https://owasp.org/www-community/OWASP_Validation_Regex_Repository
common regexp use-cases
mercredi 25 mai 2022
jeudi 5 mai 2022
Generating a cookie secret
Generating a cookie secret
required step for a lot of web-based use-case when a cookie must be stored on the client side, for example with oauth2-proxy to set-up remote authentication.
- docker / python
docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
Followings solutions are from : https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview (v7.2.x)
- Python
python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'- Bash
dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo- Open SSL
openssl rand -base64 32 | tr -- '+/' '-_'- PowerShell
# Add System.Web assembly to session, just in case
Add-Type -AssemblyName System.Web
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace("+","-").Replace("/","_")- Terraform
# Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secret
resource "random_password" "cookie_secret" {
length = 32
override_special = "-_"
}
Caddy + xcaddy within a docker container
Start Caddy within a docker container and add a plugin.
https://caddyserver.com/docs/modules/security
./docker-compose.yml
version: '3.4'
networks:
monitor-net:
driver: bridge
volumes:
caddy_data: {}
services:
caddy:
# cf. https://github.com/caddyserver/caddy/releases
# image: caddy:2.5.0
build:
context: ./caddy/ # where to look for the Dockerfile
dockerfile: Dockerfile # actual name of the Dockerfile
args:
image_ref: caddy:2.5.0
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
networks:
monitor-net:
driver: bridge
volumes:
caddy_data: {}
services:
caddy:
# cf. https://github.com/caddyserver/caddy/releases
# image: caddy:2.5.0
build:
context: ./caddy/ # where to look for the Dockerfile
dockerfile: Dockerfile # actual name of the Dockerfile
args:
image_ref: caddy:2.5.0
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
image_ref: caddy:2.5.0 # image reference used twice in the Dockerfile, once with ${image_ref}-builder, once directly
./caddy/Dockerfile :
ARG image_ref
FROM ${image_ref}-builder AS caddy-build
RUN xcaddy build --with github.com/greenpau/caddy-security
FROM ${image_ref}
COPY --from=caddy-build /usr/bin/caddy /usr/bin/caddy
FROM ${image_ref}-builder AS caddy-build
RUN xcaddy build --with github.com/greenpau/caddy-security
FROM ${image_ref}
COPY --from=caddy-build /usr/bin/caddy /usr/bin/caddy
Caddyfile must exist (content not relevant here):
./caddy/Caddyfile
command :
docker-compose up --build caddy
Inscription à :
Articles (Atom)