I hereby claim:
- I am MatthewVance on github.
- I am mvance (https://keybase.io/mvance) on keybase.
- I have a public key whose fingerprint is 12E3 2FE5 0618 0D2E 48E1 D0B2 6895 3CC8 61A6 7E7D
To claim this, I am signing this object:
Matthew Vance MatthewVance
MatthewVance
/ build_nginx.sh
Last active
August 28, 2018 12:15
— forked from MattWilcox/build_nginx.sh
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # make script exit if a simple command fails and | |
| # make script print commands being executed | |
| set -e -x | |
| # names of latest versions of each package | |
| export VERSION_PCRE=pcre-8.38 | |
| export VERSION_OPENSSL=openssl-1.0.2f | |
| export VERSION_NGINX=nginx-1.9.11 |
MatthewVance
/ keybase.md
Created
February 16, 2016 02:18
MatthewVance
/ HKPS Pool Setup
Created
April 10, 2018 02:35
Better GnuPG config ( ~/.gnupg/gpg.conf). Optionally set default key at the bottom of the file. Requires hkps.pool.sks-keyservers.net pool to be setup.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Verify TLS at https://sks-keyservers.net/verify_tls.php | |
| mkdir -p ~/Downloads/gpg/hkps | |
| cd ~/Downloads/gpg/hkps | |
| curl -L https://sks-keyservers.net/sks-keyservers.netCA.pem -O | |
| curl -L https://sks-keyservers.net/sks-keyservers.netCA.pem.asc -O | |
| #import key for HKPS signature | |
| gpg --recv-key 0x0B7F8B60E3EDFAE3 |
MatthewVance
/ config
Created
April 10, 2018 02:41
Hardened config for OpenSSH config files. Be sure to update ListenAddress with IP of server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Defaults for all my hosts | |
| Host * | |
| AddressFamily inet | |
| Ciphers [email protected],[email protected] | |
| ForwardX11 no | |
| ForwardX11Trusted no | |
| KexAlgorithms [email protected] | |
| #hmac-sha2-512 is at end of list for github support | |
| MACs [email protected],[email protected],[email protected],hmac-sha2-512 | |
| Protocol 2 |
MatthewVance
/ VirtualHost Conf
Created
April 10, 2018 02:51
Security focused NGINX configuration files. Change allow/deny based on IP address restriction needs. Remove PHP settings if not required.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Credits and major sources of help for this config | |
| # http://arstechnica.com/series/web-served/ | |
| # https://gist.github.com/plentz/6737338 | |
| # https://gist.github.com/kennwhite/25183c3f05266ee0ad7f | |
| # http://blog.rlove.org/2013/12/strong-ssl-crypto.html | |
| # http://blog.rlove.org/2014/04/the-end-of-life-of-windows-xp-and.html | |
| ## | |
| # Default server configuration | |
| ## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [user] | |
| name = Matthew Vance | |
| email = [email protected] | |
| [core] | |
| autocrlf = input | |
| editor = nano | |
| excludesfile = /home/pi/.gitignore_global | |
| [alias] | |
| # basic | |
| br = branch |
MatthewVance
/ unbound.conf
Last active
May 6, 2024 21:18
Config for running Unbound as a caching DNS forwarder (performance settings optimized for Raspberry Pi 2).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| ########################################################################### | |
| # BASIC SETTINGS | |
| ########################################################################### | |
| # Time to live maximum for RRsets and messages in the cache. If the maximum | |
| # kicks in, responses to clients still get decrementing TTLs based on the | |
| # original (larger) values. When the internal TTL expires, the cache item | |
| # has expired. Can be set lower to force the resolver to query for data | |
| # often, and not trust (very large) TTL values. | |
| cache-max-ttl: 86400 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=rclone - rsync for cloud storage | |
| Documentation=https://rclone.org/docs/ | |
| After=network-online.target | |
| Before=caddy.service | |
| Wants=network-online.target systemd-networkd-wait-online.service | |
| Requires=caddy.service | |
| [Service] | |
| Restart=on-abnormal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Caddy HTTP/2 web server | |
| Documentation=https://caddyserver.com/docs | |
| After=network-online.target | |
| Wants=network-online.target systemd-networkd-wait-online.service | |
| [Service] | |
| Restart=on-abnormal | |
| ; User and group the process will run as. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######### | |
| # Aliases | |
| ######### | |
| # Configure aliases to work when prefixed with sudo | |
| alias sudo='sudo ' | |
| # ------------------------------------ | |
| # Apt-get | |
| # ------------------------------------ | |
| # Install package (e.g., apti nginx) |
OlderNewer