Scenario Based Docker Security

By Ermin

This is your second step in the path to learning all about securing containers.

9 hours
  • 39 Lessons
  • 5 Hands-On Labs

About the course

Welcome to this Scenario Based Docker Security course. This is the second course of a four-course learning path related to securing containers. The lessons that are presented here focus on the security aspect of Docker through which you will learn how to perform various configurations and navigate through different situations within the context of security. Having a proper configuration without security loopholes and having your software sources, such as container images, as secure as possible is very important.

In the first part of this course, we will begin with a guide on how to install and configure Docker properly. We will talk about resource restrictions where you will learn about Linux cgroups and how they can be used to pose limits on different aspects of your system, as well as learn how to monitor resources and process usage. After that, we will move on to Seccomp – Secure Computing Mode and learn how to configure seccomp profiles. Seccomp is a security tool mechanism that Docker can use to achieve additional security.

Securing software sources is extremely important, which is why we will go over the whole process of creating a repository, creating an image, pushing it to the repository, pulling it, doing some changes, pushing it back and so forth, while keeping in mind how to achieve optimal security. This is why we will talk about topics such as creating SSL certificates so that the traffic between us and the software source is encrypted. This will be achieved using Certbot and Let’s Encrypt. We will talk about the security advantages of private repositories and custom images. You will learn how to create custom images from scratch, specifically two images, where one will be a web server image and the other a MySql Database image. After that, we will take a closer look at Docker Bench. It is a security tool that is also used for optimization. When it runs, it performs a series of scans that give you suggestions on what should or shouldn’t be fixed.

When all of this is done, the last part of this course is dedicated to deploying and securing an application’s backend. These videos can be viewed as a sort of mini-project and review of what has been learned so far. We will be configuring a Docker container to run an Apache web server as an application backend. We will configure a Docker container for which we need to create a custom image to run a Python application (more specifically a Flask application). This application will have an active API that is fully functional and it will achieve a connection to a database for which we will also need to construct a container. So, we will have two Docker containers communicating with each other. We will also set up an Apache web server that will be a gateway to the outer world, so to speak. It will be used as a reverse proxy to allow connections from the outer world to reach our containers. Certbot will be utilized for creating an SSL certificate for our domain.

  • Chapter 1 7 Lessons Getting Started 24:04

    An Important Note About A Cloud Guru and Linux Academy Courses

    1:19

    About the Author

    1:45

    About the Course

    10:28

    How to Get Help

    2:30

    Prerequisites

    2:17

    Text Editor Vim Basics (Optional)

    3:18

    Job Market (Optional)

    2:27
  • Chapter 2 24 Lessons Best Practices 3:28:55

    Installing and Configuring Docker

    11:52

    Resource Restrictions Part 1 - General talk

    3:15

    Resource Restrictions Part 2 - Resource Usage Controls

    7:50

    Resource Restrictions Part 3 - systemd and cgroups

    12:15

    Docker and seccomp Part 1 - seccomp Default Profile, syscalls

    11:16

    Docker and seccomp Part 2 - seccomp custom profile, syscalls, strace

    21:03

    Docker and seccomp Part 3 - seccomp custom profile, syscalls, strace

    11:07

    Securing Software Sources Part 1 - SSL Certificate Certbot Letsencrypt

    8:00

    Securing Software Sources Part 2 - SSL Certificate Certbot Letsencrypt Docker Registry

    7:17

    Securing Software Sources Part 3 - Registry and Letsencrypt

    7:13

    Securing Software Sources Part 4 - Registry and Letsencrypt

    6:05

    Securing Software Sources Part 5 - Custom Docker Image from Scratch

    15:22

    Securing Software Sources Part 6 - MySQL Database Custom Image

    10:36

    Securing Software Sources Part 7 - MySQL Database Custom Image

    11:53

    Securing Software Sources Part 8 - MySQL Database Custom Image

    8:50

    Docker Bench Part 1 - Initial Scan and Initial Results

    13:49

    Docker Bench Part 2 - Adjust Logging

    12:25

    Docker Bench Part 3 - Docker Daemon

    8:45

    Docker Bench Part 4 - User Remap

    7:26

    Docker Bench Part 5 - Docker Bench Second Pass

    12:36

    Create a Custom Docker Image

    0:00 Hands-On Lab

    Configure a Custom Seccomp Profile

    0:00 Hands-On Lab

    Restrict System Resource Usage with cgroups

    0:00 Hands-On Lab

    Per-Container Resource Management

    0:00 Hands-On Lab
  • Chapter 3 7 Lessons Deploy and Secure Application Back End 1:07:50

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 1 - Initial Application Test

    17:26

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 2 - Database Setup

    5:43

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 3 - Python App Custom Image

    6:16

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 4 - Connecting the Application to the Database

    15:18

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 5 - Apache Web Server Reverse Proxy

    13:17

    Configure a Docker Container to Run an Apache Web Server-to-Server as an Application Back End - API Part 6 - SSL, Reverse Proxy, Summary

    9:50

    Deploy and Configure the Provided Application Back End with a Provided Custom Docker Image

    0:00 Hands-On Lab
  • Chapter 4 1 Lesson Final Steps 3:30

    Course Summary

    3:30

What are Hands-on Labs

What's the difference between theoretical knowledge and real skills? Practical real-world experience. That's where Hands-on Labs come in! Hands-on Labs are guided, interactive experiences that help you learn and practice real-world scenarios in real cloud environments. Hands-on Labs are seamlessly integrated in courses, so you can learn by doing.

Practice alongside courses in Cloud Playground

What is Cloud Playground? Cloud Playground lets you build skills in real-world AWS, Google Cloud, and Azure environments. Spin up risk-free Sandboxes, Servers and Terminals and follow along with courses, test a new idea or prepare for exams.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!