Skip to content

Instantly share code, notes, and snippets.

View zekiunal's full-sized avatar

Zeki Unal zekiunal

51 followers · 21 following
View GitHub Profile
@zekiunal
zekiunal / vault_intermediate_ca_setup.sh
Created July 15, 2017 14:20 — forked from bhouse/vault_intermediate_ca_setup.sh
Setting Up Hashicorp Vault with an intermediate CA based on https://gist.github.com/jefferai/092d2cd728ff66089f17
#!/bin/bash -e
# Setup a Root CA in vault
# Generate and sign an Intermediate cert
#
# Requires:
# * A running vault server already initialzed and unsealed
# * Environment variable VAULT_TOKEN is set
# * vault cli (https://www.vaultproject.io)
# * httpie (https://github.com/jkbrzt/httpie)
@zekiunal
zekiunal / vault_intermediate_ca_setup.sh
Created July 15, 2017 14:17 — forked from codekoala/vault_intermediate_ca_setup.sh
Setting Up Hashicorp Vault with an intermediate CA based on https://gist.github.com/jefferai/092d2cd728ff66089f17
#!/bin/bash -e
# Setup a Root CA in vault
# Generate and sign an Intermediate cert
#
# Requires:
# * A running vault server already initialzed and unsealed
# * Environment variable VAULT_TOKEN is set
# * vault cli (https://www.vaultproject.io)
# * httpie (https://github.com/jkbrzt/httpie)
@zekiunal
zekiunal / make-ca.sh
Created July 3, 2017 10:55 — forked from kgutwin/make-ca.sh
Vault PKI testing script
#!/bin/bash
# taken from https://docs.docker.com/articles/https/
# you will have to enter a passphrase when prompted.
openssl genrsa -aes256 -out ca-key.pem 2048
openssl req -subj "/CN=$HOSTNAME" -new -x509 -days 365 -key ca-key.pem \
-sha256 -out ca.pem
#openssl genrsa -out server-key.pem 2048
#openssl req -subj "/CN=$HOSTNAME" -new -key server-key.pem -out server.csr
@zekiunal
zekiunal / vault_init_ca.sh
Created July 3, 2017 10:51 — forked from RafPe/vault_init_ca.sh
Vault PKI CA init with intermediate
#!/bin/bash -e
# Pre-requiresites:
# > Vault server
# > exported VAULT_ADDR and VAULT_TOKEN
# > vault cli
# > httpie (https://github.com/jkbrzt/httpie)
# > jq (https://stedolan.github.io/jq/)
# CA
@zekiunal
zekiunal / 01-vault-restore-poc.txt
Created June 24, 2017 21:53 — forked from daveadams/01-vault-restore-poc.txt
POC Vault Restore
To restore a filesystem-backed Vault instance:
1. Shut down running Vault process (pkill vault)
2. Make backup to new location (cp -r /original-storage /new-storage)
3. Write a new config file to point to /new-storage
4. Start new Vault process (vault server -config=new-config-file.hcl)
5. DO NOT run `vault init`
6. ONLY RUN `vault unseal <key1>`, etc...
@zekiunal
zekiunal / s3-nginx-log-rotate.sh
Created September 28, 2016 01:24 — forked from mustafaturan/s3-nginx-log-rotate.sh
S3 Nginx Log rotation file
#!/bin/bash
BUCKETNAME="your_s3_bucket"
LOGDIR="/opt/nginx/logs"
LOGDATE=$(date +"%Y%m%d")
LOGFILES=( "access" "ssl-access" )
BOT_LOGFILES=( "bots-access" "bots-ssl-access" )
echo "Moving access logs to dated logs.."
@zekiunal
zekiunal / System Design.md
Created April 18, 2016 12:35 — forked from vasanthk/System Design.md
System Design Cheatsheet

#System Design Cheatsheet

Picking the right architecture = Picking the right battles + Managing trade-offs

##Basic Steps

  1. Clarify and agree on the scope of the system
  • User cases (description of sequences of events that, taken together, lead to a system doing something useful)
    • Who is going to use it?
    • How are they going to use it?
@zekiunal
zekiunal / disk-check.json
Created April 11, 2016 22:31 — forked from mtchavez/disk-check.json
Consul Nagios Example Checks
{
"check": {
"id": "check-disk",
"name": "check-disk",
"script": "/usr/lib/nagios/plugins/check_disk -w 30% -c 5%",
"interval": "1m"
}
}
@zekiunal
zekiunal / docker-compose-coreos.sh
Last active February 29, 2016 20:12 — forked from sourcec0de/docker-compose-coreos.sh
Install docker compose on coreos
sudo su -
mkdir -p /opt/bin
curl -L https://github.com/docker/compose/releases/download/1.5.2/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose
chmod +x /opt/bin/docker-compose
@zekiunal
zekiunal / haproxy.conf
Last active August 28, 2015 15:25 — forked from nateware/haproxy.conf
HAProxy sample config for EC2
#
# This config file is a combination of ideas from:
# http://www.37signals.com/svn/posts/1073-nuts-bolts-haproxy
# http://www.igvita.com/2008/05/13/load-balancing-qos-with-haproxy/
# http://wiki.railsmachine.com/HAProxy
# http://elwoodicious.com/2008/07/15/nginx-haproxy-thin-fastcgi-php5-load-balanced-rails-with-php-support/
# http://upstream-berlin.com/2008/01/09/using-haproxy-with-multiple-backends-aka-content-switching/
# http://wiki.railsmachine.com/HAProxy
# http://gist.github.com/raw/25482/d39fb332edf977602c183194a1cf5e9a0b5264f9
#