Skip to content

Instantly share code, notes, and snippets.

@mapmeld
mapmeld / OverEncrypt.md
Last active July 25, 2023 18:55
OverEncrypt - paranoid HTTPS

OverEncrypt

This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone

# IMPORTANT: this example is potentially out of date. The latest version can be found here: https://github.com/papertrail/remote_syslog2/blob/master/examples/remote_syslog.ebextensions.config
# See http://help.papertrailapp.com/kb/hosting-services/aws-elastic-beanstalk/
# Usage:
# - replace <VERSION> with the version of remote_syslog2 you want to use. Example: .../download/v0.14/remote_syslog_linux_amd64.tar.gz
# - replace <YOUR-TRACKED-FILES> with the files you want to monitor for new log lines. Example: - /var/log/httpd/access_log
# - replace <YOUR-APP-NAME> with the name of the application
# - replace <YOUR-LOG-DESTINATION> and <YOUR-PORT-NUMBER> with the values shown under log destinations: https://papertrailapp.com/account/destinations
sources:
@nickjacob
nickjacob / systemd-prblm.service
Last active March 17, 2023 16:11
execute arbitrary bash code/variable substitution in systemd units
[Unit]
Description=Demonstrate Bash
[Service]
ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment MYVAR=$(( 2 + 2 ))"
ExecStart=/usr/bin/echo "2 + 2 = ${MYVAR}"
extends layout
block content
div#form
input#userID(type='text', name='user', placeholder='enter username')
br
textarea(type='textarea', name='text', placeholder='enter tweet', id='tweet')
br
button#submitTweet(type='button') Tweet