Unix/Linux enable IP forwarding(开启IP包转发)

Unix/Linux在默认情况下在网络包转发是处于禁用状态的,在安装了 WireGuard 等网络流量转发软件后,需要开启IP包转发才能正常的处理来自客户的流量转发请求。
以下命令可以查询当前的 ip.forwarding 标记状态, 0表示已禁用,1表示已开启。

sysctl net.inet.ip.forwarding
sysctl net.inet6.ip6.forwarding

我们可以通过设置该值为1开启IP包转发功能。

sysctl net.inet.ip.forwarding=1
sysctl net.inet6.ip6.forwarding=1

-EOF-

修复Nginx + PHP 5xx Error

之前时不时会收到 Google Search Console 发来的邮件告知在索引页面的时候遇到了5xx,一直都没有管。 直到上周我自己重现了一次才开始重视起来。
Search Console has identified that your site is affected by 1 Page indexing issue(s). The following issues were found on your site.

Top Issues

Server error (5xx)
We recommend that you fix these issues when possible to enable the best experience and coverage in Google Search.
检查日志发现如下内容:

2023/12/12 01:23:45 [error] 2175086#0: *57111 connect() to unix:/run/php-fpm/www.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 192.3.114.12, server: example.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "example.com", referrer: "http://example.com/"

于是跑了一遍压力测试,发现将近一半的请求都遇到5xx错误,同时日志中产生如上记录。

wrk -t12 -c400 -d30s https://ioio.name

便因此做了一下研究,主要参考 11: Resource temporarily unavailable, while connecting to upstream + Bad Gateway (Nginx)

通过执行如下命令调整了 net.core.somaxconn 及 net.core.netdev_max_backlog

echo "net.core.somaxconn = 65535" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
echo "net.core.netdev_max_backlog = 65535" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

更新nginx配置文件,给 FastCGI service 添加

fastcgi_keep_conn on;

然后重启服务

systemctl restart php-fpm.service
systemctl restart nginx

再次运行压力测试,错误消失。

wrk -t12 -c400 -d30s https://ioio.name
Running 30s test @ https://ioio.name
12 threads and 400 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 180.51ms 88.60ms 1.91s 89.36%
Req/Sec 109.17 32.60 212.00 71.29%
39114 requests in 30.08s, 1.86GB read
Socket errors: connect 158, read 0, write 0, timeout 0
Requests/sec: 1300.31
Transfer/sec: 63.29MB

-EOF-

How to Install PostgreSQL on FreeBSD

1. Update all available repository and upgrade all packages to the latest

pkg update
pkg upgrade

2. Install PostgreSQL 13

pkg install postgresql13-server postgresql13-client

3. Add the PostgreSQL to the system boot:

sysrc postgresql_enable=yes

4. Initialize the PostgreSQL database

/usr/local/etc/rc.d/postgresql initdb

5. Start the PostgreSQL service and check its status

service postgresql start
service postgresql status

Kubernetes Dashboard Disable Token TTL/Skip Login

The default token TTL for Kubernetes Dashboard is 10 minutes, it is inconvenient in a development environment. We can remove this limit by disabling the TTL or enabling the skip login.

1. Inspect the configuration for kubernetes-dashboard

kubectl -n kubernetes-dashboard describe deployments kubernetes-dashboard

You may see `–auto-generate-certificates` in the **arg** section.

2. Update the configuration to add `–token-ttl=0` to disable the session timeout; add `-enable-skip-login` to enable the skip login button.

kubectl -n kubernetes-dashboard edit deployments kubernetes-dashboard


Args:
--auto-generate-certificates
--token-ttl=0
--enable-skip-login
--enable-insecure-login

-EOF-