Skip to content

Instantly share code, notes, and snippets.

View mholt's full-sized avatar
💪
I write code with my bare hands

Matt Holt mholt

💪
I write code with my bare hands
5.3k followers · 9 following
View GitHub Profile
@mholt
mholt / gen.go
Created August 16, 2019 06:12 — forked from caesaneer/gen.go
// Handler that calls generate
func ok(w http.ResponseWriter, r *http.Request) {
// res := make([]int64, 0, 100000)
var res [100000]int64
fibonacci.Generate(&res)
// fmt.Println(suc)
// fmt.Printf("%T", res)
// fmt.Println(res[50])
fmt.Fprintf(w, "OK")
@mholt
mholt / config_poll.md
Last active July 9, 2019 18:00
How do you like your handler configs?

Caddy 2 HTTP handlers come in two flavors: middleware and responders.

  • Middleware are in the middle of a request chain; i.e. they have a next handler to invoke.
  • Responders are content origins, at the end of a request chain; i.e. there is no next handler. Any handlers defined after it would not be invoked.

Caveat: Sometimes a handler's role is ambiguous. For example, a caching handler would be middleware on a cache miss (it needs to invoke the upstream handlers for a response, then cache it), but on a cache hit it would be a responder, since no further handlers would be invoked (it would simply write the response).

@mholt
mholt / apply-license.bash
Created March 27, 2018 04:01
Apply the Apache 2.0 license to all your .go files
#!/bin/bash
FILES=$(find . -name "*.go" -not -path "./vendor/*" -type f)
for f in $FILES
do
echo "processing: $f"
ed -s $f << EOF
0a
// Copyright YEAR YOU
//
@mholt
mholt / passwordpwned.go
Created August 12, 2018 19:27
Use Go to check if a password has been pwned
// checkPasswordPwned checks if the password is "pwned" according
// to the API offered by https://haveibeenpwned.com/. (The password
// is not sent to their servers to do the check.)
//
// This function returns the number of times the password appears in
// their data set. A password is pwned, or compromised, if the return
// value is greater than 0.
//
// API Docs: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
//
@mholt
mholt / ocsp-stapling.md
Created December 19, 2016 22:11 — forked from sleevi/ocsp-stapling.md

On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.

  1. Support for keeping a long-lived (disk) cache of OCSP responses.

    This should be fairly simple. Any restarting of the service shouldn't blow away previous responses that were obtained. This doesn't need to be disk, just stable - and disk is an easy stable storage for most server

@mholt
mholt / example.Caddyfile
Created June 21, 2017 21:31
restic plugin for Caddy
example.com
# specifying an empty root is not strictly necessary but not a bad
# idea if all you are serving on this site is the backups
root empty_www/
# authentication is required when using the Caddy plugin;
# this line assumes all requests are protected
basicauth / user pass
@mholt
mholt / automate.go
Created May 6, 2017 00:09
The old automation program that produced Caddy builds for various platforms and bundled them into archives for distribution
// This program was used to build Caddy up to (but not including) v0.10.
// On April 20, 2017, it was replaced by a new releaser script that
// integrates with the autonomous build server. It bundles assets into
// an archive format that best fits the target OS. It could use `go build`
// to compile, but the way I configured it was to run the build.bash
// script that ensured the Caddy binary had proper version information
// embedded.
//
// I'm posting this here because it is no longer available in the Caddy
// repository and maybe you will find it useful for your own (simple?)
@mholt
mholt / unprivileged_caddy.sh
Created May 29, 2016 05:16 — forked from kennwhite/unprivileged_caddy.sh
Run caddy server as unprivileged user, includes Hugo option
#!/bin/bash
# *As root*
cd ~
killall caddy
rm -rf ~/caddy
mkdir caddy && cd caddy
curl -SL 'https://caddyserver.com/download/build?os=linux&arch=amd64&features=hugo' > caddy.tgz
tar xzf caddy.tgz
@mholt
mholt / runit-caddy.md
Created December 2, 2015 07:11 — forked from tgulacsi/runit-caddy.md
Using runit as a supervisor for Caddy

Supervisors

A supervisor's main task, is to start a specified process (in a specified environment), watch it running, and do something when it ends - usually based on the exit code.

Systemd

From my experience, the environment setup can be a complex task (consult some config management for the required ports, actualize the config file from the central config management...), and this is where the most featureful supervisor (systemd, AFAIK) falls short:

  • it can setup & manage the listening sockets, and pass it to your app (if it can accept it - not hard, just have to be ready for it),
@mholt
mholt / Caddyfile
Created March 28, 2016 18:45 — forked from phred/Caddyfile
A+ grade on securityheaders.io with this: https://securityheaders.io/?q=https%3A%2F%2Ffff.red
fff.red {
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
Content-Security-Policy "default-src https:*"
Public-Key-Pins "pin-sha256=\"ckOIjdimiwD3mfMmkmCh7uiJCBtXvoqoBoKKB1K5UIM=\"; pin-sha256=\"QiTyymM4e635OgWkx9d7nq5xvEuqmgV7HiDjIIGyymo=\"; max-age=2592000"
X-Frame-Options SAMEORIGIN
X-XSS-Protection "1; mode=block"
X-Content-Type-Options nosniff
}
}