John H Patton johnhpatton

## 00-ip-local-port-range.conf
# Ephemeral Port Range
# Reverse proxy connections will use these ports for the client
# sockets. If the server experiences port exhaustion, upstream
# connections may need to be limited or a new reverse proxy host
# may be needed.
# NOTES
# - Do not operate any application listeners within this range.
# RECOMMENDATION
# - Set if experiencing ephemeral port exhaustion on client
#   connections.

## ephemeral-port-details.sh
#!/bin/bash
#
# REQUIRES
# - netstat - to retrieve network stack details
# - sysctl  - to retrieve/modify kernel settings
# - bc      - for math
#
# MIT License
#
# Copyright 2020 John H Patton, JH Patton Consulting, LLC

## openconnect.ctl
#!/bin/bash

# Set to user id for access:
OPENCONNECT_USER="YOUR_VPN_USER_ID"

# Set to server without scheme:
OPENCONNECT_HOST="YOUR_VPN_HOST_NAME"

# This script works with globalprotect and anyconnect.
# Set to protocol, either "gp" or "anyconnect".

## self-signed-simple.sh
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout localhost.key -out localhost.crt -days 3650 -subj '/C=US/ST=Illinois/L=Chicago/O=Workstation/OU=Local/CN=localhost'

## active-prompt-for-bashrc.sh
# command_prompt()
#
# Follow the instructions below to add fonts and git prompt support, then
# add this scriptlet to your .bashrc.
#
# Function that is executed each time a command is run to update the PS1
# variable (ie: prompt).  To configure, let's put some fonts in place.
# Download and install Gabriele Lana's Awesome Fonts:
#
# https://github.com/gabrielelana/awesome-terminal-fonts/archive/master.zip

## cache.conf
# Get product_number from the product availability URI:
#   /api/product/check_availability/{product_number}
# where
#   product_number begins with an alpha character and ends with 7 digits.
map $request_uri $product_number {
    "~^/api/product/check_availability/(?<re_match>[a-zA-Z]\d{7})$"   $re_match;
}

## proxy_cache_path.conf
# Product Availability Responses Cache Zone
proxy_cache_path /var/cache/nginx/availability levels=1:2 keys_zone=availability:1m max_size=10m inactive=5m use_temp_path=off;

## site.conf
server {

...

location ~* ^/api/product/check_availability/.+ {
    # The key zone to use for cache lookups.
    # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
    proxy_cache                   availability;

    # Ignore Cache Control headers to allow proxy cache to work

## openconnect.ctl
#!/bin/bash

# Pre-Requisites
#
# Install openconnect v8 or higher.
#
# Setup
#
# 1. Place script under: /usr/sbin/openconnect.ctl
#

## proxy-cache.conf
# Allow only one request at a time to populate a new cache element, duplicate requests will wait
# for 5s or the time set with proxy_cache_lock_timeout if set.
proxy_cache_lock on;

# Allow background cache update for request, serve stale during update.
# NOTES
# - requires enabling serve stale on update with proxy_cache_use_stale directive
#   containing the "updating" parameter.
proxy_cache_background_update on;
	# Ephemeral Port Range
	# Reverse proxy connections will use these ports for the client
	# sockets. If the server experiences port exhaustion, upstream
	# connections may need to be limited or a new reverse proxy host
	# may be needed.
	# NOTES
	# - Do not operate any application listeners within this range.
	# RECOMMENDATION
	# - Set if experiencing ephemeral port exhaustion on client
	# connections.
	#!/bin/bash
	#
	# REQUIRES
	# - netstat - to retrieve network stack details
	# - sysctl - to retrieve/modify kernel settings
	# - bc - for math
	#
	# MIT License
	#
	# Copyright 2020 John H Patton, JH Patton Consulting, LLC
	#!/bin/bash

	# Set to user id for access:
	OPENCONNECT_USER="YOUR_VPN_USER_ID"

	# Set to server without scheme:
	OPENCONNECT_HOST="YOUR_VPN_HOST_NAME"

	# This script works with globalprotect and anyconnect.
	# Set to protocol, either "gp" or "anyconnect".
	# command_prompt()
	#
	# Follow the instructions below to add fonts and git prompt support, then
	# add this scriptlet to your .bashrc.
	#
	# Function that is executed each time a command is run to update the PS1
	# variable (ie: prompt). To configure, let's put some fonts in place.
	# Download and install Gabriele Lana's Awesome Fonts:
	#
	# https://github.com/gabrielelana/awesome-terminal-fonts/archive/master.zip
	# Get product_number from the product availability URI:
	# /api/product/check_availability/{product_number}
	# where
	# product_number begins with an alpha character and ends with 7 digits.
	map $request_uri $product_number {
	"~^/api/product/check_availability/(?<re_match>[a-zA-Z]\d{7})$" $re_match;
	}
	# Product Availability Responses Cache Zone
	proxy_cache_path /var/cache/nginx/availability levels=1:2 keys_zone=availability:1m max_size=10m inactive=5m use_temp_path=off;
	server {

	...

	location ~* ^/api/product/check_availability/.+ {
	# The key zone to use for cache lookups.
	# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
	proxy_cache availability;

	# Ignore Cache Control headers to allow proxy cache to work
	#!/bin/bash

	# Pre-Requisites
	#
	# Install openconnect v8 or higher.
	#
	# Setup
	#
	# 1. Place script under: /usr/sbin/openconnect.ctl
	#
	# Allow only one request at a time to populate a new cache element, duplicate requests will wait
	# for 5s or the time set with proxy_cache_lock_timeout if set.
	proxy_cache_lock on;

	# Allow background cache update for request, serve stale during update.
	# NOTES
	# - requires enabling serve stale on update with proxy_cache_use_stale directive
	# containing the "updating" parameter.
	proxy_cache_background_update on;