Skip to content

Instantly share code, notes, and snippets.

View jpluscplusm's full-sized avatar
🐈‍⬛

Jonathan Matthews jpluscplusm

🐈‍⬛
36 followers · 1 following
View GitHub Profile
@jpluscplusm
jpluscplusm / index.md
Created April 29, 2016 21:12 — forked from lusis/index.md
Docker "Best Practices"

This is a copy/paste from an internal wiki on how we should use docker

This guide is to serve as an outline of internal best practices to using Docker. The idea is to give enough information to allow engineers to create containers for new stack components while minimizing the cleanup required to make them production ready.

Concepts

Before we get to the practices, it's important to understand WHY we are doing this. The key concepts we're concerned about with broad Docker usage are provenance, determinism, repeatability and auditability.

Provenance

Provenance refers to knowing WHERE something comes from. Generally with the end use of software, this is easy:

  • Maven artifacts are pulled from central
@jpluscplusm
jpluscplusm / gist:9709dac3058e11a5ff33
Created December 11, 2014 13:36
*untested* reverse proxy to get around SSLv3 EOL
server {
listen 80;
resolver 8.8.8.8; # or your internal DNS server
location / {
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass https://$http_host;
}
}
@jpluscplusm
jpluscplusm / script
Created August 14, 2014 09:38
problem:
FOO=bar sleep inf
no-problem:
sleep inf
@jpluscplusm
jpluscplusm / scale-summit.org
Created March 24, 2014 23:09 — forked from philandstuff/scale-summit.org

Scale Summit 2014

Intro, MBS

ideas for sessions

  • bootstrapping environments (without object stores)
  • service discovery
  • removing spofs
@jpluscplusm
jpluscplusm / README.md
Last active February 22, 2020 22:36
A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config

Nginx Double A

A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config.

Background

So I noticed https://github.com/alexaandru/elastic_guardian, a simple AAA reverse-proxy to sit in front of Elasticsearch. Reading the source and comments tickled my "why is this in code not config?" funnybone.

I asked @alexaandru (https://twitter.com/jpluscplusm/status/438339557906735104) who told me it was mostly the resulting complexity of the nginx config he tried that prompted him to write it.

@jpluscplusm
jpluscplusm / gist:4366287
Last active December 24, 2019 23:23 — forked from anonymous/gist:4366284
Nginx TPB proxy
server {
listen [::]:80;
listen 80;
server_name "~^(?<thishost>[^.]+.)?(subdomain.example.com)$";
access_log off;
location / {
resolver 8.8.8.8; # or whatever your server can use
sub_filter_once off;
sub_filter 'thepiratebay.se' 'subdomain.example.com';
@jpluscplusm
jpluscplusm / Curl request
Created January 10, 2012 15:00
Nginx data offload config
# This is a request *directly* to the AAA/intelligent HTTPd, to demonstrate the additional response headers required to force the reproxy:
X-Reproxy-Uri, X-Reproxy-Host and X-Accel-Redirect.
jcm@austin:~/src/sinatra/nginx-test$ curl -v http://api-origin-server.mywebsite.internal/test
* About to connect() to 1.2.3.4 port 80 (#0)
* Trying 1.2.3.4... connected
* Connected to 1.2.3.4 (1.2.3.4) port 80 (#0)
> GET /test HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 1.2.3.4
@jpluscplusm
jpluscplusm / user-manage.rb
Created April 13, 2011 23:59 — forked from thommay/user-manage.rb
#!/usr/bin/env ruby
require 'sinatra'
require "sinatra/reloader" if development?
require 'chef'
require 'rack/flash'
require 'haml'
POSSIBLE = [('a'..'z'),('A'..'Z'),(0..9),'.','/'].inject([]) {|s,r| s+Array(r)}
set :sessions, true