Yet another static site generator for who cares hyphenation in Western words and space between CJK and Western parts.
MonoBlog insert U+2009 between Chinese and Western parts across inline tags, insert U+00AD in the appropriate place inside Western words according to Liang's Hyphenation algorithm and LaTeX's corpus.
Usage
Process file in arg, or data from stdin
$ mblog ulysses.md
or
$ cat ulysses.md | mblog
Format
Front matter and body are just plain markdown. Posts are joined with newline, which is the default format exported from Ulysses.
This guide covers the basics of setting up a development environment on a new Mac. Whether you are an experienced programmer or not, this guide is intended for everyone to use as a reference for setting up your environment or installing languages/libraries.
Some of the environments we will set up are Node (JavaScript), Python, C++ and Ruby. Even if you don't program in all of them, they are useful to have as many command-line tools rely on them. We'll also show you some useful daily use applications. As you read and follow these steps, feel free to post any feedback or comments you may have.
CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. If some functionality is not provided out of the box you can add it by writing a plugin.
CoreDNS can listen for DNS requests coming in over UDP/TCP (go'old DNS), TLS (RFC 7858), also called DoT, DNS over HTTP/2 - DoH - (RFC 8484) and gRPC (not a standard).
Currently CoreDNS is able to:
Serve zone data from a file; both DNSSEC (NSEC only) and DNS are supported (file and auto).
Retrieve zone data from primaries, i.e., act as a secondary server (AXFR only) (secondary).
Sign zone data on-the-fly (dnssec).
Load balancing of responses (loadbalance).
Allow for zone transfers, i.e., act as a primary server (file).
To compile CoreDNS, we assume you have a working Go setup. See various tutorials if you don’t have that already configured.
First, make sure your golang version is 1.12 or higher as go mod support is needed. See here for go mod details. Then, check out the project and run make to compile the binary:
$ git clone https://github.com/coredns/coredns $ cd coredns $ make
This should yield a coredns binary.
Compilation with Docker
CoreDNS requires Go to compile. However, if you already have docker installed and prefer not to setup a Go environment, you could build CoreDNS easily:
$ docker run --rm -i -t -v $PWD:/go/src/github.com/coredns/coredns \ -w /go/src/github.com/coredns/coredns golang:1.12 make
The above command alone will have coredns binary generated.
Examples
When starting CoreDNS without any configuration, it loads the whoami plugin and starts listening on port 53 (override with -dns.port), it should show the following:
Any query sent to port 53 should return some information; your sending address, port and protocol used.
If you have a Corefile without a port number specified it will, by default, use port 53, but you can override the port with the -dns.port flag:
./coredns -dns.port 1053, runs the server on port 1053.
Start a simple proxy. You'll need to be root to start listening on port 53.
Corefile contains:
.:53 { forward . 8.8.8.8:53 log }
Just start CoreDNS: ./coredns. Then just query on that port (53). The query should be forwarded to 8.8.8.8 and the response will be returned. Each query should also show up in the log which is printed on standard output.
Serve the (NSEC) DNSSEC-signed example.org on port 1053, with errors and logging sent to standard output. Allow zone transfers to everybody, but specifically mention 1 IP address so that CoreDNS can send notifies to it.
example.org:1053 { file /var/lib/coredns/example.org.signed { transfer to * transfer to 2001:500:8f::53 } errors log }
Serve example.org on port 1053, but forward everything that does not match example.org to a recursive nameserver and rewrite ANY queries to HINFO.
.:1053 { rewrite ANY HINFO forward . 8.8.8.8:53
file /var/lib/coredns/example.org.signed example.org { transfer to * transfer to 2001:500:8f::53 } errors log }
IP addresses are also allowed. They are automatically converted to reverse zones:
10.0.0.0/24 { whoami }
Means you are authoritative for 0.0.10.in-addr.arpa..
This also works for IPv6 addresses. If for some reason you want to serve a zone named 10.0.0.0/24 add the closing dot: 10.0.0.0/24. as this also stops the conversion.
This even works for CIDR (See RFC 1518 and 1519) addressing, i.e. 10.0.0.0/25, CoreDNS will then check if the in-addr request falls in the correct range.
Listening on TLS and for gRPC? Use:
tls://example.org grpc://example.org { whoami }
Specifying ports works in the same way:
grpc://example.org:1443 { # ... }
When no transport protocol is specified the default dns:// is assumed.
Since almost a year Google has a DNS service that can be queried over HTTPS: https://dns.google.com. This means your queries are encrypted and can only be seen by you (and Google(!)). Seeing all the press about the UK’s snooper’s charter I though I should implement this as a plugin in CoreDNS.
I’m (obviously) going to use this myself; which is perfect as it protects me and it allows me to use CoreDNS as a DNS proxy in my home network.
The only unencrypted DNS used is from your laptop/phone/computer to CoreDNS, the rest is encrypted.
By default, dns.google.com will be re-resolved every 30 seconds using 8.8.8.8 and 8.8.4.4 (you can override these defaults). This is the only query not encrypted, but this will probably lead to a very boring browser history.
总之,在创建好配置文件之后,我们再来执行命令将服务安装到系统当中: sudo cloudflared service install INFO[0000] Applied configuration from /usr/local/etc/cloudflared/config.yml INFO[0000] Installing Argo Tunnel as an user launch agent INFO[0000] Outputs are logged in /tmp/com.cloudflare.cloudflared.out.log and /tmp/com.cloudflare.cloudflared.err.log
现在,你就可以按 ctrl + c 停掉刚刚测试用的临时服务了,然后用命令启动系统服务: sudo launchctl start com.cloudflare.cloudflared
INFO[0000] Adding DNS upstream url="https://1.1.1.1/dns-query"
INFO[0000] Adding DNS upstream url="https://1.0.0.1/dns-query"
INFO[0000] Starting DNS over HTTPS proxy server addr="dns://localhost:53"
INFO[0000] cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/argo-tunnel/reference/service/
INFO[0000] Starting metrics server addr="127.0.0.1:59130"
系统配置: 现在,我们已经启动了DoH(dns proxy server通常会占用本地的 53 端口)你只需要配置本地机器的 dns server为127.0.0.1即可。 使用 DoH 速度快些但干扰严重——这也可能和 DoH 公共服务器还不是很多有关(毕竟很容易就给你干掉 IP 了),总之,这种手段是自建dns服务器绝佳的选择,简单、快捷,还很轻松。
行文仓促,我目前已经在使用 argo tunnel,也就是 cloudflared 了,自带 DNS 缓存,即使不使用前置 DNS 缓存也能很好的运行。 ref: https://developers.cloudflare.com/argo-tunnel/reference/service/ ---------
如果只对特定权威 DNS 发送 edns-client-subnet 请求,则按照此格式写多行 IP. --------------------
Dnscrypt-Proxy的搭建
Let’s start by installing dnscrypt-proxy. This is a client that will take care
to forward securely all the DNS requests your devices are going to do to your server.
It uses either its own protocol (dnscrypt) or DoH.
I’m choosing Dnscrypt-proxy because it provides a fair range of servers in all the world provided by the community or by big players (like google, cloudflare, etc …).
One of the contributor provides a PPA to help us install and keep the program up-to-date.
Once installed, the service will start automatically with your machine.
Configuration
To make thing simple in the guide, I’m using the DNS server of Cloudflare. In case you don’t want to use their servers, you have the full list of available servers on the application website. Keep in mind you can choose more than one.
Open the file /etc/dnscrypt-proxy/dnscrypt-proxy.toml in your favorite editor. Find the general section and change the server_name variable.
server_names = ['cloudflare']
Once done, restart the service.
sudo systemctl restart dnscrypt-proxy
By default, the program use the socket library of systemd to listen 127.0.2.1:53.
最简单的方案在服务器 A 和 B 上配置 GRE 隧道即可,步骤简单不再赘述。需要注意的是为了能让客户端的内网地址能够访问到隧道的对端,也就是服务器 B 端,服务器 B 上配置隧道时 peer 的参数应当是包含服务器 A 和 VPN 客户端 IP 的 IP 段,例如 ip addr add 10.7.0.1 peer 10.7.0.2/24 dev gre0
This repository consolidates several reputable filters, and merges them into couple of protection packs with duplicates and dead/inactive domains removed. A variety of tailored packs are provided.
A Trio Project with ❤ from Bangladesh, India & Zanzibar.
Features
hosts based: based on Hosts file, all the bad stuffs blocked with 0.0.0.0
any device: compatible with all devices, regardless of OS.
blockings: strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications.
multiple formats: different variants for different devices.
speed you need: reduces page loading time upto half of its actual time!
privacy: with all these annoyances blocking, it also increases privacy.
saves expense: greatly decreases data consumption saving expense.
support: user friendly chat group got your back!
clean: no extra abracadabra!
What is this for?
This Energized System is designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates protection packs that prevents your system from connecting to them.
Notice
- Due to heavy load on our server, we had to discontinue our mirror service. Moreover, we couldn't afford to pay anymore to keep the server alive and get more bandwidth. - Unbound Formats are in 'conf' format now.
Expectation: These unified packs should serve all devices, regardless of OS.
Best Use
You can use any practical way you want to use Energized Protection on your devices, if you know what you are doing. But if you are clueless, there are few suggestions.
rooted android:Energized Protection Magisk Module makes your experience better on Magisk-ly Rooted Android devices. Grab it from Magisk Manager > Download. If you aren't that familiar with that stuff, then you can use AdAway (Latest) with GIT RAW Sources now.
non-rooted android: If you are not using any root solution, then you can use DNS66, BLOKADA or Perosnal DNS Filter with any of the Energized Source.
ios: Use any Adblocking Client app with Energized Source.
windows: On Windows, you can use HostsMan to get the best Windows Hosts Usage Experience.
linux:Energized Protection Linux Script is there for you! Check here for more info.
Core Social List + AdGuard Social Media filter, Pop-Ups & Trackers, Adversity - Antisocial, Facebook Zero Hosts Block and Sinfonietta's Social
7
Porn Lite
Core Porn List + Clefspeare's Pornhosts, EasyList Adult Adservers, Specific & Thirdparty, PornAway Blacklist, Porn List Light, Sinfonietta's Pornhosts and WowDude PornList
9
Regional
Adblock Estonian & Iran, Adguard Dutch, English, French, German, Japanese, Russian, Turkish & Spanish - Portuguese Filter, Easylist ABPindo, Brasil, Bulgarian, China, Czech & Slovak, Dutch, French, Germany, Hebrew, Italy, Latvian, Polish, Romanian, Russian, Spanish and Thailand, Fanboy's Indian & Vietnamese, Liste AR, Polish Adblock & Privacy Filters and RUAdList
32
Sources
Updated sources from the following locations are always merged and included. Note. Active Source means the hosts file we use after whitelisting legit domains and removing dead inactive domains. Social sources don't have active lists as for now.
Go to our website and if you see a green shield right by the logo. Voila! Energized is working fine for you. Make sure to enable JavaScript for our site to check Energized. You can also check via our Web App or here.
(Note for Debian/Ubuntu users: You need to set $GOROOT if you could not get your new version of Go selected by the Makefile.)
First create an empty directory, used for $GOPATH:
mkdir ~/gopath export GOPATH=~/gopath
To build the program, type:
make
To install DNS-over-HTTPS as Systemd services, type:
sudo make install
By default, Google DNS over HTTPS is used. It should work for most users (except for People's Republic of China). If you need to modify the default settings, type:
sudoedit /etc/dns-over-https/doh-client.conf
To automatically start DNS-over-HTTPS client as a system service, type:
Although DNS-over-HTTPS can work alone, a HTTP service muxer would be useful as you can host DNS-over-HTTPS along with other HTTPS services.
HTTP/2 with at least TLS v1.3 is recommended. OCSP stapling must be enabled, otherwise DNS recursion may happen.
DNSSEC
DNS-over-HTTPS is compatible with DNSSEC, and requests DNSSEC signatures by default. However signature validation is not built-in. It is highly recommended that you install unbound or bind and pass results for them to validate DNS records.
EDNS0-Client-Subnet (GeoDNS)
DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of the client's IP address (/24 for IPv4, /56 for IPv6 by default) to the upstream server. This is useful for GeoDNS and CDNs to work, and is exactly the same configuration as most public DNS servers.
Keep in mind that /24 is not enough to track a single user, although it is precise enough to know the city where the user is located. If you think EDNS0-Client-Subnet is affecting your privacy, you can set no_ecs = true in /etc/dns-over-https/doh-client.conf, with the cost of slower video streaming or software downloading speed.
To ultilize ECS, X-Forwarded-For or X-Real-IP should be enabled on your HTTP service muxer. If your server is backed by unbound or bind, you probably want to configure it to enable the EDNS0-Client-Subnet feature as well.
Protocol compatibility
Google DNS-over-HTTPS Protocol
DNS-over-HTTPS uses a protocol compatible to Google DNS-over-HTTPS, except for absolute expire time is preferred to relative TTL value. Refer to json-dns/response.go for a complete description of the API.
EDNS0-Client-Subnet (/24 for IPv4, /56 for IPv6 by default)
The name of the project
This project is named "DNS-over-HTTPS" because it was written before the IETF DoH project. Although this project is compatible with IETF DoH, the project is not affiliated with IETF.
To avoid confusion, you may also call this project "m13253/DNS-over-HTTPS" or anything you like.
Tutorial to setup your own DNS-over-HTTPS (DoH) server
Introduction
Traditional DNS queries and responses are sent over UDP or TCP without encryption. This is vulnerable to eavesdropping and spoofing (including DNS-based Internet filtering). Responses from recursive resolvers to clients are the most vulnerable to undesired or malicious changes, while communications between recursive resolvers and authoritative name servers often incorporate additional protection. (Google)
To simplify, anybody on your network, your ISP, etc … can easily spoof DNS response and decide to send you to a different website than the one you desired. Also, it has some privacy implication where anybody between you and the DNS server can know what website you visit.
Guide
The guide is divided in multiple part. The first one covers how to setup a DNS-over-HTTPS (DoH) while using dnscrypt-proxy as DNS server to answer the requests.
The second part explains how to make couple of changes to that configuration to have PiHole (dns server that block ads) as DNS server behind DoH.
The third part explains how to add DNS-over-TLS to your setup. Useful if you own Android 9 (Pie) devices.
The last part will provide you with a list of client for Windows, Linux, Android and iOS that supports DoH natively to be able to use it on all your devices.
Server
I advise you to setup a free f1 micro instance at Google Cloud Computing. You can setup anywhere you want, I only advise there because they have a good image for Ubuntu 18.04 and the f1 micro instance is free forever. All the request the machine will do will be encrypted and not accessible by Google.
Again, if you’re more familiar with Digital Ocean, AWS, etc … please use the hosting provider you know the best. For this guide, I only advise you to have a Debian based image (Debian, Ubuntu, etc …)
Architecture
DNS-over-HTTPS server
The next step is to install the server that implement the DoH protocol to get an HTTP request and do a DNS request.
I provide 2 ways to install it, either you download the deb I provide or you compile the program (in golang) yourself.
Download
For this tutorial, I’ve taken the time to compile and package DNS-over-HTTPS (Golang) and provide a deb file easily installable.
If you prefer to build it yourself, you can follow the guide provided in the GitHub repository.
After compiling you can use FPM to build the package.
Install
If you compile it yourself, you won’t need to do this, the make install will have already taken care of it.
sudo dpkg -i doh-server_*_amd64.deb
This will install and start the service for you.
Configuration
Open the file /etc/dns-over-https/doh-server.conf in your favorite editor. Keep somewhere the listen IP/Port. We’ll need it when we’ll setup Nginx.
Change upstream variable.
# HTTP listen port
listen = [
"127.0.0.1:8053",
"[::1]:8053",
]
# TLS certification file
# If left empty, plain-text HTTP will be used.
# You are recommended to leave empty and to use a server load balancer (e.g.
# Caddy, Nginx) and set up TLS there, because this program does not do OCSP
# Stapling, which is necessary for client bootstrapping in a network
# environment with completely no traditional DNS service.
cert = ""
# TLS private key file
key = ""
# HTTP path for resolve application
path = "/dns-query"
# Upstream DNS resolver
# If multiple servers are specified, a random one will be chosen each time.
upstream = [
"127.0.0.1:53",
]
# Upstream timeout
timeout = 60
# Number of tries if upstream DNS fails
tries = 10
# Only use TCP for DNS query
tcp_only = false
# Enable logging
verbose = false
This will tell DoH-server to use our dnscrypt-proxy to do its DNS requests.
Once done, restart the service.
sudo systemctl restart doh-server
Nginx
This section focus on installing and configuring Nginx to take care of the HTTPS part of DNS-over-HTTPS. To do this, we configure it as a reverse proxy and use let’s encrypt to generate a certificate.
This is an example of a configuration. You need to change the server_name to the domain you’ll use for DoH. Also check that the uptream server point to doh-server ip and port. If you didn’t change anything in the configuration of doh-server, it’s already configured correctly.
For now, we don’t enable SSL, this will be done after with certbot & let’s encrypt.
And there you go, you have now Nginx that will takes care of serving HTTP request to doh-server.
Stapling
The idea is to make Nginx take care of checking if the certificate is expired and keep that information in cache. This is to avoid doing too many requests on the Certificate Authority (CA) of the certificate.
Definition
Create a new file into /etc/nginx/conf.d/stapling.conf with the following content:
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.2.1;
This will activate the stapling for all your website hosted with Nginx and using HTTPS. Feel free to change the resolver variable. By default I made it use the dnscrypt-proxy we configured, but you can change it to any other DNS server.
Certbot
Certbot is the tool developed by EFF to help you request SSL certificate using let’s encrypt. Not only it will generate a certificate for your domain, it will also configure Nginx for you and take care of renewing the certificate.
Install
Usually the version available in the distribution is a little old. We’re going to use the official PPA.
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx
Configuration
Certbot provides a variety of ways to obtain SSL certificates, through various plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary:
sudo certbot --nginx -d dns.example.com
This runs certbot with the --nginx plugin, using -d to specify the names we’d like the certificate to be valid for.
If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.
If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
Select the appropriate number [1-2] then [enter](press 'c' to cancel):
I advise to choose redirect to be sure it use only HTTPS.
SSL Defaults
Certbot comes with “good-enough” SSL defaults, but they haven’t been updated in a while. It keeps support for TLS1.0 which has been deprecated for years. No device should use it anymore. Moreover the chosen cypher list contains weak cyphers. To resolve this issue, I compiled a new configuration file for you to replace the weak defaults of Certbot.
Edit the file /etc/letsencrypt/options-ssl-nginx.conf and replace its content by this.
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
By design, the certificate will expire in 90 days. Certbot will take care of renewing it 30 days before expiry. In the case you want to test the renewal process you can run this command.
If you remove the --dry-run, you’ll actively ask Certbot to renew the certificate.
sudo certbot renew --dry-run
Conclusion
Congratulation you have now a DNS-over-HTTPS server running that can accept request at https://dns.example.com/dns-query.
This conclude the first part of the guide. The second convers the differents clients available, like dnscrypt-proxy (windows/linux) and Intra (Android). And the third one how to make this DoH block advertising.
https_dns_proxy is a light-weight DNS over HTTPS, non-caching translation proxy for the emerging DoH DNS-over-HTTPS standard. It receives regular (UDP) DNS requests and issues them via DoH.
Using DNS over HTTPS makes eavesdropping and spoofing of DNS traffic between you and the HTTPS DNS provider (Google/Cloudflare) much less likely. This of course only makes sense if you trust your DoH provider.
Features
Tiny Size (<30kib li="">30kib>
Uses curl for HTTP/2 and pipelining, keeping resolve latencies extremely low.
Single-threaded, non-blocking select() server for use on resource-starved embedded systems.
Designed to sit in front of dnsmasq or similar caching resolver for transparent use.
Build
Depends on c-ares, libcurl, libev.
On Debian-derived systems those are libc-ares-dev, libcurl4-{openssl,nss,gnutls}-dev and libev-dev respectively. On Redhat-derived systems those are c-ares-devel, libcurl-devel and libev-devel.
On MacOS, you may run into issues with curl headers. Others have had success when first installing curl with brew.
-a listen_addr Local address to bind to. (127.0.0.1) -p listen_port Local port to bind to. (5053) -d Daemonize. -u user Optional user to drop to if launched as root. -g group Optional group to drop to if launched as root. -b dns_servers Comma separated IPv4 address of DNS servers to resolve resolver host (e.g. dns.google.com). (8.8.8.8,1.1.1.1,8.8.4.4,1.0.0.1,145.100.185.15,145.100.185.16,185.49.141.37) -r resolver_url_prefix The HTTPS path to the JSON resolver URL. (https://dns.google.com/resolve?) -e subnet_addr An edns-client-subnet to use such as "203.31.0.0/16". () -t proxy_server Optional HTTP proxy. e.g. socks5://127.0.0.1:1080 Remote name resolution will be used if the protocol supports it (http, https, socks4a, socks5h), otherwise initial DNS resolution will still be done via the bootstrap DNS servers. -l logfile Path to file to log to. (-) -x Use HTTP/1.1 instead of HTTP/2. Useful with broken or limited builds of libcurl (false). -v Increase logging verbosity. (INFO)
Alternative protocols
The DoH standard is still evolving. Because responses are translated into JSON, there is room for error in encoding and parsing response types - particularly the less common ones.
For this reason, I tend to believe DNS-over-TLSis a better long-term strategy for the industry, but proxy clients aren't yet readily available.
Note that fundamental differences (binary vs JSON encoding) mean this software does not and will not support DNS-over-TLS.
A MEAN.JS BASED BitTorrent Private Tracker - Full-Stack JavaScript Using MongoDB, Express, AngularJS, and Node.js, A BitTorrent Private Tracker CMS with Multilingual, and IRC announce support, CloudFlare support.
meanTorrent - A Private BitTorrent Tracker CMS based on meanjs/mean
meanTorrent is A Private BitTorrent Tracker CMS with Multilingual support and a full-stack JavaScript open-source solution, which provides a solid starting point for MongoDB, Node.js, Express, and AngularJS based applications.
When you want to upload a torrent, Only need to select a source torrent file, and input the movie ID origin TMDB, the movie detaill info will be autoload.
One torrent can boundle many attrs tag, It's the keyword to search filtering.
Oper/Admin can manager users(edit/delete etc), forbidden user(banned).
OPer/Admin can manager torrents, can reviewed new torrents, set torrent sale type, set torrent recommend level, and delete torrent.
Global sale set support, It provides convenience for site preferential sales setting.
Client Black List support, user can not use the client list inside clientBlackList connect to the tracker server.
When user to change profile picture, meanTorrent use ui-cropper to crop the image.
The first sign up user auto be admin role.
User signed ip / leeched ip all in db, admin can forbid user if user`s ip too many.
Detailed user stats info, include account status, uploaded torrents list, seeding list, downloading list.
Complete user score system, user can use score exchange an invitation to invite friend register join.
Invitations manager, user can keep track of invited friends registration progress.
Admin/Oper can manual management the user`s uploaded/downloaded/score data.
Complete messageBox, include message list, read status, keys search, reply detail and markdown style support.
Complete forum function, admin can configure each forum section and section moderators, the content support markdown style.
Forum topics and replies can attach picture files and other type files, The picture file will be displayed automatically, Others file can only be downloaded.
Forum replies support real edit, What you see is what you get (bootstrap-markdown), and drag & drop attach file upload.
Complete thumbs-up system(thanks system), topic poster or torrent uploader will received score donate from clicker.
IRC Announce support Node-irc, when user upload new torrent file, and oper/admin reviewed it, then announce the torrent info to IRC channel.
Complete HnR(hit and run) system support.
Oper/admin can send official invitation, but all the invitation has the expired time setting.
Complete music torrents support, include CD and MTV sub type.
Sports and variety type torrents support NOW!
Software, game, picture, ebook type torrents support NOW!
Admin can update or set users Vip attribute data manual in manage page.
Admin or oper can set torrent 'VIP' attribute, all these torrents only VIP user can list and download.
Complete torrents resources group support, Admin can create a group and set a founder, and the founder can add or remove member users.
Complete movie collections support, Admin can create a collection and insert any movie into it, user can view collection and download all torrents of the collection.
Sort on torrent Vote, seeders, leechers, finished data on torrent list table head clicked events.
Simple vip donate payment function, support Paypal me, Alipay Qrcode and Weixin QRcode.
meanTorrent can backup mongo database into to a .tar files automatic at midnight everyday, and Admin can manage or download these files.
OrderBy torrent imdb vote or site vote in torrent list table header click.
User downloading progress bar or seeding status bar (ngProgress) in torrent list and home page.
User email verify and account active support, inactive account can not login and announce torrent data.
User can set a signature info for forum.
Auto get search movie/tvserial result from TMDB by keywords, user can select a result item to load resources info and upload.
Admin can configure to hide all menu header and footer count info for guest users, usefully for private tracker mode.
Complete emoji support in markdown content, The images for the emoji can be found in the emoji-cheat-sheet.
Complete forum for vip and oper/admin users only, Special access forums not show to normal users.
Add 'All Newest Torrents' in resources type list option of torrent manage admin page, admin can directly management all newest torrents of all category.
New user status 'idle' for long time not login, idle user can not download and can not announce, user can active account with fixed score numbers.
Support anonymous uploader.
In forum, Admin/Moderators and topic owner can edit topic title through click on the title text.
New feature for list all uploader(resources group and user), admin can set uploader access to pass review directly when upload a torrent file.
Complete emoji support on chat room, message box.
Complete server auto notice function to users.
Complete RSS subscription support.
Complete user follow system.
Request system support. User can post a request to find any torrent and respond a request to upload torrent, rewards score support.
Global sales setting support, admin can redefined the upload and download ratio in sales, the value is priority to the torrent sales settings. And show global sales notice message at home page.
New feature for system control panel, only admin can edit markdown templates or system configure files online or execute some shell command online, but this is danger, if you do not understand it, don`t do it please.
Feature for user score getting. upload/download the older torrent get the higher score, the few seeding people got the higher score.
An examination tasks system to check user`s incremental uploaded, download and score value within a specified period of time, if the value failed to reach the standard, admin can banned them.
Add email white list, user can not to receive invite mail and active mail if the email domain not in the list.
Add angular-cache support, to cache all data from $resource GET method, and update these data when $resource POST|PUT|DELETE method.
Daily check in function, continuous check-in to get more points.
Complete resources albums support, oper & admin can create a album and add torrent into it and push it to home page.
Detailed logs, include uploaded and downloaded announce logs, seeding time logs, score changed logs, score changed days log and months log.
Admin can present official invitations to user.
System message support property of 'must read', user must read it and mark it as already read, otherwise it will popup again to minute later.
History of admin operate user account.
New feature for torrent screenshots image upload and edit by uploader or admin or oper, the image link url address support also.
Users score/uploaded/downloaded number changed line graph and detail history of last few days.
Tracker PIV6 support, and show uses IP type(v4.v6) in users list of torrent detail page.
Add a reason when administrator to banned a user.
Add a configure item to setting whether ban the users inviter when the user was banned. and you can setting whether ban the inviter when the inviter is a vip user.
Check the un-reviewed new torrents and opened tickets status and show in top menu item.
New module of Medal Center, the medal is the identity of the users identity and contribution to the site.
New module of Favorites, user can add any torrent into favorites and use the RSS url to download automatic.
Check the reduplicate resource torrents when user upload a torrent and show the tooltip message to uploader.
Chat room feature:
Users name list
Oper/admin can kick(ban) user out of room
Support chat message font style(Font color, Bold style, Italic style) setting online
Banned user can not reconnect to chat server with an expires time(default one hour)
User can not repetitive login from another location at one time
Chat message bubble style
Complete emoji support by enter colon.
TODO
Fetch service email box message into administrator group message box of site, oper and admin can select any item to handling.
Support service center client side logic and UI.
Site data line graph for admin
Poll type topics support in forum.
More score get methods.
IRC chat
Business cooperation support(like play box? NAS? etc.)
Express - The best way to understand express is through its Official Website, which has a Getting Started guide, as well as an ExpressJS guide for general express topics. You can also go through this StackOverflow Thread for more resources.
Make sure you have installed all of the following prerequisites on your development machine:
Git - Download & Install Git. OSX and Linux machines typically have this already installed.
Node.js - Download & Install Node.js and the npm package manager. If you encounter any problems, you can also use this GitHub Gist to install Node.js.
MongoDB - Download & Install MongoDB, at least version 3.4 is required, and make sure it's running on the default port (27017).
Bower - You're going to use the Bower Package Manager to manage your front-end packages. Make sure you've installed Node.js and npm first, then install bower globally using npm:
$ npm install -g bower
Downloading meanTorrent
There are several ways you can get the meanTorrent boilerplate:
Cloning The GitHub Repository
The recommended way to get meanTorrent is to use git to directly clone the meanTorrent repository:
Don't forget to rename meanTorrent-master after your project name.
Quick Install
Once you've downloaded the boilerplate and installed all the prerequisites, you're just a few steps away from starting to develop your meanTorrent application.
The boilerplate comes pre-bundled with a package.json and bower.json files that contain the list of modules you need to start your application.
To install the dependencies, run this in the application folder from the command-line:
$ npm install
This command does a few things:
First it will install the dependencies needed for the application to run.
If you're running in a development environment, it will then also install development dependencies needed for testing and running your application.
When the npm packages install process is over, npm will initiate a bower install command to install all the front-end modules needed for the application
To update these packages later on, just run npm update
If install process show error info below:
../node-icu-charset-detector.cpp:7:28: fatal error: unicode/ucsdet.h: No such file or directory
then run this command to install libicu manual
apt-get install libicu-dev OR yum install libicu-devel
Running Your Application
Run your application using npm:
$ npm start
Your application should run on port 3000 with the development environment configuration, so in your browser just go to http://localhost:3000
That's it! Your application should be running. To proceed with your development, check the other sections in this documentation. If you encounter any problems, try the Troubleshooting section.
Explore config/env/development.js for development environment configuration options.
Running in Production mode
To run your application with production environment configuration:
$ npm run start:prod
Explore config/env/production.js for production environment configuration options.
Running with TLS (SSL)
Application will start by default with secure configuration (SSL mode) turned on and listen on port 8443. To run your application in a secure manner you'll need to use OpenSSL and generate a set of self-signed certificates. Unix-based users can use the following command:
$ npm run generate-ssl-certs
Windows users can follow instructions found here. After you've generated the key and certificate, place them in the config/sslcerts folder.
Finally, execute prod task npm run start:prod
enable/disable SSL mode in production environment change the secure option in config/env/production.js
Getting Started With meanTorrent
Before you to start the meanTorrent application, Please explore config/env/torrent.js for many environment configuration options, you can change all configuration items of you Caring, such as:
meanTorrent tracker is private, please set the announce.url to your server url, then when user to upload torrent file, It will autocheck the torrent announce url whether matching as announce.url.
tmdbConfig: { //please change it to your api key from themoviedb.org key:'key from themoviedb.org', },
Because meanTorrent autoload the movie info from TMDB, so please to register yourself key and replace it to tmdbConfig.key.
Multilingual support, if you add a new translate string file, please add configuration here. The name is value of ISO_639-1, The class is used origin flag-icon-css, you can find flag icon at /public/lib/flag-icon-css/flags/.
This is a client Black List, all the list client can not connect to the tracker server, you can add more if you unlike some client to connect. And you can make a list page to tell users witch clients are unpopular.
If your site do not accept user free register, please set openSignup to false, then user only can register through friend invitation or system(admin/oper) invitation. if you set openInvite to true, the normal user can invite friends to join, if false only oper/admin can invite users.
All the sign up account need verify & active by mail, and must completed within the set time signUpActiveTokenExpires.
showMenuHeaderForGuest is setting whether show menu header for guest user, if you do not want the menu header showing for guest, please set to false.
Now, IRC announce support Node-irc, this function can be used on rtorrent client, if match some words, the download client can add the torrent into download task list automatic.
If you started meanTorrent at production env, please set showDemoWarningPopup and showDemoSignMessage to false, this will not show demo message any where. and you can set showDebugLog to false, then the console.log info is not output.
meanTorrent support complete HnR(hit and run) system, if user download a HnR torrent, then must seeding days of contition.seedTime or the upload ratio more than contition.ratio, otherwise, the user will get a HnR warning, if the warning numbers is more than forbiddenDownloadMinWarningNumber, then the user can not download any torrent. but can continue the warning torrent and seed it until the warning disappears, and the user can remove a warning by score number of scoreToRemoveWarning or donate a VIP qualifications.
meanTorrent can backup mongo database into to a .tar files automatic at midnight everyday, and Admin/Oper can manage or download these files. if you want to disabled this feature, please set enable to false, dir is the saved path.
mail sender configure
meanTorrent need send mail to user when restore password, send invitations etc. before send these mail, you need change the mail options in file config/env/development.js and config/env/production.js, meanTorrent used module nodemailer, if you have any config question you can find at nodemailer.
Copy a translate string original file from modules/core/client/app/trans-string-en.js to your want named file, such as 'trans-string-fr.js', and then translate all the strings.
Add new language configure item in config/env/torrent.js.
language: [ {name:'en', index:0, class:'flag-icon-gb', title:'English'}, {name:'zh', index:1, class:'flag-icon-cn', title:'中文'}, {name:'fr', index:2, class:'flag-icon-fr', title:'Français'} // this is added new language configure ],
Copy and translate all the .md files in modules/*/client/templates/*.md, notice the naming rules of files please, these files can edit online now.
meanTorrent used richtext box of bootstrap-markdown, It has already translated some language, you can find them at /public/lib/bootstrap-markdown/locale/, then inset into config file /config/assets/default.js and /config/assets/production.js, such as:
//bootstrap-markdown 'public/lib/bootstrap-markdown/js/bootstrap-markdown.js', 'public/lib/bootstrap-markdown/locale/bootstrap-markdown.zh.js', 'public/lib/bootstrap-markdown/locale/bootstrap-markdown.fr.js', // this is added new line
Note: If you can not find you wanted language file, you can copy and translate and config it.
Restart meanTorrent.
Deploying to PAAS
Deploying meanTorrent To Heroku
By clicking the button below you can signup for Heroku and deploy a working copy of meanTorrent to the cloud without having to do the steps above.
Amazon S3 configuration
To save the profile images to S3, simply set those environment variables:
UPLOADS_STORAGE: s3 S3_BUCKET: the name of the bucket where the images will be saved
S3_ACCESS_KEY_ID: Your S3 access key S3_SECRET_ACCESS_KEY: Your S3 access key password
Clone and run for a quick way to see Electron in action.
This is a minimal Electron application based on the Quick Start Guide within the Electron documentation.
Use this app along with the Electron API Demos app for API code examples to help you get started.
A basic Electron application needs just these files:
package.json - Points to the app's main file and lists its details and dependencies.
main.js - Starts the app and creates a browser window to render HTML. This is the app's main process.
index.html - A web page to render. This is the app's renderer process.
You can learn more about each of these components within the Quick Start Guide.
To Use
To clone and run this repository you'll need Git and Node.js (which comes with npm) installed on your computer. From your command line:
# Clone this repository git clone https://github.com/electron/electron-quick-start # Go into the repository cd electron-quick-start # Install dependencies npm install # Run the app npm start
Note: If you're using Linux Bash for Windows, see this guide or use node from the command prompt.
Tdns-server-proxy is a server-side proxy for DNS that takes connection (TCP/TLS) based DNS queries from client and forwards them to a recursive DNS server over UDP. Ideally, the recursive DNS server should be running at the same host as this proxy. It also forwards responses from the recursive DNS server back to client over TCP/TLS. It can be used to pair with tdns-client-proxy to accomplish T-DNS's features, such as query pipelining and out-of-order responses. It tracks the current Specification for DNS over TLS, draft-ietf-dprive-dns-over-tls-09, enabling direct TLS on port 853 by default, with TCP and STARTTLS as options. A man page (README.man in the package) describes how to use this proxy.
Tdns-client-proxy is a client-side proxy for DNS that takes UDP-based DNS queries from local application and forwards them to a remote recursive DNS server over TCP (with STARTTLS) or direct TLS. It also forwards responses from remote recursive DNS server back to local application over UDP. It can be used to pair with tdns-server-proxy to accomplish T-DNS's features, such as privacy with query pipelining and out-of-order responses. It tracks the current Specification for DNS over TLS, draft-ietf-dprive-dns-over-tls-09, enabling direct TLS on port 853 by default, with TCP and STARTTLS as options. A man page (README.man in the package) describes how to use this proxy.
DNS is the canonical example of a connectionless, single packet, request/response protocol, with UDP as its dominant transport. Yet DNS today is challenged by eavesdropping that compromises privacy, source address spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection attacks that exploit fragmentation, and size limitations that constrain policy and operational choices.
We propose t-DNS to address these problems: it combines TCP to smoothly support large payloads and mitigate spoofing and amplification for DoS. T-DNS uses transport-layer security (TLS) to provide privacy from users to their DNS resolvers and optionally to authoritative servers.
People
John Heidemann, PI on this project, project leader and professor (USC/ISI)
Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels and P. Hoffman 2016. Specification for DNS over Transport Layer Security (TLS) . Technical Report 7858. Internet Request For Comments. [DOI] [PDF] Details
Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2016. T-DNS: Connection-Oriented DNS to Improve Privacy and Security (poster abstract). Technical Report ISI-TR-2016-706. USC/Information Sciences Institute. [PDF] Details
Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels and Paul Hoffman 2015. TLS for DNS: Initiation and Performance Considerations, draft-ietf-dprive-start-tls-for-dns-00. IETF Internet Draft. [PDF] Details
Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2015. Connection-Oriented DNS to Improve Privacy and Security. Proceedings of the 36thIEEE Symposium on Security and Privacy (San Jose, Californa, USA, May 2015), 171–186. [DOI] [PDF] [Code] [Dataset] Details
Liang Zhu, Duane Wessels, Allison Mankin and John Heidemann 2015. Measuring DANE TLSA Deployment. Proceedings of the 7th IEEE International Workshop on Traffic Monitoring and Analysis (Barcelona, Spain, Apr. 2015), 219–232. [DOI] [PDF] [Code] Details
Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2015. Connection-Oriented DNS to Improve Privacy and Security (extended). Technical Report ISI-TR-2015-695. USC/Information Sciences Institute. [PDF] [Code] Details
Liang Zhu, Zi Hu and John Heidemann 2015. Evaluation of Future DNSSEC Response Sizes at a Root and a TLD Server. [PDF] Details
Liang Zhu, Duane Wessels, Allison Mankin and John Heidemann 2014. Measuring DANE TLSA Deployment. Presentation at DNS-OARC Fall Workshop.[PDF] Details
Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2014. T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended). Technical Report ISI-TR-2014-693. USC/Information Sciences Institute. [PDF] [Code] Details
John Heidemann 2014. T-DNS: Connection-Oriented DNS to Improve Privacy and Security. Presentation at the Spring DNS-OARC Meeting. [PDF] Details
Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2014. T-DNS: Connection-Oriented DNS to Improve Privacy and Security. Technical Report ISI-TR-2014-688. USC/Information Sciences Institute. [PDF] Details
2016年10月4日,美国商务部、美国专利商标局以及经济和统计管理局联合发布研究报告《知识产权与美国经济2016(Intellectual Property and the US Economy:2016 Update)》,指出知识产权密集型产业至少为美国提供了4500万个就业机会,产业贡献超过6万亿美元,占美国GDP总量的38.2%。该报告识别了81个广泛采用专利、著作权以及商标权保护的知识产权密集型产业,包括软件出版业、录音产业、音频和视频设备制造业、有线电视和其他订阅节目、表演艺术公司以及广播电视。这些产业直接或间接产生的就业机会约占美国所有产业的30%。
