Thibault Jamet tjamet

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tjamet
                / keybase.md
            
            
              Last active
              October 26, 2015 14:23
            
          
    Keybase proof

I hereby claim:

I am tjamet on github.
I am thibo (https://keybase.io/thibo) on keybase.
I have a public key whose fingerprint is 447F ABDB F10E EE23 4EB0  6DD2 B334 F345 2D9A 6625

To claim this, I am signing this object:

  
## docker-haproxy-certbot.sh
mkdir www letsencrypt lib

docker run --rm -p 80:9000 -v $PWD/www:/src -w /src python:alpine python -m http.server 9000

docker run -v $PWD/letsencrypt:/etc/letsencrypt -v $PWD/lib:/var/lib/letsencrypt -v $PWD/www:/var/www certbot/certbot certonly --webroot -w /var/www --domain ${domain}

cat ./letsencrypt/live/${domain}/fullchain.pem ./letsencrypt/live/${domain}/privkey.pem > cert.haproxy

## tls-http-server.go
// From https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3223
// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
// connections. It's used by ListenAndServe and ListenAndServeTLS so
// dead TCP connections (e.g. closing laptop mid-download) eventually
// go away.
type tcpKeepAliveListener struct {
	*net.TCPListener
}

func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {

## proxy-handler-factory.go

func newProxyHandler(client *http.Client, backend *url.URL) http.Handler {
	return http.HandlerFunc(func(ow http.ResponseWriter, r *http.Request) {
		w := &loggedResponseWriter{ResponseWriter: ow}
		defer func() {
			log.Printf("%s %s %d %d Bytes", r.Method, r.URL.Path, w.code, w.size)
		}()
		req, err := http.NewRequest(r.Method, fmt.Sprintf("%s://%s", backend.Scheme, backend.Host), r.Body)
		if err != nil {
			log.Println("failed to call backend:", err.Error())

## Kubectl-oneliners.sh
# Create an AWS secret from a kubernetes one
kubectl get secret my-secret -o json | jq -r '.data | map_values(.| @base64d | fromjson)' |\
  aws secretsmanager create-secret --name my-secret --secret-string file:///dev/stdin
	mkdir www letsencrypt lib

	docker run --rm -p 80:9000 -v $PWD/www:/src -w /src python:alpine python -m http.server 9000

	docker run -v $PWD/letsencrypt:/etc/letsencrypt -v $PWD/lib:/var/lib/letsencrypt -v $PWD/www:/var/www certbot/certbot certonly --webroot -w /var/www --domain ${domain}

	cat ./letsencrypt/live/${domain}/fullchain.pem ./letsencrypt/live/${domain}/privkey.pem > cert.haproxy
	// From https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3223
	// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
	// connections. It's used by ListenAndServe and ListenAndServeTLS so
	// dead TCP connections (e.g. closing laptop mid-download) eventually
	// go away.
	type tcpKeepAliveListener struct {
	*net.TCPListener
	}

	func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {

	func newProxyHandler(client http.Client, backend url.URL) http.Handler {
	return http.HandlerFunc(func(ow http.ResponseWriter, r *http.Request) {
	w := &loggedResponseWriter{ResponseWriter: ow}
	defer func() {
	log.Printf("%s %s %d %d Bytes", r.Method, r.URL.Path, w.code, w.size)
	}()
	req, err := http.NewRequest(r.Method, fmt.Sprintf("%s://%s", backend.Scheme, backend.Host), r.Body)
	if err != nil {
	log.Println("failed to call backend:", err.Error())
	# Create an AWS secret from a kubernetes one
	kubectl get secret my-secret -o json \| jq -r '.data \| map_values(.\| @base64d \| fromjson)' \|\
	aws secretsmanager create-secret --name my-secret --secret-string file:///dev/stdin