Skip to content

Instantly share code, notes, and snippets.

View moralrebuild's full-sized avatar

Capmus Banon moralrebuild

17 followers · 34 following
View GitHub Profile
@joepie91
joepie91 / wildcard-certificates.md
Last active July 2, 2024 11:59
Why you probably shouldn't use a wildcard certificate

Recently, Let's Encrypt launched free wildcard certificates. While this is good news in and of itself, as it removes one of the last remaining reasons for expensive commercial certificates, I've unfortunately seen a lot of people dangerously misunderstand what wildcard certificates are for.

Therefore, in this brief post I'll explain why you probably shouldn't use a wildcard certificate, as it will put your security at risk.

A brief explainer

It's generally pretty poorly understood (and documented!) how TLS ("SSL") works, so let's go through a brief explanation of the parts that are important here.

The general (simplified) idea behind how real-world TLS deployments work, is that you:

@magnetikonline
magnetikonline / README.md
Last active October 31, 2024 10:20
Bash array usage cheatsheet.
@umidjons
umidjons / youtube-dl-download-audio-only-on-best-quality.md
Last active November 14, 2024 21:20
Download Audio from YouTube with youtube-dl

Download Audio from YouTube

-i - ignore errors

-c - continue

-t - use video title as file name

--extract-audio - extract audio track

@EikeDehling
EikeDehling / install-beats.sh
Created September 14, 2017 11:00
Install filebeat & metricbeat on debian (as root)
# Install filebeat & metricbeat
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list
apt-get update
apt-get install filebeat metricbeat
# Configure filebeat
cat >/etc/filebeat/filebeat.yml <<EOL
filebeat.prospectors:
@neilstuartcraig
neilstuartcraig / caddy-debian-9-sysd-service-file
Created July 20, 2017 21:27
A basic Caddy / Debian 9 (Stretch) System D service file
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target
[Service]
Restart=on-failure
StartLimitInterval=0
StartLimitBurst=0
@haavard
haavard / LICENSE
Last active April 29, 2025 12:55
ALFA: https://haavard.me/files/alfa.pdf
This work, excluding the Arch Linux logo, is made available under CC0: https://creativecommons.org/publicdomain/zero/1.0/
@ppmathis
ppmathis / debian-stretch-fde.md
Last active May 21, 2024 04:05
Guide which explains an installation of Debian Stretch with full disk encryption (including "/boot" partition, containing initramfs+kernel) by using Debian Jessie Live.

Debian Stretch - Full Disk Encryption

This documents guides you through the process to install Debian Stretch with Full Disk Encryption. The following requirements exist:

  • Mainboard with UEFI-Support
  • Debian Stretch Live CD booted from UEFI
  • Two unformatted, unpartitioned HDDs/SSDs for Software RAID1 with mdmadm

After following this guide, you will end up with a setup like this:

  • Redundant GRUB Standalone EFI installation on both disks
@karlvr
karlvr / 00README.md
Last active December 12, 2024 19:09
Roadwarrior configuration for macOS 10.12, iOS 10 and Windows 10 using strongSwan and user certificates

strongSwan setup for Road Warriors on macOS 10.12, iOS 10 and Windows 10

This setup is for remote users to connect into an office/home LAN using a VPN (ipsec). This is based on (but not the same as) the strongSwan documentation and this guide: https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_16.04.html

I used strongSwan 5.5.1.

apt-get install -y strongswan strongswan-pki
@attacus
attacus / riot-matrix-workshop.md
Last active April 8, 2025 08:18
Create your own encrypted chat server with Riot and Matrix

This guide is unmaintained and was created for a specific workshop in 2017. It remains as a legacy reference. Use at your own risk.

Running your own encrypted chat service with Matrix and Riot

Workshop Instructor:

This workshop is distributed under a CC BY-SA 4.0 license.

What are we doing here?

@harv
harv / cross_and_static_compile_shadowsocks-libev.sh
Last active February 18, 2024 12:05
cross & static compile shadowsocks-libev
#!/bin/sh
# cross & static compile shadowsocks-libev
PCRE_VER=8.41
PCRE_FILE="http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_VER.tar.gz"
MBEDTLS_VER=2.6.0
MBEDTLS_FILE="https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz"