For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
This is just some code I recently used in my development application in order to add token-based authentication for my api-only rails app. The api-client was to be consumed by a mobile application, so I needed an authentication solution that would keep the user logged in indefinetly and the only way to do this was either using refresh tokens or sliding sessions.
I also needed a way to both blacklist and whitelist tokens based on a unique identifier (jti)
Before trying it out DIY, I considered using:
# to generate your dhparam.pem file, run in the terminal | |
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
# Stop all containers | |
docker stop `docker ps -qa` | |
# Remove all containers | |
docker rm `docker ps -qa` | |
# Remove all images | |
docker rmi -f `docker images -qa ` | |
# Remove all volumes |
# Nginx+Unicorn best-practices congifuration guide. Heartbleed fixed. | |
# We use latest stable nginx with fresh **openssl**, **zlib** and **pcre** dependencies. | |
# Some extra handy modules to use: --with-http_stub_status_module --with-http_gzip_static_module | |
# | |
# Deployment structure | |
# | |
# SERVER: | |
# /etc/init.d/nginx (1. nginx) | |
# /home/app/public_html/app_production/current (Capistrano directory) | |
# |
This has been moved into the official Chef docs:
https://docs.chef.io/custom_resources_notes.html
This is by far the most recommended way of writing resources for all users. There are two gotchas which we're working through:
action_class do ... end
block.module ActiveRecord::UnionScope | |
def self.included(base) | |
base.send :extend, ClassMethods | |
end | |
module ClassMethods | |
def union_scope(*scopes) | |
id_column = "#{table_name}.#{primary_key}" | |
sub_query = scopes.map { |s| s.select(id_column).to_sql }.join(" UNION ") | |
where "#{id_column} IN (#{sub_query})" |
# Install Time Machine service on CentOS 7 | |
# http://netatalk.sourceforge.net/wiki/index.php/Netatalk_3.1.7_SRPM_for_Fedora_and_CentOS | |
# http://confoundedtech.blogspot.com/2011/07/draft-draft-ubuntu-as-apple-time.html | |
yum install -y rpm-build gcc make wget | |
# install netatalk | |
yum install -y avahi-devel cracklib-devel dbus-devel dbus-glib-devel libacl-devel libattr-devel libdb-devel libevent-devel libgcrypt-devel krb5-devel mysql-devel openldap-devel openssl-devel pam-devel quota-devel systemtap-sdt-devel tcp_wrappers-devel libtdb-devel tracker-devel | |
yum install -y bison docbook-style-xsl flex dconf |
// @flow | |
import type { | |
StyleObj, | |
} from 'react-native/Libraries/StyleSheet/StyleSheetTypes'; | |
import React from 'react'; | |
import PropTypes from 'prop-types'; | |
import { Text, View, StyleSheet } from 'react-native'; | |
import invariant from 'invariant'; |
# From a fresh install of squeeze | |
apt-get install ruby rubygems # Need ruby to use fpm | |
gem1.8 install fpm --no-ri --no-rdoc | |
apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev ncurses-dev libyaml-dev | |
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p125.tar.gz | |
tar -zxvf ruby-1.9.3-p125.tar.gz | |
cd ruby-1.9.3-p125 | |
rm -rf /tmp/ruby193 |