Skip to content

Instantly share code, notes, and snippets.

View hivelogic2018's full-sized avatar

Kim Tran hivelogic2018

1 follower · 1 following
View GitHub Profile
@hivelogic2018
hivelogic2018 / gist:a1cb8423f6301dd1f84363415f18a897
Created April 2, 2021 21:04
Cryptology - Java
package com.domain.modulo;
import javax.annotation.PostConstruct;
import org.apache.commons.dbcp.BasicDataSource; // optional
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.properties.PropertyValueEncryptionUtils;
public class Cryptology extends BasicDataSource {
@hivelogic2018
hivelogic2018 / opt1.ts
Last active June 9, 2025 06:43
Hono
/// Project Structure for Option 1 (Hono as Entry Point with Nuxt as SSR Client)
//
// This structure supports:
// - Hono as the API Gateway and Orchestration Layer
// - Nuxt as an SSR Vue frontend (deployed as a separate client or proxied route)
// - MongoDB + Mongoose integration
// - GraphQL endpoint
// - Temporal or message queue support via orchestration hooks
// Updated File Structure:
@hivelogic2018
hivelogic2018 / gist:044cb7ddd4677854c9cd0c4fb8cbcf2b
Created August 1, 2025 09:02
DevOps 7/2025
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name teleport.zingastay.com;
# SSL configuration (handled by CapRover's Let's Encrypt)
ssl_certificate /nginx-shared/ssl/teleport.zingastay.com/fullchain.pem;
ssl_certificate_key /nginx-shared/ssl/teleport.zingastay.com/privkey.pem;
# Proxy settings for Teleport
@hivelogic2018
hivelogic2018 / gist:7a58d485fcd0785245c5499c6ddd2bbc
Created August 4, 2025 03:39
certbot auto-renewal & --dry-run

Q: Set up auto-renewal (/etc/cron.d) ? what does --dry-run mean ? sudo certbot renew --dry-run

You've asked about setting up auto-renewal for Certbot and what the --dry-run flag does.

Auto-renewal with cron

Certbot's official packages from repositories like EPEL on CentOS/RHEL or the official PPA on Ubuntu/Debian typically handle auto-renewal for you automatically. When you install Certbot, it usually creates a cron job or a systemd timer that runs twice a day to check for certificates that need renewal.

You can verify this by checking for the presence of a file in /etc/cron.d/certbot or /etc/cron.daily/certbot. This file contains the command that Certbot will use to check for and renew certificates.

@hivelogic2018
hivelogic2018 / gist:9772c10366f78d260343ae2ec975bd00
Created August 4, 2025 03:40
Teleport server Docker container logs

From your Teleport server Docker container logs, here's a diagnosis of what's preventing you from accessing Teleport and its UI:

Core Problem: TLS Certificate Verification Failure

The most critical errors in your logs point to TLS certificate verification failures. This means the Teleport components are unable to trust each other's certificates, which is essential for secure communication.

You see these repeated errors:

@hivelogic2018
hivelogic2018 / answer.md
Created August 4, 2025 13:06
Caprover NET_ADMIN line in its Docker command

The NET_ADMIN capability in this Docker Compose file:

cap_add:
  - NET_ADMIN

is a Linux capability that grants the container elevated privileges to manage network-related operations. It's one of many fine-grained permissions that containers can be granted in a secure way, without giving them full root access.

🧠 What does NET_ADMIN do?

@hivelogic2018
hivelogic2018 / Dockerfile.teleport
Last active August 4, 2025 14:21
Dockerfile scripting
# --- Stage 1: Builder to install curl ---
# Use a standard Debian image to install curl and its dependencies.
FROM debian:stable-slim AS builder
# Install curl and its dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
ca-certificates \
libcurl4 \
&& rm -rf /var/lib/apt/lists/*
@hivelogic2018
hivelogic2018 / custom-image-teleport-w-cli.md
Last active August 4, 2025 14:36
TELEPORT SETUP

You're suggesting a direct modification of the teleport-distroless image to include a shell and the tctl/tsh binaries, similar to how one might add wal2json to a PostgreSQL image. This is indeed a way to achieve direct docker exec access and tctl usage within the teleport-server container.

However, it's important to understand the implications:

  • Defeats Distroless Purpose: The primary benefit of a distroless image is its minimal attack surface and small size. Adding a shell, tctl, tsh, and their dependencies will increase the image size and introduce more potential vulnerabilities. This negates the security advantages of using a distroless base.
  • Security Best Practice: In production environments, it's generally recommended to keep your application containers as lean as possible. Admin tools like tctl are typically run from a separate, secure administrative workstation or a dedicated "admin" container (like your alpine-admin-box), which connects remotely to the server
@hivelogic2018
hivelogic2018 / qna.md
Created August 6, 2025 00:32
Bots vs Teleport

What are Bots? in Teleport ?

Static keys and API keys in your automated workflows are the target of hackers and are one of the primary sources of security breaches.

Teleport Machine ID replaces shared credentials and secrets with short-lived x.509 or SSH certificates and gives you a unified plan to register, define access policies, and audit all your workflows.

How different is that from Forgejo Git Actions to achieve my CI/CD automation & deployment strategy discussed previously with you ?

@hivelogic2018
hivelogic2018 / qna.md
Created August 6, 2025 00:52
nginx redirect vs nginx reverse proxy

nginx redirect vs nginx reverse proxy ?

Nginx redirect and Nginx reverse proxy are two distinct but sometimes complementary functionalities of Nginx, a popular web server. Here's a breakdown of their differences:

Nginx Redirect

A redirect tells the client (usually a web browser) that the requested resource has moved to a new location. The client then initiates a new request to the new URL.

How it works:

  1. Client Request: A client requests a URL (e.g., http://old-domain.com/page).