第一页

# /etc/sysctl.conf - Network Performance Tuning
# 增加系统文件描述符限制
fs.file-max = 655350

# 允许更多的 PIDs (减少滚动翻转问题)
kernel.pid_max = 65536

# 网络层优化：TCP SYN 队列长度
net.ipv4.tcp_max_syn_backlog = 262144
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

# TCP Keepalive 设置 (更激进的保活)
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3

# 开启 BBR 拥塞控制算法
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

# ~/.ssh/config - 加速 SSH 连接复用配置
Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600
    ServerAliveInterval 60
    ServerAliveCountMax 3
    Compression yes

# 特定服务器别名映射
Host production-db
    HostName 192.168.10.55
    User op_admin
    IdentityFile ~/.ssh/id_ed25519_prod
    Port 2222

# ssl_params.conf - 安全增强配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# HSTS (开启 HTTP 严格传输安全)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8 valid=300s;
resolver_timeout 5s;

version: '3.8'
services:
  redis:
    image: redis:7.0-alpine
    command: redis-server --appendonly yes
    volumes:
      - ./data/redis:/data
    networks:
      - backend

  postgres:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB: app_db
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASS}
    shm_size: 1g
    restart: always

networks:
  backend:
    driver: bridge

# Productivity aliases
[alias]
    st = status
    co = checkout
    br = branch
    ci = commit
    lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
    unstage = reset HEAD --
    last = log -1 HEAD
    
[core]
    editor = vim
    autocrlf = input