Skip to content

Instantly share code, notes, and snippets.

View solidnerd's full-sized avatar

Niclas Mietz solidnerd

View GitHub Profile
pdxjohnny / .gitignore
Last active May 30, 2024 16:41
Setting Up k3s for Serverless (knative) on a $5 DigitalOcean Droplet Using k3d
kekru /
Last active September 22, 2024 23:27
nginx TLS SNI routing, based on subdomain pattern

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.


  • at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
  • check nginx -V for the following:
    TLS SNI support enabled
axdotl /
Last active October 30, 2023 08:43
Keycloak Export in Kubernetes

Perform Keycloak Export and Import on Kubernetes

  • Setup Keycloak in non-HA mode (replica 1)
  • Disable UserFederation
  • You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits

See Keycloak Documentation for more details.


irvingpop /
Last active April 8, 2024 07:18
Terraform external data source example - dynamic SSH key generation
# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
# "${data.external.ssh_key_generator.result.public_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
program = ["bash", "${path.root}/../"]
query = {
customer_name = "${var.customer_name}"
customer_group = "${var.customer_group}"
kekru / 1-Enable Docker Remote API with TLS client
Last active June 14, 2024 09:01
Docker Remote API with client verification via daemon.json

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

  • CA certificate
  • Server certificate
  • Server key
  • Client certificate
  • Client key

Create certificate files

mapmeld /
Last active July 25, 2023 18:55
OverEncrypt - paranoid HTTPS


This is a guide that I wrote to improve the default security of my website , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are , , and

karlkfi /
Created October 18, 2016 01:48
Generate markdown change log from merged PR titles
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
# org/repo (e.g. karlkfi/probe)
# range (e.g. 1.8.4..1.8.5)
anonymuse /
Last active December 30, 2016 23:34
Docker Kata 005 cluster creation script.
#!/usr/bin/env bash
# Purpose: Create a Swarm Mode cluster with a single master and a configurable
# number of workers.
# This script is a mirror of the following gist, which is used to
# populate a Medium story. Unfortunately, there's no way to synchronize all
# three
# Medium:
# Gist:
jfriv /
Created August 16, 2016 20:03
RDS manual snapshot and restore script
# set up some variables
NOW_DATE=$(date '+%Y-%m-%d-%H-%M')
TARGET_INSTANCE_ID=<target name>
VPC_ID=<vpc subnet id>
NEW_MASTER_PASS=<root password>
gesellix /
Created May 1, 2016 22:39
screen and Docker for Mac
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker