Jeremy T. Bouse jbouse

S3 Static Sites

⚠ This post is fairly old. I don't keep it up to date. Be sure to see comments where some people have posted updates

What this will cover

Host a static website at S3
Redirect www.website.com to website.com
Website can be an SPA (requiring all requests to return index.html)
Free AWS SSL certs
Deployment with CDN invalidation

I just got this working so I figured I'd share what I found, since there's hardly any information about this anywhere online except an RFC, the GPG mailing list and one tutorial from the GnuPG blog.

You can use automatic key discovery with WKD (Web key directory) to make it easy for users to import your key, in GPG since version 2.1.12. Since this feature is fairly new, it isn't yet available in the current LTS release of Ubuntu (16.04; xenial), however it is available in Debian stable (stretch).

I couldn't add a DNS CERT or DANE / OPENPGPKEY record through my email service (which also hosts my nameservers). I tried making the PKA record - a foo._pka.example.com TXT record but GPG doesn't seem to recognize it and fails; I'm still investigating why.

So the last option for self-hosted auto-discovery was WKD.

First thing I had to do was add an email address to my key. My primary UID is just my name so the key represents my identity rather

Bash string manipulation cheatsheet

Assignment
Assign `value` to `variable` if `variable` is not already set, `value` is returned. Combine with a `:` no-op to discard/ignore return `value`.	`${variable="value"}` `: ${variable="value"}`

Postfix Installer

Following script may be used for configuring complete and secure email server on fresh install of Debian 7. It will probably work on other distributions using apt-get. After minor changes you'll be able to use it on other Linux distros.

Usage

Run postfix.sh script.
Configure postgres to allow connections.
Configure postfix admin. Remember to set these:

We couldn’t find that file to show.

	import boto3
	import certbot.main
	import datetime
	import os
	import raven
	import subprocess

	def read_and_delete_file(path):
	with open(path, 'r') as file:
	contents = file.read()

	// define the bitbucket project + repos we want to build
	def bitbucket_project = 'myproj'
	def bitbucket_repos = ['myrepo1', 'myrepo2']

	// create a pipeline job for each of the repos and for each feature branch.
	for (bitbucket_repo in bitbucket_repos)
	{
	multibranchPipelineJob("${bitbucket_repo}-ci") {
	// configure the branch / PR sources
	branchSources {

	// define the bitbucket project + repos we want to build
	def bitbucket_project = 'awesome'
	def bitbucket_repos = ['foo','bar','baz']

	// create a pipeline job for each of the repos and for each feature branch.
	for (bitbucket_repo in bitbucket_repos)
	{
	multibranchPipelineJob("${bitbucket_repo}-ci") {
	// configure the branch / PR sources
	branchSources {

	sks_build:
	cmd.run:
	- name: /usr/sbin/sks build {{ sks.datadir }}/dump/*.pgp -n 2 -cache 50
	- creates: {{ sks.datadir }}/DB/key
	- user: {{ sks.user }}
	- require:
	- pkg: sks

	sks_build_done:
	file.exists:

	# read more at https://terrty.net/2014/ssl-tls-in-nginx/
	# latest version on https://gist.github.com/paskal/628882bee1948ef126dd/126e4d1daeb5244aacbbd847c5247c2e293f6adf
	# security test score: https://www.ssllabs.com/ssltest/analyze.html?d=terrty.net
	# your nginx version might not have all directives included, test this configuration before using in production against your nginx:
	# $ nginx -c /etc/nginx/nginx.conf -t

	server {
	# public key, contains your public key and class 1 certificate, to create:
	# (example for startssl)
	# $ (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) \| tee -a /etc/nginx/ssl/domain.pem > /dev/null