It's a wrap for GREENTECH FESTIVAL! Day 2 was just as amazing as the last. The energy at the conference was through the roof! We hope to see you at the next one!
It was an honor to attend with Sammy Harper.
Blog: 2024
Greentech Festival Day 2 - Wrap Up
This post was written in enGreentech Festival Berlin Day One
This post was written in en
Today was a great first day at Greentech Festival in Berlin! This is my first time attending a conference with a booth and all. It was such a great experience. We are showcasing a game we made for the conference in Berlin. So far I've met so many amazing people who demoed the game. We learned so much from others who were at the conference. Networking was off the charts and made some good relationships with the booths around us! I'm so happy I took time off to come back to this amazing city. Here comes day 2! So stoked to continue showcasing this adventure!
The game we are currently working on is called Wasted Space. Here is a description from the website.
Wasted Space is a classic arcade game that drives home the idea of reusing and recycling. Fly a spaceship through endless enemies and collect metal from destroyed ships in order to upgrade your own!
I attended with Sammy Harper who founded Terrabyte. Definitely out his personal website and the Terrabyte website.
How to Protect your sites Vouch Proxy, NGINX, Reverse Proxies with Docker Compose (Part 1)
This post was written in enI've written in the past how to install Vouch Proxy using Debian. I also wrote a post a while ago where I dockerized my site and services. If it isn't obvious, I really like Vouch Proxy. It's simple and it met my needs.
I'm going to share how I setup the following services using Docker Compose:
- Vouch Proxy
- NGINX Reverse Proxy
- Creating Reverse Proxies for your apps to be protected with Vouch Proxy. I will provide example services as use cases.
This post will divided into three (3) parts.
This guide, is recommended for those who have experience with Docker and Docker Compose. I will keep this simple for you to follow along if you don't have experience. When using Docker Compose and docker-compose.yml files, you are launching multiple containers at one time. When using a Dockerfile, one container is launched at a time.
We'll using a lot of environmental variables to configure our applications. It seems like a lot of work at first but you'll be happy that you did.
Let's Setup Docker Compose
Here is the docker compose we are going to use. I will break it down piece by piece as mentioned above.
services:
nginx:
container_name: nginx
image: nginxproxy/nginx-proxy
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /var/docker/nginx/html:/usr/share/nginx/html
- /var/docker/nginx/certs:/etc/nginx/certs
- /var/docker/nginx/vhost:/etc/nginx/vhost.d
- /var/docker/nginx/conf:/etc/nginx/conf.d
logging:
options:
max-size: "10m"
max-file: "3"
letsencrypt-companion:
container_name: letsencrypt-companion
image: jrcs/letsencrypt-nginx-proxy-companion
restart: unless-stopped
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/docker/nginx/acme:/etc/acme.sh
environment:
DEFAULT_EMAIL: [email protected]
mariadb:
container_name: mariadb
image: mariadb:latest
command: --default-authentication-plugin=mysql_native_password
environment:
MYSQL_ROOT_PASSWORD: changeme
MYSQL_DATABASE: kanboard
MYSQL_USER: kanboard
MYSQL_PASSWORD: changeme
volumes:
- mariadb:/var/lib/mysql:z
vouch-proxy-auth:
container_name: vp-proxy
image: quay.io/vouch/vouch-proxy:alpine-latest
ports:
- 9090:9090
volumes:
- ./vouch-proxy-config:/config
restart: always
environment:
VIRTUAL_HOST: your-domain.com
LETSENCRYPT_HOST: your-domain.com
grafana:
container_name: grafana
image: grafana/grafana:latest
volumes:
- ../plugins/:/etc/grafana/plugins/ # For locally developed plugins
- ./grafana/provisioning/:/etc/grafana/provisioning/ # Automatically configure datasources
- grafana_vol:/var/lib/grafana # Volume to persist configuration between restarts
environment:
- "GF_SECURITY_ADMIN_PASSWORD=pwd"
- GF_USERS_ALLOW_SIGN_UP=FALSE
- GF_USERS_AUTO_ASSIGN_ORG=TRUE
- GF_USERS_AUTO_ASSIGN_ORG_ROLE=EDITOR
- GF_AUTH_PROXY_ENABLED=true # Enable authentication via a proxy
- GF_AUTH_PROXY_HEADER_NAME=X-Vouch-User # Header that grafana will expect (do not change)
- GF_AUTH_PROXY_HEADER_PROPERTY=email # Either email or username depending on what will be in the token
- GF_AUTH_PROXY_AUTO_SIGN_UP=false
- GF_INSTALL_PLUGINS=grafana-azure-data-explorer-datasource # Auto install plugins from grafana.com
- GF_SERVER_HTTP_PORT=3001
- GF_SERVER_PROTOCOL=http
- GF_SERVER_DOMAIN=grafana.domain.com
- GF_SERVER_ROOT_URL=grafana.domain.com
- GF_SERVER_SERVE_FROM_SUB_PATH=false
- GF_SMTP_ENABLED=TRUE
- "GF_SMTP_HOST=smtp.domain.com"
- "GF_SMTP_USER=smtp-user"
- GF_SMTP_PASSWORD=changeme
- "[email protected]"
- "GF_SMTP_FROM_NAME=Name of Grafana Instance"
- "GF_SMTP_STARTTLS_POLICY=MANDATORYSTARTTLS" #may or may not need on needs
expose:
- 3001
vp-proxy-graf:
image: nginx:latest
container_name: vp-proxy-graf
environment:
VIRTUAL_HOST: grafana.domain.com
LETSENCRYPT_HOST: grafana.domain.com
volumes:
- ./prometheus-grafana/nginx/graf:/etc/nginx/conf.d
ports:
- 8081:80
prometheus:
image: prom/prometheus:latest
container_name: prometheus
restart: unless-stopped
volumes:
- ./prometheus-grafana/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--web.enable-lifecycle'
expose:
- 9091
vp-proxy-prom:
image: nginx:latest
container_name: vp-proxy-prom
environment:
VIRTUAL_HOST: prometheus.domain.com
LETSENCRYPT_HOST: prometheus.domain.com
volumes:
- ./prometheus-grafana/nginx/prom:/etc/nginx/conf.d
ports:
- 8082:80
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
restart: unless-stopped
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
expose:
- 9100
volumes:
prometheus_data: {}
grafana_vol:
mariadb:
prom_data:
We won't run the docker compose command yet. We don't have all the files and other steps needed to run it correctly
Setup Vouch Proxy Config
# Vouch Proxy configuration
# bare minimum to get Vouch Proxy running with google
vouch:
logLevel: debug
listen: 0.0.0.0
domains:
- your-base-domain.com
# vouch.cookie.domain: your-base-domain.com
cookie:
secure: true
domain: your-base-domain.com
oauth:
provider: google
# get credentials from...
# https://console.developers.google.com/apis/credentials
client_id: your-client-id
client_secret: your-client-secret
# Google may require callback_urls (redirect URIs) to be 'https'
callback_urls:
- https://vouch.domain.com/auth
preferredDomain: your-base-domain.com # be careful with this option, it may conflict with chrome on Android
# endpoints are set from https://godoc.org/golang.org/x/oauth2/google
Arriving in Copenhagen
This post was written in en
pablo on the river in Copenhagen. Photo taken by Sammy Harper
So I'm in Copenhagen, Denmark!! It's been a great time here. Now we're heading to Berlin.
Declining Picture Taken by TSA
This post was written in enToday, I'm flying out of San Francisco (SFO) and I experienced something new today. For the first time, I was asked to have my picture taken by the Transportation Security Administration, or commonly known as the TSA. I'm not surprised that an airport such as San Francisco would have these implemented as ways of efficiently getting passengers as fast as possible.
I politely told the TSA agent that I am declining facial recognition. The agent simply conducted a manual document check. It was a very easy experience and the TSA agent was very respectful.
The point here is that you're not required or obligated to have your picture taken for biometric verification in the United States. You can simply opt-out by requesting so at a point of entry, such as airport customs and of course with the TSA. Your identity document(s) is verified through a manual check.
I wrote a post, Why I Opted-Out of Facial Recognition at Customs and Border Patrol on opting out of facial recognition by the United States Customs and Border Patrol and the experience I had.
Many people don't know they can decline or aren't aware of the risks that facial recognition have in our society. People need to be more aware of their rights when it comes to biometrics and the data retention of such biometrics.
