文章加密

;

2021年4月30日 星期五

circle ci

 https://circleci.com/docs/2.0/configuration-reference/


https://app.circleci.com/  要登入直接 go to app


官方文檔 https://circleci.com/docs/2.0/language-javascript/#quickstart-demo-javascript-nodejs-reference-project

看到 ee our blog on matrix jobs

2021年4月21日 星期三

amp

 https://blog.sharktech.tw/2018/02/07/google-amp


lose-lose situation , same as "no-win situation"

user acquisition

monetization 貨幣化(n)


2021年4月16日 星期五

OWASP ZAP, DOCKER

待看: 前端和docker的關係


 

前端學docker:   部屬不求人


OWASP Top Ten:2003年首次出版的「Top Ten」會定期更新。[6] 它旨在通過辨識組織面臨的一些最重要的風險來提高對應用程式安全性的認識。[7][8][9] 許多標準,書籍,工具和組織參考了Top 10專案,包括MITRE、PCI DSS[10]國防資訊系統局DISA-STIG)、美國聯邦貿易委員會(FTC)。


https://www.zaproxy.org/getting-started/


https://medium.com/hannah-lin/%E5%B9%BC%E5%B9%BC%E7%8F%AD%E4%B9%9F%E8%83%BD%E6%87%82%E7%9A%84-owasp-top-10-692764c51f61


滲透測試: https://ithelp.ithome.com.tw/articles/10207540

【知識科普】安全測試OWASP ZAP簡介- https://zhuanlan.zhihu.com/p/146953051

如何自動化安全測試 Web REST API: https://www.qa-knowhow.com/?p=4058


想在vscode command line用Windows Subsystem for Linux打上wsl即可


zap只在JRE環境運行


orchestration :

容器正式應用越多,Orchestration(調度)機制越顯得重要,工具例如':Kubernetes,許多大型網路公司都各使用了不同的Orchestration工具來管理大規模的叢集,如Facebook的Tupperware、Google則有Borg和Omega、Yahoo則利用了Hadoop專案中的YARN,Twitter則是使用了Mesos和Aurora。

https://www.ithome.com.tw/news/108746

https://docs.docker.com/get-started/orchestration/


docker 比傳統虛擬機:

1.更少占用

2.啟動更快,因為直接運行在我們的素主機上

3.一致的環境

4.在任何地方運行


傳統主機模式(多個主機(host))→VM模式(一個host上見多個VM各自的OS)→容器模式(在OS上建docker engine,開始使用容器)






容器化技術可以幫我們更有效的跟OS索取資源、運用資源的技術。

docker(技術觀念)→kubernetes(調度工具, k8s)→Jenkins(簡化、自動化)


docker三大功用:

  1. 簡化部屬流程
  2. 跨平台部屬
  3. 建立乾淨測試環境


DOCKER教學影片


https://www.bilibili.com/video/BV1st411X7yU/?spm_id_from=333.788.recommend_more_video.0


images: 鏡像

container:容器

容器是鏡像的實體,一個鏡像可以運行很多個容器


docker教學: https://github.com/twtrubiks/docker-tutorial

從docker裝置開啟的教學: http://localhost/tutorial/

    docker run -d -p 80:80 docker/getting-started


創建docker與他人共享的實作開始-------------------------------------------------------------

docker build -t getting-started . // docker build 命令用于使用 Dockerfile 创建镜像。

docker run -dp 3000:3000 getting-started // Container建立並執行。

Remember the -d and -p flags? We're running the new container in "detached" mode (in the background) and creating a mapping between the host's port 3000 to the container's port 3000. Without the port mapping, we wouldn't be able to access the application.

open your web browser to http://localhost:3000.

docker build -t getting-started . // 更新(同"創建")

docker: Error response from daemon: driver failed programming external connectivity on endpoint hungry_keldysh (dc3a92af36dfbb0178d800b2a55acdd01c7734ef08998ae291b864fcfb678d7c): Bind for 0.0.0.0:3000 failed: port is already allocated.

DAEMON (即Disk And Execution MONitor)是在Windows系統上運行、用於製作或虛擬CD/DVD/Blu-ray光碟的軟體。其中,DAEMON Tools Ultra是提供製作光碟映像、光碟燒錄、虛擬燒錄機及掛載映像等進階實用的功能

docker ps // 顯示正在運行的container資訊

OPTIONS说明:

  • -a :显示所有的容器,包括未运行的。

  • -f :根据条件过滤显示的内容。

  • --format :指定返回值的模板文件。

  • -l :显示最近创建的容器。

  • -n :列出最近创建的n个容器。

  • --no-trunc :不截断输出。

  • -q :静默模式,只显示容器编号。

  • -s :显示总的文件大小。

docker stop <the-container-id> // stop image

docker rm <the-container-id> // remove image

docker rm -f <the-container-id> // stop and remove image in one command

docker image ls  // 顯示image資訊

docker login -u YOUR-DOCKER-ID // 登入

docker tag getting-started YOUR-DOCKER-ID/getting-started // 重新標示指向的repo的名稱

docker push YOUR-USER-NAME/getting-started // 成功push

實作結束-----

docker run 的常用参数用法: (這裡面看不懂可以在把解說貼到google上) https://jiajially.gitbooks.io/dockerguide/content/chapter_fastlearn/docker_run/index.html

// -t 選項讓Docker分配一個虛擬終端(pseudo-tty)並綁定到容器的標準輸入上, 
// -i 則讓容器的標準輸入保持打開。 

docker常用指令: http://puremonkey2010.blogspot.com/2015/05/docker-practice-container.html


Persisting our DB

集裝箱---

Volumes provide the ability to connect specific filesystem paths of the container back to the host machine. If a directory in the container is mounted, changes in that directory are also seen on the host machine. If we mount that same directory across container restarts, we'd see the same files.

集裝箱的實作開始------

docker volume create <volume name> // Create a volume 

docker run -dp 3000:3000 -v <volume name>:/etc/todos getting-started

//add the -v flag to specify a volume mount and mount it to /etc/todos, which will capture all files created at the path.

在頁面上添加資料後,刪除container: docker rm -f <id>,再用上面的command line再開一次,資料還在!

實作結束------


docker volume inspect <volume name> // 查看volume的資訊

輸出結果:

[

    {

        "CreatedAt": "2021-04-22T03:46:07Z",

        "Driver": "local",

        "Labels": {},

        "Mountpoint": "/var/lib/docker/volumes/todo-db/_data",

        "Name": "todo-db",

        "Options": {},

        "Scope": "local"

    }

]

其中Mountpoint is Where  Docker actually storing my data



Named Volumes   vs    bind Mounts(綁定安裝)

bind mount is an alternate view of a directory tree. Classically, mounting creates a view of a storage device as a directory tree. A bind mount instead takes an existing directory tree and replicates it under a different point. The directories and files in the bind mount are the same as the original. Any modification on one side is immediately reflected on the other side, since the two views show the same data.

Using bind mounts is very common for local development setups. The advantage is that the dev machine doesn't need to have all of the build tools and environments installed. With a single docker run command, the dev environment is pulled and ready to go.


Starting a Dev-Mode Container

docker run -dp 3000:3000 ` -w /app -v "$(pwd):/app" ` node:12-alpine ` sh -c "yarn install && yarn run dev"

有時這樣會跑不動,可以改成不分段,也就是...

docker run -dp 3000:3000 -w /app -v "$(pwd):/app" node:12-alpine sh -c "yarn install && yarn run dev"

  • -w /app - sets the "working directory" or the current directory that the command will run from
  • -v "$(pwd):/app" - bind mount the current directory from the host in the container into the /app directory
  • node:12-alpine - the image to use. Note that this is the base image for our app from the Dockerfile
  • sh -c "yarn install && yarn run dev" - the command. We're starting a shell using sh (alpine doesn't have bash) and running yarn install to install all dependencies and then running yarn run dev. If we look in the package.json, we'll see that the dev script is starting nodemon.

For Node-based applications, nodemon is a great tool to watch for file changes and then restart the application.


Multi-Container Apps

If two containers are on the same network, they can talk to each other. If they aren't, they can't.


Starting MySQL

docker network create todo-app // create the network

docker run -d \ --network todo-app --network-alias mysql \ -v todo-mysql-data:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=secret \ -e MYSQL_DATABASE=todos \ mysql:5.7

we're using a volume named todo-mysql-data here and mounting it at /var/lib/mysql, which is where MySQL stores its data. However, we never ran a docker volume create command. Docker recognizes we want to use a named volume and creates one automatically for us.

// 在todo-app network (給予別名mysql ,可以當作它是hostname) 以集裝箱的形式(集裝箱名為todo-mysql-data,位置在/var/lib/mysql) 創建mysql的container,mysql密碼為secret,建立資料庫todos

docker exec -it <mysql-container-id> mysql -p // 此處mysql應該是--network-alias

mysql> SHOW DATABASES;


查看ip

docker run -it --network todo-app nicolaka/netshoot // create the nicolaka/netshoot container, which ships with a lot of tools that are useful for troubleshooting or debugging networking issues.

dig mysql // Inside the container, we're going to use the dig command, which is a useful DNS tool. 可以看到the IP address for the hostname mysql


Running our App with MySQL

docker run -dp 3000:3000 \ -w /app -v "$(pwd):/app" \ --network todo-app \ -e MYSQL_HOST=mysql \ -e MYSQL_USER=root \ -e MYSQL_PASSWORD=secret \ -e MYSQL_DB=todos \ node:12-alpine \ sh -c "yarn install && yarn run dev"

在頁面添加資料後查看資料庫

docker exec -it <mysql-container-id> mysql -p todos

mysql> select * from todo_items;


延伸---但有點太難

service discovery

https://columns.chicken-house.net/2017/12/31/microservice9-servicediscovery/    這篇很好

https://ithelp.ithome.com.tw/articles/10192500


提供service discovery服務的有哪些:


延伸結束---


Docker Compose

Docker Compose is a tool that was developed to help define and share multi-container applications.


看到:

http://localhost/tutorial/using-docker-compose/

http://localhost/tutorial/using-docker-compose/



alpine: https://www.alpinelinux.org/downloads/

PWD教學: https://training.play-with-docker.com/



docker-scan教學: https://docs.docker.com/engine/scan/?utm_source=docker&utm_medium=inproductad&utm_campaign=totw-docker-scan


Synk:

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them.

Synk: https://www.youtube.com/watch?v=7Z_BdXXL1Dk

command: docker scan getting-started


ci:

circle ci


// nodemon: https://www.npmjs.com/package/nodemon