Skip to content

Instantly share code, notes, and snippets.

View elrumordelaluz's full-sized avatar
🚲
--css-bikeriables

Lionel Tzatzkin elrumordelaluz

🚲
--css-bikeriables
733 followers · 100 following
View GitHub Profile
@plentz
plentz / nginx.conf
Last active August 14, 2025 00:51
Best nginx configuration for improved security(and performance)
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@cerebrl
cerebrl / 1-securing-express.md
Last active May 15, 2025 04:51
Securing ExpressJS

tl;dr

  1. Don't run as root.
  2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
  3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
  4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
  5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.
@jed
jed / how-to-set-up-stress-free-ssl-on-os-x.md
Last active February 27, 2025 16:31
How to set up stress-free SSL on an OS X development machine

How to set up stress-free SSL on an OS X development machine

One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.

Most workflows make the following compromises:

  • Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.

  • Use production SSL certificates locally. This is annoying

@azat-co
azat-co / express.js
Last active August 19, 2018 03:30
Tutorial: REST API with Node.js and MongoDB using Mongoskin and Express.js
var express = require('express')
, mongoskin = require('mongoskin')
var app = express()
app.use(express.bodyParser())
var db = mongoskin.db('localhost:27017/test', {safe:true});
app.param('collectionName', function(req, res, next, collectionName){
req.collection = db.collection(collectionName)
@Integralist
Integralist / regex.js
Created March 11, 2013 15:15
The difference between JavaScript's `exec` and `match` methods is subtle but important, and I always forget...
var str = "The quick brown fox jumped over the box like an ox with a sox in its mouth";
str.match(/\w(ox)/g); // ["fox", "box", "sox"]
// match (when used with a 'g' flag) returns an Array with all matches found
// if you don't use the 'g' flag then it acts the same as the 'exec' method.
str.match(/\w(ox)/); // ["fox", "ox"]
/\w(ox)/.exec(str); // ["fox", "ox"]
@cobyism
cobyism / gh-pages-deploy.md
Last active July 1, 2025 06:35
Deploy to `gh-pages` from a `dist` folder on the master branch. Useful for use with [yeoman](http://yeoman.io).

Deploying a subfolder to GitHub Pages

Sometimes you want to have a subdirectory on the master branch be the root directory of a repository’s gh-pages branch. This is useful for things like sites developed with Yeoman, or if you have a Jekyll site contained in the master branch alongside the rest of your code.

For the sake of this example, let’s pretend the subfolder containing your site is named dist.

Step 1

Remove the dist directory from the project’s .gitignore file (it’s ignored by default by Yeoman).

@mikhailov
mikhailov / 0. nginx_setup.sh
Last active June 6, 2025 19:19
NGINX+SPDY with Unicorn. True Zero-Downtime unless migrations. Best practices.
# Nginx+Unicorn best-practices congifuration guide. Heartbleed fixed.
# We use latest stable nginx with fresh **openssl**, **zlib** and **pcre** dependencies.
# Some extra handy modules to use: --with-http_stub_status_module --with-http_gzip_static_module
#
# Deployment structure
#
# SERVER:
# /etc/init.d/nginx (1. nginx)
# /home/app/public_html/app_production/current (Capistrano directory)
#
@CristinaSolana
CristinaSolana / gist:1885435
Created February 22, 2012 14:56
Keeping a fork up to date

1. Clone your fork:

git clone [email protected]:YOUR-USERNAME/YOUR-FORKED-REPO.git

2. Add remote from original repository in your forked repository:

cd into/cloned/fork-repo
git remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/REPO-YOU-FORKED-FROM.git
git fetch upstream
@ScottPhillips
ScottPhillips / .htaccess
Created February 2, 2012 04:30
Common .htaccess Redirects
#301 Redirects for .htaccess
#Redirect a single page:
Redirect 301 /pagename.php http://www.domain.com/pagename.html
#Redirect an entire site:
Redirect 301 / http://www.domain.com/
#Redirect an entire site to a sub folder
Redirect 301 / http://www.domain.com/subfolder/
@mathewbyrne
mathewbyrne / slugify.js
Created October 12, 2011 04:34
Javascript Slugify
function slugify(text)
{
return text.toString().toLowerCase()
.replace(/\s+/g, '-') // Replace spaces with -
.replace(/[^\w\-]+/g, '') // Remove all non-word chars
.replace(/\-\-+/g, '-') // Replace multiple - with single -
.replace(/^-+/, '') // Trim - from start of text
.replace(/-+$/, ''); // Trim - from end of text
}