Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:
- CA certificate
- Server certificate
- Server key
- Client certificate
- Client key
Sven shoeper
shoeper
/ ssd-cache-wait.conf
Last active
August 29, 2015 14:04
— forked from kylemanna/ssd-cache-wait.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description "Suspend dmcache for SSD cache" | |
| author "Kyle Manna <kyle@kylemanna.com>" | |
| # Start monitoring with inotifywait (will block) after the filesystem is | |
| # mounted, when the filesystem is unmounted, teardown the dm devices. | |
| start on mounted MOUNTPOINT=/media/usb1 | |
| script | |
| inotifywait -e unmount $MOUNTPOINT |
shoeper
/ nginx.conf
Last active
August 29, 2015 14:11
— forked from plentz/nginx.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
shoeper
/ dovecot-10-auth.conf
Last active
August 29, 2015 14:12
— forked from barryo/dovecot-10-auth.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| auth_mechanisms = plain login digest-md5 cram-md5 ntlm apop | |
| !include auth-sql.conf.ext |
shoeper
/ pdf2htmlEX.sh
Last active
September 19, 2016 22:59
— forked from rajeevkannav/pdf2htmlEX.sh
Install CMake, pkg-config,GNU Getopt,GCC,poppler,fontforge,pdf2htmlEX in Ubuntu 15.05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Ubuntu Developer Script for pdf2htmlEx | |
| # Created by Rajeev Kannav Sharma | |
| # http://rajeevkannav.github.io/ | |
| # | |
| # | |
| # Downloads and configures the following: | |
| # | |
| # CMake, pkg-config | |
| # GNU Getopt |
shoeper
/ sign.py
Created
June 13, 2018 13:54
— forked from bahorn/sign.py
Implementation of the Tuya API signing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import hashlib | |
| import time | |
| import uuid | |
| import os | |
| import copy | |
| import json | |
| # This is based on my personal implementation but stripped down to only what is | |
| # needed to verify it. |
shoeper
/ tuya_cloud.py
Created
June 14, 2018 14:38
— forked from bahorn/tuya_cloud.py
Cloud endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import hashlib | |
| import time | |
| import uuid | |
| import os | |
| import copy | |
| import json | |
| # Fixed up version of my previous code to work with the Cloud endpoints. | |
| # Hopefully this works. |
shoeper
/ 1-Enable Docker Remote API with TLS client verification.md
Created
June 26, 2018 09:47
— forked from kekru/1-Enable Docker Remote API with TLS client verification.md
Docker Remote API with client verification via daemon.json
shoeper
/ nginx-unificontroller.conf
Created
August 24, 2018 17:20
— forked from vidia/nginx-unificontroller.conf
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. | |
| # The unifi default port is 8443 running on localhost. | |
| # License: CC0 (Public Domain) | |
| server { | |
| # SSL configuration | |
| # | |
| listen 443 ssl default_server; | |
| listen [::]:443 ssl default_server; |
shoeper
/ glassfish4-localhost-domain.xml
Created
September 19, 2018 16:12
— forked from nikku/glassfish4-localhost-domain.xml
A stripped down domain.xml for Glassfish 4 application servers behind an Apache 2 / Nginx proxy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="89"> | |
| <security-configurations> | |
| <authentication-service default="true" name="adminAuth" use-password-credential="true"> | |
| <security-provider name="spcrealm" type="LoginModule" provider-name="adminSpc"> | |
| <login-module-config name="adminSpecialLM" control-flag="sufficient" module-class="com.sun.enterprise.admin.util.AdminLoginModule"> | |
| <property name="config" value="server-config"></property> | |
| <property name="auth-realm" value="admin-realm"></property> | |
| </login-module-config> | |
| </security-provider> | |
| <security-provider name="filerealm" type="LoginModule" provider-name="adminFile"> |
shoeper
/ vpn.md
Created
December 4, 2019 15:55
— forked from joepie91/vpn.md
Don't use VPN services.
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.
Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.
A Russian translation of this article can be found here, contributed by Timur Demin. There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
OlderNewer