komuw

#! /usr/bin/env bash

# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

komuw

#Taken from:
http://nategood.com/client-side-certificate-authentication-in-ngi
#reposted here to preserve history

#see: https://gist.github.com/komuW/076231fd9b10bb73e40f for a bash script to auto-generate all this

Client Side Certificate Auth in Nginx
Why Client-Side Certificate Authentication? Why nginx?
I sometimes peruse the ReST questions of stackoverflow.com. Many times I see questions about authentication. There are many options (Basic HTTP Auth, Digest HTTP Auth, OAuth, OAuth Wrap, etc.) however when security is of importance, I like to recommend client side certificates. This is the route our team at ShowClix chose when implementing our API.

komuw

import os
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "settings")

# This application object is used by the development server
# as well as any WSGI server configured to use this file.
import django.core.handlers.wsgi

application = django.core.handlers.wsgi.WSGIHandler()

komuw

#A very good resource on configuring some webservers with ssl:
https://wiki.mozilla.org/Security/Server_Side_TLS

# create a file: /etc/nginx/sites-enabled/app_name.conf and also link to /etc/nginx/sites-available/app_name.conf
# and edit as:

log_format timed_combined '$remote_addr - $remote_user [$time_local]  '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" $request_time';

komuw

name: execute bash script
command: bash {{ APP_DIR }}/some_script.sh

komuw

set daemon 600 #in seconds
set logfile /home/webapp/log/monit.log

check process rabbit with pidfile /var/run/odoo.pid
    start program = "/etc/init.d/odoo start"
    stop program  = "/etc/init.d/odoo stop"

komuw

 INFO global: Vagrant version: 1.7.1
 INFO global: Ruby version: 2.0.0
 INFO global: RubyGems version: 2.0.14
 INFO global: VAGRANT_EXECUTABLE="/opt/vagrant/bin/../embedded/gems/gems/vagrant-1.7.1/bin/vagrant"
 INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="/opt/vagrant/bin/../embedded"
 INFO global: VAGRANT_INSTALLER_VERSION="2"
 INFO global: VAGRANT_DETECTED_OS="Linux"
 INFO global: VAGRANT_INSTALLER_ENV="1"
 INFO global: VAGRANT_INTERNAL_BUNDLERIZED="1"
 INFO global: VAGRANT_LOG="debug"

komuw

1. open a browser and go to https://goo.gl/fd3zc, that will download crouton

2. hit Ctrl+alt+T and then type shell and press enter
$ shell

3. install ubuntu via
$ sudo sh ~/Downloads/crouton -r trusty -t xfce
#that will install ubuntu 14.04 with xfce desktop environment

4. to list available versions:

komuw

#first seen here: http://www.snip2code.com/Snippet/63701/Ansible-task-to-install-nvm-and-node
# Here is how to install nvm and node in an Ansible task.
# I tried a bunch of different things, and as usual it's simple, but you have to get it right.
# The important part is that you have to shell with /bin/bash -c and source nvm.sh
---
- name: Install nvm
  shell: >
    curl https://raw.githubusercontent.com/creationix/nvm/v0.7.0/install.sh | sh
    creates=/home/{{ ansible_user_id }}/.nvm/nvm.sh

komuw

If for any reason you don't have a GUI VPN client(you like running headless ubuntu 
or have ubuntu installed on a chromebook). You can use vpnc as a command line VPN client 
#this is a comment

#install vpnc
$ sudo apt-get install network-manager-vpnc
#look to see if you have vpnc installed
$ sudo vpnc --help #use sudo to run vpnc command
#if not installed, install it:
$ sudo apt-get install vpnc