There are cases where we need to restrict IPs from accessing S3 bucket. But we also know that it's not possible to use Security Groups in S3 buckets. Luckily, there's a Bucket Policy where we can add IP restrictions that will act as a Firewall.
{
"Version": "2012-10-17",
"Statement": [
| FROM debian | |
| RUN apt-get update && \ | |
| apt-get install -y \ | |
| locales && \ | |
| rm -r /var/lib/apt/lists/* | |
| RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ | |
| sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \ | |
| dpkg-reconfigure --frontend=noninteractive locales |
$ sudo -i
$ dnf update
$ dnf install tmux -y
# Fix known issue with CentOS/Redhat. Ref: https://stackoverflow.com/a/68841102/8724367
$ setsebool -P httpd_can_network_connect 1
# Add 4GB Swap. Ref https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-7#create-a-swap-file
$ dd if=/dev/zero of=/swapfile count=4096 bs=1MiB
$ sudo -i
$ whoami
root
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
Windows Certificate Manager Tool (certmgr.msc)
Manage storage for x509 keys. No support for PGP/GPG. Can't sign or encode, can't generate a key. You can use IIS webserver managemnt console to generate a cert.Proprietary
GNOME Seahorse GUI for SSH keys, X509 certs, PGP/GPG. Linux only.
$ cat <<EOT > docker-compose.yaml
version: "3"
services:
runner:
image: gitlab/gitlab-runner
restart: unless-stopped
entrypoint:
- /bin/sh
- -c
$ cat <<EOF > nginx.conf
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
location / {
The set lines
set -euxo pipefail is short for:set -e
set -u