pedroagabreu
pedroagabreu
/ gist:fbcf8ed5eb03cf533c1f
Created
May 5, 2014 17:30
Client certificate verification in Apache.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # verify client certificates using CA.pem | |
| SSLEngine on | |
| SSLCertificateFile /etc/apache2/ssl/ServerCertAndKey.pem | |
| SSLCACertificateFile /etc/apache2/ssl/CA.pem | |
| SSLVerifyClient require | |
| SSLVerifyDepth 1 | |
| # allow connections from certain CN only, except for that guy | |
| SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ and %{SSL_CLIENT_S_DN_CN} =~ m/^ROBOTS/ and %{SSL_CLIENT_S_DN_CN} !~ m/^ROBOTS - Bad Robot/ ) |
pedroagabreu
/ gist:11008087
Last active
August 29, 2015 14:00
Hide elasticsearch 1.1.0 behind Apache. Needs mod proxy and proxy_html, and 'elasticsearch: "https://whatever:443"' in Kibana's config.js.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set global proxy timeouts | |
| <Proxy http://127.0.0.1:9200> | |
| ProxySet connectiontimeout=5 timeout=90 | |
| </Proxy> | |
| # Proxy for _aliases and .*/_search | |
| <LocationMatch "^/(_status|_stats|_nodes|_aliases|.*/_aliases|_search|.*/_search|_mapping|.*/_mapping)$"> | |
| ProxyPassMatch http://127.0.0.1:9200/$1 | |
| ProxyPassReverse http://127.0.0.1:9200/$1 | |
| </LocationMatch> |
pedroagabreu
/ escleanup.sh
Created
April 17, 2014 19:53
Elasticsearch cleanup, courtesy of http://thejmlcontinuum.blogspot.com.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # delete one day | |
| # curl -s -XDELETE 'http://127.0.0.1:9200/logstash-2014.02.28' | |
| # delete from crontab | |
| # DATETODELETE=`date +%Y.%m.%d -d '7 days ago'` | |
| # curl -s -XDELETE http://127.0.0.1:9200/logstash-${DATETODELETE} | |
| # delete by space |
pedroagabreu
/ dns2.py
Created
October 22, 2013 16:16
Query nameservers nonrecursively. Script by Jeremy McGuinn, Cisco.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # This script will query a name server nonrecursively | |
| # RFC 1912 recommends that the $TTL value on the name server | |
| # be set to 1 day or longer | |
| # -*- coding: utf-8 -*- | |
| import sys | |
| import dns | |
| from dns.exception import DNSException | |
| from dns.rdataclass import * |
NewerOlder