https://marcelmaatkamp.github.io/pd-django-example/
This project will be one of the main example applications, a Django application which will log to graylog, is secured by openxpki and traefik. There will be a java and nodejs compagnion app in the future.
If docker and docker-compose are installed:
$ git clone https://github.com/marcelmaatkamp/pdt-django-example.git --recurse-submodules -j8 &&\
cd pdt-django-example &&\
./bin/dc up -d
Install a socks5 proxy switcher app in your browser like https://github.com/FelisCatus/SwitchyOmega and use the following path to enable the internal socks5 proxy for this project
| Name | URL |
|---|---|
| socks5 proxy | localhost:1080 |
Setup proxy with thee settings:
Now all the containers are resolvable via their internal container name:
| Name | URL | Username | Password |
|---|---|---|---|
| adminer | http://adminer:8080 | ||
| django | http://django | ||
| keycloak | http://keycloak | ||
| graylog | http://graylog:9000 | admin | admin |
| sentry | http://sentry | ||
| traefik | http://traefik | ||
| openxpki | http://openxpki-client/openxpki | raop | openxpki |
Software does not live alone it is always a complex orchestration to get all the individual parts talk together. Luckily we have docker nowadays and in these talks I give examples on how to implement and secure a software stack with components like logging, monitoring, security, fault detection and more. See my YouTube Channel with all episodes for more information.
This project will be one of the main example applications, a Django application which will log to graylog, is secured by openxpki and traefik. There will be a java and nodejs compagnion app in the future.
The rationale of why and how I made this framework is further explained in the https://github.com/marcelmaatkamp/pdt-django-example/wiki
https://www.djangoproject.com/
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.
This will be the core software program in this example, a simple web applicaton in django to demonstrate how to secure, monitor, log and visualise data in this application.
These are the dependencies of this project
Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, Elasticsearch and MongoDB.
OpenXPKI is an enterprise-grade PKI/Trustcenter software. It implements the necessary features to operate a PKI in professional environments. While primarily designed to run as an online RA/CA for managing X509v3 certificates, its flexibility allow for a wide range of possible use cases with regard to cryptographic key management.
https://github.com/marcelmaatkamp/pdt-openxpki
PKI
Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
https://github.com/marcelmaatkamp/pdt-keycloak
Federated login for our applications
A reverse proxy / load balancer that's easy, dynamic, automatic, fast, full-featured, open source, production proven, provides metrics, and integrates with every major cluster technology. Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.
Each public facing container will get a unique hostname and together with Traefik and LetsEncrypt also a unique SSL certificate.
https://github.com/pyouroboros/ouroboros
Ouroboros will monitor (all or specified) running docker containers and update them to the (latest or tagged) available image in the remote registry. The updated container uses the same tag and parameters that were used when the container was first created such as volume/bind mounts, docker network connections, environment variables, restart policies, entrypoints, commands, etc.
Automatic update of our containers
https://www.graylog.org/products/open-source
Graylog is purpose-built and designed to deliver the best log collection, storage, enrichment, and analysis experience.The simplicity in searching, exploring, and visualizing data means no expensive training or tool experts are required. Graylog has considerably faster analysis speeds, provides a more robust and easier-to-use analysis platform,
Logging container
https://github.com/gliderlabs/logspout
Logspout is a log router for Docker containers that runs inside Docker. It attaches to all containers on a host, then routes their logs wherever you want. It also has an extensible module system. t's a mostly stateless log appliance. It's not meant for managing log files or looking at history. It is just a means to get your logs out to live somewhere else, where they belong.
Automatic logging to graylog for all running containers without any extra configuration
Your code is bad, but that’s fine Sentry is open-source error tracking that provides visibility across your entire stack, giving you the details you need to fix your bugs. Even the most bumbling, typo-prone developer can use our service to resolve problems, well before your users encounter them.
Apache Guacamole is referred to as a clientless remote desktop gateway because no plugins or client software are required run it. Once you install Guacamole on a server, HTML5 allows you access your desktop from a web browser. Guacamole supports standard protocols like VNC, RDP, and SSH.
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
In these talks I will give practical tips and tricks on how to effectively use Docker as a valuable tool to solve various problems or just use it for fun projects with all kinds of hardware and software! See my YouTube Channel with all episodes for more information.
_ _ _
_ __ _ _ __ _ __| |_(_)__ __ _| |
| '_ \ '_/ _` / _| _| / _/ _` | |
| .__/_| \__,_\__|\__|_\__\__,_|_|
|_| __| |___ __| |_____ _ _
/ _` / _ \/ _| / / -_) '_|
\__,_\___/\__|_\_\___|_|