SPX: php profiling
Source : https://github.com/NoiseByNorthwest/php-spx Installation apt-get install zlib1g-dev Replace X by your PHP version : apt install phpX.X-dev git clone https://github.com/NoiseByNorthwest/php-spx.git cd php-spx git checkout release/latest phpize ./configure make make install Configuration create /etc/php/X.X/mod-available/spx.ini extension=spx.so process.dumpable = yes spx.http_enabled=1 spx.http_key="password" spx.http_ip_whitelist="127.0.0.1" Replace password and your ip 127.0.0.1 ln -s /etc/php/X.X/mod-available/spx.ini /etc/php/X.X/fpm/conf.d/20-spx.ini go to http://example.com/?SPX_KEY=password&SPX_UI_URI=/
Wireguard : tips
verbose Simple echo: echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control nmcli import nmcli connection import type wireguard file /etc/wireguard/wg0.conf
Humeur : Le PAAS et moi
Le PAAS: objectif Platform as a service, son but est de déployer son application simplement en ayant une abstraction de l’hébergement. On branche son environnement à un VCS comme github, gitlab … puis on définit son environnement et les étapes pour déployer son code. Tout ça sans interruption de service … sur le papier Le dimensionnement de l’environnement n’est limité que par le plafond de votre carte de crédit. La promesse Environnement haute disponibilité Environnement élastique dans ses performances Facilité de déploiement Un environnement par branche....
Next : vaultwarden
Prochainement Pour la gestion des mots de passe en équipe ! https://github.com/dani-garcia/vaultwarden docker-compose.yml version: '3.3' services: server: restart: always container_name: vaultwarden environment: WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications. SIGNUPS_ALLOWED=: "true" ADMIN_TOKEN: "super_secret_token_api" DATABASE_URL: "postgresql://vault:StrongPassword@postgres:5432/vaultwarden" ORG_GROUPS_ENABLED: "true" INVITATIONS_ALLOWED: "false" ORG_CREATION_USERS: "test@test.com" DOMAIN: "https://test.com" volumes: - '/home/docker/vaultwarden/data:/data/' ports: - '8000:80' - '3012:3012' image: vaultwarden/server:latest postgres: restart: always image: 'postgres:latest' ports: - '5432:5432' environment: POSTGRES_USER: vault POSTGRES_PASSWORD: StrongPassword POSTGRES_DB: vaultwarden volumes: - '/home/docker/vaultwarden/db/:/var/lib/postgresql/data/' Jusqu’ici tout va bien....
nginx : fastcgi_cache
On ne touche qu’à la configuration de nginx. La doc : https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html block http Dans le block http on a : fastcgi_cache_path /home/cache levels=1:2 keys_zone=MyCMS:100m max_size=10g inactive=60m use_temp_path=off; fastcgi_cache_key "$scheme$request_method$host$request_uri"; block server Un exemple pour wordpress : server { listen 80; server_name mycms.net; root /var/www/mycms; set $skip_cache 0; if ($request_method = POST) { set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-..php|^/feed/|/tag/./feed/|/.sitemap..(xml|xsl)") { set $skip_cache 1; } if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } location ~ \....
MyISAM to InnoDB
Remplacer your_database par le nom de votre base de données : SELECT CONCAT('ALTER TABLE ',CONCAT(TABLE_SCHEMA,'.',TABLE_NAME),' ENGINE=InnoDB;') FROM INFORMATION_SCHEMA.TABLES WHERE ENGINE='MyISAM' AND TABLE_SCHEMA = 'your_database' INTO OUTFILE '/tmp/mysql.conversions'; Vérifier le contenu de /tmp/mysql.conversions et on le joue : SOURCE /tmp/mysql.conversions;
Elasticsearch - readonly index
curl http://localhost:9200/*/_settings \ -X PUT -H 'Content-Type: application/json' \ -d '{ "index.blocks.read_only_allow_delete": null }'
Prestashop CVE
link https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/ todo Delete from config/smarty.config.inc.php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; }
nginx and redis as pastebin
requirement : redis nginx lua snippets nginx access_by_lua_block { local redis = require "resty.redis" local red = redis:new() red:set_timeout(1000) -- 1 sec local ok, err = red:connect("127.0.0.1", 6379,"pool_size=128") if not ok then ngx.exit(503) return end local key = ngx.var.uri local method = ngx.var.request_method if method == "POST" or method == "PUT" then -- local set value = ngx ngx.req.read_body() local data = ngx.req.get_body_data() red:set(key,data) ngx.say("ok") return end if method == "GET" then local res, err = red:get(key) if res ~= ngx....
DRONE : my hugo pipeline
Tools CI/CD https://docs.drone.io/ https://gitea.io/en-us/ Blog https://gohugo.io/ https://github.com/adityatelange/hugo-PaperMod as git submodule Pipeline .drone.yml kind: pipeline type: docker name: default # default clone doesn't recursive clone: disable: true steps: - name: clone-with-submodules image: plugins/git pull: if-not-exists settings: depth: 50 recursive: true - name: build image: klakegg/hugo pull: if-not-exists commands: - hugo - name: deploy image: drillster/drone-rsync settings: user: from_secret: deploy-blog-user hosts: from_secret: deploy-blog-host key: from_secret: deploy-blog-key source: ./public target: /home/www/releases/${DRONE_BUILD_NUMBER} script: - ln -sfn /home/www/releases/${DRONE_BUILD_NUMBER}/public /home/www/b when: branch: include: - master trigger: branch: - master - dev Badge