Docker

As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. In this post, we’ll continue our pipeline development by adding a container build and deployment to Kubernetes. In addition to this, we’ll add some security components to the build and deployment process....

After Trying Out Nanobus, I figured it was time to go a little deeper and try to deploy a Nanobus web server. As noted in my previous post, I hadn’t setup any transports for my hello world instance so I couldn’t interact with it when deployed as a container. I also realized that a <a href="https://hub.docker.com/r/nanobus/nanobus" rel="noreferrer noopener" target="_blank">nanobus/nanobus</a> docker image exists so there’s no need for me to roll my own either....

I’ve been using DigitalOcean for quite some time now and had recently setup their App Platform to run my website. Their platform is great in that I’m able to build a docker container running Openresty and it handles all of my needs. The platform does a great job of catching docker build failures and stops attempting a deployment when this happens. A few weeks ago, I had a concerning thought in that they don’t catch problems with my Openresty configuration until it’s too late....

There are a few drawbacks to the 1-Click install. I’m planning to tinker with something really cool down the road to fix one of those problems (I know the future again). Luckily, I’m going to address my first initial concern in this post. What is that concern you ask? Protecting my WordPress admin of course! Sure, there are a number of WordPress vulnerabilities roaming around and talks of zero days and the sort....

Disclosure: I have included some affiliate / referral links in this post. There’s no cost to you for accessing these links but I do indeed receive some incentive for it if you buy through them. Building the Custom Nginx This part was pretty easy. I simply created a Dockerfile for the build. FROM ubuntu ENV DEBIAN_FRONTEND noninteractive MAINTAINER Scott Algatt RUN apt-get update \ && apt-get install -y libjansson-dev libcurl4-openssl-dev libapr1-dev libaprutil1-dev libssl-dev build-essential devscripts libtool m4 automake pkg-config libpcre3-dev zlib1g-dev\ && apt -y upgrade \ && apt -y autoremove \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && curl -o /tmp/nginx....