For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
var mediaJSON = { "categories" : [ { "name" : "Movies", | |
"videos" : [ | |
{ "description" : "Big Buck Bunny tells the story of a giant rabbit with a heart bigger than himself. When one sunny day three rodents rudely harass him, something snaps... and the rabbit ain't no bunny anymore! In the typical cartoon tradition he prepares the nasty rodents a comical revenge.\n\nLicensed under the Creative Commons Attribution license\nhttp://www.bigbuckbunny.org", | |
"sources" : [ "http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4" ], | |
"subtitle" : "By Blender Foundation", | |
"thumb" : "images/BigBuckBunny.jpg", | |
"title" : "Big Buck Bunny" | |
}, | |
{ "description" : "The first Blender Open Movie from 2006", | |
"sources" : [ "http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ElephantsDream.mp4" ], |
DNS queries on home network suddenly resolving hosts to 104.239.207.44.
You will see SPORADIC mis-resolutions of EVERYTHING to that 104.239.207.44 address if their crappy router happens to hear your PC's DHCP request - EVEN IF ANOTHER DHCP SERVER ON THE NETWORK assigns the ultimate address.
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
Hosting multiple websites on a single public IP address on the standard HTTP(S) ports is relatively easy with popular web servers like Apache, Nginx and lighttpd all supporting Virtual Hosts.
For Web Services which bundle their own HTTP server, things get more complicated, unless their HTTP stack can be shared somehow. More often than not, the application's HTTP stack listens directly on a dedicated TCP port.
Hosting multiple services on a single IP then requires using a fronting server listening on the standard HTTP port, and routing to the right backend service based on the host name or the path sent by the client.
Path based routing is cumbersome, usually requiring either the service to be aware of the path prefix, or a rewrite by the HTTP fronting server of all absolute URLs in the requests and responses.
Hostname based routing is more straightforward. The fronting server can just look at the [HTTP/1.1 Host header](https://tools
#!/bin/bash | |
bucket=$1 | |
set -e | |
echo "Removing all versions from $bucket" | |
versions=`aws s3api list-object-versions --bucket $bucket |jq '.Versions'` | |
markers=`aws s3api list-object-versions --bucket $bucket |jq '.DeleteMarkers'` |
With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.
Assumptions:
debian.example.com
, a public IPv4 of 203.0.113.1
and a public IPv6 of 2001:db8::1
me
For automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.
Two ways to do it, but only worked for me so I'll put it first and the second for reference:
$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -out hostname.p12
$ openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem
Other options for this method in comments below:
# Note, the -certfile root.crt appends all CA certs to the export, I've never needed these so it's optional for my personal steps
$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -certfile root.crt -out hostname.p12
The HearSay P2P File Sharer; a response to The Copyright Alert System, as well as several other internet regulation attempts. The goal of this project is to prove the viability of semi-anonymous and confidential file sharing. Consists of several proofs of concepts such as the formation of ad-hoc mix networks and routing throughout them while maintaining anonymity and semantic security.
However, lets be honest with ourselves for a second. Don't use this to fight an oppressive regime. I can not (and will not try) to 'prove' its security, and I
--- | |
### | |
# Elasticsearch Rolling restart using Ansible | |
### | |
## | |
## Why is this needed? | |
## | |
# | |
# Even if you use a serial setting to limit the number of nodes processed at one |