For excessively paranoid client authentication.
Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:
mtigas
/ gist:952344
Last active
October 16, 2024 09:03
Mini tutorial for configuring client-side SSL certificates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ($request_uri = /) { | |
| set $test A; | |
| } | |
| if ($host ~* teambox.com) { | |
| set $test "${test}B"; | |
| } | |
| if ($http_cookie !~* "auth_token") { | |
| set $test "${test}C"; |
j4mie
/ gist:1778918
Created
February 9, 2012 09:46
# How to run Sentry in a subdirectory (http://your.server.com/sentry/) with nginx
Scenario: you already have an app running at http://your.server.com/ and you want to run Sentry at http://your.server.com/sentry/
I spend a few hours banging my head against this, and finally got it to work. There may be a better way, but I couldn't find it.
Warning: hacky.
jtimberman
/ rename-node.rb
Created
March 2, 2012 07:47
— forked from mpasternacki/rename-node.rb
A knife exec script to change Chef node's name.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!./bin/knife exec | |
| # A knife exec script to change chef node's name, preserving all the attributes. | |
| # | |
| # Usage: knife exec rename-node.rb old-name new-name | |
| # | |
| # Script retrieves the Node object, changes its 'name' attribute, | |
| # creates new Node object with updated name and rest of attributes | |
| # untouched. Then it deletes old Node and Client objects from | |
| # database, and logs into the server to update it: |
fernandoaleman
/ Linux Static IP
Created
March 23, 2012 16:20
How To Configure Static IP On CentOS 6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Configure eth0 | |
| # | |
| # vi /etc/sysconfig/network-scripts/ifcfg-eth0 | |
| DEVICE="eth0" | |
| NM_CONTROLLED="yes" | |
| ONBOOT=yes | |
| HWADDR=A4:BA:DB:37:F1:04 | |
| TYPE=Ethernet | |
| BOOTPROTO=static |
bdargan
/ sublime_text_2_useful_shortcuts.md
Created
May 15, 2012 22:59
— forked from nuxlli/sublime_text_2_useful_shortcuts.md
Sublime Text 2 - Useful Shortcuts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # force HTTP to HTTPS - /etc/nginx/conf.d/nonssl.conf | |
| server { | |
| listen 80; | |
| server_name jira.example.com; | |
| access_log off; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| # /etc/nginx/conf.d/jira.conf | |
| server { |
algal
/ nginx-cors.conf
Created
April 29, 2013 10:52
nginx configuration for CORS (Cross-Origin Resource Sharing), with an origin whitelist, and HTTP Basic Access authentication allowed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # A CORS (Cross-Origin Resouce Sharing) config for nginx | |
| # | |
| # == Purpose | |
| # | |
| # This nginx configuration enables CORS requests in the following way: | |
| # - enables CORS just for origins on a whitelist specified by a regular expression | |
| # - CORS preflight request (OPTIONS) are responded immediately | |
| # - Access-Control-Allow-Credentials=true for GET and POST requests |
crashdump
/ check-ssl-expire.py
Last active
January 9, 2023 09:45
Report how many days before and http ssl certificate expire. I've also provided a template if you want to use it with Zabbix as an External Check: - Configure ExternalScripts variable in zabbix_server.conf - Put the script in the external script folder (I've used /etc/zabbix/externalscripts/) - Import the template & assign it to your host. - Wat…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| __author__ = "Adrien Pujol - http://www.crashdump.fr/" | |
| __copyright__ = "Copyright 2013, Adrien Pujol" | |
| __license__ = "Mozilla Public License" | |
| __version__ = "0.3" | |
| __email__ = "[email protected]" | |
| __status__ = "Development" | |
| __doc__ = "Check a TLS certificate validity." |
plentz
/ nginx.conf
Last active
November 16, 2024 14:10
Best nginx configuration for improved security(and performance)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
OlderNewer