Pakete updaten
$ sudo apt update
apt https support installieren; vim
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common vim
Docker-Repository GPG Key hinzugügen
t-book
/ login.html
Created
March 18, 2020 20:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% extends "account/base.html" %} | |
| {% load i18n %} | |
| {% load bootstrap_tags %} | |
| {% load account socialaccount %} | |
| {% block head_title %}{% trans "Log in" %}{% endblock %} | |
| {% block body_outer %} | |
| <div class="page-header"> |
t-book
/ Ubuntu Bionic Docker.md
Last active
March 9, 2021 13:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from geonode.people.models import Profile | |
| import requests | |
| import json | |
| # https://mailboxlayer.com/ | |
| access_key='your_key' | |
| api_url = 'http://apilayer.net/api/check?access_key={0}' | |
| base_url = api_url.format(access_key) | |
| profiles = Profile.objects.all() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django import forms | |
| from django.contrib.auth.forms import UserCreationForm | |
| from geonode.people.models import Profile | |
| class CustomSignupForm(UserCreationForm): | |
| first_name = forms.CharField(max_length=30, required=True) | |
| last_name = forms.CharField(max_length=30, required=True) | |
| email = forms.EmailField(max_length=254) | |
| field_order = ['first_name', 'last_name', 'email', 'username'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.core.management.base import BaseCommand, CommandError | |
| from geonode.layers.models import UploadSession | |
| from geonode.people.models import Profile | |
| from geonode.base.models import ResourceBase | |
| from mapstore2_adapter.api.models import MapStoreResource | |
| from geonode.base.management.commands.helpers import confirm | |
| from geonode.layers.utils import set_layers_permissions | |
| class Command(BaseCommand): | |
| help = 'Management command to transfer User Data ' \ |
t-book
/ geonode-keycloack.md
Last active
February 22, 2024 11:58
For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:
docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1
https://www.keycloak.org/getting-started/getting-started-docker
- create a new realm to group our new app and users
marsianer
Full Background: https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
Content:
- Start
t-book
/ harden_geonode_with_namespace.md
Last active
April 18, 2024 15:19
Linux namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations.
The best way to prevent privilege-escalation attacks from within a container is to configure your container’s applications to run as unprivileged users. For containers whose processes must run as the root user within the container, you can re-map this user to a less-privileged user on the Docker host. The mapped user is assigned a range of UIDs which function within the namespace as normal UIDs from 0 to 65536, but have no privileges on the host machine itself.
In case you did not enable namespaces initially you will loose all of your images and containers after enabling the docker daemon namespaced.
t-book
/ docker_apparmor.conf
Last active
January 6, 2021 12:55
— forked from disconnect3d/docker_apparmor.conf
docker-default
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <tunables/global> | |
| profile docker-default flags=(attach_disconnected,mediate_deleted) { | |
| #include <abstractions/base> | |
| network, | |
| capability, |
t-book
/ App-armor and docker.md
Last active
April 18, 2024 15:20
https://wiki.ubuntu.com/AppArmor
Apparmor can be used to limit different permissions for a userspace on side of the kernel. In other words we can decide what a program (... inside a docker container) can do. Ubuntu runs apparmor by default. This Readme targets docker and skips the aa_genprof workflow (see: https://www.youtube.com/watch?v=Uq1d60TLebE&t=155s) for standalone applications (Haven't found a way to use it with docker daemon)
To follow these steps you need to install apparmor-utils