SHOW VARIABLES LIKE '%time_zone%' SELECT NOW() AS now, UTC_TIMESTAMP() AS utc_now
fail2ban + remoteip mod
systemctl status fail2ban fail2ban-client status fail2ban-client status apache-get-dos - parodo Banned IP list fail2ban-client banned - parodo Banned IP list tail -f /var/log/fail2ban.log - live stebejimas requestu --------------- sukuriam filtra ------------------------- sudo nano /etc/fail2ban/filter.d/nginx-http-get-dos.conf [Definition] failregex = ^<HOST> -.*"(GET|POST).* ignoreregex = --------------- idedam filtra i jail.local -------------- nano /etc/fail2ban/jail.local [nginx-http-get-dos] enabled = true port = http,https filter = nginx-http-get-dos logpath = /var/log/nginx/access.log maxretry = 30 findtime = 60 bantime = 3600 action = iptables[name=HTTP, port=http, protocol=tcp] ---------------------------------------------- systemctl restart fail2ban
Reikalingas, jei naudojamas Cloudflare A Proxied a2enmod remoteip nano remoteip.conf # Failas: /etc/apache2/conf-available/remoteip.conf # Įjungia mod_remoteip, kad Apache matytų tikrą lankytojo IP per Cloudflare RemoteIPHeader X-Forwarded-For # Cloudflare patikimi proxy IP RemoteIPTrustedProxy 103.21.244.0/22 .... #ikelti visus ip is cia: https://www.cloudflare.com/ips/ a2enconf remoteip systemctl restart apache2
Blokuoti IP
fail2ban-client set apache-get-dos banip 11.22.33.44
Atblokuoti IP
fail2ban-client set apache-get-dos unbanip 11.22.33.44
Atblokuoti vius IPs
for jail in $(sudo fail2ban-client status | grep "Jail list:" | cut -d: -f2 | tr ',' ' '); do
for ip in $(sudo fail2ban-client status $jail | grep "Banned IP list:" | cut -d: -f2); do
[ -n "$ip" ] && sudo fail2ban-client set $jail unbanip $ip
done
done
Bootstrap Auth Scaffolding
https://www.itsolutionstuff.com/post/laravel-10-bootstrap-auth-scaffolding-tutorialexample.html composer require laravel/ui npm install && npm run build php artisan migrate USER MUST BE VERIFIED LoginController: protected function authenticated(Request $request, $user) { if(!$user->email_verified_at ){ $this->logout($request); } } DONT LOGIN AFTER REGISTRATION RegisterContoller: public function register(Request $request) { $this->validator($request->all())->validate(); event(new Registered($user = $this->create($request->all()))); // $this->guard()->login($user); if ($response = $this->registered($request, $user)) { return $response; } return $request->wantsJson() ? new JsonResponse([], 201) : redirect($this->redirectPath()); }
ufw basic
SHOW RULES:
sudo ufw status verbose
ALLOW PORTS:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
ENABLE/DISABLE:
sudo ufw enable
sudo ufw disable
certbot timer
EDIT: sudo nano /lib/systemd/system/certbot.timer OnCalendar=*-*-* 02:00:00 (edit this line) sudo systemctl daemon-reload sudo systemctl restart certbot.timer
LIST: systemctl list-timers certbot.timer
Saga
<?php
// Event class to represent different steps in the saga
class SagaEvent { private string $eventType; private array $data; public function __construct(string $eventType, array $data) { $this->eventType = $eventType;
$this->data = $data;
}
public function getEventType(): string {
return $this->eventType;
}
public function getData(): array {
return $this->data;
}
}
// Interface for saga steps
interface SagaStep {
public function execute(array $data): bool;
public function compensate(array $data): void;
}
// Concrete implementation of Order service step
class OrderStep implements SagaStep {
public function execute(array $data): bool {
try {
// Create order in database
echo "Creating order: " . $data['orderId'] . "\n";
// Simulate database operation
return true;
} catch (Exception $e) {
return false;
}
}
public function compensate(array $data): void {
echo "Cancelling order: " . $data['orderId'] . "\n";
// Rollback order creation
}
}
// Payment service step
class PaymentStep implements SagaStep {
public function execute(array $data): bool {
try {
// Process payment
echo "Processing payment for order: " . $data['orderId'] .
" Amount: $" . $data['amount'] . "\n";
// Simulate payment processing
return true;
} catch (Exception $e) {
return false;
}
}
public function compensate(array $data): void {
echo "Refunding payment for order: " . $data['orderId'] .
" Amount: $" . $data['amount'] . "\n";
// Reverse payment
}
}
// Inventory service step
class InventoryStep implements SagaStep {
public function execute(array $data): bool {
try {
// Reserve inventory
echo "Reserving inventory for order: " . $data['orderId'] .
" Quantity: " . $data['quantity'] . "\n";
// Simulate inventory reservation
return true;
} catch (Exception $e) {
return false;
}
}
public function compensate(array $data): void {
echo "Releasing inventory for order: " . $data['orderId'] .
" Quantity: " . $data['quantity'] . "\n";
// Release reserved inventory
}
}
// Saga orchestrator to manage the transaction
class OrderSagaOrchestrator {
private array $steps;
private array $completedSteps;
public function __construct() {
$this->steps = [
new OrderStep(),
new PaymentStep(),
new InventoryStep()
];
$this->completedSteps = [];
}
public function execute(array $data): bool {
// Execute each step in sequence
foreach ($this->steps as $step) {
if (!$step->execute($data)) {
// If any step fails, compensate all completed steps
$this->compensate($data);
return false;
}
$this->completedSteps[] = $step;
}
return true;
}
private function compensate(array $data): void {
// Compensate completed steps in reverse order
foreach (array_reverse($this->completedSteps) as $step) {
$step->compensate($data);
}
}
}
// Example usage
$orderData = [
'orderId' => 'ORD-123',
'amount' => 99.99,
'quantity' => 2
];
$saga = new OrderSagaOrchestrator();
$success = $saga->execute($orderData);
if ($success) {
echo "Order process completed successfully!\n";
} else {
echo "Order process failed and was rolled back.\n";
}
collect variable
script (myRequest -> scripts -> Post response):
var jsonData = pm.response.json();
pm.collectionVariables.set("authToken", jsonData.data.token);
console.log("Token set: " + jsonData.token);
see on postman:
Collection -> variables
use variable:
{{authToken}}
pvz.: myRequest -> Authorization -> Token = {{authToken}}
redirect to www
1. GOTO: Rules->redirect rules
2. Incoming requests match: hostname equals example.com
3. Then: Dynamic Expresion = concat("https://www.example.lt", http.request.uri.path)
4. Preserve query string = checked
https://community.cloudflare.com/t/redirect-example-com-to-www-example-com-using-single-dynamic-redirects/636762
install php8.3+fpm
https://www.linuxtuto.com/how-to-install-php-8-3-on-ubuntu-22-04/
php8.1-fpm + http2
https://www.cloudbooklet.com/developer/how-to-install-php-fpm-with-apache-on-ubuntu-22-04/ apt install php8.1-fpm a2dismod php8.1 a2dismod mpm_prefork a2enmod mpm_event proxy_fcgi setenvif a2enconf php8.1-fpm a2enmod http2 systemctl restart apache2
service php8.1-fpm restart