# generate ca key & certificate
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 10000 -out ca.crt
# generate client key & csr
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
# sign request and get client certificate
Recently I get confused on how to sniff HTTPS traffic, I think I need a proxy and it turns out correct. I setup a proxy chain by using stunnel.
I use two machines (which is not optimal), one is used for executing command and serving stunnel server; then other one is used for stunnel client and sniffing.
#!/bin/bash
set -e
source ${ENV_FILE}
# set image name
IMAGE_DEF=
# set url
# get router gateway external gateway network id | |
ROUTER_ID= | |
openstack router show ${ROUTER_ID} -f value -c gateway_external_info | jq '.network_id' | sed 's/"//g' | |
# router namespace is named in the form of qrouter-<ROUTER-ID> | |
# snat namespace is named with snat-<ROUTER-ID> | |
# fip namespace is named with fip-<EXTERNAL-NETWORK-ID> | |
# dvr layout | |
# edge node |
You can deploy a node with the maas cli which is often preferable to clicking a button on a web UI.
$ SYSTEM_ID=node-787b19d8-d25c-11e4-9f9e-00163eca91de
$ NAME="random-nodename"
$ MAASNAME="maaslocal"
$ maas $MAASNAME machine allocate "name=$NAME"
A lot of times you are developing a web application on your own laptop or home computer and would like to demo it to the public. Most of those times you are behind a router/firewall and you don't have a public IP address. Instead of configuring routers (often not possible), this solution gives you a public URL that's reverse tunnelled via ssh to your laptop.
Because of the relaxation of the sshd setup, it's best used on a dedicated virtual machine just for this (an Amazon micro instance for example).
# force reinstall existing packages | |
apt install --reinstall -y ${PAKCAGE} |