mercredi 3 août 2022

docker : list containers in a specific network

 

List containers in a precise 


$ docker network ls
NETWORK ID     NAME                               DRIVER    SCOPE
f732a9b3c5a1   bridge                             bridge    local
7ec614323767   host                               host      local
...



docker network inspect     -f '{{ range $key, $value := .Containers }}{{printf "%s: %s\n" $key .Name}}{{ end }}' <NETWORK NAME>
<ID> <Name>

mercredi 25 mai 2022

common regexp

 https://owasp.org/www-community/OWASP_Validation_Regex_Repository


common regexp use-cases

jeudi 5 mai 2022

Generating a cookie secret

Generating a cookie secret 

required step for a lot of web-based use-case when a cookie must be stored on the client side, for example with oauth2-proxy to set-up remote authentication.



  • docker / python 

docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'



Followings solutions are from : https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview (v7.2.x)

  • Python

python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'

  • Bash

dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo

  • Open SSL

openssl rand -base64 32 | tr -- '+/' '-_'

  • PowerShell

# Add System.Web assembly to session, just in case
Add-Type -AssemblyName System.Web
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace("+","-").Replace("/","_")

  • Terraform

# Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secret
resource "random_password" "cookie_secret" {
length = 32
override_special = "-_"
}

Caddy + xcaddy within a docker container

Start Caddy within a docker container and add a plugin.

https://caddyserver.com/docs/modules/security


./docker-compose.yml

version: '3.4'
networks:
  monitor-net:
    driver: bridge
volumes:
    caddy_data: {}
services:
  caddy:
    # cf. https://github.com/caddyserver/caddy/releases
    # image: caddy:2.5.0
    build:
      context: ./caddy/ # where to look for the Dockerfile
      dockerfile: Dockerfile # actual name of the Dockerfile
      args:
        image_ref: caddy:2.5.0
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./caddy:/etc/caddy
      - caddy_data:/data
    env_file:
      ./.env
    restart: unless-stopped
    networks:
      - monitor-net
    labels:
      org.label-schema.group: "monitoring"



image_ref: caddy:2.5.0 # image reference used twice in the Dockerfile, once with ${image_ref}-builder, once directly


./caddy/Dockerfile :

ARG image_ref
FROM ${image_ref}-builder AS caddy-build
RUN xcaddy build --with github.com/greenpau/caddy-security
FROM ${image_ref}
COPY --from=caddy-build /usr/bin/caddy /usr/bin/caddy


Caddyfile must exist (content not relevant here):

./caddy/Caddyfile


command :

docker-compose  up --build caddy



jeudi 24 mars 2022

Hetzner firewall for outgoing trafic

As noted here :

https://docs.hetzner.com/robot/dedicated-server/firewall/#out-going-tcp-connections

make sure to include a rule in your hetzner Robot firewall / firewall templates if you want to connect to the outerworld. For instance, without the "outgoing" line in my setup, I was not able to perform even a apt-get update.


Hetzner Servers - Robot Firewall / rule for outgoing trafic

  • Name : outgoing tcp (for example)
  • Source IP : N/A
  • Destination IP : N/A
  • Source port : N/A
  • Destination port : 32768-65535
  • Protocol : tcp
  • TCP Flags : ack





mardi 15 mars 2022

Agile teams : SAFe, unfix, etc.

 https://unfix.work/blog/the-unfix-model -> SAFe concurrent

vendredi 21 janvier 2022

Cloud storage

 Cloud storages :

https://teledriveapp.com



 Use with rclone

https://rclone.org/

Proofread a text for styling and readability level.

 https://draftmap.com/

Proofread your text. Catch style issues and common errors with a quick copy and paste.


==> useful for motivation letters for example

jeudi 6 janvier 2022

Ikea delivery statuses

Since the "next steps" are not necessarily available, to reduce the anxiety of knowing the next step, this is what I could observe as a delivery workflow statuses during an Ikea delivery in january 2022.



Français :

État de la livraison (inverse)


  1. Livré
  2. En route
  3. Received at nearest hub
  4. In transit
  5. Getting ready to send
  6. Picking completed
  7. Picking started
  8. En attente d'être cueilli
  9. Order received


English :

Delivery status (reverse)

  1. Delivered
  2. On its Way
  3. Received at nearest hub
  4. In transit
  5. Getting ready to send
  6. Picking completed
  7. Picking started
  8. Waiting to be picked
  9. Order received

mercredi 17 novembre 2021

Slack/Zoom Team building : Scavenger hunt

 






Example list 


Organization :

* 1 master of masters : decides the list, and will count the points (in particular : who finished first ?)

* 1 master per group 

* split the list of attending people in zoom "breakout rooms" (1 per group)

* each group master is responsible for validating having seen the objects

* when done or at 15min => back to the main room and count