-
Notifications
You must be signed in to change notification settings - Fork 799
Conversation
Baking in an SSL cert makes me uncomfortable. I understand this was taken from ZeroToDocker: Is there a better way to do that? |
Also, should this be a separate repo? Is there a reason to merge this in with the codebase? |
I completely agree with you on the SSL baking. I have just added a few more commits that disable the ssl in nginx if they are not present. This way the certificates are not baked in and ssl is enabled by default, so long as the user makes them available. |
One reason for merging this into the codebase is for local development with the use of Docker. With the docker-compose.yml file, you can bring up an entire SecurityMonkey environment as it would be deployed. This biggest benefit is changes to your local repo can be built and tested in the container environment much faster than waiting for CI. At the very least, the changes in config-deploy.py are required. This way the same container can be shipped to any environment, and it will be configured to that environments specifics with the use of variables. This is much easier to maintain because minimal volumes are needed. Should you prefer, I can cut another PR for just the config-deploy.py update for merging. Since I am probably the only one doing local development with Docker at this time; this would be the least impactful to the current codebase. Apologies if I was too verbose. |
Super cool. Once you send those couple changes, I'll get this merged in. I'll probably add a ReadMe in the docker folder identifying that it's for local dev as well. |
More details on a few changes since we last discussed:
|
default settings with environment variables for postgres settings
Netflix-Skunkworks/zerotodocker
Netflix-Skunkworks/zerotodocker
variable in these entrypoints as this should be set before these entrypoints exist
variable to override default settings defined in SECURITY_MONKEY_SETTINGS 2 - Update entrypoints to use environment variables
Netflix-Skunkworks/zerotodocker
Netflix-Skunkworks/zerotodocker
by Netflix-Skunkworks. These are meant to act as a placeholder for the example.
docker build
.dockerignore to avoid committing secrets
SecurityMonkey from this directory, as opposed to checking out the repository directly, since this code has not yet been merged. This can be used to build and develop locally.
variables as override to default
variable overrides
- Removed python-m2crypto from Dockerfile - Created env-config/config-docker.py for settings - Reverted env-config/config-deploy.py back to v0.7.0 original - Moved docker-nginx directory to docker/nginx - Entrypoints are executable - Added brief documentation in docker folder
environment variables as overrides
- Enables 80 in NGINX - Toggle to disable CSRF in settings - Toggle to disable ssl in NGINX if certs are not provided
Fixed config-deploy.py |
This feature introduces files and updates for dockerizing SecurityMonkey!
Note-able changes are:
* I am not too familiar with reStructuredText