Providing remote access to applications and systems requires secure routing to the destination and credentials to authenticate the user. Traditionally, you achieve this using a Virtual Private Network (VPN) or a Bastion server to bridge into the private network. Credentials are generally provided individually, created as part of a manual process, and with password rotation on a best-intention basis. This is problematic as access is usually too broad, difficult to audit, and complex to maintain.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
echo "[$(date +%T)] Deregister boundary worker" | |
# Read the worker id from the file written on startup | |
worker_id=$(cat ./worker_id) | |
# Base url for the HCP cluster | |
base_url="https://${cluster_id}.boundary.hashicorp.cloud/v1" | |
auth_url="${base_url}/auth-methods/${auth_method_id}:authenticate" | |
dereg_url="${base_url}/workers/${worker_id}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Configure variables | |
These variables will be used for this snippet. Please substitute accordingly. | |
```bash | |
export RootCAName="root_ca" | |
export InterCAName="inter_ca" | |
export CommonName="hashidemos.io" | |
export InterCommonName="inter.hashidemos.io" | |
export Root_CA_ttl="730h" | |
export Inter_CA_ttl="350h" | |
export Cert_ttl="8h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
locals { | |
app_services = [ | |
{ | |
kind = "Linux" | |
sku = { | |
tier = "Standard" | |
size = "S1" | |
} | |
}, | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"archive/tar" | |
"bytes" | |
"compress/gzip" | |
"fmt" | |
"io" | |
"os" | |
"path/filepath" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"crypto/x509" | |
"flag" | |
"io/ioutil" | |
"log" | |
"net/http" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"time" | |
) | |
// Suggestions from golang-nuts | |
// http://play.golang.org/p/Ctg3_AQisl |