Anton Patsev patsevanton

## secrets_without_certificates.sh
#!/bin/bash

usage() {
    cat << EOF

This script detects TLS secrets which refer to certificates that don't exist (anymore).

This is the case when error "unable to fetch certificate that owns the secret" occurs in cert-manager (cainjector) logs.
The reason is that a certificate has been removed without the secret being deleted.
The solution is to clean up by deleting any secret which belonged to a certificate that no longer exists.

## outputs.tf - HW08 - Task * - 2
output "external_ip_address_app" {
  value = yandex_compute_instance.app.network_interface.0.nat_ip_address
}

output "external_ip_address_app2" {
  value = yandex_compute_instance.app2.network_interface.0.nat_ip_address
}

output "external_ip_address_lb" {
  value = yandex_lb_network_load_balancer.reddit_app_lb.listener.*.external_address_spec[0].*.address

## choco.wsb
<Configuration>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Users\Public\Documents\</HostFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>
    <Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -Command "start powershell { -NoExit -Command \"&amp; { Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); Import-Module "$env:ProgramData\chocolatey\helpers\chocolateyInstaller.psm1"; Update-SessionEnvironment; cd C:\Users\WDAGUtilityAccount }\" }"</Command>
  </LogonCommand>

## grafana-export.py
#!/usr/bin/env python
# coding=utf-8
# Created by JTProgru / JTProg
# Date: 11.03.2020
# https://jtprog.ru/

__author__ = 'jtprog'
__version__ = '0.2'
__author_email__ = 'mail@jtprog.ru'

## 01nginx-tls-sni.md

      
              1 file
            
          
              34 forks
            
          
              37 comments
            
          
              185 stars
            
          
                kekru
                / 01nginx-tls-sni.md
            
            
              Last active
              April 1, 2024 02:29
            
              
                nginx TLS SNI routing, based on subdomain pattern
              
          
    Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).

This works for http upstream servers, but also for other protocols, that can be secured with TLS.
prerequisites


at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
check nginx -V for the following:
...
TLS SNI support enabled


## sonarqube-docker-compose.yml
version: "3"

services:
  sonarqube:
    image: sonarqube
    expose:
      - 9000
    ports:
      - "127.0.0.1:9000:9000"
    networks:

## create-and-fill-up-table.sql
CREATE TABLE large_test (num1 bigint, num2 double precision, num3 double precision);

INSERT INTO large_test (num1, num2, num3)
  SELECT round(random()*10), random(), random()*142
  FROM generate_series(1, 20000000) s(i);

EXPLAIN (analyse, buffers)
SELECT num1, avg(num3) as num3_avg, sum(num2) as num2_sum
FROM large_test
GROUP BY num1;

## Vagrantfile
config.vm.provider "virtualbox" do |v|
  file_to_disk = './tmp/large_disk.vdi'
  unless File.exist?(file_to_disk)
    v.customize ['createhd', '--filename', file_to_disk, '--size', 500] # size is in MB
  end
  v.customize ['storageattach', :id, '--storagectl', 'SATAController', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', file_to_disk]
end

## dnsbl.sh
#!/bin/sh
# Check if an IP address is listed on one of the following blacklists
# The format is chosen to make it easy to add or delete
# The shell will strip multiple whitespace

BLISTS="
b.barracudacentral.org
bb.barracudacentral.org
bl.deadbeef.com
bl.mailspike.net

## postgres
# dump all databases once every 24 hours
45 4 * * * root nice -n 19 su - postgres -c "pg_dumpall --clean" | gzip -9 > /var/local/backup/postgres/postgres_all.sql.gz

# vacuum all databases every night (full vacuum on Sunday night, lazy vacuum every other night)
45 3 * * 0 root nice -n 19 su - postgres -c "vacuumdb --all --full --analyze"
45 3 * * 1-6 root nice -n 19 su - postgres -c "vacuumdb --all --analyze --quiet"

# re-index all databases once a week
0 3 * * 0 root nice -n 19 su - postgres -c 'psql -t -c "select datname from pg_database order by datname;" | xargs -n 1 -I"{}" -- psql -U postgres {} -c "reindex database {};"'
	#!/bin/bash

	usage() {
	cat << EOF

	This script detects TLS secrets which refer to certificates that don't exist (anymore).

	This is the case when error "unable to fetch certificate that owns the secret" occurs in cert-manager (cainjector) logs.
	The reason is that a certificate has been removed without the secret being deleted.
	The solution is to clean up by deleting any secret which belonged to a certificate that no longer exists.
	output "external_ip_address_app" {
	value = yandex_compute_instance.app.network_interface.0.nat_ip_address
	}

	output "external_ip_address_app2" {
	value = yandex_compute_instance.app2.network_interface.0.nat_ip_address
	}

	output "external_ip_address_lb" {
	value = yandex_lb_network_load_balancer.reddit_app_lb.listener..external_address_spec[0]..address
	<Configuration>
	<MappedFolders>
	<MappedFolder>
	<HostFolder>C:\Users\Public\Documents\</HostFolder>
	<ReadOnly>false</ReadOnly>
	</MappedFolder>
	</MappedFolders>
	<LogonCommand>
	<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -Command "start powershell { -NoExit -Command \"& { Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); Import-Module "$env:ProgramData\chocolatey\helpers\chocolateyInstaller.psm1"; Update-SessionEnvironment; cd C:\Users\WDAGUtilityAccount }\" }"</Command>
	</LogonCommand>
	#!/usr/bin/env python
	# coding=utf-8
	# Created by JTProgru / JTProg
	# Date: 11.03.2020
	# https://jtprog.ru/

	__author__ = 'jtprog'
	__version__ = '0.2'
	__author_email__ = 'mail@jtprog.ru'
	version: "3"

	services:
	sonarqube:
	image: sonarqube
	expose:
	- 9000
	ports:
	- "127.0.0.1:9000:9000"
	networks:
	CREATE TABLE large_test (num1 bigint, num2 double precision, num3 double precision);

	INSERT INTO large_test (num1, num2, num3)
	SELECT round(random()10), random(), random()142
	FROM generate_series(1, 20000000) s(i);

	EXPLAIN (analyse, buffers)
	SELECT num1, avg(num3) as num3_avg, sum(num2) as num2_sum
	FROM large_test
	GROUP BY num1;
	config.vm.provider "virtualbox" do \|v\|
	file_to_disk = './tmp/large_disk.vdi'
	unless File.exist?(file_to_disk)
	v.customize ['createhd', '--filename', file_to_disk, '--size', 500] # size is in MB
	end
	v.customize ['storageattach', :id, '--storagectl', 'SATAController', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', file_to_disk]
	end
	#!/bin/sh
	# Check if an IP address is listed on one of the following blacklists
	# The format is chosen to make it easy to add or delete
	# The shell will strip multiple whitespace

	BLISTS="
	b.barracudacentral.org
	bb.barracudacentral.org
	bl.deadbeef.com
	bl.mailspike.net
	# dump all databases once every 24 hours
	45 4 * * * root nice -n 19 su - postgres -c "pg_dumpall --clean" \| gzip -9 > /var/local/backup/postgres/postgres_all.sql.gz

	# vacuum all databases every night (full vacuum on Sunday night, lazy vacuum every other night)
	45 3 * * 0 root nice -n 19 su - postgres -c "vacuumdb --all --full --analyze"
	45 3 * * 1-6 root nice -n 19 su - postgres -c "vacuumdb --all --analyze --quiet"

	# re-index all databases once a week
	0 3 * * 0 root nice -n 19 su - postgres -c 'psql -t -c "select datname from pg_database order by datname;" \| xargs -n 1 -I"{}" -- psql -U postgres {} -c "reindex database {};"'