John H Patton johnhpatton
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ephemeral Port Range | |
| # Reverse proxy connections will use these ports for the client | |
| # sockets. If the server experiences port exhaustion, upstream | |
| # connections may need to be limited or a new reverse proxy host | |
| # may be needed. | |
| # NOTES | |
| # - Do not operate any application listeners within this range. | |
| # RECOMMENDATION | |
| # - Set if experiencing ephemeral port exhaustion on client | |
| # connections. |
johnhpatton
/ ephemeral-port-details.sh
Created
January 29, 2020 15:18
Get TCP ephemeral port details to validate ephemeral port exhaustion.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # REQUIRES | |
| # - netstat - to retrieve network stack details | |
| # - sysctl - to retrieve/modify kernel settings | |
| # - bc - for math | |
| # | |
| # MIT License | |
| # | |
| # Copyright 2020 John H Patton, JH Patton Consulting, LLC |
johnhpatton
/ openconnect.ctl
Created
April 1, 2020 13:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Set to user id for access: | |
| OPENCONNECT_USER="YOUR_VPN_USER_ID" | |
| # Set to server without scheme: | |
| OPENCONNECT_HOST="YOUR_VPN_HOST_NAME" | |
| # This script works with globalprotect and anyconnect. | |
| # Set to protocol, either "gp" or "anyconnect". |
johnhpatton
/ self-signed-simple.sh
Created
April 1, 2020 13:07
Create simple self-signed SSL cert for localhost.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout localhost.key -out localhost.crt -days 3650 -subj '/C=US/ST=Illinois/L=Chicago/O=Workstation/OU=Local/CN=localhost' |
johnhpatton
/ active-prompt-for-bashrc.sh
Last active
April 15, 2020 11:02
Active command prompt for git, backgrounded jobs, exit codes, etc. for bash users.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # command_prompt() | |
| # | |
| # Follow the instructions below to add fonts and git prompt support, then | |
| # add this scriptlet to your .bashrc. | |
| # | |
| # Function that is executed each time a command is run to update the PS1 | |
| # variable (ie: prompt). To configure, let's put some fonts in place. | |
| # Download and install Gabriele Lana's Awesome Fonts: | |
| # | |
| # https://github.com/gabrielelana/awesome-terminal-fonts/archive/master.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get product_number from the product availability URI: | |
| # /api/product/check_availability/{product_number} | |
| # where | |
| # product_number begins with an alpha character and ends with 7 digits. | |
| map $request_uri $product_number { | |
| "~^/api/product/check_availability/(?<re_match>[a-zA-Z]\d{7})$" $re_match; | |
| } |
johnhpatton
/ proxy_cache_path.conf
Last active
February 18, 2022 13:20
Proxy Cache Path Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Product Availability Responses Cache Zone | |
| proxy_cache_path /var/cache/nginx/availability levels=1:2 keys_zone=availability:1m max_size=10m inactive=5m use_temp_path=off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| ... | |
| location ~* ^/api/product/check_availability/.+ { | |
| # The key zone to use for cache lookups. | |
| # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache | |
| proxy_cache availability; | |
| # Ignore Cache Control headers to allow proxy cache to work |
johnhpatton
/ openconnect.ctl
Last active
November 5, 2020 15:00
Wrapper for openconnect to assist with modern enterprise VPN connections that are unsupported by IT departments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Pre-Requisites | |
| # | |
| # Install openconnect v8 or higher. | |
| # | |
| # Setup | |
| # | |
| # 1. Place script under: /usr/sbin/openconnect.ctl | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Allow only one request at a time to populate a new cache element, duplicate requests will wait | |
| # for 5s or the time set with proxy_cache_lock_timeout if set. | |
| proxy_cache_lock on; | |
| # Allow background cache update for request, serve stale during update. | |
| # NOTES | |
| # - requires enabling serve stale on update with proxy_cache_use_stale directive | |
| # containing the "updating" parameter. | |
| proxy_cache_background_update on; |
OlderNewer