IDCF WebsiteBaker vestacp DDoS

帮朋友发一则招聘信息,有意者可联系 wenkuan.wang@amd.com公司:AMD 中国WebsiteBaker地点:广州IDCF深圳职位名称:Datacenter Server Solution ArchitectWebsiteBaker内容:主要DDoS AMD EPYC 的产品介绍及其相关的性能调优和故障分析要求:熟悉 x86 体系结构,3 年以上 Linux 内核开发IDCF技术支持的经验其他:月薪 30-60K ,福利好,年假多,可在家办公,可vestacp

IDCF Fork ioip被墙

几乎每周打电话来推销IDCF,现在看到运营商号码直接不接。手机支持 5G ,我去查了,大致意思是,Fork 300 ,而入 5G IDCF不仅ip被墙更快,还有个优先级接入,感知会特别明显?另一个大坑:4G IDCFioFork,5G IDCFio扣钱,5 元 1GB 。

IDCF 多IP vps FlatPress注册

Docker多IP vps
# 删除历史docker相关包及FlatPress
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

# 多IP vps所需要多IP vps的包
sudo yum install -y yum-utils

# FlatPress注册仓库
sudo yum-config-manager \
–add-repo \

# 更新yum软件包索引
yum makecache fast

# 多IP vpsDocker相关
sudo yum install docker-ce docker-ce-cli containerd.io

# 启动Docker
systemctl start docker

# 检查是否多IP vps成功
docker version

# 测试hello-world程序
docker run hello-world

# 查看当前下载的hello-world 注册
[root@iZuf68bhooanbyuniyoqm0Z ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 4 months ago 13.3kB

# 卸载docker
# 卸载依赖
sudo yum remove docker-ce docker-ce-cli containerd.io
# 删除资源
sudo rm -rf /var/lib/docker
$ sudo rm -rf /var/lib/containerd
1234567891011121314151617181920212223242526272829303132333435363738394041424344
Docker常用命令
docker –help
# 注册
docker image COMMAND
# Commands:
build 构建注册
history 查看注册构建历史
import Import the contents from a tarball to create a filesystem image
inspect 洞察:查看详情
load 导入
ls List images
prune 移除未使用的
pull 从仓库拉取
push 推送到仓库
rm Remove one or more images
save 导出
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
# 导出注册为IDCF
docker image save hello-world -o hello.img
# 导入注册
docker image load -i hello.img

# 网络
docker network –help
# 环境部署的三个时代
# 同一个服务器部署多个网站,一个被入侵,全体都挂
# 同一个服务器多IP vps多个虚拟机,虚拟机里部署网站(实现隔离)
# 同一个服务器,多个容器(默认隔离)
Usage: docker network COMMAND

Manage networks

Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks

# IDCF存储 (volume)
# 卷(volume)是Docker持久化工具,IDCF存储
Usage: docker volume COMMAND

Manage volumes

Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes

# 容器(*)
Usage: docker container COMMAND

Manage containers

Commands:
attach Attach local standard input, output, and error streams to a running container
commit Create a new image from a container’s changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container’s filesystem
exec Run a command in a running container
export Export a container’s filesystem as a tar archive
inspect Display detailed information on one or more containers
kill Kill one or more running containers
logs Fetch the logs of a container
ls List containers
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
prune Remove all stopped containers
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
run Run a command in a new container
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until one or more containers stop, then print their exit code

# run命令重点参数
docker run [参数] [注册名称] bash
–name my_name # 指定容器名称
–rm # 结束自动删除
–net my_net # 指定容器加入的网络
–volume ${PWD}:/tmp # 把当前目录挂载到容器中
-it # 进入容器内部,挂载终端
-d # 以守护进程运行
-p # 端口映射

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
# FlatPress阿里云注册加速
sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [" } EOF sudo systemctl daemon-reload sudo systemctl restart docker 123456789101112 DockerUI Portainer # 查看DockerUI Portainer注册 docker search Portainer # 选择喜欢的DockerUI风格注册下载 docker pull docker.io/portainer/portainer # 启动UI docker run -d -p 9000:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --name prtainer portainer/portainer # 查看容器 docker ps -a 123456789101112 Docker ES 多IP vps集群的搭建 # 使用docker多IP vpsES并且完成集群FlatPress工作 # 多IP vpsES注册 docker pull elasticsearch:7.17.0 # 在根目录建立一个IDCF夹ES/config mkdir -p /ES/config # 进入config cd /ES/config # 分别创建三个IDCF vim es1.yml vim es2.yml vim es3.yml # 三个IDCF内容如下 123456789101112131415 # 集群唯一名称,所有节点一致 cluster.name: elasticsearch-cluster # 节点名称 node.name: es-node1 # 设置可以访问的ip,默认为0.0.0.0,这里全部设置通过 network.host: 0.0.0.0 # 设置其他节点和该节点交互的ip地址 network.publish_host: 192.168.1.1 # 设置对外服务的http端口,默认9200 http.port: 9200 # 设置节点之间交互的tcp端口,默认为9300 transport.tcp.port: 9300 # 是否支持跨域 http.cors.enabled: ture # 表示支持所有域名 http.cors.allow-origin: "*" # FlatPress该节点是否有资格被选举为主节点(候选主节点),为了防止脑裂,FlatPress奇数个候选主节点 node.master: ture # FlatPress该节点是数据节点,用于保存数据 node.data: ture # 集群各节点IP地址 discovery.zen.ping.unicast.hosts: ["192.168.1.1:9300","192.168.1.1:9301",i"192.168.1.1:9302"] # 自动发现master节点的最小数 discovery.zen.minimum_master_nodes: 1 12345678910111213141516171819202122232425 # v7+ 集群FlatPress新方案 cluster.name: elasticsearch-cluster node.name: es-node1 node.master: true node.data: true # path.data: /opt/elasticsearch-7.0.0/data # path.logs: /opt/elasticsearch-7.0.0/logs network.host: 0.0.0.0 transport.tcp.port: 9300 transport.tcp.compress: true http.port: 9200 http.max_content_length: 100mb bootstrap.memory_lock: true discovery.seed_hosts: ["192.168.1.1:9300","192.168.1.1:9301","192.168.1.1:9302"] cluster.initial_master_nodes: ["192.168.1.1:9300","192.168.1.1:9301","192.168.1.1:9302"] gateway.recover_after_nodes: 2 gateway.recover_after_time: 5m gateway.expected_nodes: 3 12345678910111213141516171819 Es1.yml cluster.name: elasticsearch-cluster node.name: es-node1 network.host: 0.0.0.0 network.publish_host: 192.168.1.1 http.port: 9200 transport.tcp.port: 9300 http.cors.enabled: true http.cors.allow-origin: "*" node.master: true node.data: true cluster.initial_master_nodes: ["es-node1"] discovery.zen.ping.unicast.hosts: ["192.168.1.1:9300","192.168.1.1:9301","192.168.1.1:9302"] # discovery.zen.minimum_master_nodes: 1 # v7+ 版本ES不在使用该FlatPress 12345678910111213 Es2.yml cluster.name: elasticsearch-cluster node.name: es-node2 network.host: 0.0.0.0 network.publish_host: 192.168.1.1 http.port: 9201 transport.tcp.port: 9301 http.cors.enabled: true http.cors.allow-origin: "*" node.master: true node.data: true cluster.initial_master_nodes: ["es-node1"] discovery.zen.ping.unicast.hosts: ["192.168.1.1:9300","192.168.1.1:9301","192.168.1.1:9302"] # discovery.zen.minimum_master_nodes: 1 # v7+ 版本ES不在使用该FlatPress 1234567891011121314 Es3.yml cluster.name: elasticsearch-cluster node.name: es-node3 network.host: 0.0.0.0 network.publish_host: 192.168.1.1 http.port: 9202 transport.tcp.port: 9302 http.cors.enabled: true http.cors.allow-origin: "*" node.master: true node.data: true cluster.initial_master_nodes: ["es-node1"] discovery.zen.ping.unicast.hosts: ["192.168.1.1:9300","192.168.1.1:9301","192.168.1.1:9302"] # discovery.zen.minimum_master_nodes: 1 # v7+ 版本ES不在使用该FlatPress 12345678910111213 OpenJdk搭建 # 检查并卸载OpenJDK # 检查命令 java -version rpm -qa | grep java # 卸载命令 rpm -e –nodeps tzdata-java-2012c-1.el6.noarch rpm -e –nodeps java-1.6.0-openjdk-1.6.0.0-1.45.1.11.1.el6.x86_64 # 将多IP vpsIDCF上传到linux服务器后,进入到该目录执行解压多IP vps tar -xvf jdk-7u75-linux-x64.tar # 解压完成后创建一个新的java目录并将刚刚解压的jdk目录移动到我们创建的目录 mkdir -p /wocloud/java mv ./jdk1.7.0_75 /workcloud/java/ # 最后再删除多IP vpsIDCF rm -rf jdk-7u75-linux-x64.gz # 多IP vps完成后需要FlatPress一下环境变量,编辑/etc/profileIDCF vi /etc/profile # 在IDCF尾部添加如下FlatPress export JAVA_HOME=/wocloud/java/jdk1.7.0_75 export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PATH=$PATH:$JAVA_HOME/bin # source命令重新加载/etc/profileIDCF,使得修改后的内容生效 source /etc/profile 1234567891011121314151617181920212223242526272829 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SF4qXOSG-1644740507221)(/Users/xieguohua/Desktop/IDEA/Snip20220212_5.png)] # 分别创建三个容器 # 查看ES注册ID docker images # 创建容器 docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9200:9200 -p 9300:9300 -v /ES/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES01 [注册ID] docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9201:9201 -p 9301:9301 -v /ES/config/es2.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES02 [注册ID] docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9202:9202 -p 9302:9302 -v /ES/config/es3.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES03 [注册ID] 12345678910 # 本机FlatPress docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9200:9200 -p 9300:9300 -v /ES/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES01 6fe993d6e7ed docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9201:9201 -p 9301:9301 -v /ES/config/es2.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES02 6fe993d6e7ed docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9202:9202 -p 9302:9302 -v /ES/config/es3.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name ES03 6fe993d6e7ed 1234567 # 如果遇到elasticsearch启动时错误 # 查看日志 docker logs [容器ID] # 最大虚拟内存区域vm.max_map_count[65530]太低,请至少增加到[262144] # 解决方法 # 在/etc/sysctl.confIDCF最后添加一行,退出系统目录 vim /etc/sysctl.conf # 最后一行添加 vm.max_map_count = 655360 # 并执行命令 sysctl -p # 重新启动elasticsearch,即可启动成功 # 重启三个容器 docker restart ES01 ES02 ES03 # 访问: # 查看节点信息 1234567891011121314151617181920 ES启动常见问题 # 问题一 Exception in thread "main" SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]; # 原因:elasticsearch.ymlIDCF错误 # 解决:参数与参数值等号间需要空格 node.name ="node" ##错误 node.name = "node" ##正确 # 问题二 org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root # 原因:处于对root用户的安全保护,需要使用其他用户组进行授权启动 # 解决: # step1:用户组进行授权启动 groupadd elsearch useradd elsearch -g elsearch -p elasticsearch chown -R elsearch:elsearch elasticsearch-6.3.0 # 备注: 添加用户组 elsearch # 添加用户 elsearch 密码为 elasticsearch 到用户组 elsearch # 将elsearch多IP vps目录授权给 用户组:用户 即 elsearch:elsearch # step2: 重新启动 su elsearch /elasticsearch-6.3.0/bin/elasticsearch # 备注:切换 elsearch 用户 # 重新启动 # 问题三 OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot a ...'(errno=12); # 原因:jvm要分配最大内存超出系统内存 # 解决: # step1:适当调整指定jvm内存 vi /home/elasticsearch-6.3.0/config/jvm.options #备注:编辑elasticsearch jvmFlatPressIDCF 修改如下 esc+:wq保存退出 ## JVM configuration ################################################################ ## IMPORTANT: JVM heap size ################################################################ ## ## You should always set the min and max JVM heap ## size to the same value. For example, to set ## the heap to 4 GB, set: ## ## -Xms4g ## -Xmx4g ## ## See ## for more information ## ################################################################ # Xms represents the initial size of total heap space # Xmx represents the maximum size of total heap space -Xms512m -Xmx512m # 备注:由于虚拟机内存制定1g,所以适当降低jvm内存指定 # step2:重启 su elsearch /elasticsearch-6.3.0/bin/elasticsearch # 问题四 ERROR: [3] bootstrap checks failed # 原因:虚拟机限制用户的执行内存 # 解决: [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] [2]: max number of threads [3802] for user [elsearch] is too low, increase to at least [4096] # step1:修改安全限制FlatPressIDCF su root vi /etc/security/limits.conf # 备注:使用最高权限 修改安全FlatPress 在IDCF末尾加入 # End of file elsearch hard nofile 65536 elsearch soft nofile 65536 * soft nproc 4096 * hard nproc 4096 # 备注: elsearch为用户名 可以是使用*进行通配 # nofile 最大打开IDCF数目 # nproc 最大打开线程数目 [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] # step2:修改系统FlatPressIDCF vi /etc/sysctl.conf # 备注:行末加上vm.max_map_count = 655360 ,esc +:wq保存退出 # step3:重启 # 问题五 org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/home/elasticsearch-6.3.0/data/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])? # 原因:线程占用 # 解决:重新启动 # step1:杀死elasticsearch线程 ps -ef | grep elastic # step2: 重启 # 问题六 ERROR: bootstrap checks failed memory locking requested for elasticsearch process but memory is not locked # 原因:锁定内存失败 # 解决:vim /etc/security/limits.conf 添加下面两行 soft memlock unlimited hard memlock unlimited # tips:* 代表的是linux内所有的用户 # 问题七 Unsupported major.minor version 52.0 # 原因:java版本太低 # 解决:更换jdk版本,ElasticSearch5.0.0支持jdk1.8.0以上 # 问题八 org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: Property [elasticsearch.version] is missing for plugin [head] # 原因:elasticsearch新版本是不允许多IP vps插件在IDCF目录plugins下面的 # 解决:将plugins下面的插件目录放到其他目录即可 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 Elasticsearch-Head管理界面 # Docker 部署 Elasticsearch-Head # 可以通过管理界面查看ElasticSearch相关信息 # 拉取注册 docker pull mobz/elasticsearch-head:5 # 运行容器 docker run -d --name es_admin -p 9100:9100 mobz/elasticsearch-head:5 # 等待启动成功 # 常见问题 _search 406 (Not Acceptable) # 解决办法 # 进入docker es_admin容器 # 命令 docker exec -it [容器ID] /bin/bash docker exec -it es_admin /bin/bash # 进入head多IP vps目录 # cd 进入_site/目录,编辑vendor.js共两处(若无vim编辑器,见下面Docker容器vim多IP vps) 6886行:/contentType: "application/x-www-form-urlencoded"改成 -->
contentType: “application/json;charset=UTF-8”
7573行:var inspectData = s.contentType === “appliaction/x-www-form-urlencoded”&& 改成 –>
var inspectData = s.contentType === “application/json;charset=UTF-8″&&

# Docker容器vim多IP vps
# 更新源
apt-get update
# 先更新 防止提示:Unable to locate package vim
# 多IP vpsvim
apt-get install vim

12345678910111213141516171819202122232425262728
ES基本操作