Skip to content

Instantly share code, notes, and snippets.

@lapnd
lapnd / vaultsealmanager.sh
Created April 11, 2018 14:11 — forked from ccampanale/vaultsealmanager.sh
Bash shell script to check seal status for local vault server and attempt to unseal using keys secured in vault secret store. Supports HA Vault clusters with TLS with unseal keys stored as secrets in vault (see code). Relies on registered service vault.service.consul, in place DNS configuration, and a single unsealed vault instance in your clust…
#!/bin/bash
export vault=/usr/local/bin/vault
export VAULT_TOKEN=$(cat /root/.vault-token)
vault_cacert='-ca-cert=/path/to/your/ca.pem'
local_vault="-address=https://$(hostname -f):8200"
unsealed_vault="-address=https://$(getent hosts $(dig +short vault.service.consul | tail -n 1) | awk '{ print $2 }'):8200"
leader_vault="-address=https://$($vault status $vault_cacert $unsealed_vault 2> /dev/null | grep Leader | awk '{ print $2 }' | sed 's/^http\(\|s\):\/\///g'):8200"
vault_read="$vault read $vault_cacert $leader_vault"
vault_unseal="$vault unseal $vault_cacert $local_vault"
@lapnd
lapnd / vaultsealmanager.sh
Created April 11, 2018 14:11 — forked from ccampanale/vaultsealmanager.sh
Bash shell script to check seal status for local vault server and attempt to unseal using keys secured in vault secret store. Supports HA Vault clusters with TLS with unseal keys stored as secrets in vault (see code). Relies on registered service vault.service.consul, in place DNS configuration, and a single unsealed vault instance in your clust…
#!/bin/bash
export vault=/usr/local/bin/vault
export VAULT_TOKEN=$(cat /root/.vault-token)
vault_cacert='-ca-cert=/path/to/your/ca.pem'
local_vault="-address=https://$(hostname -f):8200"
unsealed_vault="-address=https://$(getent hosts $(dig +short vault.service.consul | tail -n 1) | awk '{ print $2 }'):8200"
leader_vault="-address=https://$($vault status $vault_cacert $unsealed_vault 2> /dev/null | grep Leader | awk '{ print $2 }' | sed 's/^http\(\|s\):\/\///g'):8200"
vault_read="$vault read $vault_cacert $leader_vault"
vault_unseal="$vault unseal $vault_cacert $local_vault"
@lapnd
lapnd / _readme.md
Created April 1, 2018 07:19 — forked from maxivak/_readme.md
Vagrant with Ubuntu 16.04 in VirtualBox

Setup Ubuntu 16.04 to be used with Vagrant and Virtualbox

Prepare Vagrant box with Ubuntu 16.04

We will use official box "ubuntu/xenial64" and modify it to work with Vagrant.

  • Vagrantfile
@lapnd
lapnd / _readme.md
Created April 1, 2018 07:19 — forked from maxivak/_readme.md
Vagrant with Ubuntu 16.04 in VirtualBox

Setup Ubuntu 16.04 to be used with Vagrant and Virtualbox

Prepare Vagrant box with Ubuntu 16.04

We will use official box "ubuntu/xenial64" and modify it to work with Vagrant.

  • Vagrantfile
@lapnd
lapnd / op.js
Created February 9, 2018 07:05 — forked from assafshomer/op.js
bitcoinjs-lib op_return
wif='cNXxHLQwuzaLX7Z3apfSSEUDPPrQtUrwyzuaEZZakk2uWCcDS1Uo'
address='miq6AWvTYZJ63hJfh1W7zozHAf1URDv5pS'
unspent_txid = '067aabe97ff2e8051527d7f378266d046fd8e4c66e5b7dd671ec4e86b8a68cbb'
unspent_vout = 0
keyPair = bitcoin.ECPair.fromWIF(wif,network)
var txb = new bitcoin.TransactionBuilder(network)
var data = new Buffer('assafshomer')
var dataScript = bitcoin.script.nullDataOutput(data)
txb.addInput(unspent_txid, unspent_vout)

MicroService Proxy Gateway Solutions

Kong, Traefik, Caddy, Linkerd, Fabio, Vulcand, and Netflix Zuul seem to the most common in microservice proxy/gateway solutions. Kubernetes Ingress is often a simple Ngnix, which is difficult to seperate the popularity from other things.

Github Star Trend:

Github Star History for Kong vs traefik vs fabio vs caddy vs Zuul

This is just a picture of this link from July 13, 2017

Service Mesh vs Reverse Proxy

Kolla Multinode Local Registry Setup

Deploy node setup

install and configure docker

curl -sSL https://get.docker.io | bash
mkdir -p /etc/systemd/system/docker.service.d
tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'

[Service]

@lapnd
lapnd / OpenSSLExample.cpp
Created January 27, 2018 06:14 — forked from irbull/OpenSSLExample.cpp
Code signing and verification with OpenSSL
#include <iostream>
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <assert.h>
@lapnd
lapnd / nginx.conf
Created January 7, 2018 08:33 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@lapnd
lapnd / GoogleHackMasterList.txt
Created January 6, 2018 16:05 — forked from cmartinbaughman/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www&#8221; domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com