JoyLau's Blog

SpringBoot3 RestClient 打印请求和响应日志

发表于 2024-05-13 更新于 2024-11-01 分类于 SpringBoot篇

SpringBoot3 RestClient 打印请求和响应日志

引入依赖

RestClient 默认 requestFactory 使用的是 JdkClientHttpRequestFactory，没有日志功能
这里需要切换为 HttpComponentsClientHttpRequestFactory

<!-- 新版 restClient 使用-->
<dependency>
    <groupId>org.apache.httpcomponents.client5</groupId>
    <artifactId>httpclient5</artifactId>
</dependency>

配置类

这里我额外加入了 Base 认证和一个 json 的消息转换器

@Bean
public RestClient mqttApiRestClient(ObjectMapper objectMapper) {
    String auth = mqttProperties.getRest().getApiKey() + ":" + mqttProperties.getRest().getSecretKey();
    byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(StandardCharsets.UTF_8));
    String header = "Basic " + new String(encodedAuth);
    HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
    factory.setConnectTimeout(3000);
    factory.setConnectionRequestTimeout(5000);
    return RestClient.builder()
            .requestFactory(factory)
            .messageConverters(httpMessageConverters -> httpMessageConverters.add(4,
                    new MappingJackson2HttpMessageConverter(objectMapper)))
            .baseUrl(mqttProperties.getRest().getApi())
            .defaultHeader("Authorization", header)
            .build();
}

日志配置

logging:
  level:
    # restClient 日志打印
    org.apache.hc.client5.http.wire: debug

Windows 调整多网卡的网络优先级

发表于 2024-04-10 更新于 2024-11-01 分类于 Windows篇

Windows 调整多网卡的网络优先级

操作

打开 Internet协议版本4（TCP/IPv4）的属性
设置高级中的 “接口跃点数”，值越小优先级越高

Linux --- Dante 配置 socks5 代理不需要用户名密码认证

发表于 2024-04-03 更新于 2024-11-01 分类于 Linux篇

Dante 配置 socks5 代理不需要用户名密码认证

服务部署

version: "3"
services:
  dante:
     image: wernight/dante:latest
     container_name: dante
     restart: always
     network_mode: "host"

配置文件

#
# A sample sockd.conf
#
#
# The config file is divided into three parts;
#    1) server settings
#    2) rules
#    3) routes
#
# The recommended order is:
#   Server settings:
#               logoutput
#               internal
#               external
#               socksmethod
#               clientmethod
#               users
#               compatibility
#               extension
#               timeout
#               srchost
#
#  Rules:
#        client block/pass
#                from to
#                libwrap
#                log
#
#     block/pass
#                from to
#                socksmethod
#                command
#                libwrap
#                log
#                protocol
#                proxyprotocol
#
#  Routes:

# the server will log both via syslog, to stdout and to /var/log/sockd.log
#logoutput: syslog stdout /var/log/sockd.log
logoutput: stderr

# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
#internal: 10.1.1.1 port = 1080
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080
internal: 0.0.0.0 port = 1080

# all outgoing connections from the server will use the IP address
# 195.168.1.1
#external: 192.168.1.1
external: eth0
external.rotation: route

# list over acceptable authentication methods, order of preference.
# An authentication method not set here will never be selected.
#
# If the socksmethod field is not set in a rule, the global
# socksmethod is filled in for that rule.
#

# methods for socks-rules.
#socksmethod: username none #rfc931
socksmethod: username none  # No authentication.

# methods for client-rules.
clientmethod: none  # No authentication.

#or if you want to allow rfc931 (ident) too
#socksmethod: username rfc931 none

#or for PAM authentication
#socksmethod: pam

#
# User identities, an important section.
#

# when doing something that can require privilege, it will use the
# userid "sockd".
#user.privileged: sockd

# when running as usual, it will use the unprivileged userid of "sockd".
user.unprivileged: sockd

# If you are not using libwrap, no need for the below line, so leave
# it commented.
# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands?  "libwrap".
#user.libwrap: libwrap


#
# Some options to help clients with compatibility:
#

# when a client connection comes in the socks server will try to use
# the same port as the client is using, when the socks server
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports as well.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport

# If you are using the Inferno Nettverk bind extension and have trouble
# running servers via the server, you might try setting this.
#compatibility: reuseaddr

#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind


#
# Misc options.
#

# how many seconds can pass from when a client connects til it has
# sent us it's request?  Adjust according to your network performance
# and methods supported.
#timeout.negotiate: 30   # on a lan, this should be enough.

# how many seconds can the client and it's peer idle without sending
# any data before we dump it?  Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
#timeout.io: 0 # or perhaps 86400, for a day.

# do you want to accept connections from addresses without
# dns info?  what about addresses having a mismatch in dns info?
#srchost: nodnsunknown nodnsmismatch

#
# The actual rules.  There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server.  I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socks server is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socks request.
#
# "from:" is the source address in both contexts.
#


#
# The "client" rules.
#

# Allow everyone to connect to this server.
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error  # disconnect
}

# Allow all operations for connected clients on this server.
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: error  # connect disconnect iooperation
    #socksmethod: username
}
# Allow all inbound packets.
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bindreply udpreply
    log: error  # connect disconnect iooperation
}

# Other sample rules below, supposing that our clients come from the net 10.0.0.0/8.

# Allow our clients, also provides an example of the port range command.
#client pass {
#        from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#        clientmethod: rfc931 # match all idented users that also are in passwordfile
#}

# This is identical to above, but allows clients without a rfc931 (ident)
# too.  In practice this means the socks server will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
#client pass {
#        from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#}


# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us.  This is the default
# but if you give the rule yourself, you can specify details.
#client block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}


# the rules controlling what clients are allowed what requests
#

# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
#socks block {
#        from: 0.0.0.0/0 to: lo0
#        log: connect error
#}

# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
#socks block {
#        from: 0.0.0.0/0 to: 172.16.0.0/12
#        libwrap: spawn finger @%a
#        log: connect error
#}

# unless you need it, you could block any bind requests.
#socks block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        command: bind
#        log: connect error
#}

# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
#socks pass {
#        from: 10.0.0.0/8 to: 0.0.0.0/0
#        command: bind
#        log: connect error
#}

# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packet based.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway.  The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
#socks pass {
#        from: 0.0.0.0/0 to: 10.0.0.0/8
#        command: bindreply udpreply
#        log: connect error
#}


# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#socks pass {
#        from: 10.0.0.0/8 to: .example.com port = http
#        log: connect error
#        clientmethod: username
#}


# block any other http connects to the example.com domain.
#socks block {
#        from: 0.0.0.0/0 to: .example.com port = http
#        log: connect error
#}

# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
#socks pass {
#        from: 10.0.0.0/8 to: 0.0.0.0/0
#        protocol: tcp udp
#}

# last line, block everyone else.  This is the default but if you provide
# one  yourself you can specify your own logging/actions
#socks block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}

# route all http connects via an upstream socks server, aka "server-chaining".
#route {
# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
#}

配置 socks5 代理不需要认证

修改配置项 socksmethod: username none 改为 socksmethod: none

使用 Windows 自带的命令行工具进行端口转发

发表于 2024-03-21 更新于 2024-11-01 分类于 Windows篇

配置转发

1	netsh interface portproxy add v4tov4 listenport=[监听端口号] listenaddress=[本地IP地址] connectport=[目标端口号] connectaddress=[目标IP地址]

查看配置

1	netsh interface portproxy show all

删除配置

1	netsh interface portproxy delete v4tov4 listenport=[监听端口号] listenaddress=[本地IP地址]

Linux 普通用户免密码切换至 root

发表于 2024-03-19 更新于 2024-11-01 分类于 Linux篇

Linux 普通用户免密码切换至 root

步骤

修改 /etc/sudoers 文件, 没有权限的话执行 chmod u+w /etc/sudoers, 修改完成后还原权限 chmod u-w /etc/sudoers
添加一行 username ALL=(ALL) NOPASSWD:ALL
普通用户下输入 sudo -s 或者 sudo su - 命令就可以直接免密切换到 root 账户

SSH 登录慢解决方法

发表于 2024-03-19 更新于 2024-11-01 分类于 Linux篇

记录下 ssh 登录慢的解决方案

修改配置文件 /etc/ssh/sshd_config

关闭 DNS 反向解析

UseDNS no

关闭 gssapi 认证

1	GSSAPIAuthentication no

MySQL SQL 执行性能分析方法

发表于 2024-02-05 更新于 2024-11-01 分类于 MySQL篇

记录下目前用到的 MySQL SQL 执行性能分析的方法

执行性能分析，常用的方法是使用 explain 关键字, 但是这个方法只能看到查询的一些类型，不能看到执行的耗时，这里我记录一些其他的方法

MySQL 5.x 版本

SET profiling = 0; # 开启 session 性能记录
# 执行 SQL
SHOW PROFILES; # 分析性能记录

MySQL 8.x 版本

在查询语句前使用 explain analyze 关键字

阅读全文 »

JoyLau's Blog

SpringBoot3 RestClient 打印请求和响应日志

引入依赖

配置类

日志配置

Windows 调整多网卡的网络优先级

操作

Linux --- Dante 配置 socks5 代理不需要用户名密码认证

服务部署

配置文件

配置 socks5 代理不需要认证

使用 Windows 自带的命令行工具进行端口转发

配置转发

查看配置

删除配置

Linux 普通用户免密码切换至 root

步骤

SSH 登录慢解决方法

关闭 DNS 反向解析

关闭 gssapi 认证

推荐一款在电视上看卫视的 APP （MyTV）

项目

MySQL SQL 执行性能分析方法

MySQL 5.x 版本

MySQL 8.x 版本