Skip to content

Instantly share code, notes, and snippets.

View terrywang's full-sized avatar

Terry Wang terrywang

119 followers · 53 following
View GitHub Profile
@kekru
kekru / 01nginx-tls-sni.md
Last active May 6, 2024 14:59
nginx TLS SNI routing, based on subdomain pattern

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

  • at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
  • check nginx -V for the following: 
    ...
TLS SNI support enabled
@StevenACoffman
StevenACoffman / Docker Best Practices.md
Last active April 29, 2024 08:36
Docker Best Practices

Mistakes to Avoid: Docker Antipatterns

Whichever route you take to implementing containers, you’ll want to steer clear of common pitfalls that can undermine the efficiency of your Docker stack.

Don’t run too many processes inside a single container

The beauty of containers—and an advantage of containers over virtual machines—is that it is easy to make multiple containers interact with one another in order to compose a complete application. There is no need to run a full application inside a single container. Instead, break your application down as much as possible into discrete services, and distribute services across multiple containers. This maximizes flexibility and reliability.

Don’t install operating systems inside Docker containers

It is possible to install a complete Linux operating system inside a container. In most cases, however, this is not necessary. If your goal is to host just a single application or part of an application in the container, you need to install only the essential

@djspiewak
djspiewak / thread-pools.md
Last active April 26, 2024 09:35

Thread Pools

Thread pools on the JVM should usually be divided into the following three categories:

  1. CPU-bound
  2. Blocking IO
  3. Non-blocking IO polling

Each of these categories has a different optimal configuration and usage pattern.

@dohq
dohq / fzf-ssh.zsh
Last active March 21, 2024 14:44
fzf-ssh
function fzf-ssh () {
local selected_host=$(grep "Host " ~/.ssh/ssh_config | grep -v '*' | cut -b 6- | fzf --query "$LBUFFER" --prompt="SSH Remote > ")
if [ -n "$selected_host" ]; then
BUFFER="ssh ${selected_host}"
zle accept-line
fi
zle reset-prompt
}
@joshbuchea
joshbuchea / semantic-commit-messages.md
Last active May 19, 2024 10:52
Semantic Commit Messages

Semantic Commit Messages

See how a minor change to your commit message style can make you a better programmer.

Format: <type>(<scope>): <subject>

<scope> is optional

Example

@yossorion
yossorion / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active April 7, 2024 22:55
What I Wish I'd Known About Equity Before Joining A Unicorn

What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.

This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would

@odedlaz
odedlaz / ocr.py
Last active February 4, 2017 22:04
OCR using tesserocr
from tesserocr import PyTessBaseAPI
import sys
import os
# tesserocr -> https://pypi.python.org/pypi/tesserocr
# cython -> https://pypi.python.org/pypi/Cython
# Pillow -> https://pypi.python.org/pypi/Pillow
if len(sys.argv) != 2:
print("you need to pass the path to the image as first argument")
@girst
girst / load-balance.sh
Last active March 8, 2024 13:26
Simple Linux Load Balancing with `iproute2`
#!/bin/bash
# Load balance multiple internet connections. Requires iproute2, awk and grep.
# (C) 2016 Tobias Girstmair, isticktoit.net, GPLv2
# Also useful: speedometer -l -r eth1 -t eth1 -m $(( 1024 * 1024 * 3 / 2 ))
# Not much user error checking is done - only pass working network connections
# script needs root to work and at least two interfaces to be useful
[ $EUID -eq 0 -a $# -ge 2 ] || {
echo "Usage (as root): $0 iface1[:weight1] iface2[:weight2] ..." >&2
@spaze
spaze / opera-vpn.md
Last active April 20, 2024 02:14
Opera VPN behind the curtains is just a proxy, here's how it works

2023 update

ℹ️ Please note this research is from 2016 when Opera has first added their browser "VPN", even before the "Chinese deal" was closed. They have since introduced some real VPN apps but this below is not about them.

🕵️ Some folks also like to use this article to show a proof that the Opera browser is a spyware or that Opera sells all your data to 3rd parties or something like that. This article here doesn't say anything like that.

When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42 (or similar, see below). It's an HTTP/S proxy which requires auth.

@xero
xero / unix
Last active March 14, 2024 08:08
curl -L git.io.unix
,_ ,_==▄▂
, ▂▃▄▄▅▅▅▂▅¾. / /
▄▆<´ "»▓▓▓%\ / / / /
,▅7" ´>▓▓▓% / / > / >/%
▐¶▓ ,»▓▓¾´ /> %/%// / /
▓▃▅▅