AntonSmolkov

###################################################
##
## Alertmanager YAML configuration for routing.
##
## Will route alerts with a code_owner label to the slack-code-owners receiver 
## configured above, but will continue processing them to send to both a
## central Slack channel (slack-monitoring) and PagerDuty receivers
## (pd-warning and pd-critical)
##

AntonSmolkov

#!/bin/bash

FQDN="domain.local"
CERT_FILENAME="wildcard.${FQDN}"
CERT_COMMONNAME="*.${FQDN}"

wget "https://github.com/OpenVPN/easy-rsa/archive/master.zip"
unzip master.zip
mv easy-rsa-master/easyrsa3/ .
rm -rf master.zip easy-rsa-master/

AntonSmolkov

Follow these steps to update the SSL certificate of the ingress in a Rancher High Availability installation or switch from the default self-signed to a custom certificate:

Create/Update the certificate secret resource

First, concat the server certificate followed by any intermediate certificate(s) to a file named tls.crt and provide the corresponding certificate key in a file named tls.key.

If you are switching the install from using the Rancher generated CA or a Let’s Encrypt issued certificates use the following command to create the tls-rancher-ingress secret resource in your Rancher HA cluster:

$ kubectl -n cattle-system create secret tls tls-rancher-ingress \

AntonSmolkov

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: kube-system
  labels:
    k8s-app: filebeat
spec:
  template:
    metadata:

AntonSmolkov

nginx/openresty reverse proxy ntlm support

Problem

This code allows you to pass ntlm auth in nginx reverse proxy mode. The problem with plain nginx is that ntlm requires one tcp connection for multiple http requests. Even if browser respect this behaviour, nginx will create/took new connection for each request to ntlm-awared server.

Solution

Implement nginx-like stream proxy, but parse http to understand end of sequence (first request after ntlm auth). We need end of sequence, since browser can reuse opened tcp connection and send another request, which will be passed to ntlm-aware server and this is not you expect.

Installation

Put ntlm.lua to lualib path of openresty.

Linux

You need to install lua-http-parser into openresty lualib path with luarocks.

Windows

AntonSmolkov

IP Tables (iptables) Cheat Sheet

IPTables is the Firewall service that is available in a lot of different Linux Distributions. While modifiying it might seem daunting at first, this Cheat Sheet should be able to show you just how easy it is to use and how quickly you can be on your way mucking around with your firewall.

Resources

The following list is a great set of documentation for iptables. I used them to compile this documentation.

• How-To Geek: The Beginner’s Guide to iptables, the Linux Firewall: https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
• IPTables Essentials: Common Firewall Rules and COmmands https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands

AntonSmolkov

#
# tuned configuration for PostgresSQL servers
# /usr/lib/tuned/postgres-db-server/tuned.conf
#

[cpu]
force_latency=1
governor=performance
energy_perf_bias=performance
min_perf_pct=100