Friday, November 03, 2017
ssh-copy-id: add authorized_keys entry automatically
Copy authorized key to remote server:
ssh-copy-id -i ~/.ssh/id_rsa example.com
-i = private key associated with the public key that you would like to copy
Saturday, June 17, 2017
Postgresql: Read-Only User
create user xxxxx with password 'yyyy';
GRANT connect ON DATABASE mydb1 TO xxxxx;
GRANT connect ON DATABASE mydb2 TO xxxxx;
\c mydb1
GRANT usage ON SCHEMA public TO xxxxx;
GRANT select ON ALL TABLES IN SCHEMA public TO xxxxx;
GRANT select ON ALL SEQUENCES IN SCHEMA public TO xxxxx;
\c mydb2
GRANT usage ON SCHEMA public TO xxxxx;
GRANT select ON ALL TABLES IN SCHEMA public TO xxxxx;
GRANT select ON ALL SEQUENCES IN SCHEMA public TO xxxxx;
Sunday, June 12, 2016
Open Source Webservices
Version Control
Gitlab - https://about.gitlab.com/
Phabricator - http://phabricator.org/
Ticket Management (kanban)
Gitlab Kanban Board - http://kanban.leanlabs.io/
Taiga - https://taiga.io/
Kanboard - https://kanboard.net/
Group Chat
Mattermost - mattermost.org/ - also bundled with gitlab
Rocket.Chat - https://rocket.chat/
Let's Chat - http://sdelements.github.io/lets-chat/
Friends - http://moose-team.github.io/friends/
Zulip - https://www.zulip.org/
Compare: https://blog.okturtles.com/2015/11/five-open-source-slack-alternatives/
Amazon S3 Compatible Alternatives
Minio - https://www.minio.io/
Red Hat Ceph - http://ceph.com/
Password Generator
Diceware - https://www.rempe.us/diceware/#eff
Make Image out of code:
Cabon - https://carbon.now.sh
PaaS
openstack
Kubernetes
Kel - http://docs.kelproject.com/
Doku - http://dokku.viewdocs.io/dokku/
Flynn - https://flynn.io/
More: https://www.quora.com/Is-there-open-source-software-that-implements-Amazon-S3-plug-compatible-storage
Malicatcher
Send email to here for debugging
https://hub.docker.com/r/schickling/mailcatcher/
https://mailcatcher.me/
Friday, March 04, 2016
Webservices
Email Spam Checker
http://www.mail-tester.com/
Git Hosting
Gitlab - https://about.gitlab.com/ (open source)
Phabricator - http://phabricator.org/ (open source)
Group Chat
Mattermost - http://www.mattermost.org/ (open source)
Slack - http://www.json-generator.com/
HipChat - https://www.hipchat.com/
Rocket - https://rocket.chat/features (open source)
Javascript Editor
jsfiddle https://jsfiddle.net/
Codepen - http://codepen.io/
jsbin - https://jsbin.com/ (open source)
JSON Generator
http://www.json-generator.com/
Online IDE
Cloudnine - https://c9.io/ (open source)
HTML/CS/JS Cleanup
http://www.dirtymarkup.com/
SSL Certificate Checker
https://www.ssllabs.com/ssltest
SSL Check Intermediate Certificate Chain
https://www.sslshopper.com/ssl-checker.html
Fake Email Tester (Send emails to here on dev and view them)
https://mailtrap.io/
Terminal Emulator:
https://hyperterm.org/ (open source)
Note Taking Desktop App
Boostnote - https://b00st.io/ (open source)
Python/Django Storage Backend Notes
Inspired by:
https://django-storages.readthedocs.org/en/latest/backends/amazon-S3.html#storage
Interacting directly with storage backend
from django.conf import settings
from django.core.files.storage import get_storage_class
STORAGE_CLASS_STRING = getattr(settings, "MY_STORAGE_CLASS", \
settings.DEFAULT_FILE_STORAGE)
sc = get_storage_class(STORAGE_CLASS_STRING)
s = sc()
s.url("jjj-test/JOE.jpg")
# '/media/jjj-test/JOE.jpg'
s.path("jjj-test/JOE.jpg")
# u'/home/jjasinski/Sites/mysite/htdocs/media/jjj-test/JOE.jpg'
s.exists("jjj-test/JOE.jpg")
# False
f = s.open("jjj-test/JOE.jpg", 'w')
f.write("joe test")
f.close()
s.exists("jjj-test/JOE.jpg")
# True
s.delete("jjj-test/JOE.jpg")
s.exists("jjj-test/JOE.jpg")
# False
Interacting with a Model's storage
from django.core.files.base import ContentFile
obj = MyModel()
obj.photo.save('django_test.txt', ContentFile('content'))
obj.photo.size
obj.photo.read()
obj.delete()
https://django-storages.readthedocs.org/en/latest/backends/amazon-S3.html#storage
Interacting directly with storage backend
from django.conf import settings
from django.core.files.storage import get_storage_class
STORAGE_CLASS_STRING = getattr(settings, "MY_STORAGE_CLASS", \
settings.DEFAULT_FILE_STORAGE)
sc = get_storage_class(STORAGE_CLASS_STRING)
s = sc()
s.url("jjj-test/JOE.jpg")
# '/media/jjj-test/JOE.jpg'
s.path("jjj-test/JOE.jpg")
# u'/home/jjasinski/Sites/mysite/htdocs/media/jjj-test/JOE.jpg'
s.exists("jjj-test/JOE.jpg")
# False
f = s.open("jjj-test/JOE.jpg", 'w')
f.write("joe test")
f.close()
s.exists("jjj-test/JOE.jpg")
# True
s.delete("jjj-test/JOE.jpg")
s.exists("jjj-test/JOE.jpg")
# False
Interacting with a Model's storage
from django.core.files.base import ContentFile
obj = MyModel()
obj.photo.save('django_test.txt', ContentFile('content'))
obj.photo.size
obj.photo.read()
obj.delete()
Wednesday, December 09, 2015
Django: staticfiles
Locate static file location in codebase:
>>> from django.contrib.staticfiles.finders import find
>>> find("img/logo.png", all=True)
[u'/sites/static_in_pro/our_static/img/logo.png']
>>> find("img/logo.png",)
u'/sites/static_in_pro/our_static/img/logo.png'
>>> from django.contrib.staticfiles.finders import find
>>> find("img/logo.png", all=True)
[u'/sites/static_in_pro/our_static/img/logo.png']
>>> find("img/logo.png",)
u'/sites/static_in_pro/our_static/img/logo.png'
Monday, December 07, 2015
LetsEncrypt with HAProxy or Nginx
At this time, LetsEncrypt is in public beta, but I suspect that it will continue to evolve.
# all commands must be done as root
sudo su
# Download the letsencrypt repo
git clone https://github.com/letsencrypt/letsencrypt.git /top/letsencrypt/
# change to the desired keys directory. All commands following are relative to this dir.
cd /jaz/sites/common/etc/keys/
# Generate a 4096 bit ssl private key
openssl genrsa 4096 > jazstudios.com.key
# Generate the certificate signing request. The following allows lets you specify a SAN (Subject Alternative Name) which allows www and non-www versions of the same domain. The output needs to be in "der" format.
openssl req -new -sha256 \
-key joejasinski.com.key \
-subj "/C=US/ST=IL/L=Chicago/O=Jazstudios/OU=Information Technology/CN=www.joejasinski.com" \
-reqexts SAN \
-outform der \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:joejasinski.com,DNS:www.joejasinski.com")) \
-out joejasinski.com.csr
# execute the letsencrypt command. This will prompt you through a few actions. The most important is that you will need to stop any server running on port 80 and run the python script that they provide in the output. This will serve up a specific secret file at a specific location, allowing letsencrypt to authenticate the server. (You could also host the secret file with your webserver)
/opt/letsencrypt/letsencrypt-auto --email example@gmail.com --text \
--authenticator manual \
--work-dir /tmp/work/ \
--config-dir /tmp/config/ \
--logs-dir /tmp/logs/ auth \
--cert-path /tmp/certs/ \
--chain-path /tmp/chains/ \
--csr joejasinski.com.csr
# --text = use the text based 'wizard' installer instead of an ncurses one
# --authenticator manual = the admin must manually host the verification file
# --csr = path to the previously generated csr file
# The command that it will have you run looks something like this:
mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
printf "%s" asdfkjasfdasfdasfdasfdasdf > .well-known/acme-challenge/asdfasdfasfd
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
# The output of the of the letsencrypt-auto command will be a file called 0000_chain.pem. This file contains the host certificate and the intermediate certificate. It will look something like this.
-----BEGIN CERTIFICATE-----
Host certificate contents
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
letsencrypt intermediate certificate
-----END CERTIFICATE-----
# Unrelated, but a good idea: generate a dhparam used for perfect forward security
openssl dhparam -out dhparam.pem 4096
For hosting with Nginx, this file can be set to the ssl_certificate parameter. The ssl_certificate_key setting would be set to the location of the key file.
For hosting with HAProxy, you want to modify the file so it looks something like this:
-----BEGIN CERTIFICATE-----
Host certificate contents
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Private key contents
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
letsencrypt intermediate certificate
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
contents of dhparam.pem
-----END DH PARAMETERS-----
Friday, November 13, 2015
Dig Commands
Look up A record example.com as seen by 8.8.8.8 nameserver
dig @8.8.8.8 exampe.com
Show the MX record for a yahoo domain
dig yahoo.com MX
Show the TTL for a given domain
dig imagescape.com TTL
Show the TXT record for an yahoo domain
dig yahoo.com TXT
Show only the answer
dig yahoo.com +nocomments +noquestion +noauthority +noadditional +nostats
All Records
All Records
dig @8.8.8.8 imagescape.com ANY +noall +answer
Reverse Lookup
dig -x 198.178.132.10
Nice output that looks like the domain record
dig @ns.imagescape.com imagescape.com any +multiline +noall +answer
Find the authoritative nameserver for a domain:
dig -t ns imagescape.com +short
Find the SOA of the domain:
dig joejasinski.com soa +noall +answer
dig @ns1.linode.com joejasinski.com soa
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns1.linode.com joejasinski.com soa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 64217="" id:="" noerror="" opcode:="" p="" query="" status:="">;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 11
;; WARNING: recursion requested but not available
;; ANSWER SECTION:
joejasinski.com. 86400 IN SOA ns1.linode.com. joe\.jasinski.gmail.com. 2014092859 14400 14400 1209600 86400
The presence "aa" indicates if the nameserver is the authoritative server.
The "2014092859" is the serial
Download a zone file (zone transfer):
dig axfr domain.com
Common Options:
+short = show only the results
+[no]comments = show/hide the comments
+[no]question = show/hide the question section
+[no]authority = show/hide the authority section
+[no]stats = show/hide the stats section
+[no]answer = show/hide the answer section
+[no]all = show/hide everything
https://neverendingsecurity.wordpress.com/2015/04/13/dig-commands-cheatsheet/
https://www.madboa.com/geek/dig/Nice articles:->
Commands
http://anouar.adlani.com/2011/12/useful-dig-command-to-troubleshot-your-domains.html
http://anouar.adlani.com/2011/12/useful-dig-command-to-troubleshot-your-domains.html
Create DNS Slave
http://www.microhowto.info/howto/configure_bind_as_a_slave_dns_server.html
http://www.microhowto.info/howto/configure_bind_as_a_slave_dns_server.html
Subscribe to:
Posts (Atom)