brew install rbenv/tap/openssl@1.0
brew install gcc@6
brew install ruby-install
"Patch" ruby-install
:
$EDITOR /usr/local/Cellar/ruby-install/0.8.1/share/ruby-install/ruby/functions.sh
curl 'https://t.co/9POr0MKZof' \ | |
-H 'authority: t.co' \ | |
-H 'pragma: no-cache' \ | |
-H 'cache-control: no-cache' \ | |
-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"' \ | |
-H 'sec-ch-ua-mobile: ?0' \ | |
-H 'sec-ch-ua-platform: "macOS"' \ | |
-H 'upgrade-insecure-requests: 1' \ | |
-H 'dnt: 1' \ | |
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36' \ |
brew install rbenv/tap/openssl@1.0
brew install gcc@6
brew install ruby-install
"Patch" ruby-install
:
$EDITOR /usr/local/Cellar/ruby-install/0.8.1/share/ruby-install/ruby/functions.sh
require 'set' | |
class MyArray < Array | |
def my_flatten(level = -1) | |
level = Integer(level) | |
return self.dup if level == 0 | |
flattened_array = self.class.new | |
recursively_flatten(self, flattened_array, level) | |
flattened_array |
acl from_internal_network src 192.168.0.0/16 | |
acl restricted_path path -m reg ^/+admin/ | |
http-request deny if restricted_path ! from_internal_network |
frontend http | |
mode http | |
bind :443 ssl crt /etc/haproxy/ssl | |
acl outdated_cipher ssl_fc_cipher -i -m sub rc4 | |
# define a maximum waiting period | |
tcp-request inspect-delay 10s | |
# accept the connection immediately if the client doesn't use an outdated cipher |
For the used SSL certificate to be valid, we need to use the externally visible hostname when accessing the homematic GUI. Thus, we need to configure this external hostname as the server's hostname, even if the server is only available on our internal network.
Be careful when exposing your actual homematic instance to the outside world without further safe-guards. Usually, it should only be accessible on the internal network.
Go to Einstellungen -> Systemsteuerung -> Netzwerkeinstellungen. There, you can create a self-signed certificate. Enter the hostname, your email address, and your country. The latter two values are ratehr unimportant here.
We need this certificate so that the webserevr is cionfigured correctly and we have a template file which we can later overwrite with our actual SSL certificate from Let's Encrypt.
Setting | Value |
---|---|
DynDNS-Anbieter | Benutzerdefiniert |
Update-URL | https://dyn.dns.he.net/nic/update?hostname=<domain>&password=<pass>&myip=<ipaddr> https://dyn.dns.he.net/nic/update?hostname=<domain>&password=<pass>&myip=<ip6addr> |
Domainname | (your desired hostname) |
Benutzername | (same as Domainname) |
Kennwort | (your DDNS Key configured with dns.he.net) |
The Update-URL contains two URLs in a single line, one for IPv4 and one for IPv6. Both addresses can be updated at the same time.
/- backend_1 -\ | |
/ \ | |
outer_frontend --- backend_2 --- inner_fontend --- actual_backend | |
\ / | |
\- backend_3 -/ |
frontend main | |
bind :443 ssl crt /tmp/foo.pem | |
mode http | |
option http-keep-alive | |
# ... | |
use_backend bk_deny if { path_beg /you/didnt/say/the/magic/word } | |
class Module | |
ROMAN_NUMERALS = { | |
'M'=> 1000, | |
'CM'=> 900, | |
'D'=> 500, | |
'CD'=> 400, | |
'C'=> 100, | |
'XC'=> 90, | |
'L'=> 50, | |
'XL'=> 40, |