top of page
Search

Docker for Security: Why & How

Let's say you want to run an application on your machine - say, an Apache Web Server. You install it locally, configure it as you like and run it - you now have a running web server where you can host your website(s). But there are two major risks with this approach:

  1. If you want to ship your application to another machine - like a cloud instance, you'd have to worry about the dependencies and getting the application to behave the same way as it did on your computer.

  2. If your web server somehow gets compromised by an attacker, he would be able to get access to your host machine as well because there is no isolation in the local installation of your web server.

Docker fixes these two major risks!


Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers

With Docker, you can bundle and ship apps that will run in isolated containers that share your Operating System's kernel.

  • Since you are bundling the app with all the necessary configuration already made, when the app is shipped and run on a different machine with Docker, it will work the same way that it did.

  • Since all the containers spawned up with Docker are isolated, one container (or app) cannot affect the other containers or the Host Operating System. So, even though if one of the apps is compromised, the attacker would not be able to escape the container and exploit the host machine. The isolation is achieved through Linux namespaces.



Creating a Docker image

Creating a Docker image is easy. You can find thousands of pre-built images on Docker Hub. These include both the official Docker images and the ones posted by users. You can pull any of these images to your Docker engine by using the pull command like this

docker pull python # pulls the python image from Docker Hub

Or, you could create your own custom Docker image from the available base images.

For example, let me create an image of the Apache HTTP Server version 2.4.49 with my custom configuration.


First, I will create a "Dockerfile" that defines how to build my image.

FROM httpd:2.4.49
COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf

The first line defines the base image for my custom image which is httpd - The Apache HTTP Server Project. I also mention the version that I want to use after the colon(:). So this exact version will be pulled from Docker Hub and be used as the base for my image.

In the next line, I copy my custom configuration to my image.


Now, I simply build my image using the docker build command.

docker build -t apache_server .

This will create a new Docker image named "apache_server".


The last step is to actually run a container of this image. A container is the running instance of an image. We can do this by using the docker run command.

docker run -dit -p 8080:80 apache_server

I am also mapping the port 8080 on my localhost to the port 80 inside the container so that I can access the web server that is running in the container by going to http://localhost:8080

Awesome! We have now deployed a Containerized application with Docker.

Unfortunately, the version of the Apache Web server (2.4.49) running in the container is vulnerable to Path Traversal and RCE. But nothing to worry! Since the app is running in a container, it is isolated from the host machine, so the attacker will not be able to escape the container and exploit the host machine itself. That's the beauty of containerization!



Stream Docker Apps from a Browser!

What if you can directly deploy your apps as containers on the click of a button, and stream them directly from your web browser? This is where Kasm Workspaces comes in.


Kasm is a workspace streaming platform that allows you to deploy containerized applications and stream them directly from your web browser!

The community version of Kasm Workspaces is free to use, so you can set it up on your Linux machine in four simple commands and make your life a lot easier while dealing with containers. You can either install Kasm locally or on Cloud. By installing it on Cloud, you can access your apps from anywhere and any device by just using a web browser.


You can install Kasm by execution the following four commands:

cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz
tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.sh

Once installed, the randomly generated credentials will be displayed on the terminal. Copy and save them somewhere safe. Now, you can go to https://<YOUR_IP_ADDRESS> and login with your credentials.


Inside your dashboard, you can go to "Workspaces" and click "Add from registry" which will display a list of apps that are ready to be deployed to Kasm. You can install any of them by clicking on install. Alternatively, you can even create your own custom image and import it to Kasm.



Once installed, you can launch new sessions of this app.


And now, you will be able to use that app from your browser!


It is that easy to deploy docker apps with Kasm Workspaces and stream them from your web browser!

15 commenti

Ascent Innovations
Ascent Innovations
06 giu

Microsoft Dynamics 365 Business Central is an all-in-one business management solution designed for small to medium-sized enterprises. It seamlessly integrates core business functions—including finance, sales, purchasing, inventory, and operations—into a single, easy-to-use platform.

With its cloud-based architecture, Business Central enables real-time data access, improved collaboration, and streamlined workflows across departments. Its tight integration with the Microsoft ecosystem (e.g., Excel, Outlook, Power BI) empowers teams to work more efficiently while maintaining control and visibility over business performance.

Scalable, secure, and customizable, Dynamics 365 Business Central is a cost-effective ERP solution that helps growing businesses automate processes, make smarter decisions, and adapt quickly to change—supporting long-term success and digital transformation.

Mi piace
Millan Myra
Millan Myra
22 mag

In the vast and treacherous waters of Skull and Bones, every pirate knows the importance of quality tools. From crafting to harvesting, having the right equipment can make all the difference between success and failure. When you finally dock at Sainte-Anne, you’re faced with the task of building a new ship to bolster your reputation in the pirate community. To achieve this, you’ll need the assistance of Zayn, the Shipwright to Skull and Bones Items, and a set of essential tools. Here’s your comprehensive guide on completing the Tools of the Trade quest in Skull and Bones.


Meeting Zayn: Setting the Stage


Upon your arrival at Sainte-Anne, your first port of call should be Zayn, the Shipwright. He’s the key…


Mi piace
Mawto Org
Mawto Org
24 apr

No need to pay for your favorite titles anymore — just visit Oceans of games and enjoy.

Mi piace
Kms Pico
Kms Pico
21 apr

O KMSpico Ativador garante sua ativação 100% funcional. Com o KMSpico Ativador, você não precisa mais se preocupar. Tudo fica ativo com o KMSpico Ativador. O KMSpico Ativador é compatível com várias edições. Simplesmente execute o KMSpico Ativador e aproveite. O KMSpico Ativador resolve todos os avisos de ativação. Com o KMSpico Ativador, o sistema fica completo. Sua ativação não expira com o KMSpico Ativador. Economize com inteligência usando o KMSpico Ativador. A melhor escolha é sempre o KMSpico Ativador.

Mi piace
Hokis Property Advisor
Hokis Property Advisor
18 apr

Hokis real estate agents in zirakpur , providing expert guidance for buying, selling, and renting properties. With deep market knowledge, we ensure the best deals on residential and commercial properties. Trust our experienced professionals to find your dream home or investment opportunity in Zirakpur’s thriving real estate market.

Mi piace

© 2019 Tech Raj. Designed by Teja Swaroop

  • YouTube
  • Facebook Page
  • Twitter
bottom of page