containerise | Firefox extension to automatically open websites | Addon library

You should clean up the containers after you're done with them, yes.

In the code you have, include a docker run --rm option. This will immediately delete the container once it exits. (If it fails, and you would have wanted to review the logs, they'll be gone.) You could explicitly docker rm the containers if you prefer.

You should probably be using the Docker SDK for Python to launch the containers. (subprocess.Popen(shell=True) is extremely risky security-wise, especially when you're trying to run a command like docker run with the real potential of rooting the host; in general, avoid the subprocess module when you can use a Python-native library to do the same task.) If you do this, then you can launch the container with

Docker supports build from a direct github URL, see this.

docker build [OPTIONS] PATH | URL | -

So, for you, after translate to compose, the correct way is next:

docker-compose.yaml:

I've finally figured this out and users can now log in and log out. As suggested in the comments, the HTTP Origin header warning was the source of the issue and the solution was to resolve this rather than anything to do with managing cookies or the cache (what I originally thought).

The warning WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie) was resolved by including proxy_set_header origin 'http://myapp.ie'; in the .conf file in order to correctly configure the NGINX server.

The myapp.ie.conf file is below:

In your initializer/devise.rb, try to replace delete with get on config.sign_out_via = :delete

there is another config parameter in spring for postgres. spring.datasource.hikari.url This is missing in documentation. I'll update it for the next release. For the full set of changeable options you can have a look in the application.yml https://github.com/ScorpioBroker/ScorpioBroker/blob/development/AllInOneRunner/src/main/resources/application.yml

Good Luck Benjamin

First of all, you need to install Prometheus and Grafana in your Kubernetes cluster following the instructions given for each:

Prometheus: https://prometheus.io/docs/prometheus/latest/installation/

Grafana: https://grafana.com/docs/grafana/latest/installation/

Next, you need to understand that Prometheus is a pull-based metrics collection system. It retrieves metrics from configured targets (endpoints) at given intervals and displays the results.

You can setup the working monitoring system by implementing the below steps:

1. Instrument your application code for Prometheus to be able to scrape metric from - For this, you need to add instrumentation to the code via one of the supported Prometheus client libraries.
2. Configure Prometheus to scrape the metrics exposed by the service - Prometheus supports a K8s custom resource named ServiceMonitor introduced by the Prometheus Operator that can be used to configure Prometheus to scrape the metric defined in step 1.
3. Observe the scraped metrics - Next, you can observe the defined metric in either the Prometheus UI or Grafana UI by configuring Grafana support for Prometheus.

Have you checked the security groups? The port in which your server is listening (5555) should be opened in the VM that is in OpenStack.

Please find the below responses

1. I suppose the above configuration is still vulnerable to DDOS attack. How can I prevent it on GCP?

https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf, this can help you with DDOS protection. If you are using APIGEE, then APIGEE edge can also help you

1. The communication between the browser and server is not encrypted (eg. the passwords is being sent in plain text. Could could I enable encryption on GCP?

you will have to install certificated in general and ensure that the data is sent over a https network. You can also try sslforfree

1. Any other tips on creating a reliable production system would be much appreciated. So far I have only worked on my laptop

since you are using K8s to run cassandra please ensure you are using some sort of volumes to store the data.

Rootless requires various preparation steps to be performed on the host (this would need to be done outside of Kubernetes on the VM host running the kubernetes node). See the rootless documentation for a full list of steps. Note that these steps vary by Linux distribution because different distributions have already performed some or all of these prerequisite steps.

Ubuntu

• No preparation is needed.

• overlay2 storage driver is enabled by default (Ubuntu-specific kernel patch).

• Known to work on Ubuntu 16.04, 18.04, and 20.04.

Debian GNU/Linux

• Add kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system.

• To use the overlay2 storage driver (recommended), run sudo modprobe overlay permit_mounts_in_userns=1 (Debian-specific kernel patch, introduced in Debian 10). Add the configuration to /etc/modprobe.d for persistence.

• Known to work on Debian 9 and 10. overlay2 is only supported since Debian 10 and needs modprobe configuration described above.

Arch Linux

• Add kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system

openSUSE

• sudo modprobe ip_tables iptable_mangle iptable_nat iptable_filter is required. This might be required on other distros as well depending on the configuration.

• Known to work on openSUSE 15.

Fedora 31 and later

• Fedora 31 uses cgroup v2 by default, which is not yet supported by the containerd runtime. Run sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" to use cgroup v1.

• You might need sudo dnf install -y iptables.

CentOS 8

• You might need sudo dnf install -y iptables.

CentOS 7

• Add user.max_user_namespaces=28633 to /etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system.

• systemctl --user does not work by default. Run the daemon directly without systemd: dockerd-rootless.sh --experimental --storage-driver vfs

• Known to work on CentOS 7.7. Older releases require additional configuration steps.

• CentOS 7.6 and older releases require COPR package vbatts/shadow-utils-newxidmap to be installed.

• CentOS 7.5 and older releases require running sudo grubby --update-kernel=ALL --args="user_namespace.enable=1" and a reboot following this.