Skip to content

Instantly share code, notes, and snippets.

View oko's full-sized avatar

Jacob Okamoto oko

4 followers · 1 following
View GitHub Profile
@oko
oko / mail-server-notes.md
Last active December 17, 2015 11:59
Notes on mail server configuration.

WORK IN PROGRESS

Mail Server Configuration with Virtual Domains

Security Basics

  • Use SSL. You're passing credentials and private communications over the wire, so you'd better encrypt it.
  • Don't be an open relay. Forwarding spammers' mail is a good way to get your IP blacklisted and receive some nastygrams from other webmasters
  • chroot if possible.
@oko
oko / apache-nginx-uwsgi-proxy-config.md
Created October 9, 2013 16:51
Apache-to-Nginx-to-uWSGI proxy configuration with path prefix

Apache

<LocationMatch "/theproxypath">
  ProxyPass http://[hostname]:[port]/theproxypath
  ProxyPassReverse http://[hostname]:[port]/theproxypath
</LocationMatch>

Nginx

server {
    listen       [port] default_server;

server_name [origin-hostname];

@oko
oko / gist:6987219
Last active December 25, 2015 13:58
Install VMWare tools on PFSense
#!/bin/sh
# configure package download environment
export PACKAGEROOT="ftp://ftp.freebsd.org"
export PACKAGESITE="ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/Latest/"
# install perl to run the installer script
pkg_add -r perl
# install compat6x-amd64 (or compat6x-i386 if you're on 32-bit)
@oko
oko / ifcfg-example.sh
Last active December 25, 2015 13:59
RHEL static interface configuration template
# /etc/sysconfig/network-scripts/ifcfg-ethX
DEVICE=eth0
HWADDR=MA:CA:DD:RE:SS:YO
TYPE=Ethernet
UUID=<uuid-string-here>
BOOTPROTO=static
ONBOOT=yes
IPADDR=XXX.XXX.XXX.XXX
NETMASK=XXX.XXX.XXX.XXX
DHCPCLASS=
@oko
oko / git.pp
Created November 15, 2014 15:40
Quick and dirty Puppet manifest for Git repository cloning.
# Works, but minimally tested. U@YOR.
define git::repo($repo, $location, $autoupdate = false) {
package { 'git':
ensure => installed,
}
# Clone repository if $location/.git doesn't already exist
exec { "clone-$repo":
provider => shell,
command => "/usr/bin/git clone $repo $location",
@oko
oko / web_checklist.md
Last active August 29, 2015 14:11
Web server checklist

Domain & Web Server Checklist

Base System

  • Login via SSH keys only
  • apt-get update && apt-get upgrade
  • Create normal user for logins
  • Set up configuration management
  • Ensure IPv6 is up and running
  • Set up iptables rules and boot scripts
@oko
oko / ip4tables.rules
Last active August 29, 2015 14:11
iptables basic rules
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [332:50026]
:ICMP - [0:0]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ICMP
@oko
oko / ip6tables.rules
Last active April 12, 2016 17:15
ip6tables basic ruleset
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [33:2996]
:ICMP - [0:0]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmpv6 -j ICMP
@oko
oko / vim-setup.sh
Last active August 29, 2015 14:11
Vim setup script.
#!/bin/sh
# Install Pathogen
mkdir -p ~/.vim/autoload ~/.vim/bundle && \
curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
# Move into Pathogen bundle dir
cd ~/.vim/bundle
## Solarized color scheme
@oko
oko / cleanse.txt
Created December 17, 2014 23:52
USB disk cleansing for WUDT
C:\Windows\system32>diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB