Scenario Based Docker Security

By Ermin

This is your second step in the path to learning all about securing containers.

9 hours
  • 39 Lessons
  • 5 Hands-On Labs

About the course

Welcome to this Scenario Based Docker Security course. This is the second course of a four-course learning path related to securing containers. The lessons that are presented here focus on the security aspect of Docker through which you will learn how to perform various configurations and navigate through different situations within the context of security. Having a proper configuration without security loopholes and having your software sources, such as container images, as secure as possible is very important.

In the first part of this course, we will begin with a guide on how to install and configure Docker properly. We will talk about resource restrictions where you will learn about Linux cgroups and how they can be used to pose limits on different aspects of your system, as well as learn how to monitor resources and process usage. After that, we will move on to Seccomp – Secure Computing Mode and learn how to configure seccomp profiles. Seccomp is a security tool mechanism that Docker can use to achieve additional security.

Securing software sources is extremely important, which is why we will go over the whole process of creating a repository, creating an image, pushing it to the repository, pulling it, doing some changes, pushing it back and so forth, while keeping in mind how to achieve optimal security. This is why we will talk about topics such as creating SSL certificates so that the traffic between us and the software source is encrypted. This will be achieved using Certbot and Let’s Encrypt. We will talk about the security advantages of private repositories and custom images. You will learn how to create custom images from scratch, specifically two images, where one will be a web server image and the other a MySql Database image. After that, we will take a closer look at Docker Bench. It is a security tool that is also used for optimization. When it runs, it performs a series of scans that give you suggestions on what should or shouldn’t be fixed.

When all of this is done, the last part of this course is dedicated to deploying and securing an application’s backend. These videos can be viewed as a sort of mini-project and review of what has been learned so far. We will be configuring a Docker container to run an Apache web server as an application backend. We will configure a Docker container for which we need to create a custom image to run a Python application (more specifically a Flask application). This application will have an active API that is fully functional and it will achieve a connection to a database for which we will also need to construct a container. So, we will have two Docker containers communicating with each other. We will also set up an Apache web server that will be a gateway to the outer world, so to speak. It will be used as a reverse proxy to allow connections from the outer world to reach our containers. Certbot will be utilized for creating an SSL certificate for our domain.

  • Chapter 1 7 Lessons Getting Started 24:04

    An Important Note About A Cloud Guru and Linux Academy Courses


    About the Author


    About the Course


    How to Get Help




    Text Editor Vim Basics (Optional)


    Job Market (Optional)

  • Chapter 2 24 Lessons Best Practices 6:13:55

    Installing and Configuring Docker


    Resource Restrictions Part 1 - General talk


    Resource Restrictions Part 2 - Resource Usage Controls


    Resource Restrictions Part 3 - systemd and cgroups


    Docker and seccomp Part 1 - seccomp Default Profile, syscalls


    Docker and seccomp Part 2 - seccomp custom profile, syscalls, strace


    Docker and seccomp Part 3 - seccomp custom profile, syscalls, strace


    Securing Software Sources Part 1 - SSL Certificate Certbot Letsencrypt


    Securing Software Sources Part 2 - SSL Certificate Certbot Letsencrypt Docker Registry


    Securing Software Sources Part 3 - Registry and Letsencrypt


    Securing Software Sources Part 4 - Registry and Letsencrypt


    Securing Software Sources Part 5 - Custom Docker Image from Scratch


    Securing Software Sources Part 6 - MySQL Database Custom Image


    Securing Software Sources Part 7 - MySQL Database Custom Image


    Securing Software Sources Part 8 - MySQL Database Custom Image


    Docker Bench Part 1 - Initial Scan and Initial Results


    Docker Bench Part 2 - Adjust Logging


    Docker Bench Part 3 - Docker Daemon


    Docker Bench Part 4 - User Remap


    Docker Bench Part 5 - Docker Bench Second Pass


    Create a Custom Docker Image

    30:00 Hands-On Lab

    Configure a Custom Seccomp Profile

    45:00 Hands-On Lab

    Restrict System Resource Usage with cgroups

    45:00 Hands-On Lab

    Per-Container Resource Management

    45:00 Hands-On Lab
  • Chapter 3 7 Lessons Deploy and Secure Application Back End 2:37:50

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 1 - Initial Application Test


    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 2 - Database Setup


    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 3 - Python App Custom Image


    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 4 - Connecting the Application to the Database


    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 5 - Apache Web Server Reverse Proxy


    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 6 - SSL, Reverse Proxy, Summary


    Deploy and Configure the Provided Application Back End with a Provided Custom Docker Image

    1:30:00 Hands-On Lab
  • Chapter 4 1 Lesson Final Steps 3:30

    Course Summary


What are Hands-on Labs

What's the difference between theoretical knowledge and real skills? Practical real-world experience. That's where Hands-on Labs come in! Hands-on Labs are guided, interactive experiences that help you learn and practice real-world scenarios in real cloud environments. Hands-on Labs are seamlessly integrated in courses, so you can learn by doing.

Get Started
Who’s going to be learning?
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!