Comments

Latest Posts

Oracle Cloud Platform (OCP) VPS Tips and Tricks

 Some special notes and scripts while using cloud VPS, especially for Oracle Cloud Platform (OCP).


Enable Root Account with Password Login

vi /etc/ssh/sshd_config

PermitRootLogin yes  #allow root login
PasswordAuthentication yes #allow password authentication


  • sudo -i
  • echo root:<YOUR PASSWORD>@ |sudo chpasswd root
  • sudo sed -i 's/^.*PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config;
  • sudo sed -i 's/^.*PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config;
  • sudo service sshd restart

 

Performance Test

SuperBench

  • wget -qO- git.io/superbench.sh | bash




LemonBench

  • wget -O- https://ilemonra.in/LemonBenchIntl | bash -s full

Bench.sh

  • wget -qO- bench.sh | bash

三网测速

  • bash <(curl -Lso- http://yun.789888.xyz/speedtest.sh)

流媒体检测

  • # 第一个
  • bash <(curl -L -s https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/check.sh)
  • # 第二个
  • bash <(curl -sSL "https://github.com/CoiaPrant/MediaUnlock_Test/raw/main/check.sh")

三网回程测试

  • # 第一个
  • wget https://raw.githubusercontent.com/nanqinlang-script/testrace/master/testrace.sh
  • bash testrace.sh
  • # 第二个
  • wget -qO- git.io/besttrace | bash
  • # 第三个
  • curl http://tutu.ovh/bash/returnroute/test.sh | bash

机器性能测试(yabs)

  • curl -sL yabs.sh | bash



CentOS 7 Install BBR

BBR stands for Bottleneck Bandwidth and RTT is a congestion control system. You can enable TCP BBR on your Linux desktop to improve overall web surfing experience. By default, Linux uses the Reno and CUBIC congestion control algorithm.


1. switch to root
2. Rebuild grub2.cfg,Command:
grub2-mkconfig -o /boot/grub2/grub.cfg
3. Run your bbr.sh


1. wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

Notes:  https://github.com/chiakge/Linux-NetSpeed


If it is Oracle VPS, following command need to execute first: grub2-mkconfig -o /boot/grub2/grub.cfg

wget --no-check-certificate -O /opt/bbr.sh https://github.com/teddysun/across/raw/master/bbr.sh && chmod 755 /opt/bbr.sh && /opt/bbr.sh


If it is GcoreLabs  VPS and stopped at [Info] rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

You will need to changebbr.sh script. Replace  www.elrepo.orgwithwc.ci. Total, there are four places to replace.

You can download those four files then put in somewhere else. 

https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
https://www.elrepo.org/elrepo-release-6-10.el6.elrepo.noarch.rpm
https://www.elrepo.org/elrepo-release-7.0-5.el7.elrepo.noarch.rpm
https://www.elrepo.org/elrepo-release-8.2-1.el8.elrepo.noarch.rpm

Verify

Runlsmod | grep bbr

If it shows tcp_bbr that means it was enabled successfully. 


Ubuntu 20.04 Install BBR

Requirements:

  • BBR requires Linux kernel version 4.9 or above. Since Ubuntu 20.04 comes with the 5.4.0 kernel, we can enable BBR right away.

Run the following command to check available congestion control algorithms,

sysctl net.ipv4.tcp_available_congestion_control

Output:

[email protected]:~# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic

Run the below command to check the current congestion control algorithm used in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

[email protected]:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = cubic


Enabling TCP BBR in Ubuntu


Open the following configuration file vi /etc/sysctl.conf to enable enable TCP BBR.

vi /etc/sysctl.conf

At the end of the config file, add the following lines.

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Save the file, and refresh your configuration by using this command,

sysctl -p

Output:

[email protected]:~# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

Now, Verify if BBR is enabled in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

[email protected]:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr

Done!



VNC Connection for Oracle Cloud Platform


1ssh log in   (I am using centos as root ,main folder is /root/ but following command is fine with any folder)
2、Generate auto login key. command ssh-keygen <Enter> If using password, it will be fine, but less secure.
3cat .ssh/id_rsa.pub,  Copy content of id_rsa.pub to oracle console。
4、copy VNC Parameters(linux/mac)and write to myvnc.sh (command:ssh -o ProxyCommand='ssh -W %h:%p -p 443 [email protected]' -N -L localhost:5900:XXXXXX:5900 XXXXXX
5ifconfig to check local IP 10.0.3.5 Change 'myvnc.sh   -N -L localhost:5900'. localhost change to 10.0.3.5:9988 (Note:If you have public IP,(not from NAT)use 0.0.0.0 ,Aliyun,tencent Yun all using NAT,So it has to listen on localhost IP)。
6、run sh myvnc.sh ,you might need to enter yes ,and password for your key
7、Open local firewall 9988 port.
8、From local computer: vnc view <cloud public IP>:9988 to connect

notes: https://luotianyi.vc/4199.html

DD System into Oracle Cloud VM

Notes: Only Ubuntu works in Oracle Cloud.
Ubuntu Environment Preparation:
#Debian/Ubuntu:
apt-get update
apt-get install -y xz-utils openssl gawk file

Download script and install image from one of moeclub.org's sharing post:
Sudo -i
wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh -dd 'https://api.moeclub.org/GoogleDrive/1NHKdm3xfQ3HySNCGvrzgdz7RMVCI1qGy'


After one or two minutes, you will lose your SSH connection. Please give the machine 5-10 minutes, before you manual reboot your Ubuntu VM. During reboot, the VM status will become stopping.
The VM will maintain this stopping status for 20-25 minutes, then it will become Running status.

At that time, all imaging process, system rebooting process will be completed. You will be able to RDP to this VM's public ip with port 3389. Please make sure you have add RDP port 3389 into your Network Security Groups.
Default RDP account for this Windows 7 64B image at https://api.moeclub.org/GoogleDrive/1NHKdm3xfQ3HySNCGvrzgdz7RMVCI1qGy :

username : administrator
password : www.nat.ee

After log in, please change password asap. It is best also change 3389 port to others.

The system is Chinese Windows 7 64B Ultimate version. You will need to activate it by yourself. 

The default system after installed,  memory usage will be around 366MB, and CPU usage will be less than 1%. 


Notes:
bash <(wget --no-check-certificate -qO- 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh') -d 9 -v 64 -a -firmware
default root password: MoeClub.org



Oracle Linux Firewall Configuration and BBR

~~~~~~~~~~~~~~~~For opening all ports~~~~~~~~~~~~~~~~~~~~

Ubuntu (Especially for ARM machines):

sudo iptables -P INPUT ACCEPT

sudo iptables -P FORWARD ACCEPT

sudo iptables -P OUTPUT ACCEPT

sudo iptables -F

apt-get purge netfilter-persistent

Centos:

sudo iptables -P INPUT ACCEPT

sudo iptables -P FORWARD ACCEPT

sudo iptables -P OUTPUT ACCEPT

sudo iptables -F

apt-get purge netfilter-persistent

~~~~~~~~~~~~~~~~For opening one port~~~~~~~~~~~~~~~~~~~~

Ubuntu:

sud ufw allow 443/tcp #开放443 tcp端口

sud ufw allow 123/udp #开放123 udp端口

sud ufw reload #重启防火墙以生效

Centos:

sudo firewall-cmd --zone=public --permanent --add-port=443/tcp #开放443 tcp端口

sudo firewall-cmd --zone=public --permanent --add-port=123/udp #开放443 tcp端口

sudo firewall-cmd --reload #重启防火墙以生效

~~~~~~~~~~~~~~BBR原版~~~~~~~~~~~~~~~~~~~~~~

Ubuntu:Open it directly

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf

echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

sysctl -p 保存生效

sysctl net.ipv4.tcp_available_congestion_control 检查内核是否开启bbr

net.ipv4.tcp_available_congestion_control = reno cubic bbr 如果结果是这样就开启了

lsmod | grep bbr 以检测 BBR 是否开启

Centos:Upgrade kernel first

1、查看当前内核

uname -r

2、导入ELRepo公钥

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

3、安装ELRepo

yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y

4、查看ELRepo提供的内核版本

yum --disablerepo="*" --enablerepo="elrepo-kernel" list available

5、安装kernel-ml内核,此步安装时间可能比较长,耐心等待并非卡住了
kernel-lt:表示longterm,即长期支持的内核;当前为4.4.*。
kernel-ml:表示mainline,即当前主线的内核;当前为5.2.*

yum --disablerepo='*' --enablerepo=elrepo-kernel install kernel-ml -y

6、设置默认启动为新内核

grub2-set-default 0

7、启用BBR

echo 'net.core.default_qdisc=fq' >> /etc/sysctl.conf

echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.conf

8、重启系统

reboot

9、检查BBR是否成功

sysctl -n net.ipv4.tcp_congestion_control

lsmod | grep bbr



Docker related

Docker  - One Command to install

  • 更新、安装必备软件
  • apt-get update && apt-get install -y wget vim
  • #国外机:
  • curl -sSL https://get.docker.com/ | sh
  • #国内机:
  • curl -sSL https://get.daocloud.io/docker | sh

Docker Uninstall

  • sudo apt-get remove docker docker-engine
  • rm -fr /var/lib/docker/

Docker-compose - One Command to Install

  • #国外机:
  • sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  • sudo chmod +x /usr/local/bin/docker-compose
  • #国内机
  • curl -L https://get.daocloud.io/docker/compose/releases/download/v2.1.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
  • chmod +x /usr/local/bin/docker-compose



Operations After Logged Into VPS


3、开启SSH登陆
sudo -i
vi /etc/ssh/sshd_config
centOS
按i进如编辑:

1、PermitRootLogin改为yes



2、PasswordAuthentication改为yes



esc,:wq,保存退出。

Ubuntu
ubuntu感觉是故意的,颜色搞成这样看也看不清楚……

可以最前面的#注释了,颜色会变亮一些,修改的部分如下:





3、重启sshd服务

systemctl restart sshd.service
或者

sudo service sshd restart
好了,至此,我们可以愉快地像登陆普通VPS一样登陆甲骨文啦,换个终端登陆试试吧。

甲骨文云之所以这么做,其实是为了安全考量,用密钥登陆,取消root登陆,取消SSH登陆,会在一定程度上让我们的机子更安全,大家如果对自己的服务器安全性能要求高,也可以反向操作!

4、卸载相关程序
pcbind
使用netstat -ntlp命令发现rpcbind监听了111端口,如担心安全可执行以下命令卸载禁用:

systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
systemctl disable rpcbind.socket
oracle-cloud-agent
卸载甲骨文云官方后台监控程序

systemctl stop oracle-cloud-agent
systemctl disable oracle-cloud-agent
systemctl stop oracle-cloud-agent-updater
systemctl disable oracle-cloud-agent-updater
5、防火墙相关
停止firewall
systemctl stop firewalld.service
禁止firewall开机启动
systemctl disable firewalld.service
6、Ubuntu系统
开放所有端口
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
Ubuntu镜像默认设置了Iptable规则,关闭它,

apt-get purge netfilter-persistent
reboot
禁用插件
可以把这几个都关闭了。

切换到root角色

sudo -i

1、安装相关依赖

CentOS:

yum -y install wget
yum update -y && yum install curl -y

Ubuntu:

apt-get install wget
apt-get update -y && apt-get install curl -y

2、设置root密码

passwd   # 修改密码

3、开启SSH登陆

sudo -i
vi /etc/ssh/sshd_config

centOS

i进如编辑:

1、PermitRootLogin改为yes

2、PasswordAuthentication改为yes

esc,:wq,保存退出。

Ubuntu

ubuntu感觉是故意的,颜色搞成这样看也看不清楚……

可以最前面的#注释了,颜色会变亮一些,修改的部分如下:

3、重启sshd服务

systemctl restart sshd.service

或者

sudo service sshd restart

好了,至此,我们可以愉快地像登陆普通VPS一样登陆甲骨文啦,换个终端登陆试试吧。

甲骨文云之所以这么做,其实是为了安全考量,用密钥登陆,取消root登陆,取消SSH登陆,会在一定程度上让我们的机子更安全,大家如果对自己的服务器安全性能要求高,也可以反向操作!

4、卸载相关程序

pcbind

使用netstat -ntlp命令发现rpcbind监听了111端口,如担心安全可执行以下命令卸载禁用:

systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
systemctl disable rpcbind.socket 

oracle-cloud-agent

卸载甲骨文云官方后台监控程序

systemctl stop oracle-cloud-agent
systemctl disable oracle-cloud-agent
systemctl stop oracle-cloud-agent-updater
systemctl disable oracle-cloud-agent-updater

5、防火墙相关

停止firewall

systemctl stop firewalld.service

禁止firewall开机启动

systemctl disable firewalld.service

6、Ubuntu系统

开放所有端口

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

Ubuntu镜像默认设置了Iptable规则,关闭它,

apt-get purge netfilter-persistent
reboot

禁用插件

可以把这几个都关闭了。

No comments