Deploy a Docker registry with enabling ‘Secured’ and ‘Authenticated’

This page shows how you can create a self-signed certificate and authentications. With them, you can deploy a Docker registry with ‘secured’, ‘authenticated’, and externally accessible.

Steps

  1. Create a base directory for a Docker registry and move to it
    • mkdire ~/docker_registry
  2. Create a self-signed certificate for a registry
      • command
        • mkdir certs #Make a directory where you store certificate and key
        • openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt -subj "/C=KR/ST=Seoul/L=Seongbuk/O=Korea University, Inc/CN=ie.korea.ac.kr/emailAddress=all4dich@gmail.com"
      • Change CN‘s value as a hostname that you want
  3. After creating them, copy ‘certs/domain.crt’ to a client host as /etc/docker/certs.d/HOST_NAME:PORT/ca.crt
  4. Create a basic authentication information
    • Command
      • docker run --entrypoint htpasswd registry:2 -Bbn john.doe john.password >> auth/htpasswd
  5. Start the docker registry
    • Command
      • REG_NAME="registry_auth"
        docker rm -f $REG_NAME
        docker run -d -p 5001:5001 --restart=always --name $REG_NAME \
        -v `pwd`/certs:/certs \
        -v `pwd`/auth:/auth \
        -v `pwd`/data_nontls:/var/lib/registry \
        -e REGISTRY_HTTP_ADDR="0.0.0.0:5001" \
        -e "REGISTRY_AUTH=htpasswd" \
        -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
        -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
        -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt\
        -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
        registry:2
    • REGISTRY_HTTP_TLS_CERTIFICATE and REGISTRY_HTTP_TLS_KEY use certificate and key file’s absolute path within the container
    • REGISTRY_HTTP_ADDR use IP and port number within the container
    • You can use ‘-p’ parameter to map a docker’s internal port as a host’s external port

Comments

  • If you want to restrict an access, you have to use ‘authentication mechanism’ with TLS-enabled Docker registry
    • TLS encrypt/decrypt data between a registry and Docker daemon, not restrict access itself
  • ‘insecured-repositories’ can be used for plain http and https protocol
  • You have to use a domain name on ‘CN=*’ when creating a self-signed certificate.

Reference

Common

Docker for Mac

Others

  • memo

 

Advertisements

Install vim 8.1.390 on OSX 10.13.4

 

  1. Download a release tar ball version   that you want to download
  2. Determine an install location
    • /usr/local/Cellar/vim/8.1.0390
  3. Run a configuration script
    • ./configure --prefix=/usr/local --mandir=/usr/local/Cellar/vim/8.1.0390/share/man --enable-multibyte --with-tlib=ncurses --enable-cscope --with-compiledby=Homebrew --enable-perlinterp --enable-pythoninterp --enable-rubyinterp --enable-gui=no --without-x --srcdir=. --cache-file=auto/config.cache
  4. Run ‘make
    • make install prefix=/usr/local/Cellar/vim/8.1.0390 STRIP=true
  5. Set VIMRUNTIME variable
    • export VIMRUNTIME=/usr/local/Cellar/vim/8.1.0390/share/vim/vim81
  6. Set PATH variable
    • export PATH=/usr/local/Cellar/vim/8.1.0390/bin:${PATH}

Docker file to make Gnome environment

FROM ubuntu:12.04.5
MAINTAINER Sunjoo Park 

RUN cat /etc/apt/sources.list |sed 's/archive.ubuntu.com/ftp.daum.net/g' > /tmp/sources.list
RUN cat /tmp/sources.list |sed 's/archive.ubuntu.com/ftp.daum.net/g' > /tmp/sources.list.1
RUN cp /etc/apt/sources.list /etc/apt/sources.list.backup
RUN cp /tmp/sources.list.1 /etc/apt/sources.list 

RUN apt-get update
RUN apt-get install -y --force-yes --fix-missing htop vim git wget gcc g++ autoconf make bzip2 gzip tar sudo time net-tools openssh-server openssh-client ctags groovy sshpass diffstat texinfo gawk chrpath build-essential
RUN apt-get install -y --force-yes --fix-missing cifs-utils smbclient nfs-common
RUN useradd -s /bin/bash -b /home -m soyul
RUN echo "soyul:lge123" |chpasswd 
RUN echo "root:lge123" |chpasswd 
RUN usermod -aG sudo soyul 
RUN chmod 777 /tmp/*
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN mkdir -p /var/run/sshd
RUN apt-get install -y --force-yes language-pack-ko language-pack-ko-base
#RUN apt-get install -y --force-yes gitg
#RUN apt-get install -y --force-yes gnome
#RUN apt-get install -y --force-yes firefox
#RUN apt-get install -y --force-yes terminator

#RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf 
#RUN chown -R www-data:www-data /var/lib/nginx


WORKDIR /


EXPOSE 80
EXPOSE 8080
EXPOSE 8000 
EXPOSE 22
EXPOSE 443

CMD ["/usr/sbin/sshd", "-D"]

Install the latest git version on Ubuntu

Original Url

 

Steps

  • Install required packages on Ubuntu 14.04
sudo apt-get install software-properties-common
  • Run this command
sudo apt-add-repository ppa:git-core/ppa
sudo apt-get update
sudo apt-get install git

Expose Github account’s email address as public when using OAuth 2 authentication

What to do

When  a application uses Github OAuth 2 authentication, some of accounts may lost its email address in a application. The reason is that Github account keep it’s email address as ‘Private‘.

In order to use Github account’s email address on Gerrit, a user have to make it as Public

  1. Go to ‘http://github.com/ > Setting > Emails’
    • Link: https://github.com/settings/emails/
  2. Uncheck ‘Keep my email address private’

Reference

 

 

San Francisco Tour Guide

Dolores Park/Tartine Bakery
– 여긴 낮에 가서 공원에서 잠시 쉬고 빵집가서 빵 흡입..
주차가 좀 힘듬..😑

Baker Beach
– 날씨 좋은 날 여기에 자리잡고 맥주 한잔/커피 한잔 하기 괜찮아요. 다만 바람은 언제나 좀 쎈 편.
관광객들이 Golden Gate Bridge 많이 보러 가는 포인트가 아니라, 색다른 포인트를 즐기실 수 있음

Battery Spencer
– Golden Gate Bridge 풍경사진 많이 찍는 포인트 중 하나에요. 언제가도 괜찮지만,
저녁에 가서 보시면 야경이 죽임. (커플들이 많이 옴..)

Hawk Hill
– Batter Spencer 에서 더 위로 올라가서, Golden Gate Bridge 와 SF 를 한눈에 볼 수 있는 위치에요.
여긴 밤에 혼자가긴 좀 위험할 수도 있는 곳이라. 낮에 가시는거 추천.

The Buena Vista, Hyde Street, San Francisco
– Irish Coffee 로 유명한 곳. 대한항공 CF도 여기서 찍었어요.

Cliff House
– SF 서쪽 끝/Golden Gate Park 끝 에 위치한 Restaurant 이에요. 태평양 한눈에 들어오는 경치라,
특히 날씨가 맑고 달뜬 밤에 그 앞 바다 야경이..죽입니다..ㅠ.ㅠ

San Francisco Public Library; Potrero Branch
– 여기 도서관도 좋긴 한데요, 여길 보시라는 건 아닙다. 여기에서 Connecticut St으로 좌회전 하면 내리막 경사길인데,
여기에서 보는 SF 야경도 죽임.

Farley’s Coffee House
– 소소한 인테리어의 coffee shop. SFPL Potrero Branch 근처에요.

Twin Peaks
– 여기도 야경 포인트…한국 사람들 많이 와요 :slightly_smiling_face:

Mission Public, 14th Street
– 배고프면 밥도 먹어줘야…샌드위치랑 커피 맛있어요. 주인도 친절하심.

899 Avenue of the Palms, San Francisco
– Treasure Island 에 있는 길인데요, 보트를 타고 나가지 않고도 SF 야경을 바다에서 볼 수 있는 위치에요.
반대편 Pier 1 쪽으로 가시면 Bay Bridge 반쪽의 야경도 볼 수 있음

de Young Art Museum
– 전시물 보시는거 보다는, 전망대에서 SF시내 빙 둘러보시는거 추천.

 

South Korea Tour Guide

# Museum
1. National Museum of Korea
http://www.museum.go.kr/site/main/home
2. National Hangeul Museum
http://www.hangeul.go.kr/main.do
– This museum is located at same place with ‘National Museum of Korea’

3. Gyeongbokgung Palace Office & National Fork Museum of Korea
– National Fork Museum of Korea : http://www.nfm.go.kr/language/english/main.jsp
– Gyeongbokgung Palace Office : http://www.royalpalace.go.kr/html/eng/main/main.jsp
: You can enter this palace for free if you wear Han-Bok(Korean Traditional Costume)
There are stores near Gyeongbokgung Palace that you can rent Han-Bok

4. Jongmyo Shrine
– Web site
: http://www.cha.go.kr/cop/bbs/selectBoardArticle.do?ctgryLrcls=CTGRY209&nttId=57993&bbsId=BBSMSTR_1205&mn=EN_03_01

4. Changdeokgung Palace and its Secret Gargen
– Main site
: https://eng.cdg.go.kr/main/main.htm
– Secret Gargen Information page
: https://eng.cdg.go.kr/guide/guide_course_02.htm
– Reservation Url
: https://eng.cdg.go.kr/reservation/reserv_01.htm

# National Park
1. Sorak National Park
– Web Site
: http://english.visitkorea.or.kr/enu/ATR/SI_EN_3_1_1_1.jsp?cid=264211
– Recommended hotel
: Seorak Kensington Stars Hotel – https://www.booking.com/hotel/kr/seorak-kensington-stars.html
: Hanhwa Resort Seorak Sorano – https://www.booking.com/hotel/kr/hanwha-resort-seorak-sorano.ko.html
– Access to hotel
: Route – https://goo.gl/maps/LGYS2XbYgAp
: Where you take a bus – Seoul Express Bus terminal / Interval – 30 minutes
– Comments
: It’s better that you will visit Sorak National Park in weekdays.
: This national park is popular place to see Korea’s Maple View.

# Places
1. N Seoul Tower
– Web site
: http://www.nseoultower.co.kr/eng/index.asp
– Getting here
: http://www.nseoultower.co.kr/eng/visit/traffic.asp
– You can
2. 북악팔각정
: https://goo.gl/maps/kvwKDtzy9y82
: Nice place to see Seoul Night View

# Theme Park
1. Korean Folk Village
– Web site
: http://www.koreanfolk.co.kr/multi/english/
– Getting Here
: You can get here by Bus 5001-1. This bus stops at a point near Gangnam Artnoueveau City.
: I recommend that you visit here on Saturday or Sunday because you can see some characters

2. Everland
– Web site
: http://www.everland.com/web/multi/english/everland/main.html
– Getting Here
: You can get here by Bus 5002. This bus stops at a point near Gangnam Artnoueveau City.

# Others
1. DMZ Tour Program by Korail
– 1 Day Program
http://www.letskorail.com/ebizprd/EbizPrdTicketHtm14121_i1.do?txtVrGdNo=F20170817002
– This page is written in Korean. You can call +82-1544-7755