Skip to content

Instantly share code, notes, and snippets.

@sanmai
sanmai / dumpchain.pl
Last active December 1, 2020 13:14
Dumps the whole certificate chain for a server in purposes of OCSP stapling
#!/usr/bin/perl
use strict;
use warnings;
# install libio-socket-ssl-perl to get this
use IO::Socket::SSL;
my $hostname = shift or die "Usage: $0 www.example.com\n";
IO::Socket::SSL->new(
PeerHost => "$hostname:443",
@paskal
paskal / site.conf
Last active May 17, 2024 07:18 — forked from plentz/nginx.conf
Nginx configuration for best security and modest performance. Full info on https://terrty.net/2014/ssl-tls-in-nginx/
# read more at https://terrty.net/2014/ssl-tls-in-nginx/
# latest version on https://gist.github.com/paskal/628882bee1948ef126dd/126e4d1daeb5244aacbbd847c5247c2e293f6adf
# security test score: https://www.ssllabs.com/ssltest/analyze.html?d=terrty.net
# your nginx version might not have all directives included, test this configuration before using in production against your nginx:
# $ nginx -c /etc/nginx/nginx.conf -t
server {
# public key, contains your public key and class 1 certificate, to create:
# (example for startssl)
# $ (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
@sindresorhus
sindresorhus / post-merge
Last active May 2, 2024 03:18
git hook to run a command after `git pull` if a specified file was changed.In this example it's used to run `npm install` if package.json changed and `bower install` if `bower.json` changed.Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
#!/usr/bin/env bash
# MIT © Sindre Sorhus - sindresorhus.com
# git hook to run a command after `git pull` if a specified file was changed
# Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"
@dkubb
dkubb / ssl.nginxconf
Last active April 11, 2019 03:56
Nginx SSL configuration (PFS, HSTS, SPDY, BREACH mitigation, FIPS compliant)
ssl_certificate cert.pem;
ssl_certificate_key cert.key.pem;
ssl_trusted_certificate cert.ca.pem;
ssl_dhparam cert.dh.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
@plentz
plentz / nginx.conf
Last active June 11, 2024 06:55
Best nginx configuration for improved security(and performance)
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@alanbriolat
alanbriolat / default.conf
Created September 28, 2011 14:01
nginx userdir + PHP-FPM
server {
listen 80;
server_name localhost;
# ... other default site stuff, document root, etc. ...
location ~ ^/~(?<userdir_user>.+?)(?<userdir_uri>/.*)?$ {
alias /home/$userdir_user/public_html$userdir_uri;
index index.html index.htm index.php;
autoindex on;