Skip to content

Instantly share code, notes, and snippets.

lucagervasi /
Created November 2, 2021 15:05 — forked from smoser/
set up a ssh tunnel only user for ssh proxy jump

Set up a ssh tunnel only user

In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump), add a user for this specific purpose.

We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:

a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal. b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.

So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.

lucagervasi /
Created October 28, 2021 15:08 — forked from mjuric/
Setting up Docker with user namespaces on CentOS 7.4

Setting up Docker with user namespaces on CentOS 7.4

The procedure below has been tested on a Digital Ocean VM with CentOS 7.4

# Install docker from RHEL’s standard repos
yum install -y docker

# We’ll activate the ‘user namespaces’ feature that defends against
lucagervasi /
Created February 11, 2020 21:37 — forked from mhitza/
LVM snapshots

LVM snapshots are logical volumes that reflect the state of the snapshoted volume at the exact moment in time the snapshot was created. Useful for backups and reference points we can revert back to.

Creating snapshots

$ sudo lvcreate --size 5G --snapshot --name root-backup /dev/vg0/root
  Logical volume "root-backup" created.
lucagervasi /
Created December 14, 2018 09:49 — forked from gregjhogan/
Push a file to a blob in an Azure storage account
curl -X PUT -T ./{file.dat} -H "x-ms-date: $(date -u)" -H "x-ms-blob-type: BlockBlob" "https://{storageaccount}{file.dat}?{sas-token}"
lucagervasi / ForceHTTPSVarnish4.vcl
Created April 13, 2018 05:50 — forked from section-io-gists/ForceHTTPSVarnish4.vcl
Varnish 4.x to force HTTPS
sub vcl_recv {
if (req.http.X-Forwarded-Proto !~ "https") {
return (synth(850, "Moved Permanently"));
sub vcl_synth {
if(resp.status == 850) {
set resp.http.Location = "https://" + + req.url;
set resp.status = 301;
lucagervasi / build_opencv_ARM_cross
Created March 2, 2018 15:07 — forked from hrshovon/build_opencv_ARM_cross
Cross compile opencv3.3.0 for your raspberry pi and similar ARM devices with python support
This is a note on how to cross compile opencv for pretty much any ARM device(HardFP supported in this case) and deploy. Native
compiling in ARM devices can be painfully slow and they seem to hang often during build(mine got stuck at 43%). So if you happen
to have a desktop/laptop/server running ubuntu or similar linux distro, u can build opencv in fractionth of the time taken for
native compiling without any issues.
Building opencv3 with TBB and NEON and VFP support can boost opencv performance. Thanks to Adrian at pyimagesearch for pointing
that out.
Both my PC and target machine aka orange pi zero are running ubuntu 16.04 with python2.7 and python 3.5.
Let us use the term "build machine" for your PC where you are building opencv and "target machine" for the ARM single board computer.
1.Run the following commands in both machines(I think installing these in target machine only would do) to install the necessary libraries etc.(mine worked with them,so they should be enough
lucagervasi / .htaccess
Created February 13, 2018 15:14 — forked from nurtext/.htaccess
Tell apache we're on HTTPS if reverse proxy is serving the site using SSL
# Let apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
lucagervasi /
Created February 8, 2018 12:23 — forked from Khoulaiz/ -- bash script to toggle wall plug from TP-LINK and check status
# Switch the TP-LINK HS100 wlan smart plug on and off, query for status
# Tested with firmware 1.0.8
# Credits to Thomas Baust for the query/status/emeter commands
# Author George Georgovassilis,
lucagervasi /
Created September 21, 2017 18:26 — forked from floehopper/
Install rtl-sdr on Raspian on Raspberry Pi
jamesmead@floehopper.local:~$ sudo dd bs=1m if=/Users/jamesmead/Downloads/2015-02-16-raspbian-wheezy.img of=/dev/disk2
pi@raspberrypi ~ $ sudo raspi-config
# Choose option 1 to "Expand Filesystem" - Ensures that all of the SD card storage is available to the OS
# Choose Finish & reboot

pi@raspberrypi ~ $ sudo apt-get update
lucagervasi / trim.awk
Created July 10, 2017 13:04 — forked from andrewrcollins/trim.awk
ltrim(), rtrim(), and trim() in awk
function ltrim(s) { sub(/^[ \t\r\n]+/, "", s); return s }
function rtrim(s) { sub(/[ \t\r\n]+$/, "", s); return s }
function trim(s) { return rtrim(ltrim(s)); }
# whatever
# whatever