Term | Definition |
---|---|
Mail server | Is a computer system that sends and receives email source |
MX | |
CNAME | Used to alias one name to another,CNAME stands for Canonical Name. source |
DKIM | Is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain source |
SPF | Is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain source |
DMARC | is an email validation system designed to protect your company's email domain from being used for email spoofing [source](https://www.dmarcanalyzer.com/dma |
#!/bin/bash | |
output_file="all_applications-$project_name.yaml" | |
echo "" > "$output_file" | |
project_yaml=$(kubectl get AppProject "$project_name" -n argocd -o yaml) | |
updated_project_yaml=$(echo "$project_yaml" | yq eval 'del(.metadata.creationTimestamp, .metadata.generation, .metadata.resourceVersion,.status, .metadata.uid, .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration")' -) | |
echo "$updated_project_yaml" >> "$output_file" | |
echo '---' >> "$output_file" | |
for app_name in $(kubectl get applications -n argocd -o custom-columns=:.metadata.name --no-headers); do |
--- | |
- name: installs fail2ban on ansible hosts | |
hosts: fail2ban-hosts | |
become: yes | |
tasks: | |
- name: install apt fail2ban packages | |
apt: | |
name: "{{ item }}" | |
state: latest |
Moved to git repository: https://github.com/denji/nginx-tuning
For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon
with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
#!/bin/sh | |
file=path/to/file | |
bucket=your-bucket | |
resource="/${bucket}/${file}" | |
contentType="application/x-compressed-tar" | |
dateValue="`date +'%a, %d %b %Y %H:%M:%S %z'`" | |
stringToSign="GET | |
${contentType} | |
${dateValue} | |
${resource}" |
#!/bin/bash | |
#maintainer : hatem ben tayeb <hatemtayeb2@gmail.com> | |
# usage : ./backup.sh <container name> <container network> | |
if [ ! -z $1 ] | |
then | |
declare log_path="/backups/backup.log" # make sure to create them manually or change it with your customized path | |
declare IP=$(docker inspect $1 | jq ".[].NetworkSettings.Networks.$2.IPAddress" -r) | |
ping -c2 $IP 2>/dev/null 1>/dev/null | |
if [ $? = 0 ] |
This gist will guide you through the setup of a wildcard Let's encrypt TLS certificate.
Let’s encrypt is one of a new kind of Certificate Authority. You can get a TLS certificate from them for your website free of charge and without any manual overhead. These certificates are trusted in most browsers that are out there and will show up as valid. Instead of sending Mails or even paper around you can call an API and prove your domain ownership with simple challenges. Basically you call the API with a hostname or domain name you need a TLS certificate for and you get back a challenge string that you need to put in a well known location on your http host or as a txt record in your dns system.
You can find many clients that manage the proces
services: | |
- docker:dind | |
stages: | |
- development | |
- production | |
variables: | |
DOCKER_DRIVER: overlay2 | |
DOCKER_TLS_CERTDIR: '' |
# Configuration options are limited to SSL/TLS | |
# Enable SSL session caching for improving performance by avoiding the costly session negotiation process where possible | |
# SSL Labs doesn't assume that SNI is available to the client, so it only tests the default virtual server | |
# setting this globally to make it work across all the nginx virtual servers (including the default virtual server) | |
ssl_session_cache shared:ssl_session_cache:10m; | |
ssl_session_timeout 10m; | |
server { | |
listen 443 ssl; |