Skip to content

Instantly share code, notes, and snippets.

View peerapach's full-sized avatar

Peerapach peerapach

1 follower · 0 following
View GitHub Profile
@peerapach
peerapach / nginx.conf
Created September 15, 2017 11:18
Best nginx configuration for improved security(and performance).
# read more here http://tautt.com/best-nginx-configuration-for-security/
# don't send the nginx version number in error pages and Server header
server_tokens off;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
@peerapach
peerapach / zabbix_agent_template_percona_mysql_server-zabbix-34.xml
Created September 15, 2017 11:20
percona mysql server for zabbix template
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>2.0</version>
<date>2017-09-15T04:43:45Z</date>
<groups>
<group>
<name>Percona Templates</name>
</group>
</groups>
<templates>
@peerapach
peerapach / Enable-WinRM.ps1
Last active May 23, 2018 11:47
Enable WinRM
# turn off PowerShell execution policy restrictions
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
# configure WinRM
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="2048"}'
winrm set winrm/config/winrs '@{MaxConcurrentUsers="10"}'
#winrm set winrm/config/winrs '@{MaxProcessesPerShell="0"}'
#winrm set winrm/config/winrs '@{MaxShellsPerUser="0"}'
winrm set winrm/config '@{MaxTimeoutms="7200000"}'
@peerapach
peerapach / nginx-magento.conf
Last active August 14, 2019 09:29
proxy_buffering on;
proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
limit_req_zone $binary_remote_addr zone=five_per_second:10m rate=5r/s;
limit_req_zone $binary_remote_addr zone=ten_per_one_minute:10m rate=10r/m;
server {
listen 80;
server_name www.ezylinux.com;
@peerapach
peerapach / logstash-powerMTA.conf
Created August 20, 2018 05:30
input {
beats {
port => "5044"
}
}
filter {
if [message] =~ /^type\,/ {
drop { }
}
@peerapach
peerapach / iptables-ddos-protection.txt
Created October 24, 2018 12:19
Build Your Own DDoS Protection With Linux & IPtables
DEV=eth0
PORT=80
### Use SYNPROXY ###
/sbin/iptables -t raw -A PREROUTING -i $DEV -p tcp -m tcp --syn --dport $PORT -j CT --notrack
/sbin/iptables -t mangle -A INPUT -i $DEV -p tcp -m conntrack --ctstate INVALID,UNTRACKED --dport $PORT -j SYNPROXY \
--sack-perm --timestamp --wscale 7 --mss 1460
/sbin/iptables -t mangle -A INPUT -i $DEV -p tcp -m conntrack --ctstate INVALID --dport $PORT -j DROP
@peerapach
peerapach / okd-pre-run.yml
Last active November 8, 2018 08:16
---
- hosts: all
vars:
tasks:
- name: Install required packages
package:
name: "{{ item }}"
state: present
with_items:
- docker
@peerapach
peerapach / nginx-lb.conf
Created November 9, 2018 05:39
Example of TCP load balancing with Nginx (SSL Pass-thru)
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
#...
}
http {
# ...
@peerapach
peerapach / gitlab-sa
Created December 31, 2018 07:44
gitlab service account for gitlab integration with kubernetes
apiVersion: v1
kind: Namespace
metadata:
name: gitlab-managed-apps
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-sa
namespace: gitlab-managed-apps
@peerapach
peerapach / dynamic_inventory_kubespray.json
Created January 2, 2019 10:46
{
"all": {
"hosts": ["example-k8s-node-3", "example-k8s-node-1", "example-k8s-node-2", "example-k8s-master-1"]
},
"os_metadata_kubespray_groups=kube-node,k8s-cluster,": {
"hosts": ["example-k8s-node-3", "example-k8s-node-1", "example-k8s-node-2"]
},
"_meta": {
"hostvars": {
"example-k8s-node-3": {