Skip to content

Instantly share code, notes, and snippets.

Avatar
🚀
Looking for a job

Sergey Ponomarev stokito

🚀
Looking for a job
View GitHub Profile
@stokito
stokito / OpenWrt_Virtualbox.md
Last active Aug 13, 2022 — forked from jayluxferro/OpenWrt_Virtualbox.md
How to run OpenWrt in VirtualBox
View OpenWrt_Virtualbox.md

The official doc seems too complicated OpenWrt on VirtualBox HowTo

  1. Download and install VirtualBox. On Windows add to PATH envs C:\Program Files\Oracle\VirtualBox
  2. Get an OpenWrt image openwrt-x86-64-combined-ext4.img.gz from targets/x86/64/ folder. Direct snapshot download
  3. Uncompress the image: gunzip openwrt.img.gz
  4. Convert it to native VirtualBox format:
VBoxManage convertfromraw --format VDI openwrt.img openwrt.vdi
@stokito
stokito / somehost.conf
Last active Jul 7, 2022 — forked from tomkersten/somehost.conf
Nginx config with CORS headers added and Basic Auth
View somehost.conf
server {
server_name example.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/html;
access_log off;
location / {
if ($request_method = 'OPTIONS') {
@stokito
stokito / onion-gen.js
Created Jun 28, 2022 — forked from ttaubert/onion-gen.js
Generating custom .onion names with the WebCrypto API
View onion-gen.js
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
/*
* thirty-two
* https://github.com/chrisumbel/thirty-two
*
@stokito
stokito / onion-svc-v3-client-auth.sh
Last active May 11, 2022 — forked from mtigas/onion-svc-v3-client-auth.sh
experiments with using v3 onions with client auth (as of tor 0.3.5.X)
View onion-svc-v3-client-auth.sh
#!/bin/sh
# needs openssl 1.1+
# needs base64 and base32 utilities.
# On OpenWrt you may install coreutils-base64 and coreutils-base32.
# BusyBox can be compiled with them.
# On other systems try basenc or basez https://manpages.debian.org/testing/basez/base32hex.1.en.html
##### generate a key
@stokito
stokito / jwt-decode.sh
Last active Jan 8, 2022 — forked from KevCui/jwtDecoder.sh
A shell (ash, dash, Bash) script to decode JWT token. Version ported to OpenWrt here https://gist.github.com/stokito/43afca84fc34d1d362bf210cd941a366
View jwt-decode.sh
#!/bin/sh
# Decode a JWT from stdin and verify it's signature with the JWT issuer public key
# Only RS256 keys are supported for signature check
#
# Put OAuth server public key in PEM format to /var/cache/oauth/$JWT_KID.key.pub.pem
# You must create the folder first
# $ sudo mkdir -p /var/cache/oauth/
# To converted key from JWK to PEM use https://8gwifi.org/jwkconvertfunctions.jsp or https://keytool.online/
# NOTE: For Google you can get the keys in PEM format via https://www.googleapis.com/oauth2/v1/certs
# Decode the keys with decodeURIComponent()
@stokito
stokito / firewall.user
Last active Aug 8, 2022 — forked from Manouchehri/cloudflare.sh
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
View firewall.user
# https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed
# https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do
iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT
done
@stokito
stokito / openssl.MD
Created Jan 15, 2018 — forked from jchandra74/openssl.MD
HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window
View openssl.MD

HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window

Overview

My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.

Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:

Self-Signed SSL Issue in Chrome