This article describes what happens when a zone is signed with DNSSEC. This document helps to understand the concept of zone signing and does not detail the actual steps for signing a zone.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh +ux | |
# We set the sh +ux flags so that we error on undefined variables and error on bad commands | |
help() { | |
echo >&2 "$0 [-f] [-p] [-q] [<priv_key_file>] [<key_type>] [<key_comment>]" | |
echo >&2 | |
echo >&2 "-q / --quiet to silent all output (except -p if passed)" | |
echo >&2 "-p / --pubkey to output public key after generation" | |
echo >&2 "-f / --force to force replacing existing key" | |
echo >&2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# aarch64, armhf, armv7, ppc64le, s390x, x86, x86_64 | |
ARCH="armv7" # Turris Omnia | |
REVISION="8.275.01-r0" | |
DESTDIR="" # empty for root, you can set to /opt | |
# Alpine v3.13 switched to musl v1.2.0 while TurrisOS 6.4.1 uses older musl v1.1.24 | |
# Use ldd command to see a musl version. | |
# If it's newer then change the URL to https://dl-cdn.alpinelinux.org/alpine/edge/ | |
# You will also need to change the REVISION for the latest |
The official doc seems too complicated OpenWrt on VirtualBox HowTo
- Download and install VirtualBox. On Windows add to PATH envs
C:\Program Files\Oracle\VirtualBox
- Get an OpenWrt image
openwrt-x86-64-combined-ext4.img.gz
from targets/x86/64/ folder. Direct snapshot download - Uncompress the image:
gunzip openwrt.img.gz
- Convert it to native VirtualBox format:
VBoxManage convertfromraw --format VDI openwrt.img openwrt.vdi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
server_name example.com; | |
listen 443 ssl; | |
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; | |
root /var/www/html; | |
access_log off; | |
location / { | |
if ($request_method = 'OPTIONS') { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* This Source Code Form is subject to the terms of the Mozilla Public | |
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | |
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
"use strict"; | |
/* | |
* thirty-two | |
* https://github.com/chrisumbel/thirty-two | |
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# needs openssl 1.1+ | |
# needs base64 and base32 utilities. | |
# On OpenWrt you may install coreutils-base64 and coreutils-base32. | |
# BusyBox can be compiled with them. | |
# On other systems try basenc or basez https://manpages.debian.org/testing/basez/base32hex.1.en.html | |
##### generate a key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Decode a JWT from stdin and verify it's signature with the JWT issuer public key | |
# Only RS256 keys are supported for signature check | |
# | |
# Put OAuth server public key in PEM format to /var/cache/oauth/$JWT_KID.key.pub.pem | |
# You must create the folder first | |
# $ sudo mkdir -p /var/cache/oauth/ | |
# To converted key from JWK to PEM use https://8gwifi.org/jwkconvertfunctions.jsp or https://keytool.online/ | |
# NOTE: For Google you can get the keys in PEM format via https://www.googleapis.com/oauth2/v1/certs | |
# Decode the keys with decodeURIComponent() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed | |
# https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/ | |
for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do | |
iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT | |
done |