Max Nasonov maxnasonov

## gist:952344

      
              1 file
            
          
              215 forks
            
          
              30 comments
            
          
              743 stars
            
          
                mtigas
                / gist:952344
            
            
              Last active
              June 20, 2024 11:22
            
              
                Mini tutorial for configuring client-side SSL certificates.
              
          
    Client-side SSL

For excessively paranoid client authentication.

Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:

  
## ssl.rules
# Basically the nginx configuration I use at konklone.com.
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
#
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author.
#
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

server {

## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

## gist:7421858
using http://nssm.cc/usage

    Install BTSync
    Configure your shared folders
    Make sure you uncheck the "Start btsync when windows starts" option in the preferences.
    Download nssm, as an admin run "nssm install BTSync"
    Put in the path to the BTSync.exe
    Open windows service manager and tell it to run BTSync as the user you just used to install.
    Make sure BTSync isn't already running, then start the service.

## gist:9628955
git branch -m old_branch new_branch         # Rename branch locally
git push origin :old_branch                 # Delete the old branch
git push --set-upstream origin new_branch   # Push the new branch, set local branch to track the new remote

## ca.md

      
              1 file
            
          
              308 forks
            
          
              76 comments
            
          
              1114 stars
            
          
                soarez
                / ca.md
            
            
              Last active
              June 19, 2024 19:32
            
              
                How to setup your own CA with OpenSSL
              
          
    How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA.
Here is what I learned.
First things first

Lets get some context first.

  
## gist:d1c15f3968f4f8272c49
- What do Etcd, Consul, and Zookeeper do?
  - Service Registration:
    - Host, port number, and sometimes authentication credentials, protocols, versions
      numbers, and/or environment details.
  - Service Discovery:
    - Ability for client application to query the central registry to learn of service location.
  - Consistent and durable general-purpose K/V store across distributed system.
    - Some solutions support this better than others.
    - Based on Paxos or some derivative (i.e. Raft) algorithm to quickly converge to a consistent state.
    - Centralized locking can be based on this K/V store.

## bash.generate.random.alphanumeric.string.sh
#!/bin/bash
# bash generate random alphanumeric string
#

if [[ "$OSTYPE" == "linux-gnu" ]]; then
# bash generate random 32 character alphanumeric string (upper and lowercase) and
  NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

# bash generate random 32 character alphanumeric string (lowercase only)
  cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

## anonymous
input {

tcp{
    type => eventlog
    port => 1515
    ssl_enable => true
    ssl_cert => "/etc/nginx/ssl/server.crt"
    ssl_key => "/etc/nginx/ssl/server.key"
    ssl_key_passphrase => "password"
    ssl_cacert => "/etc/nginx/ssl/server.csr"

## anonymous
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
	# Basically the nginx configuration I use at konklone.com.
	# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
	#
	# To provide feedback, please tweet at @konklone or email eric@konklone.com.
	# Comments on gists don't notify the author.
	#
	# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
	# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

	server {
	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
	using http://nssm.cc/usage

	Install BTSync
	Configure your shared folders
	Make sure you uncheck the "Start btsync when windows starts" option in the preferences.
	Download nssm, as an admin run "nssm install BTSync"
	Put in the path to the BTSync.exe
	Open windows service manager and tell it to run BTSync as the user you just used to install.
	Make sure BTSync isn't already running, then start the service.
	git branch -m old_branch new_branch # Rename branch locally
	git push origin :old_branch # Delete the old branch
	git push --set-upstream origin new_branch # Push the new branch, set local branch to track the new remote
	- What do Etcd, Consul, and Zookeeper do?
	- Service Registration:
	- Host, port number, and sometimes authentication credentials, protocols, versions
	numbers, and/or environment details.
	- Service Discovery:
	- Ability for client application to query the central registry to learn of service location.
	- Consistent and durable general-purpose K/V store across distributed system.
	- Some solutions support this better than others.
	- Based on Paxos or some derivative (i.e. Raft) algorithm to quickly converge to a consistent state.
	- Centralized locking can be based on this K/V store.
	#!/bin/bash
	# bash generate random alphanumeric string
	#

	if [[ "$OSTYPE" == "linux-gnu" ]]; then
	# bash generate random 32 character alphanumeric string (upper and lowercase) and
	NEW_UUID=$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)

	# bash generate random 32 character alphanumeric string (lowercase only)
	cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1
	input {

	tcp{
	type => eventlog
	port => 1515
	ssl_enable => true
	ssl_cert => "/etc/nginx/ssl/server.crt"
	ssl_key => "/etc/nginx/ssl/server.key"
	ssl_key_passphrase => "password"
	ssl_cacert => "/etc/nginx/ssl/server.csr"
	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog

	Moduledir %ROOT%\modules
	CacheDir %ROOT%\data
	Pidfile %ROOT%\data\nxlog.pid
	SpoolDir %ROOT%\data