Create a resource group in Azure to hold all of the resources you'll be creating:
- Virtual Network
- Virtual Machines
- Don't use 172.* IPs. I used 10.3.0.0/24
Matt Bentley mbentley
mbentley
/ iis_auth_allsteps.md
Created
December 15, 2017 22:10
— forked from PatrickLang/iis_auth_allsteps.md
Setting up IIS with User Authorization in Windows Server containers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create overlay network to test | |
| docker network create -d overlay --attachable winoverlaytest | |
| # run iis on two different nodes, attached to the same network | |
| docker service create --name iis1 --network winoverlaytest --constraint "node.hostname==server2016-1" --endpoint-mode dnsrr microsoft/iis:nanoserver | |
| docker service create --name iis2 --network winoverlaytest --constraint "node.hostname==server2016-2" --endpoint-mode dnsrr microsoft/iis:nanoserver | |
| # hit iis2 from iis1 | |
| docker exec -it $(docker inspect --format '{{.Status.ContainerStatus.ContainerID}}' $(docker service ps --filter desired-state=running --format '{{.ID}}' iis1)) powershell Invoke-WebRequest http://iis2/ |
mbentley
/ daemon.json
Last active
December 1, 2017 16:32
Docker daemon.json insecure registry + nondistributable artifacts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "insecure-registry": [ | |
| "dtr.example.com" | |
| ], | |
| "allow-nondistributable-artifacts": [ | |
| "dtr.example.com" | |
| ] | |
| } |
mbentley
/ stack_certs.sh
Created
November 21, 2017 18:47
Stack certs for UCP and DTR from LetsEncrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| ### stack certs for UCP | |
| CERT_DIR="ucp.demo.dckr.org" | |
| cd ~/letsencrypt/"${CERT_DIR}" | |
| mkdir -p ucp | |
| # ca.pem |
mbentley
/ ucp_remove_client_bundles.sh
Created
November 2, 2017 13:53
Remove all UCP bundles for a user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| USERNAME="" | |
| PASSWORD="" | |
| UCP_FQDN="" | |
| AUTH_TOKEN="$(curl -sk -d '{"username":"'${USERNAME}'","password":"'${PASSWORD}'"}' "https://${UCP_FQDN}/auth/login" | jq -r .auth_token 2>/dev/null)" | |
| CURL_OPTS=(-ks --header "Content-Type: application/json" --header "Accept: application/json" -H "Authorization: Bearer ${AUTH_TOKEN}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # set environment variables | |
| USERNAME="admin" | |
| PASSWORD="docker123" | |
| UCP_URL="10.1.2.3:4443" | |
| # get auth token | |
| AUTH_TOKEN="$(curl -sk -d '{"username":"'${USERNAME}'","password":"'${PASSWORD}'"}' https://${UCP_URL}/auth/login | jq -r .auth_token 2>/dev/null)" |
mbentley
/ notary_easy_button.sh
Last active
November 18, 2021 12:54
Docker Content Trust Delegation Script
mbentley
/ check_for_deferred_deletion.sh
Created
March 10, 2017 21:22
Check to see if deferred deletion is supported
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PIPE1=/run/dss-$$-fifo1 | |
| PIPE2=/run/dss-$$-fifo2 | |
| TEMPDIR=$(mktemp --tmpdir -d) | |
| platform_supports_deferred_deletion() { | |
| local deferred_deletion_supported=1 | |
| trap cleanup_pipes EXIT | |
| if [ ! -x "./dss-child-read-write.sh" ];then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### set environment variables | |
| DTR_URL="ddcbeta.mac" | |
| # Make sure you have downloaded DTR's CA (if the certs are not trusted by valid root CA on your client already) and are placed in the path specified by --tlscacert | |
| # The DTR's CA cert can be downloaded from https://${DTR_URL}/ca | |
| # If it is already trusted, you can leave of the --tlscacert argument | |
| alias notary="notary -s https://${DTR_URL} -d ~/.docker/trust --tlscacert ~/.docker/tls/${DTR_URL}/ca.crt" | |
| REPO="admin/signtest" | |
| USERNAME="admin" | |
| ### admin |