Skip to content

Instantly share code, notes, and snippets.

View Tyralion's full-sized avatar

Ivan Pilyaev Tyralion

30 followers · 19 following
  • Russia, Chelyabinsk
View GitHub Profile
@Tyralion
Tyralion / handler.lua
Created May 2, 2018 10:32 — forked from samael500/handler.lua
Validating payloads from GitHub webhooks with Nginx + Lua
-- luarocks install JSON4Lua
-- luarocks install luacrypto
local json = require "json"
local crypto = require "crypto"
local secret = '<MY SUPER SECRET>'
local event = 'push'
local branch = 'refs/heads/master'
@Tyralion
Tyralion / tokens.md
Created March 15, 2018 06:31 — forked from zmts/tokens.md
Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию

Token-Based Authentication(JWT)

Preconditions:

В данной заметке рассматривается работа JWT с симметичным алгоритмом шифрования (HS256/HS384/HS512)

Основы:

Аутентификация(authentication, от греч. αὐθεντικός [authentikos] – реальный, подлинный; от αὐθέντης [authentes] – автор) - это процесс проверки учётных данных пользователя (логин/пароль). Проверка подлинности пользователя путём сравнения введённого им логина/пароля с логином/паролем, сохранённым в базе данных пользователей.

Авторизация(authorization — разрешение, уполномочивание) - это проверка прав пользователя на доступ к определенным ресурсам.

@Tyralion
Tyralion / letsencrypt_2017.md
Created March 14, 2018 10:24 — forked from cecilemuller/letsencrypt_2020.md
How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

  • Standalone: replaces the webserver to respond to ACME challenges
  • Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.

@Tyralion
Tyralion / site.conf
Created August 30, 2016 05:15 — forked from paskal/site.conf
Nginx configuration for best security and modest performance. Full info on https://terrty.net/2014/ssl-tls-in-nginx/
# read more at https://terrty.net/2014/ssl-tls-in-nginx/
# latest version on https://gist.github.com/paskal/628882bee1948ef126dd/126e4d1daeb5244aacbbd847c5247c2e293f6adf
# security test score: https://www.ssllabs.com/ssltest/analyze.html?d=terrty.net
# your nginx version might not have all directives included, test this configuration before using in production against your nginx:
# $ nginx -c /etc/nginx/nginx.conf -t
server {
# public key, contains your public key and class 1 certificate, to create:
# (example for startssl)
# $ (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
@Tyralion
Tyralion / default.vcl.pl
Last active August 26, 2015 05:16 — forked from bmarini/default.vcl.pl
A good varnish config for a Rails app
# https://www.varnish-cache.org/docs/2.1/tutorial/vcl.html
# https://www.varnish-cache.org/trac/wiki/VCLExamples
# Summary
# 1. Varnish will poll the backend at /health_check to make sure it is
# healthy. If the backend goes down, varnish will server stale content
# from the cache for up to 1 hour.
# 2. Varnish will pass X-Forwarded-For headers through to the backend
# 3. Varnish will remove cookies from urls that match static content file
# extensions (jpg, gif, ...)
@Tyralion
Tyralion / osx-mongodb-rlimits-fix.md
Last active August 29, 2015 14:23 — forked from tamitutor/osx-mongodb-rlimits-fix.md

If you are seeing Mongo soft rlimits warnings in your logs, or a WARNING: soft rlimits too low. Number of files is 256, should be at least 1000 when you login to mongo shell via mongo from the commandline, or any mysterious/unexplained mongo connection errors... follow this how-to exactly and it will resolve the issue for you.

(Source of this how to found at basho/basho_docs#1402)

First file: sudo vi /Library/LaunchDaemons/limit.maxfiles.plist

...containing:

@Tyralion
Tyralion / rbenv-install.sh
Last active August 29, 2015 14:19 — forked from milmih/rbenv-install.sh
#!/usr/bin/env bash
if [ "$UID" -ne 0 ]
then echo "Please run this script as root user"
exit
fi
apt-get -y update
apt-get -y upgrade
apt-get -y install build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev git sqlite3 libsqlite3-dev
@Tyralion
Tyralion / script.sh
Created October 21, 2012 13:16 — forked from mikhailov/script.sh
Fight with TCP Slow Start
#!/bin/sh
ip route |grep default # default via 10.235.9.1 dev eth0
ip route change default via `ip route| awk '/^def/{print $3}'` dev eth0 initcwnd 16
ip route |grep default # default via 10.235.9.1 dev eth0 initcwnd 16
sysctl -w net.ipv4.tcp_slow_start_after_idle=0
sysctl -a |grep net.ipv4.tcp_slow_start_after_idle
@Tyralion
Tyralion / .irbrc.rb
Created October 20, 2012 14:56 — forked from dekart/.irbrc.rb
# Put this to ~/.irbrc (no extension)
require "rubygems"
require 'irb/completion'
ARGV.concat [ "--readline", "--prompt-mode", "simple" ]
# IRB & Readline hostory
module Readline
module History
@Tyralion
Tyralion / clean_cookies.rb
Created April 19, 2012 02:31 — forked from eirc/clean_cookies.rb
# Rack middleware that drops non properly encoded cookies that would hurt the ActionDispatch::Cookies middleware.
#
# This is actually a hotfix for issues
# * https://github.com/rack/rack/issues/225
# * https://github.com/rails/rails/issues/2622
module CleanCookies
# Tests whether a string may be decoded as a form component
def decodable?(string)
URI.decode_www_form_component(string)
true