Application Layer
* [[L2TP]] * [[PPTP]] * [[TLS]] . . .
1K - last updated 2016-12-04 10:42 UTC by 1443
How to authenticate to kubernetes cluster using SSL certificates and tokens
Kubernetes supports multiple ways to authenticate users. The best ones might be authenticating proxy . . . kube-api-proxy.example.com; ssl_certificate tls.crt; ssl_certificate_key tls.key; location / { . . . The tls.crt is a server's SSL certificate issued by a PKI. . . . -subj "/CN=front-proxy-client" vi /etc/pki/tls/openssl.cnf [ usr_cert ] keyUsage = critical,digitalSignature,keyEncipherment . . . -days 365 -CAcreateserial -extfile /etc/pki/tls/openssl.cnf -extensions usr_cert And finally we . . .
11K - last updated 2023-03-29 08:19 UTC by 1443
How to build a Kubernetes cluster in Openstack for orchestrating Docker containers
"Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, . . . vi worker_kubelet_csr_creation_authorization.yml . . .
20K - last updated 2019-06-12 23:56 UTC by 1443
How to build docker containers
I build essential containers for statistical analysis tools, mainly for R, RStudio Server, Shiny Server . . . ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; . . . /opt/quest/lib64/nss/libnss_vas4.so.2:/usr/lib64/tls/x86_64/libnss_vas4.so.2:ro \ -v /var/opt/quest/vas/vasd/.vasd40_ipc_sock:/var/opt/quest/vas/vasd/.vasd40_ipc_sock . . . /opt/quest/lib64/nss/libnss_vas4.so.2:/usr/lib64/tls/x86_64/libnss_vas4.so.2:ro \ -v /usr/lib64/security/pam_vas3.so:/usr/lib64/security/pam_vas3.so:ro . . .
16K - last updated 2023-11-22 14:24 UTC by 1443
How to build postgres HA cluster in K8s
One of the python development tools is Eclipse Che that relies on Keycloak for authentication, which . . . --ssl_min_protocol_version=TLSv12 --unix_socket_directories="] CMD ["sh", "-c", . . .
8K - last updated 2020-03-12 08:07 UTC by 1443
How to configure secure authentication against Active Directory
1. Install openldap-clients sudo yum install openldap-clients 2. Copy Active Directory CA and intermediate . . . dc=example,dc=com URI ldaps://adc.example.com TLS_CACERT /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem . . .
1K - last updated 2020-02-11 23:32 UTC by 1443
How to deploy nexus repository server in k8s
Docker images are usually stored in docker repositories. Nexus server provides host, proxy and group . . . MD5, SHA1 jdkCA & usage TLSServer, \ # RSA keySize < 1024, DSA keySize < 1024, . . . SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 768, EC . . . RSA keySize < 1024, DSA keySize < 1024 #jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, . . . # EC keySize < 224, 3DES_EDE_CBC, anon, NULL jdk.tls.disabledAlgorithms=RC4, DES, DH keySize < 1024, . . .
8K - last updated 2020-02-11 01:20 UTC by 1443
How to install elasticsearch, kibana and fluentd in k8s
k8s cluster provides a convinient environment for elastic search cluster fronted with redundant kibana . . . log4j2.properties and trusted CA certs. Create a tls secret for elastic search SSL certs. The problem . . . enabled: true key: certs/tls.key certificate: certs/tls.crt certificate_authorities: . . . enabled: true key: certs/tls.key certificate: certs/tls.crt certificate_authorities: . . . internal-ca-chain name: trusted-ca 9. Create a tls secret for kibana SSL cert - kibana-cert 10. Create . . .
17K - last updated 2023-03-29 08:54 UTC by 1443
How to install JupyterHub in Kubernetes
!JupyterHub allows users to interact with a computing environment through a webpage. As most devices . . . traffic via k8s ingress (conda-ssl-ingress) with tls secret (proxy-manual-tls) mounted via volumeMounts . . . (tls-secret). k8s service name is proxy-public. apiVersion: . . . - --redirect-port=8000 - --ssl-key=/etc/chp/tls/tls.key - --ssl-cert=/etc/chp/tls/tls.crt env: . . . File volumeMounts: - mountPath: /etc/chp/tls name: tls-secret readOnly: true dnsPolicy: ClusterFirst . . .
12K - last updated 2020-02-11 01:49 UTC by 1443
How to install Kubernetes Dashboard with Ingress Controller
Kubernetes dashboard provides web-based interface to Kubernetes. The steps below are partially based . . . metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: . . . hostPath: path: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem type: File containers: - name: metrics-server . . . command: - /metrics-server - --kubelet-insecure-tls # - --kubelet-certificate-authority=/etc/ssl/certs/ca-certificates.crt . . .
16K - last updated 2020-02-11 02:03 UTC by 1443
Monitoring k8s cluster with Prometheus
Traditionally servers are monitored with Icinga, Nagios, Prtg, etc. Kubernetes though is more convinient . . . metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: . . . hostPath: path: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem type: File containers: - name: metrics-server . . . command: - /metrics-server - --kubelet-insecure-tls volumeMounts: - name: tmp-dir mountPath: /tmp - . . .
21K - last updated 2023-11-22 14:21 UTC by 1443
PPTP
Point-to-Point Tunneling Protocol is another obsolete method to encapsulate PPP packets in a GRE tunnel. . . . of them are considered insecure these days. EAP-TLS is a better choice. . . .
1K - last updated 2016-12-04 05:57 UTC by 1443
snort
snort is an open source package that runs under most OSs including Windows. It can be run in few modes: . . . SMTP * POP * IMAP * FTP/Telnet * SSH * DNS * SSL/TLS * ARP Spoof * DCE/RPC 2 * Sensitive Data * Normalizer . . .
13K - last updated 2016-12-08 10:39 UTC by 1443
SSL-TLS Issues
Point-to-point, not end-to-end encryption. A man-in-the-middle attack is possible due to PKI discredit. . . .
2K - last updated 2016-12-04 05:56 UTC by 1443
TLS
TLS is defined in [[https://tools.ietf.org/html/rfc6176 RFC 6176]]. Since a transport protocol can operate . . . without TLS, there are two way to signal the server to apply . . . use protocol specific command (for example, STARTTLS in SMTP or IMAP protocols) Once the client and . . . the server agreed on using TLS, they use handshaking to establish the common parameters. . . . the same but in most cases, it does not. See SSL/TLS Issues below. Session keys are generated in one . . .
4K - last updated 2016-12-04 10:46 UTC by 1443
15 pages found.