.storage.blob import BlobService
 
blob_service=BlobService(account_name='x', account_key='x', )
 
marker=None
 
while True:
  containers = blob_service.list_containers(marker=marker)
  for c in containers: 
    print c.name
 
  if containers.next_marker:
    marker = containers.next_marker
  else:
    break

Export Azure network security groups using PowerShell

Standard
> Install-Module AzureRM
 
> Import-Module AzureR
Error:
  Import-Module : File C:\Program Files\WindowsPowerShell\Modules\AzureRM\4.2.1\AzureRM.psm1,...
 
The PowerShell should work with the RemoteSigned policy in any case.
> Get-ExecutionPolicy -List
> Get-ExecutionPolicy -Scope CurrentUser
> Set-ExecutionPolicy RemoteSigned
 
> Import-Module AzureRM
> Login-AzureRmAccount
 
> Get-AzureRmSubscription
  Name     : BizSpark
  Id       : 1e573f03-6685-xxxx-bcb0-xxx
  TenantId : 517c8f98-6209-xxxx-9aca-xxx
  State    : Enabled
 
  Name     : Microsoft Azure Sponsorship
  Id       : 61719d1b-1c44-xxxx-a985-xxx
  TenantId : 517c8f98-6209-xxxx-9aca-xxx
  State    : Enabled
 
> Select-AzureRmSubscription -SubscriptionId "61719d1b-1c44-xxxx-a985-xxx"
 
> Get-AzureRmNetworkSecurityGroup -Name NSG_NAME -ResourceGroupName ResourceGroupName | Get-AzureRmNetworkSecurityRuleConfig | Select * | > Export-Csv -NoTypeInformation -Path C:\NSGExport.csv

ZabbixからSlackに通知を送る

Standard

関連かんれんリソース:
https://github.com/ericoc/zabbix-slack-alertscript
を使います。基本的きほんてきにはこちらのreadme通りに設定せっていします。

Slack側の設定
https://yemaosheng.slack.com/services/new/incoming-webhook
からincoming web hookを作成さくせいし、”Webhook URL”を確認かくにんしておきます。

テストURL:

curl -X POST --data-urlencode 'payload={"channel": "#alert", "username": "webhookbot", "text": "This is posted to #alert and comes from a bot named webhookbot.", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/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

使用免费的SSL

Standard

公司收的一大堆论坛都要加SSL,每个都要购买的话会是一笔不小的费用。
所以准备全部使用Let’s Encrypt的免费SSL。

wget -O -  https://get.acme.sh | sh
cd .acme.sh/
#确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容
./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs
[Tue Mar  7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting domain auth token for each domain
[Tue Mar  7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01.
[Tue Mar  7 21:19:37 CST 2017] Verifying:www.yemaosheng.com
[Tue Mar  7 21:19:39 CST 2017] Success
[Tue Mar  7 21:19:39 CST 2017] Verify finished, start to sign.
[Tue Mar  7 21:19:40 CST 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIFFzCCA............FlYV3RaDYYpw=
-----END CERTIFICATE-----
[Tue Mar  7 21:19:40 CST 2017] Your cert is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer 
[Tue Mar  7 21:19:40 CST 2017] Your cert key is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.key 
[Tue Mar  7 21:19:40 CST 2017] The intermediate CA cert is in  /root/.acme.sh/yemaosheng.com/ca.cer 
[Tue Mar  7 21:19:40 CST 2017] And the full chain certs is there:  /root/.acme.sh/yemaosheng.com/fullchain.cer
 
crontab -l
7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
 
vi /etc/httpd/conf.d/ssl.conf
...
<VirtualHost *:443>
        DocumentRoot "/var/www/yemaosheng/htdocs"
        ServerName yemaosheng.com
 
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
        SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer"
        SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key"
        SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer"
        ...
</VirtualHost>
...

Sublime正则替换修改Hosts文件为MikroTik配置

Standard

感谢老D博客整理更新这些科学上网Hosts

我需把它们配到MikroTik路由器上时格式要改一下
说真的,每次用正则都要查一下才行,这东西真难记

MikroTik:
[admin@MikroTik] ip dns static> add address=10.0.0.1 name=www.example.com

Sublime:
Find What: (\d+.\d+.\d+.\d+)\s+([A-Za-z0-9-]+.[A-Za-z0-9-]+)
Replace With: add address=$1 name=$2

How to clone a Azure VM

Standard

run on your sample-vm

waagent -deprovision+user

run on your azure-cli env

$rgName = "VMTestGroup"
$template = "Template-test.json"
$vmName = "VMTest"
$vhdName = "VHDTest"
 
azure vm deallocate -g $rgName -n $vmName
azure vm generalize $rgName -n $vmName
azure vm capture $rgName $vmName $vhdName -t $template
 
# the $template should looks like this. and you have to change 'newvmname' before use.
...
         "storageProfile": {
          "dataDisks": [
            {
              "caching": "ReadOnly",
              "vhd": {
                "uri": "https://yourdiskname.blob.core.windows.net/vhds/dataDisk-0.newvmname.vhd"
              },
              "image": {
                "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-dataDisk-0.ff60129b-...3cf59bf9315a.vhd"
              },
              "createOption": "FromImage",
              "name": "yourcapturedvmname-dataDisk-0.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
              "lun": 0
            }
          ],
          "osDisk": {
            "caching": "ReadWrite",
            "vhd": {
              "uri": "https://yourdiskname.blob.core.windows.net/vhds/osDisk.newvmname.vhd"
            },
            "image": {
              "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-osDisk.ff60129b-...3cf59bf9315a.vhd"
            },
            "createOption": "FromImage",
            "name": "yourcapturedvmname-osDisk.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
            "osType": "Linux"
          }
        },
...
 
 
azure group deployment create $rgName MyDeployment -f Template-test-modified.json
    info:    Executing command group deployment create
    info:    Supply values for the following parameters
    vmName: NewVmName
    adminUserName: username
    adminPassword: password
    networkInterfaceId: /subscriptions/61719d1b-...ab74b6f77865/resourceGroups/VMTestGroup/providers/Microsoft.Network/networkInterfaces/YourNetworkInterfaceName
 
#If you do not have an existing NetworkInterface, you need create first. 
azure network nic create $rgName YourNetworkInterfaceName -k default -m YourSubnetVnetName  -l "westus2"