andrewnimmo

frontend http-https-in
	tcp-request inspect-delay 5s
	http-request set-header X-Forwarded-For %[req.hdr_ip(CF-Connecting-IP)] if { hdr(CF-Connecting-IP) -m found }
	http-request set-header X-Forwarded-For %[src] unless { hdr(CF-Connecting-IP) -m found }
	http-request set-header CF-Edge-IP %[src] if { hdr(CF-Connecting-IP) -m found }

	acl is_myonlywebsite1_com hdr(host) -i www.myonlywebsite1.com
        acl is_myonlywebsite1_com hdr(host) -i myonlywebsite1.com
	
	# rate limit for /login route

andrewnimmo

WARNING MAY BE INCORRECT AND INCOMPLETE, USE AT YOUR OWN RISK

Install Proxmox, RancherOS, in a VM with Rancher 2.0 and Portainer

Setup Proxmox

1. Install Proxmox 5.3
2. Console/SSH into Proxmox
3. nano /etc/apt/sources.list
4. edit the file to look like this

andrewnimmo

Custom rules on Respect/Validation

You may not know that [the most awesome validation engine for PHP][1] out there is [Respect/Validation][2]. If you do, this is tailored for you!

All rules on [Respect/Validation][2] are meant to be used together, composing a more complex validation rule that is closer to the domain of your application than the existing ones, let's try an example:

andrewnimmo

DELIMITER //

CREATE FUNCTION BIN_TO_UUID(b BINARY(16))
RETURNS CHAR(36)
BEGIN
   DECLARE hexStr CHAR(32);
   SET hexStr = HEX(b);
   RETURN LOWER(CONCAT(
        SUBSTR(hexStr, 1, 8), '-',
        SUBSTR(hexStr, 9, 4), '-',

andrewnimmo

varnishlog -g request -q 'ReqMethod eq "PURGE"'

andrewnimmo

<?php
require_once('Crypto.php');
function setKey(){
	try {
		$key = Crypto::CreateNewRandomKey();
		// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
		// they may leak the key to the attacker through side channels.
	} catch (CryptoTestFailedException $ex) {
		die('Cannot safely create a key');
	} catch (CannotPerformOperationException $ex) {

andrewnimmo

Add user ssh-agent as daemon to Ubuntu 18.04LTS server

Create a new systemd user unit, which starts ssh-agent upon login to server. Will remain resident until the final session for the user has logged out.

Steps

• Create /etc/systemd/user/ssh-agent.service.

• Run the following commands (under your user account, not root) to install the systemd unit and start:

   $ systemctl --user enable ssh-agent.service
   $ systemctl --user start ssh-agent.service

andrewnimmo

# Incomplete Bash completion for zerotier-cli
#
# /etc/bash_completion.d/zerotier-cli
#

#
_zerotier-cli()
{
    local cur prev opts
    COMPREPLY=()

andrewnimmo

#!/bin/sh
MYSQLADMIN_CFG="/etc/mysql/mariadb.conf.d/90-mysqladmin.cnf"
# generate password
PASS=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)');
# adjust /etc/mysql/debian.cnf (used as defaults file by system scripts)
sed -i "s/^password =.*$/password = ${PASS}/" /etc/mysql/debian.cnf
sed -i "s/^user     =.*$/user     = debian-sys-maint/" /etc/mysql/debian.cnf
# create config file for mysqladmin itself (maybe not needed)
umask 066
cat > ${MYSQLADMIN_CFG} <<EOF

andrewnimmo

Export your public key:

keybase pgp export > keybase-public.key

Export your private key:

keybase pgp export --secret > keybase-private.key