yunasc
sanmai
/ dumpchain.pl
Last active
December 1, 2020 13:14
Dumps the whole certificate chain for a server in purposes of OCSP stapling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use warnings; | |
| # install libio-socket-ssl-perl to get this | |
| use IO::Socket::SSL; | |
| my $hostname = shift or die "Usage: $0 www.example.com\n"; | |
| IO::Socket::SSL->new( | |
| PeerHost => "$hostname:443", |
paskal
/ site.conf
Last active
September 24, 2024 13:20
— forked from plentz/nginx.conf
Nginx configuration for best security and modest performance. Full info on https://terrty.net/2014/ssl-tls-in-nginx/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # read more at https://terrty.net/2014/ssl-tls-in-nginx/ | |
| # latest version on https://gist.github.com/paskal/628882bee1948ef126dd/126e4d1daeb5244aacbbd847c5247c2e293f6adf | |
| # security test score: https://www.ssllabs.com/ssltest/analyze.html?d=terrty.net | |
| # your nginx version might not have all directives included, test this configuration before using in production against your nginx: | |
| # $ nginx -c /etc/nginx/nginx.conf -t | |
| server { | |
| # public key, contains your public key and class 1 certificate, to create: | |
| # (example for startssl) | |
| # $ (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null |
sindresorhus
/ post-merge
Last active
July 25, 2024 06:53
git hook to run a command after `git pull` if a specified file was changed.In this example it's used to run `npm install` if package.json changed and `bower install` if `bower.json` changed.Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # MIT © Sindre Sorhus - sindresorhus.com | |
| # git hook to run a command after `git pull` if a specified file was changed | |
| # Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`. | |
| changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)" | |
| check_run() { | |
| echo "$changed_files" | grep --quiet "$1" && eval "$2" |
dkubb
/ ssl.nginxconf
Last active
April 11, 2019 03:56
Nginx SSL configuration (PFS, HSTS, SPDY, BREACH mitigation, FIPS compliant)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_certificate cert.pem; | |
| ssl_certificate_key cert.key.pem; | |
| ssl_trusted_certificate cert.ca.pem; | |
| ssl_dhparam cert.dh.pem; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:10m; |
plentz
/ nginx.conf
Last active
April 24, 2025 04:39
Best nginx configuration for improved security(and performance)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name localhost; | |
| # ... other default site stuff, document root, etc. ... | |
| location ~ ^/~(?<userdir_user>.+?)(?<userdir_uri>/.*)?$ { | |
| alias /home/$userdir_user/public_html$userdir_uri; | |
| index index.html index.htm index.php; | |
| autoindex on; |