Wildcard LetsEncrypt certificates with Traefik and Cloudflare

Wildcard certificates make it easy to secure lots of subdomains under a single domain. For example, you can secure web.example.com and mail.example.com with a single certificate for *.example.com. Fortunately, LetsEncrypt allows you to get wildcard certificates via a DNS ownership check (often called a DNS-01 challenge). Fortunately, Traefik can request a certificate from LetsEncrypt automatically and complete the challenge for you. It can publish DNS records to multiple providers, but my favorite is Cloudflare....

2021-08-16 · 4 min · Major Hayden

Build containers in GitLab CI with buildah

My team at Red Hat depends heavily on GitLab CI and we build containers often to run all kinds of tests. Fortunately, GitLab offers up CI to build containers and a container registry in every repository to hold the containers we build. This is really handy because it keeps everything together in one place: your container build scripts, your container build infrastructure, and the registry that holds your containers. Better yet, you can put multiple types of containers underneath a single git repository if you need to build containers based on different Linux distributions....

2019-05-24 · 5 min · Major Hayden

Running Home Assistant in a Docker container with a Z-Wave USB stick

The Home Assistant project provides a great open source way to get started with home automtion that can be entirely self-contained within your home. It already has plenty of integrations with external services, but it can also monitor Z-Wave devices at your home or office. Here are my devices: Monoprice Z-Wave Garade Door Sensor Aeotec Z-Stick Gen5 (ZW090) Fedora Linux server with Docker installed Install the Z-Wave stick Start by plugging the Z-Stick into your Linux server....

2019-01-14 · 4 min · Major Hayden

Research Paper: Securing Linux Containers

It seems like there’s a new way to run containers every week. The advantages and drawbacks of each approach are argued about on mailing lists, in IRC channels, and in person, around the world. However, the largest amount of confusion seems to be around security. Launching secure containers I’ve written about launching secure containers on this blog many times before: Launch secure LXC containers on Fedora 20 using SELinux and sVirt Improving LXC template security Try out LXC with an Ansible playbook CoreOS vs....

2015-08-14 · 3 min · Major Hayden

Configure static IP addresses for Project Atomic’s KVM image

Amid all of the Docker buzz at the Red Hat Summit, Project Atomic was launched. It’s a minimalistic Fedora 20 image with a few tweaks, including rpm-ostree and geard. There are great instructions on the site for firing up a test instance under KVM but my test server doesn’t have a DHCP server on its network. You can use Project Atomic with static IP addresses fairly easily: Create a one-line /etc/sysconfig/network:...

2014-04-23 · 1 min · Major Hayden

Docker, trusted builds, and Fedora 20

Docker is a hot topic in the Linux world at the moment and I decided to try out the new trusted build process. Long story short, you put your Dockerfile along with any additional content into your GitHub repository, link your GitHub account with Docker, and then fire off a build. The Docker index labels it as “trusted” since it was build from source files in your repository. I set off to build a Dockerfile to provision a container that would run all of the icanhazip services....

2014-03-26 · 2 min · Major Hayden