Security

If you have worked with TLS certificates, you may have encountered files with the extensions .pem, .crt, and .key. You might be wondering what they are, what differences they have, and how to use them effectively. The good news is that these formats aren’t as complicated as they seem once you understand the basics: PEM, CRT, and KEY are not different certificate types — they are different ways of packaging the same data. ...

Authentication on the web often feels confusing not because it is complicated, but because its core ideas are rarely explained in a clean order. This post builds that order. We will start from the nature of the web itself, explain cookies and server-side sessions as a single coherent model, then expand outward to JWT and why it fits modern distributed systems. The goal is not to overwhelm you, but to give you a mental model you can reuse. ...

If you’re working on a macOS and trying to set up GPG keys for your GitHub repositories, you might encounter an error that looks like this: error: gpg failed to sign the data: [GNUPG:] KEY_CONSIDERED 8EBBC19D30CD94DAC81EFEDC2A703231B997AC90 2 [GNUPG:] BEGIN_SIGNING H8 [GNUPG:] PINENTRY_LAUNCHED 55465 curses 1.3.2 - xterm-256color - - 501/20 0 gpg: signing failed: Inappropriate ioctl for device [GNUPG:] FAILURE sign 83918950 gpg: signing failed: Inappropriate ioctl for device This is a surprisingly common issue, and it often points to a problem with the pinentry UI - the program that prompts you for your GPG passphrase. ...

Introducing OneClickTLS: Generate Self Signed TLS and mTLS Certificates Instantly If you have worked with Kubernetes, Docker, microservices, or local HTTPS development, you already know how frustrating it is to generate self signed TLS certificates. Searching for OpenSSL commands, adjusting SAN values, fixing errors, and repeating the entire process again and again. After dealing with this pain for years, I finally built a tool that removes all the friction: https://oneclicktls.com ...

Last time when I restarted my Gitea server was when I upgraded it to 2.20.11. It has been six months. Although I almost pushed code everyday, I didn’t notice that my Gitea server was already attacked by hackers for a couple of months. I found out that the hackers created few users and repositories on my Gitea server everyday. I was lucky that I found out this issue before it was too late. ...

While SSH is a valuable tool for debugging and testing Docker containers, enabling it in production environments is not recommended due to security concerns. To disable SSH in a Docker container, it’s advisable to remove the SSH server during the image building process. One way to accomplish this is to remove the SSH server during the Docker image building process. For example, if you’re using the alpine base image, you can use the following Dockerfile: ...

Hey there! Have you ever wanted to configure custom TLS certificates for Docker API, but didn’t want to mess up your local Docker environment before you’re sure everything is working smoothly? Well, fear not! I’ve got a secret recipe for you that involves using Docker-in-Docker (DinD) to run a temporary Docker container with custom TLS certificates mounted. ⚡ Generate instantly: OneClickTLS.com - create self-signed TLS/mTLS certificates in seconds, directly in your browser. No uploads, no storage, and no setup needed - just instant generation. If it saves you time, you can ☕ Buy me a coffee to support future tools like this. To get started, let’s say you already have your custom TLS certificates ready in the path `/tmp/certs``. You can run the following command to start a temporary Docker container with custom TLS certificates mounted: ...

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the sender of an email to associate their domain name with the email message. This allows the recipient’s email server to check that the email message is authorized by the sender’s domain and has not been tampered with during transit. DKIM uses cryptographic signatures and public-key cryptography to verify the authenticity and integrity of email messages. When an email is sent, the sender’s mail server generates a digital signature for the message, which is then added to the email’s headers. The recipient’s mail server retrieves the sender’s public key from a DNS record and uses it to verify the signature. If the signature is valid, the recipient’s mail server can be confident that the email is from the domain it claims to be from and has not been altered in transit. ...