djvdorp

Keybase proof

I hereby claim:

• I am djvdorp on github.
• I am djvdorp (https://keybase.io/djvdorp) on keybase.
• I have a public key whose fingerprint is C435 A515 1C46 8FA5 07EC A395 96C2 3C75 87BE 3410

To claim this, I am signing this object:

djvdorp

How to Review Changes between Cloud Foundry Releases

This gist decribes a recommended way to review the differences between Cloud Foundry releases so they can be applied to our environments.

There are multiple ways listed to check the differences but typically you want to

• Use git diff to see what has changed between release branches
• Check the spec files to see the default options of the items that have been introduced or changed
• Generate two Cloud Foundry manifests from each release and compare the two using spiff diff

djvdorp

i3 Window Manager Cheat Sheet

$mod refers to the modifier key (window/command or alt by default depending on config)

General

• startx i3 start i3 from command line
• $mod+<Enter> open a terminal
• $mod+d open dmenu (text based program launcher)
• $mod+r resize mode ( or to leave resize mode)
• $mod+shift+e exit i3

djvdorp

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048
    
# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
openssl ecparam -genkey -name secp384r1 -out server.key

djvdorp

[clever@amd-nixos:~/apps/nixpkgs]$ git remote -v
channels        [email protected]:NixOS/nixpkgs-channels.git (fetch)
channels        [email protected]:NixOS/nixpkgs-channels.git (push)
origin  [email protected]:NixOS/nixpkgs.git (fetch)
origin  [email protected]:NixOS/nixpkgs.git (push)
[clever@amd-nixos:~/apps/nixpkgs]$ git fetch channels
   8512747..adfcc2d  nixos-unstable -> channels/nixos-unstable
[clever@amd-nixos:~/apps/nixpkgs]$ git checkout channels/nixos-unstable
M       nixos/lib/make-squashfs.nix
M       pkgs/top-level/platforms.nix

djvdorp

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;

djvdorp

#!/bin/bash
## Obserivum Client Setup Script
## v.0.5 - 12/15/13 - [email protected]
## Tested on Debian 6/7 & Ubuntu 12.04+ - CentOS 5.8/6.4
## Useage: ./observium-client.sh <Community> <Contact Email>
## check if root
if [ $(whoami) != "root" ]; then
        echo "You need to run this script as root."
        echo "Use 'sudo ./observium-client.sh' then enter your password when prompted."
        exit 1

djvdorp

# Modify this file accordingly for your specific requirement.
# http://www.thegeekstuff.com
# 1. Delete all existing rules
iptables -F

# 2. Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

djvdorp

##Domain

We need some records on our domain (mydomain.com) DNS for connections. Add these records:

t1              IN      NS      t1ns.mydomain.com. ; note final the dot!
t1ns            IN      A       OUR_SERVER_IP

##Server

djvdorp

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

• Standalone: replaces the webserver to respond to ACME challenges
• Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.