I am trying new things, don’t mind some questions.
- 15 Posts
- 38 Comments
found it funny and couldn’t recall any other non-serious sub, so I shared it here.
Remind me of a time long ago when someone requested my help on setting up a project.I Tried setting up project on my system and there was malicious code that would collect and send data to the attackers, but it failed to read data because it was trying to access the C drive.
187·4 months agoIt’s a search option, probably like how different search engines are present.
2·6 months agoMostly ssh into server or pushing minor patches to github, or simple python programs.
Been there done that, not sustainable, at best will work for some hobbiest work.
4·8 months ago90’s aesthetic?
5·8 months agoI wonder what is the otigin of that name?
Not sure if this is joke or not because that warning about xiaome service center in India is absolutely true.
python code for reversing the linked list.
Can someone calculate how much an iPhone would cost if manufactured in the USA?
1·9 months agoHey, I was busy with some issues, so I wasn’t able to be active in online spaces. I’m sharing the final tailored draft I documented for my personal use. Please let me know if something doesn’t seem to be on point or needs explanation.
I will also attach the workflow image if possible.
for dev and prod we have different configuration which is used depending on the environment.
#for dev server { listen 80; server_name localhost; client_max_body_size 10M; location /.well-known/acme-challenge/ { root /vol/www/; } location / { proxy_pass http://django:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /static/ { alias /app/static/; } location /media/ { alias /app/media/; } }#for prod server{ listen 80; server_name _; return 444; } server{ listen 443; server_name _; ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; return 444; } server { listen 80; server_name ${DOMAIN} www.${DOMAIN}; client_max_body_size 10M; location /.well-known/acme-challenge/ { root /vol/www/; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name ${DOMAIN} www.${DOMAIN}; client_max_body_size 10M; ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Referrer-Policy "no-referrer"; location / { proxy_pass http://django:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header P3P 'CP=""'; proxy_redirect off; } location /static/ { alias /app/static/; } location /media/ { alias /app/media/; } }So what’s the issue ?
Issues arises when we are deploying the project to production and server(nginx) is booting for the first time inside the docker. We can’t use prod configuration as it require updating some variables and path such as ssl(TLS) cert path, which isn’t the big problem as such because we can do it anyway and refresh the nginx once we are done with acme challenges but that would be just quick fix than doing it right way and will be creating too many loose ends.
fixing it
With some testing and looking here and there came up with
- While booting/creating nginx container use
nginx/manager.shwhich verify if certificate is present, if not load thenginx.dev.conf. - Nginx container is up and running.
- Certbot container is created and managed by
certbot-init.sh
#!/bin/sh set -e echo "Getting certificate..." certbot certonly \ --webroot \ --webroot-path "/vol/www/" \ -d "$DOMAIN" \ --email $EMAIL \ --rsa-key-size 4096 \ --agree-tos \ --noninteractive if [ $? -ne 0 ]; then echo "Certbot encountered an error. Exiting." exit 1 fi #for copying the certificate and configuration to the volume if [ -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then echo "SSL cert exists, enabling HTTPS..." envsubst '${DOMAIN}' < /etc/nginx/nginx.prod.conf > /etc/nginx/conf.d/default.conf else echo "Certbot unable to get SSL cert,server HTTP only..." fi echo "Setting up auto-renewal..." apk add --no-cache dcron echo "0 12 * * * certbot renew --quiet" | crontab - crond -f- and acme challenges is completed.
- New certificate is placed at
"/etc/letsencrypt/live/${DOMAIN}/fullchain.pem". - Production conf(
nginx.prod.conf) is loaded as - Meanwhile this whole operation is monitored by a script which is setup during the creation of nginx container. This script make sure that nginx refresh when ever there is changes in the configuration file.
inotifywait -m -r -e modify,move,close_write /etc/nginx/conf.d/default.conf /etc/letsencrypt | while read path action file; do echo "Change detected in $file: $action" echo "Reloading nginx!" nginx -s reload done &Auto-renew the certificate
Auto-renew is easy to setup we just mash up a cron job and a certification change detection script along with
nginx/manager.shandcertbot-init.sh.nginx/manager.shinotifywait -m -r -e modify,move,close_write /etc/nginx/conf.d/default.conf /etc/letsencrypt | #--> '/etc/letsencrypt' for certificate renew while read path action file; do echo "Change detected in $file: $action" echo "Reloading nginx!" nginx -s reload done &certbot-init.shecho "Setting up auto-renewal..." apk add --no-cache dcron echo "0 12 * * * certbot renew --quiet" | crontab - crond -f- While booting/creating nginx container use
Automating the ssl certificate for my django project in docker is still one of my greatest feat, So, I can understand the frustration of managing multiple services.
1·1 year agoyes, but will need some more practical usage to fully grasp.
not exactly.
that doesn’t mean they would not feed your data to that LLM.
probably not having enough money to replace the laptop.
Half life?