Group items matching

in title, tags, annotations or url

"FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools. FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA Server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks. Multiple FreeIPA Servers can easily be configured in a FreeIPA Domain in order to provide redundancy and scalability. The 389 Directory Server is the main data store and provides a full multi-master LDAPv3 directory infrastructure. Single-Sign-on authentication is provided via the MIT Kerberos KDC. Authentication capabilities are augmented by an integrated Certificate Authority based on the Dogtag project. Optionally Domain Names can be managed using the integrated ISC Bind Server. Security aspects related to access control, delegation of administration tasks and other network administration tasks can be fully centralized and managed via the Web UI or the ipa Command Line tool."

Este se ve mejor. "Package grace provides a library that makes it easy to build socket based servers that can be gracefully terminated & restarted (that is, without dropping any connections). It provides a convenient API for HTTP servers including support for TLS, especially if you need to listen on multiple ports (for example a secondary internal only admin server). Additionally it is implemented using the same API as systemd providing socket activation compatibility to also provide lazy activation of the server."

"But when Mark Russinovich, Microsoft's CTO for Azure, took the stage at Build 2015 in San Francisco Wednesday morning to demonstrate how containerized microservices applications work in Windows Server. [...] As is his wont, he dove right in to a demonstration of using Docker Build (on a PowerShell command line) to package and deploy an ASP.NET web site as a Docker container. [...] He took only a few seconds to package the web site into a container image, then he ran the package with the docker run command. [...] And then he paused, took the temperature of the room, and may have recognized that Windows developers may have been completely confused by what they were seeing. [...] So Russinovich asked for a show of hands of folks in the room who might have heard of something called Linux. (Don't worry, he's done this before.) [...] He then used a new build of Visual Studio, running in Windows, to publish the container to the Linux host. He then proceeded to debug the running Linux app, including setting a remote breakpoint, from Visual Studio. [...] Without saying so explicitly, Mark Russinovich was obsoleting much of Windows Server before developers' eyes."

"A typical Java EE application consists of an application server, such as WildFly, and a database, such as MySQL. In addition, you might have a separate front-end tier, say Apache, for load balancing a number of application server. A caching layer, such as Infinispan, may be used to improve overall application performance. Messaging system, such as ActiveMQ, may be used for processing queues. Both the caching and messaging components could be setup as a cluster for further scalability. This Tech Tip will show some simple Docker recipes to configure your containers that use application server and database. Subsequent blog will cover more advanced recipes that will include front-end, caching, messaging, and clustering. "

"Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group. Polipo has some features that are, as far as I know, unique among currently available proxies: Polipo will use HTTP/1.1 pipelining if it believes that the remote server supports it, whether the incoming requests are pipelined or come in simultaneously on multiple connections (this is more than the simple usage of persistent connections, which is done by e.g. Squid); Polipo will cache the initial segment of an instance if the download has been interrupted, and, if necessary, complete it later using Range requests; Polipo will upgrade client requests to HTTP/1.1 even if they come in as HTTP/1.0, and up- or downgrade server replies to the client's capabilities (this may involve conversion to or from the HTTP/1.1 chunked encoding); Polipo has complete support for IPv6 (except for scoped (link-local) addresses). Polipo can optionally use a technique known as Poor Man's Multiplexing to reduce latency even further. In short, Polipo uses a plethora of techniques to make web browsing (seem) faster."

"Complete and usable DNS library. All widely used Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS programmer there isn't a convenience function for it. Server side and client side programming is supported, i.e. you can build Servers and resolvers with it."

"The new Docker Registry 2.0 was released on April 16th, 2015. It was completely rewritten in Go with added support for the new Docker Registry HTTP API V2 (thus only working with Docker 1.6+), promising to provide faster and more secure distribution of images. If you work with Docker and for some reason decided not to use the public Docker Hub, a private Docker Registry is an essential part of your architecture. But even if you don't have private images, you will likely need to use your own registry in production/testing for efficiency. The default installation, however, runs without encryption and authentication. I was wondering what's involved in securing it. There is an official tutorial on how to configure TLS on a registry server. TLS/SSL is absolutely necessary for any secure setup, but I also wanted to enable an authentication mechanism. The Configuration Reference document describes two authentication options supported by Docker Registry itself: so-called silly and token solutions. The silly one is apparently only useful for very limited development use-cases. The token solution seems to be more serious, but because of the lack of documentation (at the time of writing), I decided to find an alternative approach to secure it. In this article I'm going to show you how to set up the Docker Registry 2.0 with username/password authentication and SSL using the official Docker Registry image and a custom configured nginx as a proxy server."

"OpenID Connect Relying Party and OAuth 2.0 Resource Server for Apache HTTP Server 2.x"

Listo... M$ subido al vagón de Docker... palo y a la bolsa. ¿Quién queda afuera? "Oct. 15, 2014 - Microsoft Corp. and Docker Inc., the company behind the fast-growing Docker open platform for distributed applications, on Wednesday announced a strategic partnership to provide Docker with support for new container technologies that will be delivered in a future release of Windows Server. Developers and organizations that want to create container applications using Docker will be able to use either Windows Server or Linux with the same growing Docker ecosystem of users, applications and tools."

Ostrich is a library for servers that makes it easy to:  * load & reload per-environment configuration  * collect runtime statistics (counters, gauges, metrics, and labels)  * report those statistics through a simple web interface (optionally with graphs) or into log files  * interact with the server over HTTP to check build versions or shut it down

"Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above."

"Let's Encrypt is a free, automated, and open certificate authority (CA), run for the public's benefit. Let's Encrypt is a service provided by the Internet Security Research Group (ISRG). The key principles behind Let's Encrypt are: Free: Anyone who owns a domain name can use Let's Encrypt to obtain a trusted certificate at zero cost. Automatic: Software running on a web server can interact with Let's Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal. Secure: Let's Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers. Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect. Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt. Cooperative: Much like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the community, beyond the control of any one organization."

"WiredX is an X Window System server, written in pure JavaTM. WiredX enables you to allow access to UNIX/X applications from all web browsers with Java2 Plug-in and WiredX-Lite enables you to allow access to UNIX/X applications from web browsers(without Java Plug-in), IE, Netscape."

"Simple web focused Docker based mini-PaaS server."

"Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services"

"JSch is a pure Java implementation of SSH2. JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs."

"What is the reason to quote at all? Consider it. It shouldn't be to allow people to scroll down to see all earlier discussions. If the news client is a bit smart, fetching the older articles from the server should be just as easy as to "scroll down". If a thread goes forth and back some times and earlier quotes accumulate, an article including all those quotes might get five-ten times larger than a posting without quotes, this wastes bandwidth and hard disk space. Therefore, IMHO, no quotes are far better than a posting at the top of all old quotes."

Una descripción del stack server side de twitter bastante profunda y útil.