TechSNAP - Episodes Tagged with “Traefik”

429: Curious About Caddy

Jupiter Broadcasting — Fri, 15 May 2020 00:15:00 -0700

Jim and Wes take the latest release of the Caddy web server for a spin, investigate Intel's Comet Lake desktop CPUs, and explore the fight over 5G between the US Military and the FCC.

Links:

395: The ACME Era

Jupiter Broadcasting — Sun, 20 Jan 2019 20:45:00 -0800

We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt.

The history, the clients, and the from-the-field details you'll want to know.

Links:

Let’s Encrypt and CertBot – JRS Systems
Automatic Certificate Management Environment (ACME) — The surprisingly readable IETF draft.
How It Works - Let's Encrypt
ACME Client Implementations
Certbot — Certbot is EFF's tool to obtain certs from Let's Encrypt.
acme-nginx: python acme client for nginx — A particularly simple client that is useful for understanding the protocol details.
Caddy - The HTTP/2 Web Server with Automatic HTTPS
mod_md: Let's Encrypt (ACME) support for Apache httpd
Traefik - The Cloud Native Edge Router
Looking Forward to 2019 - Let's Encrypt — We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change!
Let's Encrypt ACME v2 API Announcements — Now that the draft standard is in last-call and the pace of major changes has slowed, we’re able to release a “v2” API that is much closer to what will become the final ACME RFC.
Let's Encrypt disables TLS-SNI-01 validation — The researcher noticed that "at least two" large hosting providers host many users on the same IP address and users are able to upload certificates for arbitrary names without proving they have control of a domain.
A Technical Deep Dive on Using Certbot to Secure your Mailserver from the EFF — With the most recent release of Certbot v0.29.1, we’ve added some features which make it much easier to use with both Sendmail and Exim.

392: Keeping up with Kubernetes

Jupiter Broadcasting — Wed, 12 Dec 2018 19:00:00 -0800

A security vulnerability in Kubernetes causes a big stir, but we’ll break it all down and explain what went wrong.

Plus the biggest stories out of Kubecon, and serverless gets serious.

Links:

Everything that was announced at KubeCon
CNCF to Host etcd — The Cloud Native Computing Foundation Technical Oversight Committee voted to accept etcd as an incubation-level hosted project.
Introduction to Knative — Knative is a framework from the folks at Google and Pivotal focused on “serverless” style event driven functions.
IBM Embraces Knative to Drive Serverless Standardization — Knative is not the first open-source functions-as-a-service effort that IBM has backed. Back in 2016, IBM announced the OpenWhisk effort, which is now run as an open-source project at the Apache Software Found.
How Google Is Improving Kubernetes Container Security — "We go beyond what's in open source and put additional restrictions in place to secure users"
Demystifying Kubernetes CVE-2018-1002105 — With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.
The silent CVE in the heart of Kubernetes apiserver
Crossplane: An Open Source Multicloud Control Plane
security.christmas — This year we will prepare you for the Christmas celebration, by giving you small presents of knowledge every day, which will teach you about the world of security.
Introducing the Helm Hub — This hub provides a means for you to find charts hosted in many distributed repositories hosted by numerous people and organizations.