Skip to content

Instantly share code, notes, and snippets.

View brodygov's full-sized avatar

Andy Brody brodygov

20 followers · 0 following
View GitHub Profile
@brodygov
brodygov / recipes:hostname.rb
Created August 2, 2017 00:46
auto-set-ec2-hostname chef recipe
#
# Cookbook Name::ubuntu_hardened_ami
# Recipe::hostname
# Script to set hostname and /etc/hosts
template '/usr/local/bin/auto-set-ec2-hostname' do
source 'auto-set-ec2-hostname.erb'
owner 'root'
group 'root'
mode '0755'
@brodygov
brodygov / realip.nginx.conf
Created August 28, 2017 23:30
Nginx realip module $lb_if_proxied variable: "-" if proxied, otherwise the load balancer's IP address
# Create new variable $lb_if_proxied.
#
# With the realip module enabled, $remote_addr will be the end-user's IP
# address, potentially from X-Forwarded-For, and $realip_remote_addr will be
# the actual immediate client IP address.
#
# Return the load balancer IP address ($realip_remote_addr) if the request
# looks like it was proxied. If the request does not look like it was proxied
# (when $remote_addr is a private IP address), then return "-" instead.
map $remote_addr $lb_if_proxied {
@brodygov
brodygov / rbenv-0.4.0.patch
Created May 14, 2018 20:38
rbenv root patch
--- /usr/lib/rbenv/libexec/rbenv 2013-01-04 18:27:26.000000000 +0000
+++ /usr/lib/rbenv/libexec/rbenv 2018-05-14 20:21:59.322775897 +0000
@@ -21,7 +21,8 @@
}
if [ -z "${RBENV_ROOT}" ]; then
- RBENV_ROOT="${HOME}/.rbenv"
+ #RBENV_ROOT="${HOME}/.rbenv"
+ RBENV_ROOT="/opt/ruby_build"
else
@brodygov
brodygov / mirror-repo.sh
Created May 17, 2018 02:42
Mirror a git repository under an archival github user's account
#!/bin/bash
set -eu
ARCHIVE_USER="${ARCHIVE_USER-my-archive-user}"
ssh_key="$HOME/.ssh/key.mirror-repo"
usage() {
cat >&2 <<EOM
usage: $(basename "$0") [options] SOURCE_REPO DEST_NAME
@brodygov
brodygov / repo-alert-public.py
Created May 17, 2018 02:44
Monitor a github user for public repos and alarm if any are found
#!/usr/bin/env python
import json
import sys
import requests
def usage():
print 'usage: repomonitor.py GITHUB_USER\n\nMonitor for public repos.'
@brodygov
brodygov / make-ramdisk
Created June 1, 2018 20:15
Create a linux ramdisk and mount it
#!/bin/bash
set -euo pipefail
run() {
echo >&2 "+ $*"
"$@"
}
usage() {
@brodygov
brodygov / cert-import.sh
Created June 15, 2018 21:52
Import certificate authorities into a repo while normalizing their format and finding duplicates
#!/bin/bash
set -eu
usage() {
cat >&2 <<EOM
usage: $(basename "$0") CRT_FILE BASENAME
Import CRT_FILE (in PEM format) into this directory with BASENAME as the
prefix. The output file will be named in this format:
BASENAME.<issue_year>-<exp_year>.<subj_key_id>.<sha1_fingerprint>.crt
EOM
@brodygov
brodygov / s3-split-ls-by-date.go
Created June 21, 2018 22:40
Split s3 file by date
package main
import (
"bufio"
"fmt"
"log"
"os"
"path"
"strings"
"syscall"
@brodygov
brodygov / download-slack-emoji.py
Last active October 2, 2018 21:25 — forked from alex/download-slack-emoji.py
#!/usr/bin/env python3
import os
import sys
import zipfile
import requests
def main(argv):
@brodygov
brodygov / api-authentication.md
Last active October 8, 2018 17:05
Thoughts on API authentication strategies

Thoughts on API Authentication Strategies

There are a number of different strategies for enabling API authentication for system-to-system authentication between two parties. All of them have some advantages and disadvantages.

Simple API key

The simplest approach is typically to pass a secret API key as a header or using HTTP basic auth. The client provides a secret value in the Authorization or Bearer header. The server matches the key against a stored value for that account. This relies on the security of HTTPS / TLS to provide confidentiality and integrity. This approach excels for websites with a lot of end-users who need to be able to manage their own keys through a web interface or API. It's so simple that clients don't need any custom code.

Pros:

  • Very simple to implement for both clients and servers