Ubuntu 16.04+ network 802.3ad LACP bonding

In juniper switch set aggregated Ethernet link mode as active

set aeX aggregated-ether-options lacp active

Edit file /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback
dns-nameservers 64.6.64.6 8.8.8.8

# eth0 slave interface
iface eth0 inet manual

# eth1 slave interface
iface eth1 inet manual

# bond0 trunk interface
auto bond0
iface bond0 inet manual
    slaves eth0 eth1
    bond-mode 4
    bond-miimon 100
    bond-downdelay 200
    bond-updelay 200
    bond-lacp-rate 1
    bond-xmit-hash-policy layer3+4
    #post-up ifup eth0 eth1

# bond0.2 vlan 2 interface
auto bond0.2
iface bond0.2 inet static
    vlan-raw-device bond0
    address 192.168.1.10
    gateway 192.168.1.1
    netmask 255.255.255.0
    pre-down ip -4 addr flush dev $IFACE

# bond0.3 vlan 3 interface
auto bond0.3
iface bond0.3 inet static
    vlan-raw-device bond0
    address 172.16.0.10
    gateway 172.16.0.1
    netmask 255.255.255.0
    pre-down ip -4 addr flush dev $IFACE

Then restart networking service

service networking restart && ifdown bond0 && ifup bond0

 

nginx prevent process undefined server names

Use default_server to prevent processing requests with undefined server names

http {
...

  server {
    listen 80 default_server;
    listen [::]:80 default_server;
    # close connection
    return 444;
  }
}

If use http to https redirect

http {
...
  server {
    listen 80;
    listen [::]:80;
    name_server _;

    location ^~ /.well-known/acme-challenge {
      # Install https://certbot.eff.org/
      # letsencrypt/certbot certonly --webroot --email [email protected] --agree-tos --sta$
      default_type text/plain;
      root /etc/letsencrypt/webroot;
      try_files $uri $uri/ =404;
    }

    location / {
      # redirect all requests to https
      return 301 https://$host$request_uri;
    }
  }

  server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    name_server _;
    # Enable SSL
    ssl on;
    ssl_certificate /etc/ssl/private/local.crt;
    ssl_certificate_key /etc/ssl/private/local.key;
    # close connection
    return 444;
  }
}

 

Tuning Linux ZFS

Edit /etc/modprobe.d/zfs.conf

# Set use max memory at half of system memory (ex. 4GB/2)
options zfs zfs_arc_max=2147483648

# Increase scrub/resilver worker
options zfs zfs_vdev_scrub_min_active=24
options zfs zfs_vdev_scrub_max_active=64

# Increase sync write
options zfs zfs_vdev_sync_write_min_active=8
options zfs zfs_vdev_sync_write_max_active=32

# Increase sync reads
options zfs zfs_vdev_sync_read_min_active=8
options zfs zfs_vdev_sync_read_max_active=32

# Increase async reads
options zfs zfs_vdev_async_read_min_active=8
options zfs zfs_vdev_async_read_max_active=32

# Increase async write
options zfs zfs_vdev_async_write_min_active=8
options zfs zfs_vdev_async_write_max_active=32

Save and reboot system to active configuration