Generate private key:
openssl genrsa -des3 -out myCA.key 2048
Using the private key, generate a root cert:
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
It doesnt matter what fields you put in. Maybe make the Common Name something you can recognize.
| terraform remote config -backend=s3 \ | |
| -backend-config="bucket=terraform-up-and-running-2017" \ | |
| -backend-config="key=global/s3/terraform.tfstate" \ | |
| -backend-config="region=us-west-1" \ | |
| -backend-config="encrypt=true" |
| 0.0.0.0:80 { | |
| tls off | |
| root /helpy/public | |
| header /assets { | |
| gzip | |
| Expires "Thu, 31 Dec 2037 23:55:55 GMT" | |
| Cache-Control public | |
| } |
| FROM alpine:3.3 | |
| RUN apk add --update-cache curl ca-certificates \ | |
| && rm -rf /var/cache/apk/* | |
| # ENV CADDY_VERSION 0.8.3 | |
| ENV CADDY_FEATURES "" | |
| #^ "cors,git,hugo,ipfilter,jsonp,search" | |
| RUN ARCH=$(if [ $(apk --print-arch) = x86_64 ]; then echo "amd64"; else $(apk --print-arch); fi) \ |
| # If you use bash, this technique isn't really zsh specific. Adapt as needed. | |
| source ~/keychain-environment-variables.sh | |
| # AWS configuration example, after doing: | |
| # $ set-keychain-environment-variable AWS_ACCESS_KEY_ID | |
| # provide: "AKIAYOURACCESSKEY" | |
| # $ set-keychain-environment-variable AWS_SECRET_ACCESS_KEY | |
| # provide: "j1/yoursupersecret/password" | |
| export AWS_ACCESS_KEY_ID=$(keychain-environment-variable AWS_ACCESS_KEY_ID); | |
| export AWS_SECRET_ACCESS_KEY=$(keychain-environment-variable AWS_SECRET_ACCESS_KEY); |
| # Notes on Ruby memory allocation | |
| # Mostly based off of: https://www.sitepoint.com/ruby-uses-memory/ | |
| # Objects cannot be GC if they are referenced by a global object. | |
| # This applies to contants, classes, modules, anything GLOBAL | |
| STRINGS = [] | |
| GC.start | |
| before = GC.stat(:total_freed_objects) |
| # spec/support/schema_matcher.rb | |
| RSpec::Matchers.define :match_response_schema do |schema| | |
| match do |response| | |
| schema_directory = "#{Dir.pwd}/lib/api/v1/schemas" | |
| schema_path = "#{schema_directory}/#{schema}.json" | |
| is_list = JSON.parse(response.body).is_a?(Array) | |
| JSON::Validator.validate!(schema_path, response.body, list: is_list, strict: true) | |
| end | |
| end |
| #!/bin/bash set -e | |
| # Sets up a developement/test marathon environment running on mesos | |
| # You should run this on a docker-machine; it doesn't work using Docker for Mac | |
| MESOS_IP=$(docker-machine ip default) | |
| echo "starting zookeeper..." | |
| docker run -d --net=host netflixoss/exhibitor:1.5.2 |
| // to execute, pass in the certs: | |
| // go run main.go --cert /Users/imranraja/.docker/machine/machines/default/cert.pem --key /Users/imranraja/.docker/machine/machines/default/key.pem --CA /Users/imranraja/.docker/machine/machines/default/ca.pem | |
| // | |
| // Current status: I'm able to communicate with teh docker remote api running locally. I had to use the docker cert path to get the tls creds and pass that with the http request | |
| package main | |
| import ( | |
| "crypto/tls" | |
| "crypto/x509" |
| #!/bin/bash | |
| if [ "$#" -ne 2 ] || ! [ -d "$1" ]; then | |
| echo "Usage: $0 /Path/To/Certificate CERT_NAME" >&2 | |
| exit 1 | |
| fi | |
| # This assumes the cert is in the same directory as the script | |
| source="$( cd $1 && pwd )" | |
| # ca-certificate of the VM |