From 6754c9a32462bfef5ea95a549a72d9291c392bb9 Mon Sep 17 00:00:00 2001 From: Jonathan Rosenbaum Date: Thu, 19 Mar 2015 07:05:20 +0000 Subject: [PATCH] Additions to help in examples. 1) updated information on how to ensure that passwords are hidden even wehn KeePass is opened. 2) added docker.txt which goes into details about sysadm of docker. --- examples/docker.txt | 61 +++++++++++++++++++++++++++++++++++ examples/secure-terminals.txt | 44 ++++++++++++++++--------- 2 files changed, 89 insertions(+), 16 deletions(-) create mode 100644 examples/docker.txt diff --git a/examples/docker.txt b/examples/docker.txt new file mode 100644 index 0000000..034cb5a --- /dev/null +++ b/examples/docker.txt @@ -0,0 +1,61 @@ +DOCKER + +Assuming you have installed docker on a server, +it is much easier to setup YBDB with the docker image at +https://registry.hub.docker.com/u/bikebike/ybdb/ or build +a customized version from the source code at https://github.com/fspc/ybdb . + +As part of Positive Spin's project to determine which software would best +fit our needs, docker demos were created from all known existing F/OSS +community bike shop software at http://bikebike.wvcompletestreets.org . + + +CUSTOMIZE + +If you want to build your own image to use at a Community Bike Shop, +you will most likely want to setup ssl for the http server, create +self-signed certificates and a htpasswd file (see secure-terminals.txt), +and edit populate.sql and database_functions.php. These changes will +need to be reflected in the Dockerfile. + +Never forget, if you make changes to any Community Bike Shop code, +merge your changes back into the main project so that all collectives +may benefit from the awesomeness of Free Software. + + +WHAT NEXT? + +You will want to keep regular backups, have scripts that start/stop the container, and +monitor the main docker process. + +BACKUPS + +Redundancy is great. Save backups to at least two locations. +Obviously, the "YB" Database is the most important thing to backup, +and Docker makes backing up a container easy. + +START/STOP SCRIPTS + +Example of the standard upstart script used to start/stop bikebike docker containers: + + description "Positive O Spin's container" + author "Jonathan Rosenbaum " + + start on started docker + stop on runlevel [016] + + respawn + + exec start-stop-daemon --start --make-pidfile --pidfile /var/run/pos.pid --exec /usr/bin/docker start pos + + +MONITOR DOCKER PROCESS + +Because docker container processes are children processes that change, +only the main docker pidfile is monitored by monit. + + check process docker + with pidfile /var/run/docker.pid + start = "/sbin/start docker" + stop = "/sbin/stop docker" + diff --git a/examples/secure-terminals.txt b/examples/secure-terminals.txt index 8f0b986..29004e8 100644 --- a/examples/secure-terminals.txt +++ b/examples/secure-terminals.txt @@ -32,28 +32,40 @@ TERMINAL AUTOMATION AND SECURITY Firefox (IceWeasel): 1. Download KeePass v2 zip - http://keepass.info/download.html 2. Unzip in ~/KeePass -3. cd ~/KeePass; mkdir plugins -4. In Debian/Ubuntu: apt-get install mono-runtime mono-devel -5. Install KeeFox extension from https://addons.mozilla.org/en-us/firefox/addon/keefox/ -6. KeeFox will tell you where to copy KeePassRPC.plgx from into the plugins directory +3. sudo chown root:root ~/KeePass; sudo chmod 0755 ~/KeePass; +4. cd ~/KeePass; mkdir plugins +5. mv KeePass.config.xml KeePass.config.enforced.xml +6. sudo chown root:root KeePass.config.enforced.xml +7. sudo chmod 0444 KeePass.config.enforced.xml +8. Most importantly in KeePass.config.enforced.xml change true to + false so that passwords cannot be seen. +9. In Debian/Ubuntu: apt-get install mono-runtime mono-devel +10. Install KeeFox extension from https://addons.mozilla.org/en-us/firefox/addon/keefox/ +11. KeeFox will tell you where to copy KeePassRPC.plgx from into the plugins directory Usually somewhere under ~/.mozilla/firefox/*default/extensions/keefox* -7. When setting up password database for KeePass use only a key file. -8. Add the url along with username and password in the database. -9. Once the login is working properly for the htpasswd setup for apache, +12. When setting up password database for KeePass use only a key file. +13. Add the url along with username and password in the database. +14. Once the login is working properly for the htpasswd setup for apache, the whole process can be completely automated in KeeFox options. -10. In Firefox (IceWeasel) Preferences -> General use "When IceWeasel starts: Show my windows and tabs from the last time" +15. In Firefox (IceWeasel) Preferences -> General use "When IceWeasel starts: Show my windows and tabs from the last time" Chrome: 1. Download KeePass zip - http://keepass.info/download.html 2. Unzip in ~/KeePass -3. When setting up password database for KeePass use only a key file. -4. Add the url along with username and password in the database. -5. In Debian/Ubuntu: apt-get install mono-runtime mono-devel -7. Install extension chromeIPass -8. Install keepasshttp as explained at https://github.com/pfn/keepasshttp/ (put KeePassHttp.plgx in ~/KeePass) -9. Follow the directions chromeIPass gives you, creating an identifier -10. Good idea to restart chrome. -11. In Chrome Settings "On Startup Continue where you left off" +3. sudo chown root:root ~/KeePass; sudo chmod 0755 ~/KeePass; +4. mv KeePass.config.xml KeePass.config.enforced.xml +5. sudo chown root:root KeePass.config.enforced.xml +6. sudo chmod 0444 KeePass.config.enforced.xml +7. Most importantly in KeePass.config.enforced.xml change true to + false so that passwords cannot be seen. +8. When setting up password database for KeePass use only a key file. +9. Add the url along with username and password in the database. +10. In Debian/Ubuntu: apt-get install mono-runtime mono-devel +11. Install extension chromeIPass +12. Install keepasshttp as explained at https://github.com/pfn/keepasshttp/ (put KeePassHttp.plgx in ~/KeePass) +13. Follow the directions chromeIPass gives you, creating an identifier +14. Good idea to restart chrome. +15. In Chrome Settings "On Startup Continue where you left off" DESKTOP STARTUP