The Go Blog

dnsmasq and dnscrypt-proxy

bantana and
10 July 2019

Introduct

dns resolv --> dnsmasq --> dnscrypt-proxy --> internet dnscrypt

Install

If en0 is internet link:

sudo tcpdump -i en0 -vvv 'port 443'

Install dnscrypt-proxy:

brew install dnscrypt-proxy

sudo vi /usr/local/etc/dnscrypt-proxy.toml

>> modify:

  listen_addresses = ['127.0.0.1:5300', '[::1]:5300']

sudo brew services restart dnscrypt-proxy

Install dnsmasq:

brew install dnsmasq

sudo vi /usr/local/etc/dnsmasq.conf

>> modify:

  server=127.0.0.1#5300

sudo brew services restart dnsmasq

Change local dns resolv with 127.0.0.1.

Debug

$ dig +dnssec icann.org

  ; <<>> DiG 9.10.6 <<>> +dnssec icann.org
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50952
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags: do; udp: 1472
  ;; QUESTION SECTION:
  ;icann.org.            IN    A

  ;; ANSWER SECTION:
  icann.org.        3554    IN    A    192.0.43.7
  icann.org.        3554    IN    RRSIG    A 7 2 600 20190719002550 20190627174048 61202 icann.org. YQzj2jgkjzjX+LqU7eajQxD4hnACTSX3JtrZOpbEzUoUG2BlJ13CcTKs Q1JPaEo6AR5U22J2tEyHzrnv0bF5Wj8erdtRjmIKMTVuWNOYDI76iBWZ Vm2DT5WlXSypkqXz3bdkr5I0gb6bvnICVzCOejS/QIQiO4c6f6qJcaT2 U0U=

  ;; Query time: 0 msec
  ;; SERVER: 127.0.0.1#53(127.0.0.1)
  ;; WHEN: Wed Jul 10 18:20:14 CST 2019
  ;; MSG SIZE  rcvd: 223

MicroK8s

Bantana
1 July 2019

introduce

Single node Kubernetes done right

install on ubuntu

install snapd:

sudo apt update
sudo apt install snapd

install microk8s:

sudo snap install microk8s --classic

For the current published versions:

snap info microk8s

Useful tips

sudo microk8s.stop
sudo microk8s.start
sudo microk8s.status

Go use private repository

Bantana
21 June 2019

use ~/.gitconfig

[url "ssh://git@github.com"]
  insteadOf = https://github.com
[url "ssh://git@iohttps.com"]
  insteadOf = https://iohttps.com
[url "ssh://git@radevio.com"]
  insteadOf = https://radevio.com

Use this command added to ~/.gitconfig

git config --global url."ssh://git@github.com".insteadOf "https://github.com"

git config --global url."ssh://git@iohttps.com".insteadOf "https://iohttps.com"

git config --global url."ssh://git@radevio.com".insteadOf "https://radevio.com"

reference

if you want used in docker CI & CD:

see .netrc with ~/.git-credentials

ssh_config file use Include

bantana
10 May 2019

structure

$ cat ~/.ssh/config

Include ~/.ssh/config.d/*.config

$ tree ~/.ssh/config.d/

$HOME/.ssh/config.d/
├── company.config
├── private.config
└── shdockers.config

0 directories, 3 files

host configuration

# aliyun us_a
Host changeHostName
  Hostname 192.168.1.235
  port 22
  User yourUserName
  IdentityFile ~/.ssh/id_rsa

Host JumpHostName
  Hostname xxx.xxx.xxx.xxx
  port 22
  User yourUserName
  IdentityFile ~/.ssh/id_rsa

Host innerHostName
  ProxyCommand ssh -W %h:%p JumpHostName 2> /dev/null
  Hostname 192.168.8.8
  Port 22
  User yourUserName
  IdentityFile ~/.ssh/id_rsa

reference

man 5 ssh_config
man ssh

elasticsearch

bantana
18 December 2018

install

  • docker:

Pulling the image:

$ docker pull docker.elastic.co/elasticsearch/elasticsearch:6.5.3

Running Elasticsearch from the command line

Development mode:

$ docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:6.5.3

Production mode:

The vm.max_map_count kernel setting needs to be set to at least 262144 for production use. Depending on your platform:

Linux

The vm.max_map_count setting should be set permanently in /etc/sysctl.conf:

$ grep vm.max_map_count /etc/sysctl.conf
vm.max_map_count=262144

To apply the setting on a live system type: sysctl -w vm.max_map_count=262144
macOS with Docker for Mac

  The vm.max_map_count setting must be set within the xhyve virtual machine:

  $ screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
  Just press enter and configure the sysctl setting as you would for Linux:

  sysctl -w vm.max_map_count=262144

install plugin

$ elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.5.2/elasticsearch-analysis-ik-6.5.2.zip

-> Downloading https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.5.2/elasticsearch-analysis-ik-6.5.2.zip

[=================================================] 100%  
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

* java.net.SocketPermission * connect,resolve
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed analysis-ik

ansible install

use

See the index for more articles.