Additions to help in examples.

1) updated information on how to ensure that passwords are hidden even wehn KeePass is opened. 2) added docker.txt which goes into details about sysadm of docker.
9 years ago · 6754c9a324
2 changed files with 89 additions and 16 deletions
--- a/examples/docker.txt
+++ b/examples/docker.txt
@ -0,0 +1,61 @@
 DOCKER
 Assuming you have installed docker on a server, 
 it is much easier to setup YBDB with the docker image at 
 https://registry.hub.docker.com/u/bikebike/ybdb/ or build
 a customized version from the source code at https://github.com/fspc/ybdb .
 As part of Positive Spin's project to determine which software would best
 fit our needs, docker demos were created from all known existing F/OSS 
 community bike shop software at http://bikebike.wvcompletestreets.org .
 CUSTOMIZE
 If you want to build your own image to use at a Community Bike Shop,
 you will most likely want to setup ssl for the http server, create 
 self-signed certificates and a htpasswd file (see secure-terminals.txt), 
 and edit populate.sql and database_functions.php.  These changes will
 need to be reflected in the Dockerfile.
 Never forget, if you make changes to any Community Bike Shop code, 
 merge your changes back into the main project so that all collectives 
 may benefit from the awesomeness of Free Software.
 WHAT NEXT?
 You will want to keep regular backups, have scripts that start/stop the container, and 
 monitor the main docker process.
 BACKUPS
 Redundancy is great.  Save backups to at least two locations. 
 Obviously, the "YB" Database is the most important thing to backup, 
 and Docker makes backing up a container easy.
 START/STOP SCRIPTS
 Example of the standard upstart script used to start/stop bikebike docker containers:
 	description "Positive O Spin's container"
 	author "Jonathan Rosenbaum <gnuser@gmail.com>"
 	start on started docker
 	stop on runlevel [016]
 	respawn
 	exec start-stop-daemon --start --make-pidfile --pidfile /var/run/pos.pid --exec /usr/bin/docker start pos
 MONITOR DOCKER PROCESS
 Because docker container processes are children processes that change,
 only the main docker pidfile is monitored by monit.
 	check process docker 
       	with pidfile /var/run/docker.pid
       	start = "/sbin/start docker"
 			stop  = "/sbin/stop docker"
--- a/examples/secure-terminals.txt
+++ b/examples/secure-terminals.txt
@ -32,28 +32,40 @@ TERMINAL AUTOMATION AND SECURITY
 Firefox (IceWeasel):
 1. Download KeePass v2 zip - http://keepass.info/download.html
 2. Unzip in ~/KeePass
-3. cd ~/KeePass; mkdir plugins
+3. sudo chown root:root ~/KeePass; sudo chmod 0755 ~/KeePass;
-4. In Debian/Ubuntu:  apt-get install mono-runtime mono-devel
+4. cd ~/KeePass; mkdir plugins
-5. Install KeeFox extension from https://addons.mozilla.org/en-us/firefox/addon/keefox/
+5. mv KeePass.config.xml KeePass.config.enforced.xml
-6. KeeFox will tell you where to copy KeePassRPC.plgx from into the plugins directory
+6. sudo chown root:root KeePass.config.enforced.xml
 7. sudo chmod 0444 KeePass.config.enforced.xml
 8.	Most importantly in KeePass.config.enforced.xml change true to 
 	<UnhidePasswords>false</UnhidePasswords> so that passwords cannot be seen.
 9. In Debian/Ubuntu:  apt-get install mono-runtime mono-devel
 10. Install KeeFox extension from https://addons.mozilla.org/en-us/firefox/addon/keefox/
 11. KeeFox will tell you where to copy KeePassRPC.plgx from into the plugins directory
   Usually somewhere under  ~/.mozilla/firefox/*default/extensions/keefox*
-7. When setting up password database for KeePass use only a key file.
+12. When setting up password database for KeePass use only a key file.
-8. Add the url along with username and password in the database.
+13. Add the url along with username and password in the database.
-9. Once the login is working properly for the htpasswd setup for apache, 
+14. Once the login is working properly for the htpasswd setup for apache, 
   the whole process can be completely automated in KeeFox options.
-10. In Firefox (IceWeasel) Preferences -> General use "When IceWeasel starts: Show my windows and tabs from the last time"
+15. In Firefox (IceWeasel) Preferences -> General use "When IceWeasel starts: Show my windows and tabs from the last time"
 Chrome:
 1. Download KeePass zip - http://keepass.info/download.html
 2. Unzip in ~/KeePass
-3. When setting up password database for KeePass use only a key file.
+3. sudo chown root:root ~/KeePass; sudo chmod 0755 ~/KeePass;
-4. Add the url along with username and password in the database.
+4. mv KeePass.config.xml KeePass.config.enforced.xml
-5. In Debian/Ubuntu:  apt-get install mono-runtime mono-devel
+5. sudo chown root:root KeePass.config.enforced.xml
-7. Install extension chromeIPass
+6. sudo chmod 0444 KeePass.config.enforced.xml
-8. Install keepasshttp as explained at https://github.com/pfn/keepasshttp/ (put KeePassHttp.plgx in ~/KeePass)
+7.	Most importantly in KeePass.config.enforced.xml change true to 
-9. Follow the directions chromeIPass gives you, creating an identifier
+	<UnhidePasswords>false</UnhidePasswords> so that passwords cannot be seen.
-10. Good idea to restart chrome.
+8. When setting up password database for KeePass use only a key file.
-11. In Chrome Settings "On Startup Continue where you left off"
+9. Add the url along with username and password in the database.
 10. In Debian/Ubuntu:  apt-get install mono-runtime mono-devel
 11. Install extension chromeIPass
 12. Install keepasshttp as explained at https://github.com/pfn/keepasshttp/ (put KeePassHttp.plgx in ~/KeePass)
 13. Follow the directions chromeIPass gives you, creating an identifier
 14. Good idea to restart chrome.
 15. In Chrome Settings "On Startup Continue where you left off"
 DESKTOP STARTUP