| RewriteRule "(^|/)\.(?!well-known\/)" - [F] |
These commands generate and use private keys in unencrypted binary (not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here because it is the most interoperable format when dealing with software that isn't based on OpenSSL.
OpenSSL has a variety of commands that can be used to operate on private
key files, some of which are specific to RSA (e.g. openssl rsa and
openssl genrsa) or which have other limitations. Here we always use
Follow these steps to remove all archives from an AWS vault. After this is finished, you will be able to delete the vault itself through the browser console.
This will create a job that collects required information about the vault.
$ aws glacier initiate-job --job-parameters '{"Type": "inventory-retrieval"}' --account-id YOUR_ACCOUNT_ID --region YOUR_REGION --vault-name YOUR_VAULT_NAME
Retrieve hosted zones with aws route53 list-hosted-zones then enter the zone Id below:
aws route53 list-resource-record-sets --hosted-zone-id "/hostedzone/xxxxxxxxxxx" | \
jq -r '.ResourceRecordSets[] | [.Name, .Type, (.ResourceRecords[]? | .Value), .AliasTarget.DNSName?] | @tsv'
| # Stop all containers | |
| docker stop `docker ps -qa` | |
| # Remove all containers | |
| docker rm `docker ps -qa` | |
| # Remove all images | |
| docker rmi -f `docker images -qa ` | |
| # Remove all volumes |
Part 1: Create a working http load balancer
I'v decided to use amazon for hosting my (Ubuntu 14.04 trusty) server (t2.nano (still an overkill, anything with 256 mb ram is sufficient IMHO))
-
you have to create a security profile which opens port 22 for ssh, 80 for http, and 443 for https.
-
ssh into your server.
The list of actions listed below was taken mostly from Book Of Zeus with minor modifications and did the job well for Ubuntu version, which was available at that moment (May 2016). This gist was created for internal use and was never meant to be discovered by the web, although Google managed to find and index this page, which was a great surprise for me. Please check the original source for the updated information (links are provided in most of the sections), and read the comments below: they provide more details about the usage experience.
http://bookofzeus.com/harden-ubuntu/initial-setup/system-updates/
Keeping the system updated is vital before starting anything on your system. This will prevent people to use known vulnerabilities to enter in your system.
If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:
- Generate and add your key to GitHub
$ git config --global commit.gpgsign true([OPTIONAL] every commit will now be signed)$ git config --global user.signingkey ABCDEF01(whereABCDEF01is the fingerprint of the key to use)$ git config --global alias.logs "log --show-signature"(now available as$ git logs)$ git config --global alias.cis "commit -S"(optional if global signing is false)$ echo "Some content" >> example.txt$ git add example.txt$ git cis -m "This commit is signed by a GPG key."(regularcommitwill work if global signing is enabled)
CloudFlare is an awesome reverse cache proxy and CDN that provides DNS, free HTTPS (TLS) support, best-in-class performance settings (gzip, SDCH, HTTP/2, sane Cache-Control and E-Tag headers, etc.), minification, etc.
- Make sure you have registered a domain name.
- Sign up for CloudFlare and create an account for your domain.
- In your domain registrar's admin panel, point the nameservers to CloudFlare's (refer to this awesome list of links for instructions for various registrars).
- From the CloudFlare settings for that domain, enable HTTPS/SSL and set up a Page Rule to force HTTPS redirects. (If you want to get fancy, you can also enable automatic minification for text-based assets [HTML/CSS/JS/SVG/etc.], which is a pretty cool feature if you don't want already have a build step for minification.)
- If you