A curated list of arrrrrrrrr!
kekru
/ 01nginx-tls-sni.md
Last active
April 24, 2025 10:07
nginx TLS SNI routing, based on subdomain pattern
Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.
- at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
- check
nginx -Vfor the following:... TLS SNI support enabled
dcasati
/ tcpdump-kubernetes
Created
March 6, 2019 19:54
visualize a tcpdump capture from a Kubernetes POD on Wireshark in real time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| run tcpdump on a POD and then (live) see that information through wireshark locally on my machine. the magic of ssh and fifo | |
| Topology | |
| -------- | |
| [laptop with wireshark] ------> [AKS Node] ----> [POD (tcpdump is here)]. | |
| 1. create the fifo on your local machine (where wireshark will run) | |
| mkfifo /tmp/remote-capture.fifo | |
| 2. execute the following command to send traffic from within a POD to the stdout. This will then be redirected to the fifo locally |
Iron-Wolf
/ Linux-config-tips.md
Last active
September 2, 2023 09:48
Ressource used to configure Debian based system on a Intel/AMD build
⛔️ This Gist is no longer maintained ⛔
There is now to much old/mixed stuff, which makes it impractical to read/use.
I keep it for reference, but expect it to be delete at some point.
innovia
/ kubernetes_add_service_account_kubeconfig.sh
Last active
January 29, 2024 23:00
Create a service account and generate a kubeconfig file for it - this will also set the default namespace for the user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| set -o pipefail | |
| # Add user to k8s using service account, no RBAC (must create RBAC after this script) | |
| if [[ -z "$1" ]] || [[ -z "$2" ]]; then | |
| echo "usage: $0 <service_account_name> <namespace>" | |
| exit 1 | |
| fi |
pauloromeira
/ tlp
Last active
April 12, 2025 20:28
My TLP config file (/etc/default/tlp) for ThinkPad
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------------------------------------------ | |
| # tlp - Parameters for power saving | |
| # See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html | |
| # dir: /etc/default/tlp | |
| # Hint: some features are disabled by default, remove the leading # to enable | |
| # them. | |
| # Set to 0 to disable, 1 to enable TLP. |
^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$
- Semantic versioning http://semver.org/
- Source of the regex npm/node-semver#32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # set -x | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "You must be root to run this script" | |
| exit 1 | |
| fi | |
| # Returns all available interfaces, except "lo" and "veth*". |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000