Skip to content

Instantly share code, notes, and snippets.

View double-p's full-sized avatar

Philipp Buehler double-p

38 followers · 0 following
View GitHub Profile
@double-p
double-p / INSTALL.md
Created April 16, 2016 07:03
Create an OpenBSD 5.9 playground
  • adapt OpenBSD-config.json if need be
  • adapt OpenBSD-59.json for ''iso_url''
  • packer build -var-file=OpenBSD-config.json OpenBSD-59.json
  • vagrant box add obsd59 packer_vbox-obsd-59-amd64_virtualbox.box
  • Vagrantfile as provided
  • vagrant up --provision

This will create isolated networks where tenant1+2 are connected to rdomain-gw-left. Also rdomain-gw-left is connected to rdomain-gw-right and rdomain-gw-right to inetsrv via vboxnets.

@double-p
double-p / gist:09d4318bc02cab1a5536724a7432f837
Created October 7, 2016 21:29
haproxy frontend
default one_two
timeout connect 5s
frontend one
bind :1443 ssl crt ...
bind :1080
frontend two
bind :2443 ssl crt ...
bind :2080
@double-p
double-p / xs-raid
Created October 14, 2016 15:11
mkdir /mnt/root/initrd-raid
mkinitrd -v --fstab=/mnt/etc/fstab /mnt/root/initrd-raid/initrd-`uname -r`-raid.img `uname -r`
[...]
cd /mnt/root/initrd-raid
zcat initrd-`uname -r`-raid.img | cpio -i
vi init
add 'raidautorun' for md1 and md2 below the entry for md0
find . -print | cpio -o -Hnewc | gzip -c > /mnt/boot/initrd-`uname -r`-raid.img
@double-p
double-p / xs65-raid1
Created October 14, 2016 15:14
/sbin/modprobe raid1
# create software-raid devices, one disk on sdb, the other 'missing' for now (sda added later)
yes|mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 missing --metadata=0.90
yes|mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb2 missing
yes|mdadm --create /dev/md2 --level=1 --raid-devices=2 /dev/sdb3 missing
mkfs.ext3 /dev/md0
tune2fs -i 0 /dev/md0
@double-p
double-p / haproxy cloud-mixed filter
Created October 19, 2016 16:43
frontend whatever
acl badclient_ips hdr(CF-connecting-IP) -f /etc/haproxy/badclient_ips.lst
acl badclient_ips src -f /etc/haproxy/badclient_ips.lst
http-request deny if badclient_ips
backend from_above
acl new_hdr hdr_reg(CF-connecting-IP) [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http-request set-header Proxy-ip %ci if !new_hdr
http-request set-header X-Real-IP %ci if !new_hdr
http-request set-header Proxy-ip %[req.hdr(CF-connecting-IP)] if new_hdr
@double-p
double-p / map based haproxy redirects
Created May 21, 2017 05:19
haproxy.conf:
http-request redirect location %[path,lower,map(/etc/haproxy/redirects-path.map)] code 301 if { path,lower,map(/etc/haproxy/redirects-path.map) -m found }
redirects-path.map:
/help /en/help/help.html
/sitemap /en/sitemap.xml
@double-p
double-p / haproxy url-path map
Created July 27, 2017 09:11
haproxy.conf:
http-request redirect location %[path,lower,map(/etc/haproxy/redirects-path.map)]%HQ code 301 if { path,lower,map(/etc/haproxy/redirects-path.map) -m found }
redirects-path.map:
/ /en/home/index.html
/en /en/home/index.html
/en/ /en/home/index.html
#and so on
@double-p
double-p / web spiders
Created August 3, 2017 15:20
# acl is_bot hdr_sub(user-agent) -f /etc/haproxy/spider.lst
Googlebot/
Bingbot/
ysearch/slurp
DuckDuckBot/
Baiduspider/
YandexBot/
sogou.com/
Exabot/
facebookexternalhit/
@double-p
double-p / haproxy-passwd
Created October 4, 2017 10:19
require 'digest/sha2'
begin
require 'io/console'
rescue LoadError
$no_io_console = true
end
def ask_noecho(message)
$stderr.print message
@double-p
double-p / Linux + Stop Blob
Created January 24, 2018 20:31
Linux wakes up? https://lnkd.in/gDwXb3g … Please note that 'Stop Blob' in OpenBSD came in early 2006. https://lnkd.in/gPiXPZu
Maybe, maybe - the other day - people might realize that closed-source and embargoes are utter failure.
Embargo or Treason - basically INFORMATION leaking - is not defined by the "owner", but by the betrayed ones. Just that most are not even realizing that they are even betrayed on. So the smoke+mirroring goes on and on.. the overall ignorance about this makes me sad.