pdxjohnny

.terraform/
*.pem
*.tf
*.tfstate
*.yaml
*.backup
istio-*/
cert-manager-*/
*.swp
env

kekru

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

• at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
• check nginx -V for the following:

  ...
  TLS SNI support enabled

axdotl

Perform Keycloak Export and Import on Kubernetes

• Setup Keycloak in non-HA mode (replica 1)
• Disable UserFederation
• You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits

See Keycloak Documentation for more details.

Export

irvingpop

# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
#  "${data.external.ssh_key_generator.result.public_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
  program = ["bash", "${path.root}/../ssh_key_generator.sh"]

  query = {
    customer_name = "${var.customer_name}"
    customer_group = "${var.customer_group}"

kekru

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

• CA certificate
• Server certificate
• Server key
• Client certificate
• Client key

Create certificate files

mapmeld

OverEncrypt

This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone

karlkfi

#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

# org/repo (e.g. karlkfi/probe)
REPO=$1
# range (e.g. 1.8.4..1.8.5)
RANGE=$2

anonymuse

#!/usr/bin/env bash
#
# Purpose: Create a Swarm Mode cluster with a single master and a configurable
# number of workers.
# This script is a mirror of the following gist, which is used to
# populate a Medium story. Unfortunately, there's no way to synchronize all
# three
#
# Medium: https://medium.com/contino-io/docker-kata-005-ac8429082f6c
# Gist: https://gist.github.com/anonymuse/502e7bf5c7b67bb95a4250cdccbc5125

jfriv

#!/bin/bash

# set up some variables

NOW_DATE=$(date '+%Y-%m-%d-%H-%M')
RESTORE_FROM_INSTANCE_ID=<source name>
TARGET_INSTANCE_ID=<target name>
TARGET_INSTANCE_CLASS=db.m4.large
VPC_ID=<vpc subnet id>
NEW_MASTER_PASS=<root password>

gesellix

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty



screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker