Skip to content

Instantly share code, notes, and snippets.

View nullexcept1on's full-sized avatar

NullException nullexcept1on

1 follower · 0 following
View GitHub Profile
@Mishco
Mishco / content.md
Last active April 18, 2025 00:43
Setup HashiCorp Vault on docker

Setup HashiCorp Vault on docker

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is primarily used in production environments to manage secrets. Vault is a complex system that has many different pieces. There is a clear separation of components that are inside or outside of the security barrier. Only the storage backend and the HTTP API are outside, all other components are inside the barrier.

Vault_architecture

Figure 1: Architecture of Vault and Spring App (Click to enlarge)

The storage backend is untrusted and is used to durably store encrypted data. When the Vault server is started, it must be provided with a storage backend so that data is available across restarts. The HTTP API similarly must be started by the Vault server on start so that clients can interact with it.

@malcolmgreaves
malcolmgreaves / git-largest-files
Last active August 19, 2024 03:12 — forked from nk9/largestFiles.py
Python script to find the largest files in a git repository.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Updated to use Python 3 by Malcolm Greaves.
#
# Python script to find the largest files in a git repository.
# The general method is based on the script in this blog post:
# http://stubbisms.wordpress.com/2009/07/10/git-script-to-show-largest-pack-objects-and-trim-your-waist-line/
#
# The above script worked for me, but was very slow on my 11GB repository. This version has a bunch
@nginx-gists
nginx-gists / errors.grpc_conf
Last active November 10, 2022 23:54
Deploying NGINX Plus as an API Gateway, Part 3: Publishing gRPC Services
# Standard HTTP-to-gRPC status code mappings
# Ref: https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md
#
error_page 400 = @grpc_internal;
error_page 401 = @grpc_unauthenticated;
error_page 403 = @grpc_permission_denied;
error_page 404 = @grpc_unimplemented;
error_page 429 = @grpc_unavailable;
error_page 502 = @grpc_unavailable;
error_page 503 = @grpc_unavailable;
@lon-io
lon-io / self-signed-ssl-certificate.md
Created August 8, 2018 15:23 — forked from clemlatz/self-signed-ssl-certificate.md
Setup a self-signed SSL certificate with Nginx (server and browser)

1. Configure server: Nginx

Create the certificate:

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Create a strong Diffie-Hellman group:

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
@linuxsimba
linuxsimba / docker-compose.yml
Last active May 3, 2024 15:53
docker-compose for MongoDB and Mongoose UI
version: '2'
networks:
mongodb_net:
driver: bridge
ipam:
driver: default
config:
# Change this subnet range if it conflicts with your personal/work network
- subnet: 192.168.213.0/24
@joepie91
joepie91 / random.md
Last active April 11, 2025 09:42
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@alexsasharegan
alexsasharegan / .htaccess
Created September 7, 2016 00:36
Apache Config for React Router
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
@ambroisemaupate
ambroisemaupate / security.conf
Last active March 10, 2025 08:21
Nginx CSP example
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
@justintv
justintv / .bashrc
Created August 17, 2009 00:53
Display git branch in bash prompt
# If you work with git, you've probably had that nagging sensation of not knowing what branch you are on. Worry no longer!
export PS1="\\w:\$(git branch 2>/dev/null | grep '^*' | colrm 1 2)\$ "
# This will change your prompt to display not only your working directory but also your current git branch, if you have one. Pretty nifty!
# ~/code/web:beta_directory$ git checkout master
# Switched to branch "master"
# ~/code/web:master$ git checkout beta_directory
# Switched to branch "beta_directory"