- Install Proxmox 5.3
- Console/SSH into Proxmox
- nano /etc/apt/sources.list
- edit the file to look like this
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend http-https-in | |
tcp-request inspect-delay 5s | |
http-request set-header X-Forwarded-For %[req.hdr_ip(CF-Connecting-IP)] if { hdr(CF-Connecting-IP) -m found } | |
http-request set-header X-Forwarded-For %[src] unless { hdr(CF-Connecting-IP) -m found } | |
http-request set-header CF-Edge-IP %[src] if { hdr(CF-Connecting-IP) -m found } | |
acl is_myonlywebsite1_com hdr(host) -i www.myonlywebsite1.com | |
acl is_myonlywebsite1_com hdr(host) -i myonlywebsite1.com | |
# rate limit for /login route |
You may not know that [the most awesome validation engine for PHP][1] out there is [Respect/Validation][2]. If you do, this is tailored for you!
All rules on [Respect/Validation][2] are meant to be used together, composing a more complex validation rule that is closer to the domain of your application than the existing ones, let's try an example:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DELIMITER // | |
CREATE FUNCTION BIN_TO_UUID(b BINARY(16)) | |
RETURNS CHAR(36) | |
BEGIN | |
DECLARE hexStr CHAR(32); | |
SET hexStr = HEX(b); | |
RETURN LOWER(CONCAT( | |
SUBSTR(hexStr, 1, 8), '-', | |
SUBSTR(hexStr, 9, 4), '-', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
varnishlog -g request -q 'ReqMethod eq "PURGE"' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once('Crypto.php'); | |
function setKey(){ | |
try { | |
$key = Crypto::CreateNewRandomKey(); | |
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(), | |
// they may leak the key to the attacker through side channels. | |
} catch (CryptoTestFailedException $ex) { | |
die('Cannot safely create a key'); | |
} catch (CannotPerformOperationException $ex) { |
Create a new systemd user unit, which starts ssh-agent
upon login to server. Will remain resident until the final session for the user has logged out.
-
Create
/etc/systemd/user/ssh-agent.service
. -
Run the following commands (under your user account, not
root
) to install the systemd unit and start:$ systemctl --user enable ssh-agent.service $ systemctl --user start ssh-agent.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Incomplete Bash completion for zerotier-cli | |
# | |
# /etc/bash_completion.d/zerotier-cli | |
# | |
# | |
_zerotier-cli() | |
{ | |
local cur prev opts | |
COMPREPLY=() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
MYSQLADMIN_CFG="/etc/mysql/mariadb.conf.d/90-mysqladmin.cnf" | |
# generate password | |
PASS=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'); | |
# adjust /etc/mysql/debian.cnf (used as defaults file by system scripts) | |
sed -i "s/^password =.*$/password = ${PASS}/" /etc/mysql/debian.cnf | |
sed -i "s/^user =.*$/user = debian-sys-maint/" /etc/mysql/debian.cnf | |
# create config file for mysqladmin itself (maybe not needed) | |
umask 066 | |
cat > ${MYSQLADMIN_CFG} <<EOF |
Export your public key:
keybase pgp export > keybase-public.key
Export your private key:
keybase pgp export --secret > keybase-private.key