q7r

## AWSElasticBeanstalkFullAccess.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticbeanstalk:*",
                "ec2:*",
                "ecs:*",
                "ecr:*",

## clientssl
map $ssl_client_raw_cert $a {
     "~^(-.*-\n)(?<st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$" $st;
  }

  server {
         server_name  clientssl.example.com;

         client_max_body_size 1G;
         ssl_verify_client optional_no_ca;
        location / {

## bitbucket-pipelines.yml
# On AWS side:
# 1. create two custom policies: https://gist.github.com/o1ek/2b32c746ea184f890405cf303fb88057
# 2. create a user with programmatic access and attach the policies.
# 3. create S3 buckets gitreponame-master, gitreponame-staging, gitreponame-production, and enable Static website hosting for all.
# 4. create three CloudFront Distributions, set S3 buckets as origins and save Distribution IDs, you will use them as AWS_CF_TESTID, AWS_CF_STAGEID, and AWS_CF_PRODUCTIONID
# On Bitbucket side:
# Go to settings -> Environment variables and add the following values:
# AWS_ACCESS_KEY_ID  (!click a little lockpad icon near this value!)
# AWS_SECRET_ACCESS_KEY (!click a little lockpad icon near this value!)
# AWS_DEFAULT_REGION

## cloudfront-invalidation.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::gitreponame-*"
        },
        {
            "Action": [

## gist:1313f908c88720a1b3f72cb24fae0a25
cd /usr/local/bin
wget https://www.dropbox.com/s/lnk9mriccwydhow/caddy
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
groupadd -g 33 www-data
useradd   -g www-data --no-user-group   --home-dir /var/www --no-create-home   --shell /usr/sbin/nologin   --system --uid 33 www-data
mkdir /etc/caddy
chown -R root:www-data /etc/caddy
mkdir /etc/ssl/caddy

## gist:514cc2feecc95986a081c064b901f2cc
version: '3.3'

services:

  traefik:
    image: traefik:1.5
    command: -c --docker --docker.swarmmode --docker.domain=concept.ubox.one  --docker.watch --web --acme --web.statistics --acme.storage=/etc/traefik/acme/acme.json --acme.email=DELETED --acme.dnsChallenge --acme.dnschallenge.provider=cloudflare --acme.entryPoint=https --entryPoints='Name:http Address::80 Compress:on' --entryPoints='Name:https Address::443 TLS Compress:on' --defaultentrypoints=http,https --accessLog --acme.domains="concept.ubox.one"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - acme:/etc/traefik/acme

## gist:d21b52e7342f2ece1e50871bff6bae85
while true; sleep 1; do curl -I --silent http://nginx1.k8s.ubox.one | grep HTTP; done

## dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

## slack.sh
#!/bin/bash
# Sends Slack notification ERROR_MSG to CHANNEL
# An env. variable CI_SLACK_WEBHOOK_URL needs to be set.

CHANNEL=$1
ERROR_MSG=$2

if [ -z "$CHANNEL" ] || [ -z "$ERROR_MSG" ] || [ -z "$CI_SLACK_WEBHOOK_URL" ]; then
    echo "Missing argument(s) - Use: $0 channel message"
    echo "and set CI_SLACK_WEBHOOK_URL environment variable."

## multiply memcached ubuntu 16.04
cp /etc/memcached.conf /etc/memcached_server1.conf
cp /etc/memcached.conf /etc/memcached_server2.conf

update port in /etc/memcached_server2.conf

1. replace /etc/memcached.conf to /etc/memcached_server1.conf in /lib/systemd/system/memcached.service
2. cp /lib/systemd/system/memcached.service /lib/systemd/system/memcached2.service and set /etc/memcached_server2.conf as config
3. systemctl enable memcached2.service
4. systemctl start memcached2.service
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"elasticbeanstalk:*",
	"ec2:*",
	"ecs:*",
	"ecr:*",
	map $ssl_client_raw_cert $a {
	"~^(-.-\n)(?<st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.-)$" $st;
	}

	server {
	server_name clientssl.example.com;

	client_max_body_size 1G;
	ssl_verify_client optional_no_ca;
	location / {
	# On AWS side:
	# 1. create two custom policies: https://gist.github.com/o1ek/2b32c746ea184f890405cf303fb88057
	# 2. create a user with programmatic access and attach the policies.
	# 3. create S3 buckets gitreponame-master, gitreponame-staging, gitreponame-production, and enable Static website hosting for all.
	# 4. create three CloudFront Distributions, set S3 buckets as origins and save Distribution IDs, you will use them as AWS_CF_TESTID, AWS_CF_STAGEID, and AWS_CF_PRODUCTIONID
	# On Bitbucket side:
	# Go to settings -> Environment variables and add the following values:
	# AWS_ACCESS_KEY_ID (!click a little lockpad icon near this value!)
	# AWS_SECRET_ACCESS_KEY (!click a little lockpad icon near this value!)
	# AWS_DEFAULT_REGION
	cd /usr/local/bin
	wget https://www.dropbox.com/s/lnk9mriccwydhow/caddy
	chown root:root /usr/local/bin/caddy
	chmod 755 /usr/local/bin/caddy
	setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
	groupadd -g 33 www-data
	useradd -g www-data --no-user-group --home-dir /var/www --no-create-home --shell /usr/sbin/nologin --system --uid 33 www-data
	mkdir /etc/caddy
	chown -R root:www-data /etc/caddy
	mkdir /etc/ssl/caddy
	version: '3.3'

	services:

	traefik:
	image: traefik:1.5
	command: -c --docker --docker.swarmmode --docker.domain=concept.ubox.one --docker.watch --web --acme --web.statistics --acme.storage=/etc/traefik/acme/acme.json --acme.email=DELETED --acme.dnsChallenge --acme.dnschallenge.provider=cloudflare --acme.entryPoint=https --entryPoints='Name:http Address::80 Compress:on' --entryPoints='Name:https Address::443 TLS Compress:on' --defaultentrypoints=http,https --accessLog --acme.domains="concept.ubox.one"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- acme:/etc/traefik/acme
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: kubernetes-dashboard
	labels:
	k8s-app: kubernetes-dashboard
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	#!/bin/bash
	# Sends Slack notification ERROR_MSG to CHANNEL
	# An env. variable CI_SLACK_WEBHOOK_URL needs to be set.

	CHANNEL=$1
	ERROR_MSG=$2

	if [ -z "$CHANNEL" ] \|\| [ -z "$ERROR_MSG" ] \|\| [ -z "$CI_SLACK_WEBHOOK_URL" ]; then
	echo "Missing argument(s) - Use: $0 channel message"
	echo "and set CI_SLACK_WEBHOOK_URL environment variable."
	cp /etc/memcached.conf /etc/memcached_server1.conf
	cp /etc/memcached.conf /etc/memcached_server2.conf

	update port in /etc/memcached_server2.conf

	1. replace /etc/memcached.conf to /etc/memcached_server1.conf in /lib/systemd/system/memcached.service
	2. cp /lib/systemd/system/memcached.service /lib/systemd/system/memcached2.service and set /etc/memcached_server2.conf as config
	3. systemctl enable memcached2.service
	4. systemctl start memcached2.service