Skip to content

Instantly share code, notes, and snippets.

View jthigh's full-sized avatar
😂

ᎫᎢ​​ᎻⅠᏀΗ jthigh

😂
7 followers · 37 following
View GitHub Profile
@jthigh
jthigh / nginx.conf
Created August 17, 2019 23:01 — forked from nrollr/nginx.conf
NGINX config for SSL with Let's Encrypt certs
# UPDATED 17 February 2019
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
}
# SSL configuration
@jthigh
jthigh / ssl.rules
Created August 17, 2019 20:21 — forked from konklone/ssl.rules
nginx TLS / SSL configuration options for konklone.com
# Basically the nginx configuration I use at konklone.com.
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
#
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author.
#
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.
server {
@jthigh
jthigh / nginx-tls.conf
Created August 10, 2019 20:46 — forked from gavinhungry/nginx-tls.conf
Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Name: nginx-tls.conf
# Auth: Gavin Lloyd <gavinhungry@gmail.com>
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
# to SSL/TLS are omitted here.
#
# Example: https://www.ssllabs.com/ssltest/analyze.html?d=gavinhungry.io
#
@jthigh
jthigh / nginx-tls.conf
Created August 10, 2019 20:46 — forked from gavinhungry/nginx-tls.conf
Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Name: nginx-tls.conf
# Auth: Gavin Lloyd <gavinhungry@gmail.com>
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
# to SSL/TLS are omitted here.
#
# Example: https://www.ssllabs.com/ssltest/analyze.html?d=gavinhungry.io
#
@jthigh
jthigh / WebSockets.md
Created July 21, 2019 19:54 — forked from subudeepak/WebSockets.md
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
@jthigh
jthigh / kiosk-pi.txt
Created June 8, 2019 20:58 — forked from jongrover/kiosk-pi.txt
How to Kiosk Raspberry Pi
Software for the Project:
Raspbian Wheezy Debian Linux
Win32Disk Imager
The CanaKit comes with a pre-loaded SD card that includes the same version of Debian Wheezy that I used for this project. However, in an effort to get a little more speed out of the system, I used the 95MB/s Sandisk extreme listed above. It seemed to help, but I did not bench mark it beyond observation.
Anyway, lets get down to building a Raspberry Pi Web Kiosk.
Step 0: Get all of the hardware.
Step 1: Get all of the software.
@jthigh
jthigh / curl-websocket.sh
Created March 1, 2019 21:16 — forked from htp/curl-websocket.sh
Test a WebSocket using curl.
curl --include \
--no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: example.com:80" \
--header "Origin: http://example.com:80" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \
http://example.com:80/
@jthigh
jthigh / README.md
Created February 6, 2019 16:18 — forked from hofmannsven/README.md
My simply Raspberry Pi Cheatsheet
@jthigh
jthigh / letsencrypt-update-lighttpd
Created January 20, 2019 02:50 — forked from mscalora/letsencrypt-update-lighttpd
script to auto update letsencrypt certs for debian lighttpd installation (based on script by Danny Tuppeny)
#!/usr/bin/env bash
#
# Update letsencrypt on a lighttp installation
#
# if you installed letsencrypt in a non-standard location you
# can set the LEDIR env var before you run this script
#
# setup letsencrypt install directory
STDLEDIR=/opt/letsencrypt
@jthigh
jthigh / build-openssl.sh
Created August 22, 2018 16:13 — forked from bmaupin/build-openssl.sh
Build openssl (with SSLv2/3 support for security testing)
#!/bin/bash
# Get latest OpenSSL 1.0.2 version from https://openssl.org/source/
# v1.1.0 seems to have removed SSLv2/3 support
openssl_version=1.0.2k
# Build OpenSSL
wget https://openssl.org/source/openssl-$openssl_version.tar.gz
tar -xvf openssl-$openssl_version.tar.gz
cd openssl-$openssl_version