weijh imweijh

Generate ssl certificates with Subject Alt Names on OSX

Open ssl.conf in a text editor.

Edit the domain(s) listed under the [alt_names] section so that they match the local domain name you want to use for your project, e.g.

DNS.1   = my-project.dev

Additional FQDNs can be added if required:

Latency numbers every programmer should know

L1 cache reference ......................... 0.5 ns
Branch mispredict ............................ 5 ns
L2 cache reference ........................... 7 ns
Mutex lock/unlock ........................... 25 ns
Main memory reference ...................... 100 ns             
Compress 1K bytes with Zippy ............. 3,000 ns  =   3 µs
Send 2K bytes over 1 Gbps network ....... 20,000 ns  =  20 µs
SSD random read ........................ 150,000 ns  = 150 µs

Read 1 MB sequentially from memory ..... 250,000 ns = 250 µs

On Tue Oct 27, 2015, history.state.gov began buckling under load, intermittently issuing 500 errors. Nginx's error log was sprinkled with the following errors:

2015/10/27 21:48:36 [crit] 2475#0: accept4() failed (24: Too many open files) 2015/10/27 21:48:36 [alert] 2475#0: *7163915 socket() failed (24: Too many open files) while connecting to upstream...

An article at http://www.cyberciti.biz/faq/linux-unix-nginx-too-many-open-files/ provided directions that mostly worked. Below are the steps we followed. The steps that diverged from the article's directions are marked with an *.

- Instead of using su to run ulimit on the nginx account, use ps aux | grep nginx to locate nginx's process IDs. Then query each process's file handle limits using cat /proc/pid/limits (where pid is the process id retrieved from ps). (Note: sudo may be necessary on your system for the cat command here, depending on your system.)
Added fs.file-max = 70000 to /etc/sysctl.conf
Added `nginx soft nofile 1

	#
	# INPUT - Logstash listens on port 8514 for these logs.
	#

	input {
	udp {
	port => "8514"
	type => "syslog-cisco"
	}

	This page updated : 2016-12-10 21:40

	Google Chrome Portable

	reference:
	Download Google Chrome Portable
	http://portableapps.com/apps/internet/google_chrome_portable

	Google Chrome (for Windows)

	Enhanced NGINX logstash parser:

	NGINX log format:

	log_format enhanced '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length "$http_referer" "$http_user_agent" $request_time $upstream_response_time';
	access_log /var/log/nginx/access.log enhanced;
	error_log /var/log/nginx/error.log;

	logstash pattern (/opt/logstash/pattern/nginx):

	# ___ ___ __ __
	# / \| __ ______/ (_) /_____/ /
	# / /\| \|/ / / / __ / / __/ __ /
	# / ___ / /_/ / /_/ / / /_/ /_/ /
	# /_/ \|_\__,_/\__,_/_/\__/\__,_/
	#
	# Linux Audit Daemon - Best Practice Configuration
	# /etc/audit/audit.rules
	#
	# Compiled by Florian Roth

	wordlist created from original 41G stash via:

	grep -rohP '(?<=:).*$' \| uniq > breachcompilation.txt

	Then, compressed with:

	7z a breachcompilation.txt.7z breachcompilation.txt

	Size:

	/var/www/example.com/logs/*.log {
	daily
	missingok
	rotate 52
	compress
	delaycompress
	notifempty
	create 0640 www-data adm
	sharedscripts
	prerotate

	#!/bin/bash
	echo "Building NGINX along with Echo module"

	# install prerequisites
	yum -y install gcc gcc-c++ make zlib-devel pcre-devel openssl-devel

	# download the Echo module
	curl -L -O 'https://github.com/openresty/echo-nginx-module/archive/v0.58.tar.gz'
	tar -xzvf v0.58.tar.gz && rm v0.58.tar.gz
	mv echo-nginx-module-0.58 /tmp/echo-nginx-module