openssl req -new -newkey rsa:2048 -nodes -keyout /etc/ssl/private/myKey.key -out myRequest.csr

Note: A key size of 2048 bits is recommended for commercial sites (especially if PCI is a concern).

2- Copy Certificate to Server

Best practice:

• Copy CRT file(s) to /etc/ssl/certs
• Key file should already be in /etc/ssl/private 

3- Configure Nginx

Sample Configuration: Static Content

server {
	listen 443;

	root /var/www;
	index index.html index.htm;

	ssl on;
	ssl_certificate /etc/ssl/certs/myCertificate.crt;
	ssl_certificate_key /etc/ssl/private/myKey.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	ssl_prefer_server_ciphers on;

	location / {
		try_files $uri $uri/ /index.html;
	}
}

Sample Configuration: Proxy Rails via thin

upstream thin_cluster {
	server 127.0.0.1:3000;
 	server 127.0.0.1:3001;
}
server {
	listen 443;

	root /var/www;
	index index.html index.htm;

	ssl on;
	ssl_certificate /etc/ssl/certs/myCertificate.crt;
	ssl_certificate_key /etc/ssl/private/myKey.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	ssl_prefer_server_ciphers on;

	location / {
		proxy_set_header  X-Real-IP  $remote_addr;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header  Host $http_host;
		
		# Note: Tell Rails that client session is secure.
		proxy_set_header X-FORWARDED_PROTO https;
		proxy_redirect off;

		if (-f $request_filename/index.html) {
			rewrite (.*) $1/index.html break;
		 }

		if (-f $request_filename.html) { 
			rewrite (.*) $1.html break;
		}

		if (!-f $request_filename) {
			proxy_pass http://thin_cluster;
			break;
		}
 	}
}

-JO

Basics

Update the system:

sudo apt-get update
sudo apt-get upgrade

Install the essentials: Build system, NodeJS, Nginx

# Build essentials
sudo apt-get install build-essential bison openssl libreadline5 libreadline-gplv2-dev curl git-core zlib1g zlib1g-dev libssl-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libmysqlclient-dev
# NodeJS
sudo apt-get install nodejs
# Nginx
sudo apt-get install nginx
# Links (for testing)
sudo apt-get install links

Security

Add a bit of security:

# Install Uncomplicated Firewall
apt-get install ufw
# Permit incoming ports TCP 80 (http), and 443 (https)
sudo ufw add 'Nginx Full'
# Permit incoming port TCP 22 (ssh)
sudo ufw add 'OpenSSH'
# Enable UFW (fingers crossed)
sudo ufw enable

Ruby

Install Ruby using RVM.

sudo bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer )

NOTE: I recommend relaunching your shell session to allow RVM to load properly.

Install Ruby:

# I'm targeting 1.9.2; you can substitute with version of choice.
rvmsudo rvm install 1.9.2
# And, set 1.9.2 as system default
rvmsudo rvm use 1.9.2 --default

Rails, and thin

Install Rails:

rvmsudo gem install rails

And, thin:

rvmsudo gem install thin

Install the thin daemon:

rvmsudo thin install

Because RoR and gang were installed via RVM, we need to make certain that thin (daemon) loads through the proper environment. This can be accomplish by creating a RVM wrapper for thin.

# Again, targeting 1.9.2p290 environment.
# Substitute as necessary.
rvmsudo rvm wrapper 1.9.2@/usr/local/rvm/gems/ruby-1.9.2-p290 daemon192 thin

This will create the following script /usr/local/bin/daemon192_thin. Edit /etc/init.d/thin, and change the following line from:

DAEMON=/usr/local/rvm/gems/ruby-1.9.2-p290/bin/thin

…to:

DAEMON=/usr/local/rvm/bin/daemon192_thin

thin daemon Configuration

For the purposes of this section, it’s assumed that target RoR application is in the following directory: /var/www/myapp.
Create a thin configuration file (Note: Remember to update path for your application):

rvmsudo thin config -C /etc/thin/myapp.yml --servers 4 -e production -c /var/www/myapp

This will generate a thin configuration file that will spawn (4) thin processes (cluster).
To start, and stop the thin damon:

# Start
service thin start
# Stop
service thin stop

Nginx

Simple nginx configuration to proxy thin cluster.

upstream thin_cluster {
 server 127.0.0.1:3000;
 server 127.0.0.1:3001;
 server 127.0.0.1:3002;
 server 127.0.0.1:3003;
}

server {
 listen 80;
 server_name myapp.domain;

 access_log /var/www/myapp/log/access.log;
 error_log  /var/www/myapp/log/error.log;

 root   /var/www/celox.me/public/;
 index  index.html;

 location / {
  proxy_set_header  X-Real-IP  $remote_addr;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  Host $http_host;
  proxy_redirect off;

  if (-f $request_filename/index.html) {
   rewrite (.*) $1/index.html break;
  }

  if (-f $request_filename.html) { 
   rewrite (.*) $1.html break;
  }

  if (!-f $request_filename) {
   proxy_pass http://thin_cluster;
   break;
  }
 }
}

Johanns

Overview:

• Message is securely transmitted and stored in a data store.
• Message is destroyed once it is read (self destructs).
• Message eventually expires and is removed from the system (even if not read).

1. Open your favorite Terminal application
2. cd ~/Library/Application Support/Dock
3. List directory content, make note of your database (.db) file
4. Open .db file using sqlite3 (e.g.: sqlite3 D3B8D593-6BE6-4F6C-91BB-F8A286E8594F.db)
5. Run the following query, and make note of item_id’s  (first column) for all unwanted items:
• select * from apps;
6. Time to delete some rows:
•  delete from apps where item_id=N;  //(N = item_id’s noted earlier)
7. Repeat till satisfied; when ready, quite sqlite3 by .q
8. Relaunch Dock by killall Dock