IT notes

zip -r

Create and append “archive” things to a zip file Create a zip: $ zip -9 foo.zip file Add more things to the zip: $ zip -r9 foo.zip bar.txt $ cd $VIRTUAL_ENV/lib/python2.7/site-packages $ zip -r9 foo.zip *

AWS Policy Access by IP

Policy to restrict IAM AWS API requests to a specific set of IP addresses. { "Version": "2012-10-17", "Statement": { "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.13.0.0/16", "72.55.175.70/32", "10.100.0.0/16" ] } } } } After applying this policy others may need to be applied or in case all in one required, something like this can be used: { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.

Time wait

Reduce TIME_WAIT connections How many TIME_WAITs you have hanging out (run this like root): netstat -na -p tcp | awk '{print $6}' | sort | uniq -c | sort -n On Linux: netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n Output will be something like: # netstat -na -p tcp | awk '{print $6}' | sort | uniq -c | sort -n 1 1 CLOSE_WAIT 1 FIN_WAIT_1 1 Foreign 4 CLOSED 6 SYN_SENT 65 LISTEN 342 ESTABLISHED 1271 TIME_WAIT The formula to calculate the value (net.

Strace

When using strace, to trace child processes, use option -f, example: strace -f ls

Webcrypto and Go

Encrypt on client side using javascript WebCrypto and decrypt on backend using go: javascript code: async function aesGcmEncrypt(plaintext, password) { const pwUtf8 = new TextEncoder().encode(password); // encode password as UTF-8 const pwHash = await crypto.subtle.digest('SHA-256', pwUtf8); // hash the password const iv = crypto.getRandomValues(new Uint8Array(12)); // get 96-bit random iv const alg = { name: 'AES-GCM', iv: iv }; // specify algorithm to use const key = await crypto.subtle.importKey('raw', pwHash, alg, false, ['encrypt']); // generate key from pw const ptUint8 = new TextEncoder().

Merge Terraform States

If states are being stored in S3, after importing a resource, for example: $ terraform import aws_customer_gateway.main cgw-b4dc3961 You will end with a terraform.tfstate that differs from the one in the S3 bucket. To merge the remote and local state do this: $ terraform state pull > terraform.tfstate $ terraform import aws_customer_gateway.main cgw-b4dc3961 $ terraform state push terraform.tfstate First get the current s3 state: $ terraform state pull > terraform.

Terraform Full Vpc

Example of a full VPC setup using terraform, including VPN and using the default subnet: resource "aws_vpc" "test" { cidr_block = "10.100.0.0/16" enable_dns_hostnames = "true" enable_dns_support = "true" tags { Name = "test" } } output "vpc_id" { value = "${aws_vpc.test.id}" } resource "aws_internet_gateway" "igw" { vpc_id = "${aws_vpc.test.id}" tags { Name = "internet gateway" } } resource "aws_subnet" "public-a" { vpc_id = "${aws_vpc.test.id}" cidr_block = "10.100.0.0/24" availability_zone = "eu-central-1a" tags { Name = "public A" } } output "subnet-public-a" { value = "${aws_subnet.

Nginx Reverse Proxy Cache

This is the full configuration for nginx.conf: user www www; worker_processes auto; events { use kqueue; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; tcp_nodelay on; client_max_body_size 30M; keepalive_timeout 10 10; gzip on; gzip_static on; gzip_vary on; gzip_min_length 0; gzip_comp_level 9; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json application/javascript image/svg+xml; charset utf-8; server_tokens off; server_name_in_redirect off; proxy_buffering on; proxy_cache_path /home/cache levels=1:2 keys_zone=rubygems:256m max_size=5g inactive=24h use_temp_path=off; proxy_buffer_size 8k; proxy_buffers 8 24k; server { listen 80; server_name _; location / { proxy_cache rubygems; proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_min_uses 1; proxy_cache_lock on; proxy_cache_valid 200 301 304 2d; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host rubygems.

Running Multiple Instances of The Same App In MacOS

Open a terminal and type: open -n /Applications/ApplicationName.app Change “ApplicationName” with your application, example: open -n /Applications/PopcornTime.app

Syslogd 8 bit

If want to log full utf-8 strings “emoji’s” use the option -8, example on /etc/rc.conf: syslogd_flags="-ssC8" The optiosn are: -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -C Create log files that do not exist (permission is set to 0600). -8 Tells syslogd not to interfere with 8-bit data.