nidomiro

Software developer stories
en de

More secure DinD in GitLab CI

If you are reading this article you probably already know how to use DinD (DockerInDocker) in GitLab CI. The default way is to set privileged=true in your Runner-config. This little flag makes everything work; but at the cost of security. There are many articles regarding this topic, eg. this one. The baseline is, if you run a container privileged, and the container uses the root-user inside, you can lose the whole server. Continue reading

More secure deployments via ssh

If we deploy an application automatically we have to grant the CI (Continuous Integration) access to the server. Common practice is to do that via a GitLab Runner or a ssh account on the server. Personally I would not recommend to use a GitLab Runner for deployments, because you have to maintain it. Another potential issue is, that you normally register runners for your whole GitLab instance or groups. That results in a scenario in which everyone can use that runner and accidentally (or not) destroy, for example, your production server. Continue reading

Handling server configurations

1. IntroDuring my work as a programmer I often encountered that configuration and infrastructure files only lived on the servers they belog to. If they had a copy in git, the states would always divert over time. One reason for this diverting is that you actively have to put the changed files in git, after you finished your work. It’s simply a thing you can forget. What do I mean by " Continue reading

Switching to Hugo

If you see this post, my wordpress blog is gone. My Blog now uses Hugo. I really like formats like Markdown and AsciiDoc. These formats are expressive and you can edit them with every editor you want and don’t need expensive licenses, like for Word or similar. Another advantage is that you define what should happen by writing and not by clicking a button and hoping the programm does what you intended to do. Continue reading
Older posts