wget -O - https://get.acme.sh | sh -s email=my@example.com
./acme.sh
./acme.sh --issue -d ar.d.ca -w /home/www/d/d
cd /root/.acme.sh/
./acme.sh --issue --dns -d admin.d.ca --yes-I-know-dns-manual-mode-enough-go-ahead-please
dig TXT _acme-challenge.admin.d.ca
./acme.sh --renew -d admin.d.ca --yes-I-know-dns-manual-mode-enough-go-ahead-please

mkdir mailform
mv mailform.js mailform
cd mailform/
yum install npm
npm init -y
npm install express express-rate-limit
node mailform.js
while true; do date; node mailform.js ; sleep 1; done

const express = require('express');
const rateLimit = require('express-rate-limit');
const bodyParser = require('body-parser');
const https = require('https');
const fs = require('fs');

const app = express();
const options = {
key: fs.readFileSync('private.key'),
cert: fs.readFileSync('public.crt')
}

// Apply rate limiting middleware
const limiter = rateLimit({
windowMs: 5 * 60 * 1000, // 5 minutes
max: 2, // limit each IP to 2 requests per windowMs
message: 'Too many requests from this IP, please try again later.'
});
app.use(limiter);
app.use(bodyParser.json());

app.options('*',(req,res) => {
res.status(200).end();
} );

// Your webhook endpoint
app.get('/bm/:email', (req, res) => {
// Handle webhook logic here
const requestBody = req.params.email;
console.log('Received webhook request:', requestBody);

// Options for the POST request
const options = {
hostname: 'hostname.com', // Replace with your hostname
port: 443, // Replace with your port number

path: '/hooks/catch/y/x/' , // '/your/post/endpoint', // Replace with your endpoint path
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': JSON.stringify({'email':requestBody}).length
}
};

const zap = https.request(options, (zres) => {
console.log(`statusCode: ${zres.statusCode}`);

zap.on('data', (chunk) => {
console.log('Zapier Response body:', chunk.toString());
});
});

// Send a custom response
res.status(200).json({ message: 'in : '+requestBody });

// Handle request errors
zap.on('error', (error) => {
console.error('Error sending zapier request:', error);
});

// Write data to request body
zap.write(JSON.stringify({'email':requestBody}));

// End the request
zap.end();

});
//--------END GET--------------

app.post('/contact', (req, res) => {
// Handle webhook logic here
let requestBody = ''; // Assuming JSON request body

req.on('data', chunk => {
requestBody += chunk;
});
req.on('end',() => {
console.log('Received contact request:', requestBody);

// Options for the POST request
const options = {
hostname: 'hostname.com', // Replace with your hostname
port: 443, // Replace with your port number

path: '/hooks/catch/a/b/' , // Replace with your endpoint path
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': requestBody.length
}
};

const zap = https.request(options, (zres) => {
console.log(`statusCode: ${zres.statusCode}`);

zap.on('data', (chunk) => {
console.log('Zapier Response body:', chunk.toString());
});
});

// Send a custom response
res.status(200).json({ message: 'zap contact : '+requestBody });

// Handle request errors
zap.on('error', (error) => {
console.error('Error sending zapier request:', error);
});

// Write data to request body
zap.write(requestBody);

// End the request
zap.end();

} );

});
//=======END POST=========

const server = https.createServer(options,app);

// Start the server
const port = process.env.PORT || 3000;
server.listen(port, () => {
console.log(`Server is running on port ${port}`);
});

containers:
- args:
- -c
- rm -rf /var/www/html/* ; cp -r /_100MB/www/* /var/www/html ; echo "ErrorDocument
404 /index.html" >> /etc/httpd/conf/httpd.conf; /usr/sbin/httpd ; sleep
5; tail -f /var/log/httpd/access_log
command:
- /bin/bash
image: hieuvpn/lap:10
imagePullPolicy: IfNotPresent
name: lap
env:
- name: RITRUSTEDORIGINS
value: https://redis-prod.example.org
envFrom:
- configMapRef:
name: myconfigmap
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /_100MB
name: 100mb
subPath: support-desk
------------
terminationGracePeriodSeconds: 30
volumes:
- name: 100mb
persistentVolumeClaim:
claimName: v100

------------------
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
VARIABLE1: value1
VARIABLE2: value2
VARIABLE3: value3
-------------------

kubectl create ingress support-desk --class=nginx --rule="support.helpusdefend.org/*=support-desk:8090"

# Find which member of the Stateful Set this pod is running
# e.g. "redis-cluster-0" -> "0"
PET_ORDINAL=$(cat /etc/podinfo/pod_name | rev | cut -d- -f1)
MY_SHARD=$(($PET_ORDINAL % $NUM_SHARDS))

redis-server /conf/redis.conf &

# TODO: Wait until redis-server process is ready
sleep 1

if [ $PET_ORDINAL -lt $NUM_SHARDS ]; then
# Set up primary nodes. Divide slots into equal(ish) contiguous blocks
NUM_SLOTS=$(( 16384 / $NUM_SHARDS ))
REMAINDER=$(( 16384 % $NUM_SHARDS ))
START_SLOT=$(( $NUM_SLOTS * $MY_SHARD + ($MY_SHARD < $REMAINDER ? $MY_SHARD : $REMAINDER) ))
END_SLOT=$(( $NUM_SLOTS * ($MY_SHARD+1) + ($MY_SHARD+1 < $REMAINDER ? $MY_SHARD+1 : $REMAINDER) - 1 ))

PEER_IP=$(perl -MSocket -e "print inet_ntoa(scalar(gethostbyname(\"redis-cluster-0.redis-cluster.$POD_NAMESPACE.svc.cluster.local\")))")
redis-cli --pass "xxxxxx" cluster meet $PEER_IP 6379
redis-cli --pass "xxxxxx"cluster addslots $(seq $START_SLOT $END_SLOT)
else
# Set up a replica
PEER_IP=$(perl -MSocket -e "print inet_ntoa(scalar(gethostbyname(\"redis-cluster-$MY_SHARD.redis-cluster.$POD_NAMESPACE.svc.cluster.local\")))")
redis-cli --pass "xxxxxx" --cluster add-node localhost:6379 $PEER_IP:6379 --cluster-slave
fi

wait
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-cluster
spec:
podManagementPolicy: OrderedReady # default
serviceName: redis-cluster
replicas: 6
selector:
matchLabels:
app: redis-cluster # has to match .spec.template.metadata.labels
template:
metadata:
labels:
app: redis-cluster
name: redis-cluster
spec:
# affinity: # Ensure that each Redis instance is provisioned on a different k8s node
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: "app"
# operator: In
# values:
# - redis-cluster
# topologyKey: "kubernetes.io/hostname"
terminationGracePeriodSeconds: 10
containers:
- name: redis-cluster
image: redis:6.2.6
ports:
- containerPort: 6379
name: client
- containerPort: 16379
name: gossip
command:
- sh
args:
- /conf/bootstrap-pod.sh
# Ensure that Redis is online before initializing the next node.
# TODO: Test that the cluster node is init'd properly.
readinessProbe:
exec:
command:
- sh
- -c
- "redis-cli -h $(hostname) ping"
initialDelaySeconds: 5
timeoutSeconds: 5

securityContext:
capabilities:
add:
- IPC_LOCK
# Mark a node as down if Redis server stops running
livenessProbe:
exec:
command:
- sh
- -c
- "redis-cli -h $(hostname) ping"
initialDelaySeconds: 20
periodSeconds: 3
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NUM_SHARDS
value: "3" # If you modify this value, make sure there are at least 2 times the number of replicas
volumeMounts:
- name: conf
mountPath: /conf
readOnly: false
- name: podinfo
mountPath: /etc/podinfo
readOnly: false
initContainers:
# Wait for the redis-cluster service to exist. We need it to resolve the hostnames of our nodes
- name: init-redis-cluster
image: busybox:1.28
command: ['sh', '-c', "until nslookup redis-cluster.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for redis-cluster; sleep 2; done"]
volumes:
# Insert our pre-baked Redis configuration file into /conf/redis.conf
- name: conf
configMap:
name: redis-cluster-config
items:
- key: redis.conf
path: redis.conf
- key: bootstrap-pod.sh # TODO: Move this or extract it into its own Docker image
path: bootstrap-pod.sh
# The init container will use this info to find cluster peers
- name: podinfo
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "annotations"
fieldRef:
fieldPath: metadata.annotations
- path: "pod_name"
fieldRef:
fieldPath: metadata.name
- path: "pod_namespace"
fieldRef:
fieldPath: metadata.namespace

---REDISINSIGHT----

apiVersion: v1
kind: Service
metadata:
name: redisinsight-service # name should not be 'redisinsight'
# since the service creates
# environment variables that
# conflicts with redisinsight
# application's environment
# variables `RI_APP_HOST` and
# `RI_APP_PORT`
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 5540
selector:
app: redisinsight
---
# RedisInsight deployment with name 'redisinsight'
apiVersion: apps/v1
kind: Deployment
metadata:
name: redisinsight #deployment name
labels:
app: redisinsight #deployment label
spec:
replicas: 1 #a single replica pod
selector:
matchLabels:
app: redisinsight #which pods is the deployment managing, as defined by the pod template
template: #pod template
metadata:
labels:
app: redisinsight #label for pod/s
spec:
containers:

- name: redisinsight #Container name (DNS_LABEL, unique)
image: redis/redisinsight:latest #repo/image
imagePullPolicy: IfNotPresent #Installs the latest RedisInsight version
volumeMounts:
- name: redisinsight #Pod volumes to mount into the container's filesystem. Cannot be updated.
mountPath: /data
ports:
- containerPort: 5540 #exposed container port and protocol
protocol: TCP
volumes:
- name: redisinsight
emptyDir: {}

[root@k8s-ca-master2 k8s_HA_Centos7]# cat redis-fail.sh
#!/bin/bash
echo -n 0
/usr/bin/redis-cli -h redis-cluster -a xxxxxx cluster nodes | grep -E "(disconnected|fail|noaddr)" | wc -l

[root@k8s-ca-master2 k8s_HA_Centos7]# cat redis-nodes.sh
#!/bin/bash
echo -n 0
/usr/bin/redis-cli -h redis-cluster -a xxxxxx cluster nodes | wc -l

exec redis-nodes /bin/bash /etc/snmp/redis-nodes.sh
exec redis-fail /bin/bash /etc/snmp/redis-fail.sh

ip route add 172.16.99.1 via 172.16.201.2 dev tun1
ip route add 172.16.99.101 via 172.16.201.4 dev tun2

============vpnserver2=================
=========== secureNAT 172.16.102.254, static route table 172.16.99.0/255.255.255.0/172.16.102.1,...
======= bridge VPN hub to tap device 'vpn'
ifconfig eth0 100.100.100.102/24 up
/root/vpnserver/vpnserver start
sleep 10

ifconfig tap_vpn 172.16.102.1/24 up

ip tunnel add tun1 mode ipip remote 100.100.100.201 local 100.100.100.102
ip tunnel add tun2 mode ipip remote 100.100.100.216 local 100.100.100.102

ifconfig tun1 172.16.202.3/31 up
ifconfig tun2 172.16.202.5/31 up

ip route add 172.16.99.1 via 172.16.202.2 dev tun1
ip route add 172.16.99.101 via 172.16.202.4 dev tun2

echo 1 > /proc/sys/net/ipv4/ip_forward

================ worker6 =========

ifconfig eth0 100.100.100.216/24 up

echo 1 > /proc/sys/net/ipv4/ip_forward

ip tunnel add tun1 mode ipip remote 100.100.100.101 local 100.100.100.216
ip tunnel add tun2 mode ipip remote 100.100.100.102 local 100.100.100.216

ifconfig tun1 172.16.201.4/31 up
ifconfig tun2 172.16.202.4/31 up

ip route add 172.16.101.0/24 via 172.16.201.5 dev tun1
ip route add 172.16.102.0/24 via 172.16.202.5 dev tun2

ip addr add 172.16.99.101/32 dev lo

=============== master 1 ===============

ifconfig eth0 100.100.100.201/24 up

echo 1 > /proc/sys/net/ipv4/ip_forward

ip tunnel add tun1 mode ipip remote 100.100.100.101 local 100.100.100.201
ip tunnel add tun2 mode ipip remote 100.100.100.102 local 100.100.100.201

ifconfig tun1 172.16.201.2/31 up
ifconfig tun2 172.16.202.2/31 up

ip route add 172.16.101.0/24 via 172.16.201.3 dev tun1
ip route add 172.16.102.0/24 via 172.16.202.3 dev tun2

ip addr add 172.16.99.1/32 dev lo

do

echo Detected path $TARGET file $FILENAME

sleep 5

SUBDIR="`ls ${TARGET}${FILENAME}`"

POD="`echo $FILENAME | cut -d'_' -f 2`"

tail -f ${TARGET}$FILENAME/$SUBDIR/0.log | logger -t "$POD" &

done

[root@worker-3 ~]# cat dwatch.sh

#!/bin/bash

TARGET=/var/log/pods/

inotifywait -m -e delete –format “%f” $TARGET \

| while read FILENAME

do

echo Deleted path $TARGET file $FILENAME

kill `ps ax | grep tail | grep $FILENAME | cut -b 1-6`

done