Skip to content

Instantly share code, notes, and snippets.

View skiptomyliu's full-sized avatar
🫐

Dean Liu skiptomyliu

🫐
38 followers · 0 following
View GitHub Profile
@skiptomyliu
skiptomyliu / ftp_connect.py
Created July 15, 2022 00:21
ftplib HTTP CONNECT
#!/usr/bin/python
# This is a quick dirty python3 translation of https://code.activestate.com/recipes/577643-transparent-http-tunnel-for-python-sockets-to-be-u/
import socket
# Class that wraps a real socket and changes it to a HTTP tunnel whenever a connection is asked via the "CONNECT" method
class ProxySock :
def __init__(self, socket, proxy_host, proxy_port) :
@skiptomyliu
skiptomyliu / envoy_tcp_dns_rbac.yaml
Last active April 13, 2021 23:31
Envoy original dst cluster with DNS and RBAC
# Corresponding iptables rules:
##!/bin/bash
#sudo iptables -t nat -F
#sudo iptables --table nat --new-chain INTERNAL_TRAFFIC
## dont forward root traffic and envoyuser traffic
#sudo iptables --table nat --append INTERNAL_TRAFFIC -m owner --uid-owner root -j RETURN
#sudo iptables --table nat --append INTERNAL_TRAFFIC -m owner --uid-owner envoyuser -j RETURN
## trap ubuntu user traffic
@skiptomyliu
skiptomyliu / envoy_dns.yaml
Created October 23, 2020 14:58
Basic Envoy DNS Filter
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
- name: listener_2
@skiptomyliu
skiptomyliu / dynamic_fwd_http_sni.yaml
Last active December 24, 2022 11:06
Dynamic Forward Proxy HTTP + SNI
# Transparent Envoy Proxy that forwards http/https
# Create iptables to route 80 + 443 to 10000:
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 443 -j REDIRECT --to-port 10000
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 80 -j REDIRECT --to-port 10000
# Run envoy
# $ envoy -c dynamic_fwd_http_sni.yaml -l debug
admin:
access_log_path: /home/envoyuser/admin/admin_access.log
address:
@skiptomyliu
skiptomyliu / ingress.yaml
Created July 4, 2018 23:23
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: echoserver
namespace: echoserver
annotations:
kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
@skiptomyliu
skiptomyliu / deployment.yaml
Created July 4, 2018 23:06
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: echoserver
namespace: echoserver
spec:
replicas: 1
template:
metadata:
labels:
@skiptomyliu
skiptomyliu / clusterissuer.yaml
Created July 4, 2018 14:23
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [your_email address]
@skiptomyliu
skiptomyliu / certificate.yaml
Created July 4, 2018 14:20
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: webserver-tls-prod
spec:
secretName: webserver-tls-prod
dnsNames:
- mosaic.skiptomyliu.com
acme:
config:
@skiptomyliu
skiptomyliu / service.yaml
Last active July 4, 2018 14:20
kube tutorial ingress
apiVersion: v1
kind: Service
metadata:
name: webserver
namespace: webserver
spec:
ports:
- port: 80
targetPort: 3000
protocol: TCP
@skiptomyliu
skiptomyliu / LDAP JXplorer trust self signed certificate
Last active October 13, 2017 17:14 — forked from laszlomiklosik/LDAP JXplorer trust self signed certificate
LDAP JXplorer trust self signed certificate workaround
2 easy steps:
1) echo -n | openssl s_client -connect AD_SERVER:AD_SERVER_PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapserver.pem
2) keytool -import -trustcacerts -file ldapserver.pem -alias ALIAS_GOES_HERE -keystore /Users/.../Apps/jxplorer-3.3.1-osx/jxplorer-3.3.1.app/Contents/Resources/security/cacerts
OR
Via JXPlorer UI, go to menu Security -> Trusted Servers and CAs. Import the new ldapserver.pem file. Default password "changeit"