Posts

Vault Cubbyhole authentication and its integration with Spring framework

-
  1. Background For micro service, it's essential not to bundle secrets into our code base, but to move them to an external central managed secrets store.  In this article, I'm going to introduce how to use  HashiCorp’s Vault  to externalize JAVA Spring micro service application configurations. With Vault you have a central place to manage external secret properties for applications across all environments. There are multiple authentication methods from Vault, but most of them are not suitable for Spring micro service, or not safe enough. When the application starts up I want all the properties to be automatically loaded into Spring context without interaction with human, so that the secrets can be used just like they are loaded from Spring's properties. The solution is to use single-use Vault Cubbyhole wrapping token to deliver the original token to the application. 2. Vault server We simply use docker compose to set up a Vault server. docker-compose.yml: version: '3.4
Post a Comment
Read more

NGINX and HTTPs with Let’s Encrypt, Certbot, and Cron dockerization in production

-
Docker  is a popular open source containerization platform and it frees your hands to build your applications in development and production. In this post, I'm going to walk you through how to build a production grade HTTPs secured Nginx server with Docker, Docker Compose, Let’s Encrypt(its client certbot). Let’s Encrypt certificates last 90 days and will need to be renewed after the certificate expires. So I will also provide details to script the renewal in crontab in Docker container. 1. Basic Example In development, we need a basic Nginx container without HTTPs to fast setup our local test environment. I use Nginx official docker image and wrap up all the stuff with docker-compose. YAML 1 version : '3.4' 2 3 services : 4 nginx : 5   container_name : nginx 6   image : nginx : stable 7   restart : always 8   volumes : 9     - ./nginx/config/nginx.conf:/etc/nginx/nginx.conf 10     - ./nginx/config/conf.d/local:/etc/nginx/conf.d 11     - /tmp/logs/nginx:/var/
10 comments
Read more