- Chatham House Rule, so no attribution of ideas to people or companies
- bootstrapping environments (without object stores)
- service discovery
- removing spofs
Jonathan Matthews jpluscplusm
jpluscplusm
/ gist:9709dac3058e11a5ff33
Created
December 11, 2014 13:36
*untested* reverse proxy to get around SSLv3 EOL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| resolver 8.8.8.8; # or your internal DNS server | |
| location / { | |
| proxy_set_header Host $http_host; | |
| proxy_http_version 1.1; | |
| proxy_pass https://$http_host; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| problem: | |
| FOO=bar sleep inf | |
| no-problem: | |
| sleep inf |
jpluscplusm
/ scale-summit.org
Created
March 24, 2014 23:09
— forked from philandstuff/scale-summit.org
jpluscplusm
/ README.md
Last active
February 22, 2020 22:36
A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config
A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config.
So I noticed https://github.com/alexaandru/elastic_guardian, a simple AAA reverse-proxy to sit in front of Elasticsearch. Reading the source and comments tickled my "why is this in code not config?" funnybone.
I asked @alexaandru (https://twitter.com/jpluscplusm/status/438339557906735104) who told me it was mostly the resulting complexity of the nginx config he tried that prompted him to write it.
jpluscplusm
/ gist:4366287
Last active
December 24, 2019 23:23
— forked from anonymous/gist:4366284
Nginx TPB proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen [::]:80; | |
| listen 80; | |
| server_name "~^(?<thishost>[^.]+.)?(subdomain.example.com)$"; | |
| access_log off; | |
| location / { | |
| resolver 8.8.8.8; # or whatever your server can use | |
| sub_filter_once off; | |
| sub_filter 'thepiratebay.se' 'subdomain.example.com'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a request *directly* to the AAA/intelligent HTTPd, to demonstrate the additional response headers required to force the reproxy: | |
| X-Reproxy-Uri, X-Reproxy-Host and X-Accel-Redirect. | |
| jcm@austin:~/src/sinatra/nginx-test$ curl -v http://api-origin-server.mywebsite.internal/test | |
| * About to connect() to 1.2.3.4 port 80 (#0) | |
| * Trying 1.2.3.4... connected | |
| * Connected to 1.2.3.4 (1.2.3.4) port 80 (#0) | |
| > GET /test HTTP/1.1 | |
| > User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 | |
| > Host: 1.2.3.4 |
jpluscplusm
/ user-manage.rb
Created
April 13, 2011 23:59
— forked from thommay/user-manage.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'sinatra' | |
| require "sinatra/reloader" if development? | |
| require 'chef' | |
| require 'rack/flash' | |
| require 'haml' | |
| POSSIBLE = [('a'..'z'),('A'..'Z'),(0..9),'.','/'].inject([]) {|s,r| s+Array(r)} | |
| set :sessions, true |
NewerOlder