Matt Vinall boyvinall

OVN Architecture

Renew GPG key

Given that your key has expired.

$ gpg --list-keys
$ gpg --edit-key KEYID

Use the expire command to set a new expire date:

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
check nginx -V for the following:
```
...
TLS SNI support enabled
```

Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.

Method 1

Backup the public and secret keyrings and trust database

cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/

or, instead of backing up trustdb...

Keybase proof

I hereby claim:

I am boyvinall on github.
I am boyvinall (https://keybase.io/boyvinall) on keybase.
I have a public key whose fingerprint is 000F C97B 7DCC B6AE BD26 A563 4B7B E54A 6A59 78B3

To claim this, I am signing this object:

	import logging
	logging.basicConfig(level=logging.DEBUG,
	format='[%(created)s] p%(process)s {%(pathname)s:%(lineno)d} %(levelname)s - %(message)s',
	datefmt='%H:%M:%S',
	filename='/path/to/foo-' + time.strftime("%Y%m%d-%H%M") + '.log',
	filemode='w')

	console = logging.StreamHandler()
	console.setLevel(logging.INFO)
	formatter = logging.Formatter('%(levelname)s %(message)s')