SlideShare a Scribd company logo

How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS

Download as PPTX, PDF
VEXXHOST Private Cloud
VEXXHOST Private Cloud

Presented by VEXXHOST, provider of OpenStack based public and Private Cloud Infrastructure

Education
1 of 23
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Shipyard is a management tool for Docker servers. • Docker is a cutting-edge piece of software used for containerization. • Shipyard allows you to see which containers each of your servers are running, in order to start or stop existing containers or create new ones. • Once you’ve set up Shipyard on your server you can access it using a graphic interface, a command-line interface, or an API. • Shipyard lacks some of the advanced features of other Docker orchestration tools, but it’s very simple to set up, free to use, and you can manage and host it yourself. • It also lets you manage resource allocation to specific containers and manage containers across multiple Docker hosts. • However, it’s important to ensure that your Docker server and Shipyard system are secure, especially if they are being used in production.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • In this article, we are going to show you Shipyard 2.0.10 installation setup on a single CoreOS server and securing Docker with a TLS certificate to ensure that only authorized clients may connect to it • TLS Stands for Transport Layer Security which is used to encrypt data as it is transported from the client to the server and back again. • Here, we’ll use it to encrypt our connection to the Docker host, and Docker’s connection to Shipyard.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS Prerequisites: • In order to setup shipyard 2.0.10 with TLS on CoreOS, we need to make sure that following prerequisites are complete. • First of all setup one CoreOS Droplet with at least 1 GB or more recommended RAM and choose the latest stable version of CoreOS. • Login to your server using SSH-key as all CoreOS servers require an SSH key, then setup a fully qualified domain name (FQDN) or subdomain for your Docker host. • Now lets start with setting up Docker to use certificates for authentication.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 1) Creating the Server Certificate: • CoreOS comes with OpenSSL, a utility that can be used to generate and sign certificates. • Let’s create a Certificate Authority that we can use to sign server and client certificates. • First, create and move to a directory called ‘dockertls’, so it’s easy to remember where the files are. $ mkdir ~/dockertls $ cd ~/dockertls
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Then create an RSA private key using below command which will prompt you to create a passphrase for your key. $ openssl genrsa -aes256 -out private-key.pem 4096 • Here in this command genrsa will generate a private RSA private key. -out private-key.pem specifies the name of the file we want to generate, which is ‘private-key.pem’ and the last bit, 4096, is the length of the key in bits. • It’s recommended to keep this at a high number like 4096. • Next, generate a new certificate and sign it with the private key we just created. You’ll need to enter the same passphrase you chose when creating the key. $ openssl req -new -x509 -sha512 -days 365 -key private-key.pem -out myca.pem
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Here OpenSSL will also ask for some required information, like the FQDN of your server and the county your organization is based out of. Let’s try to answer these questions as accurately as possible. This is the last step in creating our self- signed Certificate Authority, or CA as shown below.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • After creating CA, we will create some server certificates for use with the Docker daemon. • The following two commands generate a signing request but sure to replace test.com with the domain or subdomain of your own you using for Docker. $ openssl genrsa -out docker-1-key.pem 4096 $ openssl req -subj "/CN=example.com" -sha512 -new -key docker-1-key.pem -out docker.csr • Finally, sign with the CA’s private key. You’ll need to enter the key passphrase again. $ openssl x509 -req -days 365 -sha256 -in docker.csr -CA myca.pem -CAkey private-key.pem -CAcreateserial -out final-server- cert.pem • This will create a file in the current directory called final-server-cert.pem, which is the server certificate that will be used on the Docker host.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 2) Creating the Client Certificate: • After creating server certificate, we need to create a client certificate. • This will be used whenever we try to connect to the Docker host. • It will verify that the client connection has actually been verified and signed by our personal CA. • Therefore, only authorized clients will be allowed to connect and send commands to Docker. • First, create another signing request for the client using below commands. $ openssl genrsa -out client-key.pem 4096 $ openssl req -subj '/CN=client' -new -key client-key.pem -out docker-client.csr
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • We need to create a config file which specifies that the resulting certificate can actually be used for client authentication. $ echo extendedKeyUsage = clientAuth > client.cnf • The will creates a file called 'client.cnf' with the content extendedKeyUsage = clientAuth without needing to use a text editor. • Next, sign the client with the CA key. $ openssl x509 -req -days 365 -sha512 -in docker-client.csr -CA myca.pem -CAkey private-key.pem - CAcreateserial -out client.pem -extfile client.cnf Signature ok subject=/CN=client Getting CA Private Key Enter pass phrase for private-key.pem: • Now we have a CA, a server certificate, and a client certificate setup let’s move to the next step.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • 3) Configuring Docker and CoreOS: • In this step, we’ll configure the Docker daemon to use our certificates by modifying the startup options for Docker. • CoreOS uses systemd command to manage services. • Let’s start by editing the Docker unit file. There’s an option for the systemctl command that will help us by duplicating the actual unit file instead of modifying the original directly. • Open the Docker unit file for editing using systemctl as shown. $ sudo systemctl edit --full docker • This will open the file for editing using vim, find the line that begins with ExecStart=/usr/lib/coreos/dockerd. Append this line with below config after –host=fd:// of that line as shown. ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// --tlsverify --tlscacert=/home/core/dockertls/myca.pem -- tlscert=/home/core/dockertls/final-server-cert.pem --tlskey=/home/core/dockertls/docker-1-key.pem -H=0.0.0.0:2376 $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Here in this configuration --tlsverify simply turns on TLS verification so that only authorized clients may connect. • --tlscacert specifies the location of our CA’s certificate. • --tlscert specifies the server certificate location. • --tlskey specifies the server key location and -H=0.0.0.0:2376 means that Docker will listen for connections from anywhere, but it still will not allow any connections that don’t have an authorized client key or certificate.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Now reload the Docker daemon after saving and closing the file, so that it will use our new configuration. $ sudo systemctl restart docker $ sudo systemctl status docker • Once the docker service is up running, then run the command below to test our TLS verification. docker --tlsverify --tlscacert=myca.pem --tlscert=client.pem --tlskey=client-key.pem -H=test.com:2376 info • You will get some basic system information about your Docker host as shown below. • This means you just secured your Docker host with TLS. • If you get an error, check the logs using systemctl status docker. • You we can access Docker host from anywhere as long as we are connecting using a valid certificate and client key. We can generate and sign as many client certificates as we want for use in a cluster.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 4) Installing Shipyard • In this step, we will install Shipyard. • Once you have Docker running, it is quite easy to install Shipyard because it ships as Docker images. • All you need to do is pull the images from the Docker registry and run the necessary containers. • First we will create a data volume container to hold Shipyard’s database data. • This container won’t do anything by itself; it is a convenient label for the location of all of Shipyard’s data. $ docker create --name shipyard-rethinkdb-data shipyard/rethinkdb
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Now that the data volume container is created, this is the database engine Shipyard uses to keep track of real-time data from Docker. • Now we can launch the database server for Shipyard and link them together. $ docker run -it -d --name shipyard-rethinkdb --restart=always --volumes-from shipyard-rethinkdb-data -p 127.0.0.1:49153:8080 -p 127.0.0.1:49154:28015 -p 127.0.0.1:29015:29015 shipyard/rethinkdb • This command also ensures that RethinkDB will only listen on localhost. This is a good way to secure this database because it means no one will be able to access it from outside the server. • We’ll be using Shipyard version 2.0.10 because it’s the easiest to configure with Docker TLS. • The following command will start a new container that runs Shipyard and links it to the RethinkDB container, allowing them to communicate. $ docker run -it -p 8080:8080 -d --restart=always --name shipyard --link shipyard- rethinkdb:rethinkdb shipyard/shipyard:2.0.10
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 5) Accessing Shipyard Web: • Once you have completed your Shipyard setup, open your web browser to visit http://test.com:8080 or http://your_server_ip:8080 to access the Shipyard control panel. You can log in with the default username admin and password shipyard.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Shipyard will prompt you to add a new engine to the cluster. Click the green + ADD button.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • You will be presented with some options to fill with name of the new engine and it keys like shown below.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Once you have updated the required information then click on the ADD button at the bottom of the page. • If everything is configured correctly, • If you point to the Shipyard dashboard you will see CPU and RAM stats along with events on its right side.
HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS Conclusion: • Shipyard is up and running with secured TLS on CoreOS. • You should also be able to configure additional servers with Docker and connect them to your Shipyard instance for management. • You’ve also learned how to connect to your Shipyard instance using the GUI, and learned how to deploy new containers on your Docker host with secured TLS using the command line as well as GUI. • It helps you in managing your containers and cluster of hosts safely and securely. • You can also add a client key and certificate to your local machine so you can remotely manage your Docker cluster from anywhere. • That’s all, I hope you have got this article much helpful. • Feel free to get back to us in case of any issue.

Recommended

Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swiftymtech
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production OverviewDelve Labs
 
Introduction to docker swarm
Introduction to docker swarmIntroduction to docker swarm
Introduction to docker swarmWalid Ashraf
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Paolucci voxxed-days-berlin-2016-age-of-orchestration
Paolucci voxxed-days-berlin-2016-age-of-orchestrationPaolucci voxxed-days-berlin-2016-age-of-orchestration
Paolucci voxxed-days-berlin-2016-age-of-orchestrationGrzegorz Duda
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Deploying applications to Windows Server 2016 and Windows Containers
Deploying applications to Windows Server 2016 and Windows ContainersDeploying applications to Windows Server 2016 and Windows Containers
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
 
Lessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersLessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersBen Hall
 

Recommended

Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swiftymtech
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production OverviewDelve Labs
 
Introduction to docker swarm
Introduction to docker swarmIntroduction to docker swarm
Introduction to docker swarmWalid Ashraf
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Paolucci voxxed-days-berlin-2016-age-of-orchestration
Paolucci voxxed-days-berlin-2016-age-of-orchestrationPaolucci voxxed-days-berlin-2016-age-of-orchestration
Paolucci voxxed-days-berlin-2016-age-of-orchestrationGrzegorz Duda
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Deploying applications to Windows Server 2016 and Windows Containers
Deploying applications to Windows Server 2016 and Windows ContainersDeploying applications to Windows Server 2016 and Windows Containers
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
 
Lessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersLessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersBen Hall
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)Marcel Cattaneo
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarmHsi-Kai Wang
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js ApplicationsReal World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js ApplicationsBen Hall
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOpsОмские ИТ-субботники
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) ItalyClustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) ItalyGiovanni Toraldo
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementNicola Paolucci
 
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...Edureka!
 
The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarmMathieu Buffenoir
 
Squid Server
Squid ServerSquid Server
Squid ServerSumant Garg
 
Running High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on DockerRunning High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
 
Docker Machine & Docker Swarm
Docker Machine & Docker SwarmDocker Machine & Docker Swarm
Docker Machine & Docker SwarmGuillermo Lucero
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionRemotty
 
Dockercon Swarm Updated
Dockercon Swarm UpdatedDockercon Swarm Updated
Dockercon Swarm UpdatedDocker, Inc.
 
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and ChefScaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chefbridgetkromhout
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and securityBen Bromhead
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPressdotCloud
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 

More Related Content

What's hot

NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)Marcel Cattaneo
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarmHsi-Kai Wang
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js ApplicationsReal World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js ApplicationsBen Hall
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOpsОмские ИТ-субботники
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) ItalyClustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) ItalyGiovanni Toraldo
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementNicola Paolucci
 
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...Edureka!
 
Running High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on DockerRunning High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
 
Docker Machine & Docker Swarm
Docker Machine & Docker SwarmDocker Machine & Docker Swarm
Docker Machine & Docker SwarmGuillermo Lucero
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionRemotty
 
Dockercon Swarm Updated
Dockercon Swarm UpdatedDockercon Swarm Updated
Dockercon Swarm UpdatedDocker, Inc.
 
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and ChefScaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chefbridgetkromhout
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and securityBen Bromhead
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPressdotCloud
 

What's hot (20)

NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarm
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
Real World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js ApplicationsReal World Lessons on the Pain Points of Node.js Applications
Real World Lessons on the Pain Points of Node.js Applications
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for Beginner
 
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) ItalyClustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
Clustering with Docker Swarm - Dockerops 2016 @ Cento (FE) Italy
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster management
 
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
Linux Administration Tutorial | Configuring A DNS Server In 10 Simple Steps |...
 
The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarm
 
Squid Server
Squid ServerSquid Server
Squid Server
 
Running High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on DockerRunning High Performance & Fault-tolerant Elasticsearch Clusters on Docker
Running High Performance & Fault-tolerant Elasticsearch Clusters on Docker
 
Docker Machine & Docker Swarm
Docker Machine & Docker SwarmDocker Machine & Docker Swarm
Docker Machine & Docker Swarm
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in Action
 
Dockercon Swarm Updated
Dockercon Swarm UpdatedDockercon Swarm Updated
Dockercon Swarm Updated
 
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and ChefScaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and security
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPress
 

Similar to How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS

Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Dan Mackin
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessDocker-Hanoi
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on DockerBen Hall
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
Orchestrating Docker with OpenStack
Orchestrating Docker with OpenStackOrchestrating Docker with OpenStack
Orchestrating Docker with OpenStackErica Windisch
 
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruDeploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruSwaminathan Vetri
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekwiTTyMinds1
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskEvan McGee
 
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherAzure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherKarim Vaes
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...Atlassian
 
Create and use a Dockerized Aruba Cloud server - CloudConf 2017
Create and use a Dockerized Aruba Cloud server - CloudConf 2017Create and use a Dockerized Aruba Cloud server - CloudConf 2017
Create and use a Dockerized Aruba Cloud server - CloudConf 2017Aruba S.p.A.
 
Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班Philip Zheng
 

Similar to How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS (20)

Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
Simple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE LabSimple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE Lab
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small business
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on Docker
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Orchestrating Docker with OpenStack
Orchestrating Docker with OpenStackOrchestrating Docker with OpenStack
Orchestrating Docker with OpenStack
 
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruDeploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
 
2015 05-06-elias weingaertner-docker-intro
2015 05-06-elias weingaertner-docker-intro2015 05-06-elias weingaertner-docker-intro
2015 05-06-elias weingaertner-docker-intro
 
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherAzure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
 
Create and use a Dockerized Aruba Cloud server - CloudConf 2017
Create and use a Dockerized Aruba Cloud server - CloudConf 2017Create and use a Dockerized Aruba Cloud server - CloudConf 2017
Create and use a Dockerized Aruba Cloud server - CloudConf 2017
 
Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班
 

More from VEXXHOST Private Cloud

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptxVEXXHOST Private Cloud
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuVEXXHOST Private Cloud
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuHow To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuVEXXHOST Private Cloud
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuVEXXHOST Private Cloud
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04VEXXHOST Private Cloud
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuVEXXHOST Private Cloud
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureVEXXHOST Private Cloud
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04VEXXHOST Private Cloud
 
How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...VEXXHOST Private Cloud
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 

More from VEXXHOST Private Cloud (17)

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on Ubuntu
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
How to Add Swap on Ubuntu
How to Add Swap on UbuntuHow to Add Swap on Ubuntu
How to Add Swap on Ubuntu
 
Getting Started with MEAN Stack
Getting Started with MEAN StackGetting Started with MEAN Stack
Getting Started with MEAN Stack
 
Fixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx ErrorsFixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx Errors
 
WordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTSWordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTS
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
 
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or UbuntuHow To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on Ubuntu
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on Ubuntu
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade Procedure
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04
 
How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04
 
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub Clone
 

Recently uploaded

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 

Recently uploaded (20)

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 

How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS

  • 1.
  • 2. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Shipyard is a management tool for Docker servers. • Docker is a cutting-edge piece of software used for containerization. • Shipyard allows you to see which containers each of your servers are running, in order to start or stop existing containers or create new ones. • Once you’ve set up Shipyard on your server you can access it using a graphic interface, a command-line interface, or an API. • Shipyard lacks some of the advanced features of other Docker orchestration tools, but it’s very simple to set up, free to use, and you can manage and host it yourself. • It also lets you manage resource allocation to specific containers and manage containers across multiple Docker hosts. • However, it’s important to ensure that your Docker server and Shipyard system are secure, especially if they are being used in production.
  • 3. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • In this article, we are going to show you Shipyard 2.0.10 installation setup on a single CoreOS server and securing Docker with a TLS certificate to ensure that only authorized clients may connect to it • TLS Stands for Transport Layer Security which is used to encrypt data as it is transported from the client to the server and back again. • Here, we’ll use it to encrypt our connection to the Docker host, and Docker’s connection to Shipyard.
  • 4. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS Prerequisites: • In order to setup shipyard 2.0.10 with TLS on CoreOS, we need to make sure that following prerequisites are complete. • First of all setup one CoreOS Droplet with at least 1 GB or more recommended RAM and choose the latest stable version of CoreOS. • Login to your server using SSH-key as all CoreOS servers require an SSH key, then setup a fully qualified domain name (FQDN) or subdomain for your Docker host. • Now lets start with setting up Docker to use certificates for authentication.
  • 5. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 1) Creating the Server Certificate: • CoreOS comes with OpenSSL, a utility that can be used to generate and sign certificates. • Let’s create a Certificate Authority that we can use to sign server and client certificates. • First, create and move to a directory called ‘dockertls’, so it’s easy to remember where the files are. $ mkdir ~/dockertls $ cd ~/dockertls
  • 6. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Then create an RSA private key using below command which will prompt you to create a passphrase for your key. $ openssl genrsa -aes256 -out private-key.pem 4096 • Here in this command genrsa will generate a private RSA private key. -out private-key.pem specifies the name of the file we want to generate, which is ‘private-key.pem’ and the last bit, 4096, is the length of the key in bits. • It’s recommended to keep this at a high number like 4096. • Next, generate a new certificate and sign it with the private key we just created. You’ll need to enter the same passphrase you chose when creating the key. $ openssl req -new -x509 -sha512 -days 365 -key private-key.pem -out myca.pem
  • 7. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Here OpenSSL will also ask for some required information, like the FQDN of your server and the county your organization is based out of. Let’s try to answer these questions as accurately as possible. This is the last step in creating our self- signed Certificate Authority, or CA as shown below.
  • 8. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • After creating CA, we will create some server certificates for use with the Docker daemon. • The following two commands generate a signing request but sure to replace test.com with the domain or subdomain of your own you using for Docker. $ openssl genrsa -out docker-1-key.pem 4096 $ openssl req -subj "/CN=example.com" -sha512 -new -key docker-1-key.pem -out docker.csr • Finally, sign with the CA’s private key. You’ll need to enter the key passphrase again. $ openssl x509 -req -days 365 -sha256 -in docker.csr -CA myca.pem -CAkey private-key.pem -CAcreateserial -out final-server- cert.pem • This will create a file in the current directory called final-server-cert.pem, which is the server certificate that will be used on the Docker host.
  • 9. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
  • 10. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 2) Creating the Client Certificate: • After creating server certificate, we need to create a client certificate. • This will be used whenever we try to connect to the Docker host. • It will verify that the client connection has actually been verified and signed by our personal CA. • Therefore, only authorized clients will be allowed to connect and send commands to Docker. • First, create another signing request for the client using below commands. $ openssl genrsa -out client-key.pem 4096 $ openssl req -subj '/CN=client' -new -key client-key.pem -out docker-client.csr
  • 11. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • We need to create a config file which specifies that the resulting certificate can actually be used for client authentication. $ echo extendedKeyUsage = clientAuth > client.cnf • The will creates a file called 'client.cnf' with the content extendedKeyUsage = clientAuth without needing to use a text editor. • Next, sign the client with the CA key. $ openssl x509 -req -days 365 -sha512 -in docker-client.csr -CA myca.pem -CAkey private-key.pem - CAcreateserial -out client.pem -extfile client.cnf Signature ok subject=/CN=client Getting CA Private Key Enter pass phrase for private-key.pem: • Now we have a CA, a server certificate, and a client certificate setup let’s move to the next step.
  • 12. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • 3) Configuring Docker and CoreOS: • In this step, we’ll configure the Docker daemon to use our certificates by modifying the startup options for Docker. • CoreOS uses systemd command to manage services. • Let’s start by editing the Docker unit file. There’s an option for the systemctl command that will help us by duplicating the actual unit file instead of modifying the original directly. • Open the Docker unit file for editing using systemctl as shown. $ sudo systemctl edit --full docker • This will open the file for editing using vim, find the line that begins with ExecStart=/usr/lib/coreos/dockerd. Append this line with below config after –host=fd:// of that line as shown. ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// --tlsverify --tlscacert=/home/core/dockertls/myca.pem -- tlscert=/home/core/dockertls/final-server-cert.pem --tlskey=/home/core/dockertls/docker-1-key.pem -H=0.0.0.0:2376 $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
  • 13. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
  • 14. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Here in this configuration --tlsverify simply turns on TLS verification so that only authorized clients may connect. • --tlscacert specifies the location of our CA’s certificate. • --tlscert specifies the server certificate location. • --tlskey specifies the server key location and -H=0.0.0.0:2376 means that Docker will listen for connections from anywhere, but it still will not allow any connections that don’t have an authorized client key or certificate.
  • 15. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Now reload the Docker daemon after saving and closing the file, so that it will use our new configuration. $ sudo systemctl restart docker $ sudo systemctl status docker • Once the docker service is up running, then run the command below to test our TLS verification. docker --tlsverify --tlscacert=myca.pem --tlscert=client.pem --tlskey=client-key.pem -H=test.com:2376 info • You will get some basic system information about your Docker host as shown below. • This means you just secured your Docker host with TLS. • If you get an error, check the logs using systemctl status docker. • You we can access Docker host from anywhere as long as we are connecting using a valid certificate and client key. We can generate and sign as many client certificates as we want for use in a cluster.
  • 16. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 4) Installing Shipyard • In this step, we will install Shipyard. • Once you have Docker running, it is quite easy to install Shipyard because it ships as Docker images. • All you need to do is pull the images from the Docker registry and run the necessary containers. • First we will create a data volume container to hold Shipyard’s database data. • This container won’t do anything by itself; it is a convenient label for the location of all of Shipyard’s data. $ docker create --name shipyard-rethinkdb-data shipyard/rethinkdb
  • 17. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Now that the data volume container is created, this is the database engine Shipyard uses to keep track of real-time data from Docker. • Now we can launch the database server for Shipyard and link them together. $ docker run -it -d --name shipyard-rethinkdb --restart=always --volumes-from shipyard-rethinkdb-data -p 127.0.0.1:49153:8080 -p 127.0.0.1:49154:28015 -p 127.0.0.1:29015:29015 shipyard/rethinkdb • This command also ensures that RethinkDB will only listen on localhost. This is a good way to secure this database because it means no one will be able to access it from outside the server. • We’ll be using Shipyard version 2.0.10 because it’s the easiest to configure with Docker TLS. • The following command will start a new container that runs Shipyard and links it to the RethinkDB container, allowing them to communicate. $ docker run -it -p 8080:8080 -d --restart=always --name shipyard --link shipyard- rethinkdb:rethinkdb shipyard/shipyard:2.0.10
  • 18. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS
  • 19. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS 5) Accessing Shipyard Web: • Once you have completed your Shipyard setup, open your web browser to visit http://test.com:8080 or http://your_server_ip:8080 to access the Shipyard control panel. You can log in with the default username admin and password shipyard.
  • 20. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Shipyard will prompt you to add a new engine to the cluster. Click the green + ADD button.
  • 21. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • You will be presented with some options to fill with name of the new engine and it keys like shown below.
  • 22. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS • Once you have updated the required information then click on the ADD button at the bottom of the page. • If everything is configured correctly, • If you point to the Shipyard dashboard you will see CPU and RAM stats along with events on its right side.
  • 23. HOW TO SECURELY SET UP SHIPYARD 2.0.10 WITH TLS ON COREOS Conclusion: • Shipyard is up and running with secured TLS on CoreOS. • You should also be able to configure additional servers with Docker and connect them to your Shipyard instance for management. • You’ve also learned how to connect to your Shipyard instance using the GUI, and learned how to deploy new containers on your Docker host with secured TLS using the command line as well as GUI. • It helps you in managing your containers and cluster of hosts safely and securely. • You can also add a client key and certificate to your local machine so you can remotely manage your Docker cluster from anywhere. • That’s all, I hope you have got this article much helpful. • Feel free to get back to us in case of any issue.