Skip to content

Instantly share code, notes, and snippets.

View MatthewVance's full-sized avatar

Matthew Vance MatthewVance

View GitHub Profile
@MatthewVance
MatthewVance / build_nginx.sh
Last active August 28, 2018 12:15 — forked from MattWilcox/build_nginx.sh
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
#!/usr/bin/env bash
# make script exit if a simple command fails and
# make script print commands being executed
set -e -x
# names of latest versions of each package
export VERSION_PCRE=pcre-8.38
export VERSION_OPENSSL=openssl-1.0.2f
export VERSION_NGINX=nginx-1.9.11

Keybase proof

I hereby claim:

  • I am MatthewVance on github.
  • I am mvance (https://keybase.io/mvance) on keybase.
  • I have a public key whose fingerprint is 12E3 2FE5 0618 0D2E 48E1 D0B2 6895 3CC8 61A6 7E7D

To claim this, I am signing this object:

@MatthewVance
MatthewVance / HKPS Pool Setup
Created April 10, 2018 02:35
Better GnuPG config ( ~/.gnupg/gpg.conf). Optionally set default key at the bottom of the file. Requires hkps.pool.sks-keyservers.net pool to be setup.
# Verify TLS at https://sks-keyservers.net/verify_tls.php
mkdir -p ~/Downloads/gpg/hkps
cd ~/Downloads/gpg/hkps
curl -L https://sks-keyservers.net/sks-keyservers.netCA.pem -O
curl -L https://sks-keyservers.net/sks-keyservers.netCA.pem.asc -O
#import key for HKPS signature
gpg --recv-key 0x0B7F8B60E3EDFAE3
@MatthewVance
MatthewVance / config
Created April 10, 2018 02:41
Hardened config for OpenSSH config files. Be sure to update ListenAddress with IP of server.
#Defaults for all my hosts
Host *
AddressFamily inet
Ciphers [email protected],[email protected]
ForwardX11 no
ForwardX11Trusted no
KexAlgorithms [email protected]
#hmac-sha2-512 is at end of list for github support
MACs [email protected],[email protected],[email protected],hmac-sha2-512
Protocol 2
@MatthewVance
MatthewVance / VirtualHost Conf
Created April 10, 2018 02:51
Security focused NGINX configuration files. Change allow/deny based on IP address restriction needs. Remove PHP settings if not required.
# Credits and major sources of help for this config
# http://arstechnica.com/series/web-served/
# https://gist.github.com/plentz/6737338
# https://gist.github.com/kennwhite/25183c3f05266ee0ad7f
# http://blog.rlove.org/2013/12/strong-ssl-crypto.html
# http://blog.rlove.org/2014/04/the-end-of-life-of-windows-xp-and.html
##
# Default server configuration
##
@MatthewVance
MatthewVance / gitconfig
Created April 10, 2018 02:56
Customized git settings
[user]
name = Matthew Vance
email = [email protected]
[core]
autocrlf = input
editor = nano
excludesfile = /home/pi/.gitignore_global
[alias]
# basic
br = branch
@MatthewVance
MatthewVance / unbound.conf
Last active May 6, 2024 21:18
Config for running Unbound as a caching DNS forwarder (performance settings optimized for Raspberry Pi 2).
server:
###########################################################################
# BASIC SETTINGS
###########################################################################
# Time to live maximum for RRsets and messages in the cache. If the maximum
# kicks in, responses to clients still get decrementing TTLs based on the
# original (larger) values. When the internal TTL expires, the cache item
# has expired. Can be set lower to force the resolver to query for data
# often, and not trust (very large) TTL values.
cache-max-ttl: 86400
@MatthewVance
MatthewVance / rclone.service
Created July 11, 2018 02:45
Rclone Systemd service
[Unit]
Description=rclone - rsync for cloud storage
Documentation=https://rclone.org/docs/
After=network-online.target
Before=caddy.service
Wants=network-online.target systemd-networkd-wait-online.service
Requires=caddy.service
[Service]
Restart=on-abnormal
@MatthewVance
MatthewVance / caddy.service
Created July 11, 2018 02:46
Caddy Systemd service
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
; User and group the process will run as.
@MatthewVance
MatthewVance / bash_aliases
Created April 7, 2019 02:24
Bash Aliases
#########
# Aliases
#########
# Configure aliases to work when prefixed with sudo
alias sudo='sudo '
# ------------------------------------
# Apt-get
# ------------------------------------
# Install package (e.g., apti nginx)