phares3757/fi-operations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: phares3757:master
Branches Tags
phares3757:master
phares3757:nport-list-update
phares3757:04-02-a
phares3757:fab-iscx
phares3757:infinity-qs
phares3757:editorconfig
phares3757:software-center
phares3757:metrology-view-api
phares3757:url-table
phares3757:syncthing
phares3757:excel-kanban
phares3757:fab-display
phares3757:DNS
...
pull from: phares3757:04-02-a
Branches Tags
phares3757:nport-list-update
phares3757:04-02-a
phares3757:fab-iscx
phares3757:infinity-qs
phares3757:editorconfig
phares3757:software-center
phares3757:metrology-view-api
phares3757:url-table
phares3757:syncthing
phares3757:excel-kanban
phares3757:fab-display
phares3757:master
phares3757:DNS

1 Commits
master ... 04-02-a

Author SHA1 Message Date
Mike Phares
3a3f5bcd02 Update SSL Certificate Request 
VSCode SSH
- Allows using VSCode to build code as if you were on remote machine.
- Remote machine will still need dotnet SDK

Added AppSetting Markdown
 2025-04-02 16:13:03 -07:00
3 changed files with 274 additions and 9 deletions
Show Stats Expand all files Collapse all files

116
.NET/app-settings.md Normal file
View File

@ -0,0 +1,116 @@
# AppSettings
## User Secrets Initialization
- [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows)
```bash 1733926424710 = 638695232247100000 = Wed Dec 11 2024 07:13:44 GMT-0700 (Mountain Standard Time)
dotnet user-secrets -p File-Folder-Helper.csproj init
```
- [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows)
## User Secrets Add Entry
```bash 1733926491404 = 638695232914040000 = Wed Dec 11 2024 07:14:50 GMT-0700 (Mountain Standard Time)
dotnet user-secrets -p File-Folder-Helper.csproj set Name Value
```
## Optional Symbolic Link in Windows
- Similar to Linux command ```ln -s```
```bash 1733926521307 = 638695233213070000 = Wed Dec 11 2024 07:15:20 GMT-0700 (Mountain Standard Time)
mklink /J "L:\DevOps\Mesa_FI\File-Folder-Helper\.vscode\.UserSecrets" "C:\Users\phares\AppData\Roaming\Microsoft\UserSecrets\8da397d4-13ec-4576-9722-3c79cad25563"
```
## .NET Package Reference
```xml 1733926548840 = 638695233488400000 = Wed Dec 11 2024 07:15:48 GMT-0700 (Mountain Standard Time)
<PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
```
## Example Record (Class)
- ToString is optional for recursive debug and isn't used in code
- Verify method helps debug where project is looking for configuration entries
- ```configurationRoot.Get<AppSettings>();``` is builtin method to deserialize
- JsonSerializerContext is optional for using AOT builds
```csharp 1733926601507 = 638695234015070000 = Wed Dec 11 2024 07:16:41 GMT-0700 (Mountain Standard Time)
using Microsoft.Extensions.Configuration;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace File_Folder_Helper.Models;
public record AppSettings(string Company,
string DefaultNoteType,
string[] ExcludeDirectoryNames,
string[] ExcludeSchemes,
string PersonBirthdayFormat,
string[] ValidImageFormatExtensions,
string WorkingDirectoryName)
{
public override string ToString()
{
string result = JsonSerializer.Serialize(this, AppSettingsSourceGenerationContext.Default.AppSettings);
return result;
}
private static void Verify(IConfigurationRoot configurationRoot, AppSettings? appSettings)
{
if (appSettings?.Company is null || string.IsNullOrEmpty(appSettings.Company))
{
List<string> paths = [];
foreach (IConfigurationProvider configurationProvider in configurationRoot.Providers)
{
if (configurationProvider is not Microsoft.Extensions.Configuration.Json.JsonConfigurationProvider jsonConfigurationProvider)
continue;
if (jsonConfigurationProvider.Source.FileProvider is not Microsoft.Extensions.FileProviders.PhysicalFileProvider physicalFileProvider)
continue;
paths.Add(physicalFileProvider.Root);
}
throw new NotSupportedException($"Not found!{Environment.NewLine}{string.Join(Environment.NewLine, paths.Distinct())}");
}
}
public static AppSettings Get(IConfigurationRoot configurationRoot)
{
AppSettings? result;
#pragma warning disable IL3050, IL2026
result = configurationRoot.Get<AppSettings>();
#pragma warning restore IL3050, IL2026
Verify(configurationRoot, result);
if (result is null)
throw new Exception("Not set!");
return result;
}
}
[JsonSourceGenerationOptions(WriteIndented = true)]
[JsonSerializable(typeof(AppSettings))]
internal partial class AppSettingsSourceGenerationContext : JsonSerializerContext
{
}
```
## AddUserSecrets to Program.cs
```csharp 1733926619366 = 638695234193660000 = Wed Dec 11 2024 07:16:58 GMT-0700 (Mountain Standard Time)
builder.Configuration.AddUserSecrets<Program>();
```
## Get Instance of Record to Program.cs
```csharp 1733926659168 = 638695234591680000 = Wed Dec 11 2024 07:17:38 GMT-0700 (Mountain Standard Time)
AppSettings appSettings = AppSettings.Get(builder.Configuration);
```
## Add Instance to be Used as Dependency Injected Object
```csharp 1733926695948 = 638695234959480000 = Wed Dec 11 2024 07:18:15 GMT-0700 (Mountain Standard Time)
builder.Services.AddSingleton(appSettings);
```

138
.NET/vscode-ssh.md Normal file
View File

@ -0,0 +1,138 @@
# VSCode SSH
- Allows using VSCode to build code as if you were on remote machine.
- Remote machine will still need dotnet SDK
## Offline Installer
- Download and copy to servers that can't reach github.com
- [openssh-portable](https://github.com/PowerShell/openssh-portable)
## PowerShell Installer
- PowerShell Administrator
```PowerShell Administrator 1736187016914 = 638717838169140000 = Mon Jan 06 2025 11:10:16 GMT-0700 (Mountain Standard Time)
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
```
## Key Generation
- Run with any user
```PowerShell 1736187033768 = 638717838337680000 = Mon Jan 06 2025 11:10:33 GMT-0700 (Mountain Standard Time)
ssh-keygen -t ed25519
```
## Authentication via Public Key
- PowerShell Administrator
```PowerShell Administrator 1736187105777 = 638717839057770000 = Mon Jan 06 2025 11:11:45 GMT-0700 (Mountain Standard Time)
copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\authorized_keys
copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\administrators_authorized_keys
icacls.exe "C:\ProgramData\ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
```
- Configuration allows for public key authentication
- Removes higher risk password authentication
```conf 1736187108739 = 638717839087390000 = Mon Jan 06 2025 11:11:48 GMT-0700 (Mountain Standard Time)
...
PubkeyAuthentication yes
...
PasswordAuthentication no
...
```
## Firewall
- Open Windows Firewall with Advanced Security GUI
- Add new Inbound Rule for port 22
- Change Profiles to only enable domain
- Change scope to remote ip for your machine
```bash 1736187743528 = 638717845435280000 = Mon Jan 06 2025 11:22:23 GMT-0700 (Mountain Standard Time)
wf.msc
```
- Exported list for the two inbound rules
```tsv 1736187853968 = 638717846539680000 = Mon Jan 06 2025 11:24:13 GMT-0700 (Mountain Standard Time)
Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Authorized Users Authorized Computers Authorized Local Principals Local User Owner Application Package
OpenSSH SSH Server Preview (sshd) Private Yes Allow No C:\Program Files\OpenSSH\sshd.exe Any Any TCP 22 Any Any Any Any Any Any
SSH Domain Yes Allow No Any Any 10.64.233.125 TCP 22 Any Any Any Any Any Any
```
- Command line add inbound rule SSH
```bash 1736188562695 = 638717853626950000 = Mon Jan 06 2025 11:36:02 GMT-0700 (Mountain Standard Time)
netsh advfirewall firewall add rule name="SSH" dir=in action=allow enable=yes profile=domain remoteip=10.64.233.125 localport=22 protocol=TCP
```
- Command line to add remote IP
```bash 1736188289189 = 638717850891890000 = Mon Jan 06 2025 11:31:28 GMT-0700 (Mountain Standard Time)
netsh advfirewall firewall set rule name="SSH" new remoteip=10.64.233.125
```
- Command line to enable rule
```bash 1736188447588 = 638717852475880000 = Mon Jan 06 2025 11:34:07 GMT-0700 (Mountain Standard Time)
netsh advfirewall firewall set rule name="SSH" new enable=yes
```
## Local Key Generation
- Replace user
- Run on local machine
- Add output to remote machine
```PowerShell 1736190383218 = 638717871832180000 = Mon Jan 06 2025 12:06:22 GMT-0700 (Mountain Standard Time)
ssh-keygen -t ed25519
more "C:/Users/user/.ssh/id_ed25519.pub"
echo "C:\ProgramData\ssh\authorized_keys"
echo "C:\ProgramData\ssh\administrators_authorized_keys"
```
## Test Connection
- Replace user and machine
```bash 1736187372778 = 638717841727780000 = Mon Jan 06 2025 11:16:12 GMT-0700 (Mountain Standard Time)
ssh user@machine.infineon.com -i C:/Users/user/.ssh/id_ed25519
```
## VSCode
- Install VSCode extension ms-vscode-remote.remote-ssh
- Add machine to VSCode Remote Explorer
- Example after adding machine to Remote Explorer "C:\Users\phares\.ssh\config"
```conf 1736189363973 = 638717861639730000 = Mon Jan 06 2025 11:49:23 GMT-0700 (Mountain Standard Time)
Host mestsa003.infineon.com
HostName mestsa003.infineon.com
User mesphares
IdentityFile C:/Users/phares/.ssh/id_ed25519
Host mestsa05ec.infineon.com
HostName mestsa05ec.infineon.com
User mesphares
IdentityFile C:/Users/phares/.ssh/id_ed25519
Host mestsa07ec.infineon.com
HostName mestsa07ec.infineon.com
User mesphares
IdentityFile C:/Users/phares/.ssh/id_ed25519
Host messa010ec.infineon.com
HostName messa010ec.infineon.com
User mesphares
IdentityFile C:/Users/phares/.ssh/id_ed25519
```

29
DevOps/dns-and-ssl.md
View File

@ -8,27 +8,38 @@ updated: 2023-07-08T03:32:53.694Z
## DNS Order
https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29
- [dns-entry](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29)
![DNS Entries](Images/image-2023-4-26_12-24-36.png)
## Server Certificate (SSL/TLS) Order
https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request
## Self-signed Certificate
```bash
cd "C:\Program Files\Git\usr\bin"
openssl
req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
req -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
req -x509 -nodes -days 365 -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\localhost.key" -out "L:\Git\NGINX-Conf\conf\includes\localhost.crt" -config "L:\Git\NGINX-Conf\conf\includes\localhost.conf"
```
```conf
ssl_certificate "includes/localhost.crt";
ssl_certificate_key "includes/localhost.key";
```
## Server Certificate (SSL/TLS) Order
- [certificate-request](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request)
![Certificate Request](Images/image-2023-4-26_12-25-33.png)
### Example for eaf-dev-reporting.mes.infineon.com
```bash
# ssl_certificate "includes/localhost.crt";
# ssl_certificate_key "includes/localhost.key";
cd "C:\Program Files\Git\usr\bin"
openssl
req -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.key" -out "L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr" -config "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.conf"
```
```conf
ssl_certificate "includes/eaf-dev-reporting.mes.infineon.com.cer";
ssl_password_file "includes/eaf-dev-reporting.mes.infineon.com.pass";
ssl_certificate_key "includes/eaf-dev-reporting.mes.infineon.com.key";