- Open a webpage that uses the CA with Firefox
- Click the lock-icon in the addressbar -> show information -> show certificate
- the certificate viewer will open
- click details and choose the certificate of the certificate-chain, you want to import to CentOS
- click "Export..." and save it as .crt file
- Copy the .crt file to
/etc/pki/ca-trust/source/anchorson your CentOS machine - run
update-ca-trust extract - test it with
wget https://thewebsite.org
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user bitrix; #пользователь, под которым работает nginx. Желательно совпадение с пользователем apache | |
| worker_processes 8; #8 одновременных процессов | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
| worker_rlimit_nofile 10240; #максимальное число открытых файлов | |
| events { | |
| use epoll; | |
| worker_connections 10240; #максимальное число соединений с одним процессом. Система может одновременно работать с max_clients = worker_processes * worker_connections, т.е. с 81920 соединений, в том числе статических файлов | |
| } |
pavel-odintsov
/ pps.sh
Last active
August 27, 2023 20:21
Simple script to print packet rate for interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Interval of calculation in seconds | |
| INTERVAL="1" | |
| if [ -z "$1" ]; then | |
| echo | |
| echo usage: $0 [network-interface] | |
| echo | |
| echo e.g. $0 eth0 |
jtbonhomme
/ jira-behing-nginx-ssl
Created
September 26, 2015 07:49
— forked from alertor/jira-behing-nginx-ssl
Atlassian JIRA behind nginx + SSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # force HTTP to HTTPS - /etc/nginx/conf.d/nonssl.conf | |
| server { | |
| listen 80; | |
| server_name jira.example.com; | |
| access_log off; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| # /etc/nginx/conf.d/jira.conf | |
| server { |
kevin39
/ HAPROXY LDAP SETTINGS - WINDOWS COMPATIBLE
Last active
March 14, 2022 21:29
HAProxy ldap-check compatible with Windows Server / Active Directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note : Found somewhere on internet... Source lost | |
| backend ldap_balancer | |
| mode tcp | |
| balance roundrobin | |
| server SERVER_NAME SERVER_ADDR:389 maxconn 100 check | |
| option tcpka | |
| timeout server 2s | |
| timeout connect 1s | |
| # Below, ldap check procedure : | |
| option tcp-check |
jirutka
/ ldap.conf
Last active
November 17, 2025 09:56
Simple script for OpenSSH server to load authorization keys from LDAP. It requires just POSIX shell and ldapsearch utility. To manage keys in LDAP, use https://github.com/jirutka/ssh-ldap-pubkey.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/ssh/ldap.conf | |
| # See ldap.conf(5) for details | |
| # This file should be world readable but not world writable. | |
| BASE ou=People,dc=example,dc=org | |
| URI ldap://localhost |
kapb14
/ SigningPdfLoop.ps1
Last active
June 22, 2016 08:56
набросок скрипта. после запуска батника который подписывает, осуществляется проверка "есть ли одноименный файл во временной папке и в папке с подписанными файлами", если есть - удаляет файл из временной папки.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # define folders being used | |
| $tmpdir = "c:\tmp_pdf" | |
| $inputdir = "c:\in_pdf" | |
| $signeddir = "c:\signed_pdf" | |
| $outdir = "c:\out_pdf" | |
| $x = "C:\sign_policy_cades_cleanCopy.bat" | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/xvfb.service | |
| [Unit] | |
| Description=X virtual framebuffer | |
| [Service] | |
| Type=simple | |
| User=root | |
| ExecStart=/usr/bin/Xvfb :99 -ac |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/selenium.service | |
| # assumes selenium server and chromedriver exist in the following paths: | |
| # /var/selenium/selenium-server-standalone-2.45.0.jar | |
| # /var/selenium/chromedriver | |
| [Unit] | |
| Description=Selenium Standalone Server | |
| Requires=xvfb.service | |
| After=xvfb.service |
samuelcolvin
/ dns_server.py
Last active
November 4, 2024 02:17
requires python 3.5+ and dnslib, see https://github.com/samuelcolvin/dnserver for full/better implementation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| from time import sleep | |
| from dnslib import DNSLabel, QTYPE, RD, RR | |
| from dnslib import A, AAAA, CNAME, MX, NS, SOA, TXT | |
| from dnslib.server import DNSServer | |
| EPOCH = datetime(1970, 1, 1) | |
| SERIAL = int((datetime.utcnow() - EPOCH).total_seconds()) |
kekru
/ add CA cert on CentOS Debian Ubuntu.md
Last active
July 30, 2025 02:13
Add CA cert to local trust store on CentOS, Debian or Ubuntu