分类 默认分类 下的文章

tomcat 连接数

the crux of the solution is to avoid too much queuing of requests at multiple points (OS and tomcat threads) and fail fast (return http status 503) as soon the application’s maximum capacity is reached

refer:
https://blog.insightdatascience.com/learning-about-the-http-connection-keep-alive-header-7ebe0efa209d
https://medium.com/netflix-techblog/tuning-tomcat-for-a-high-throughput-fail-fast-system-e4d7b2fc163f
https://stackoverflow.com/questions/20763999/how-does-http-keep-alive-work

关于 linux rsync & scp 命令

$ rsync --progress accessa.log.7.gz xiatian@test1.tianxiaohui.com:/home/xiatian

$ scp username@from_host:file.txt /local/directory/
$ scp file.txt username@to_host:/remote/directory/
$ scp -r username@from_host:/remote/directory/ /local/directory/ //copy目录
$ scp username@from_host:/remote/directory/file.txt username@to_host:/remote/directory/

window 安装可执行文件为系统服务

  1. 首先下载WinSW.NET2.exe
  2. 下载后重命名它为 MyServiceName.exe;
  3. 新建一个文件名为 MyServiceName.xml 文件, 与MyServiceName.exe 同一个目录, 类似如下:

    olapScrubber
    olapScrubber
    olapScrubber
    C:\sre\run.bat
    c:\sre\logs\</logpath>
    roll

    更多配置 参考这里: https://github.com/kohsuke/winsw/blob/master/doc/xmlConfigFile.md
  4. 执行 MyServiceName.exe install 就安装好了.

如何删除:
sc delete MyServiceName.exe
参考这里:
https://stackoverflow.com/questions/10061191/add-nginx-exe-as-windows-system-service-like-apache

使用 certutil 编码和编码二进制文件

certutil 是 windows 自带的工具:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

二进制不方便 copy, 使用 certutil 你可以转换二进制位打印字符, 之后你就可以 copy 了.
远程桌面的时候, 使用剪贴板 copy 就行.

先转成文本
D:\softwares>certutil -encode WinSW.NET2.exe WinSW.NET2.txt
再转回来.
D:\softwares>certutil -decode WinSW.NET2.txt WinSW.NET2.exe

about SSL, TLS some links

  1. 信息交换 不稳定 -> tcp, 不安全 -> TLS (confidentiality, integrity, authentication)
  2. PKI(Public Key Infrastructure) 参与者: CA, server, client agents(browsers, codes)
  3. 对称加密(symmetic encryption) 或 private-key encryption 或 secret-key 加密.
    plaintext -> 加密算法(secret_key|null) -> ciphertext
  4. 流式加密(Stream Cipher -> XOR)(RC4) vs 块加密 (Block Cipher) (AES)
  5. 加密 Hash 函数并不是一般的 Hash 函数. 不可逆, 少重样, 少碰撞. 指纹(fingerprint) 摘要(digest) SHA256;
  6. MAC (Message Authentication Codes): 这种 Hash 函数需要 key, 具有认证功能 -> HMAC (Hash-based Message Authentication Codes);
  7. 非对称加密 (Asymmetricencrpytion) 又称 public-key crpytography) 为了保密, 用对方的公钥发消息给他; 为了证明自己, 用自己的私钥发通知 (RSA 2048 bits ~~ 112 对称加密 bits);
  8. 数字签名算法: (先算出原文 Hash 值(长度短) + 一些元数据) -> 私钥加密 -> 签名;
  9. 随机数: (TRNG: True Random Number Generator) & (PRNG: Pesudorandom Number Generator);
  10. 加密(保证 confidentiality)和 MAC (保证完整性 integrity) 都需要 secret key, secret key 需要非对称加密保证交换.
  11. 顺序号(Sequence num) 和 结束字节 保证没有被重放或删除;
  12. 非对称加密保证了 key 的传输和认证;

如何分析一个证书的详细内容, 接受的加密算法:
https://www.ssllabs.com/ssltest/analyze.html?d=sourceforge.net
如何 debug SSL
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
关于 jdk 支持的 SSL, TLS 版本
https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https

https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/ciphersuites.html

https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-httpshttps://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#HowSSLWorks

https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites

https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679609085.html

  1. 1
  2. ...
  3. 18
  4. 19
  5. 20
  6. 21
  7. 22
  8. 23
  9. 24
  10. ...
  11. 39