Skip to content

Instantly share code, notes, and snippets.

Kevin Krummenauer kekru

Block or report user

Report or block kekru

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@kekru
kekru / 1-Enable Docker Remote API with TLS client verification.md
Last active Feb 20, 2020
Docker Remote API with client verification via daemon.json
View 1-Enable Docker Remote API with TLS client verification.md

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

  • CA certificate
  • Server certificate
  • Server key
  • Client certificate
  • Client key

Create certificate files

@kekru
kekru / Docker connect to remote server.md
Last active Feb 19, 2020
Connect to another host with your docker client, without modifying your local Docker installation
View Docker connect to remote server.md

Run commands on remote Docker host

This is how to connect to another host with your docker client, without modifying your local Docker installation or when you don't have a local Docker installation.

Enable Docker Remote API

First be sure to enable the Docker Remote API on the remote host.

This can easily be done with a container.
For HTTP connection use jarkt/docker-remote-api.

@kekru
kekru / add CA cert on CentOS Debian Ubuntu.md
Last active Feb 19, 2020
Add CA cert to local trust store on CentOS, Debian or Ubuntu
View add CA cert on CentOS Debian Ubuntu.md
  • Open a webpage that uses the CA with Firefox
  • Click the lock-icon in the addressbar -> show information -> show certificate
  • the certificate viewer will open
  • click details and choose the certificate of the certificate-chain, you want to import to CentOS
  • click "Export..." and save it as .crt file
  • Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
  • run update-ca-trust extract
  • test it with wget https://thewebsite.org
@kekru
kekru / 01nginx-tls-sni.md
Last active Feb 13, 2020
nginx TLS SNI routing, based on subdomain pattern
View 01nginx-tls-sni.md

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

  • at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
  • check nginx -V for the following:
    ...
    TLS SNI support enabled
@kekru
kekru / register Hibernate EventListener in Spring.md
Created Sep 22, 2016
Register a Hibernate Envers EventListener in Spring Boot (Hibernate 4, Hibernate 5)
View register Hibernate EventListener in Spring.md

Hibernate 4 introduced a new Audit API for event listening.
org.hibernate.envers.event.AuditEventListener was replaced by org.hibernate.event.spi.*, for example org.hibernate.event.spi.PostDeleteEventListener.

First create your custom listener. Example: You want do disable auditing for delete operations.

import org.hibernate.envers.event.spi.EnversPostDeleteEventListenerImpl;
import org.hibernate.event.spi.PostDeleteEvent;

public class MyAuditListener extends EnversPostDeleteEventListenerImpl {
@kekru
kekru / Springboot.Dockerfile
Last active Jan 6, 2020
Spring Boot Dockerfile template
View Springboot.Dockerfile
FROM openjdk:8-jre
RUN echo "Europe/Berlin" > /etc/timezone && dpkg-reconfigure -f noninteractive tzdata
RUN mkdir /data
WORKDIR /data
ADD myapp.jar /data/myapp.jar
ENV springprofiles="" \
MAXRAMIFNOLIMIT=4096
ENTRYPOINT MAXRAM=$(expr `cat /sys/fs/cgroup/memory/memory.limit_in_bytes` / 1024 / 1024) && \
@kekru
kekru / traefik-redirect-path.md
Last active Nov 27, 2019
Traefik redirect / (root) to sub path with Docker labels
View traefik-redirect-path.md

Traefik: redirect base or root path to a subpath

This is tested with Traefik 1.7

This is how to redirect the root or base path to a sub path in Traefik using Docker labels:
Goals

  • https://example.com -> https://example.com/abc/xyz/
  • https://example.com/ -> https://example.com/abc/xyz/
  • https://example.com/something -> no redirect
@kekru
kekru / Vagrant create local box.md
Last active Sep 10, 2019
Vagrant: Create local box
View Vagrant create local box.md

Create box

This is how to install something in a VM and export it as a Vagrant box and use it locally.

First copy the Vagrantfile from below and change the box to the box you want as a base.

Run vagrant up to create the Virtual Machine and vagrant ssh to login.
On Windows you might have to put ssh.exe to your %PATH%. If you have installed git, you can use C:\Program Files\Git\usr\bin You can also login via Putty on host: "localhost", Port "2222", login: "vagrant", password: "vagrant".

@kekru
kekru / 01-Convert-to-UTF8-Linux.md
Created Jul 14, 2019
Convert all files of a dir to UTF8
View 01-Convert-to-UTF8-Linux.md

Convert files of a dir to UTF8

Run this script on linux.
Modify the "find" call and the source encoding.
The example will match all .java files in the current folder and its subfolders and converts from Cp1252 (Windows) to UTF-8.

#!/bin/bash

# modify this find call for your needs
You can’t perform that action at this time.