For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
[Unit] | |
Description=Demonstrate Bash | |
[Service] | |
ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment MYVAR=$(( 2 + 2 ))" | |
ExecStart=/usr/bin/echo "2 + 2 = ${MYVAR}" |
Hi there!
The docker cheat sheet has moved to a Github project under https://github.com/wsargent/docker-cheat-sheet.
Please click on the link above to go to the cheat sheet.
... | |
# Fake a fuse install | |
RUN apt-get install libfuse2 | |
RUN cd /tmp ; apt-get download fuse | |
RUN cd /tmp ; dpkg-deb -x fuse_* . | |
RUN cd /tmp ; dpkg-deb -e fuse_* | |
RUN cd /tmp ; rm fuse_*.deb | |
RUN cd /tmp ; echo -en '#!/bin/bash\nexit 0\n' > DEBIAN/postinst | |
RUN cd /tmp ; dpkg-deb -b . /fuse.deb |
Prerequisites:
Software components used:
The diode bridge is the simplest rectifier I know.
Rectifier lets you share a directory with a docker container (just like $yourvm
shared folders).
You don't have to install anything in your containers, and you only need to install diod
in the host. diod
is packaged on Ubuntu/Debian distros, and will automatically be apt-get install
-ed if needed.
Since it uses diod
to make a bridge, I called it rectifier. Yeah, that sucks, so if you have a better name, I'll steal it!
The HearSay P2P File Sharer; a response to The Copyright Alert System, as well as several other internet regulation attempts. The goal of this project is to prove the viability of semi-anonymous and confidential file sharing. Consists of several proofs of concepts such as the formation of ad-hoc mix networks and routing throughout them while maintaining anonymity and semantic security.
However, lets be honest with ourselves for a second. Don't use this to fight an oppressive regime. I can not (and will not try) to 'prove' its security, and I
Two ways to do it, but only worked for me so I'll put it first and the second for reference:
$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -out hostname.p12
$ openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem
Other options for this method in comments below:
# Note, the -certfile root.crt appends all CA certs to the export, I've never needed these so it's optional for my personal steps
$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -certfile root.crt -out hostname.p12
These are field notes gathered during installation of website search facility for the ElasticSearch website.
You may re-use it to put a similar system in place.
The following assumes: