Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:
- CA certificate
- Server certificate
- Server key
- Client certificate
- Client key
solidnerd
/ .gitignore
Created
November 8, 2019 21:10
— forked from pdxjohnny/.gitignore
Setting Up k3s for Serverless (knative) on a $5 DigitalOcean Droplet Using k3d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .terraform/ | |
| *.pem | |
| *.tf | |
| *.tfstate | |
| *.yaml | |
| *.backup | |
| istio-*/ | |
| cert-manager-*/ | |
| *.swp | |
| env |
solidnerd
/ autopart.sh
Created
January 13, 2018 07:13
— forked from trentmswanson/autopart.sh
Linux bash script to partition and format all data disks in azure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # An set of disks to ignore from partitioning and formatting | |
| BLACKLIST="/dev/sda|/dev/sdb" | |
| # Base directory to hold the data* files | |
| DATA_BASE="/media" | |
| usage() { | |
| echo "Usage: $(basename $0) <new disk>" | |
| } |
solidnerd
/ 1-Enable Docker Remote API with TLS client verification.md
Created
December 22, 2017 14:12
— forked from kekru/1-Enable Docker Remote API with TLS client verification.md
Docker Remote API with client verification via daemon.json
solidnerd
/ README-Template.md
Created
December 22, 2017 13:52
— forked from PurpleBooth/README-Template.md
A template to make good README.md
solidnerd
/ OverEncrypt.md
Created
December 3, 2016 06:30
— forked from mapmeld/OverEncrypt.md
OverEncrypt - paranoid HTTPS
This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.
WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.
I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.
The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone
solidnerd
/ screen-stuff.md
Created
November 22, 2016 08:07
— forked from gesellix/screen-stuff.md
screen and Docker for Mac
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker
solidnerd
/ install_elixir.md
Created
May 15, 2016 15:31
— forked from rubencaro/install_elixir.md
Elixir installation guide
Version numbers should be the ones you want. Here I do it with the last ones available at the moment of writing.
The simplest way to install elixir is using your package manager. Sadly, at the time of writing only Fedora shows
the intention to keep its packages up to date. There you can simply sudo dnf install erlang elixir and you are good to go.
Anyway, if you intend to work with several versions of erlang or elixir at the same time, or you are tied to
a specific version, you will need to compile it yourself. Then kerl and exenv are your best friends.