Articles

Configure Red Hat SSO for 3scale using the CLI!British flag

Publié le linkOpenID Connect label3scale labelKeycloak schedule3 minutes

3scale API Management can be used in conjunction with Red Hat SSO / Keycloak to secure APIs managed by 3scale using the OpenID Connect protocol. The official documentation describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let’s configure Red Hat SSO for 3scale using the CLI! Continuer la lecture

Secure your Raspberry PI with Keycloak Gatekeeper on OpenWRTBritish flag

Publié le linkOpenID Connect labelOpenWRT labelKeycloak schedule6 minutes

In the article “Nginx with TLS on OpenWRT”, I explained how to install nginx on a Raspberry PI running OpenWRT for hosting web applications. Some of the web applications that I installed on my Raspberry PI do not feature any authentication mechanism at all. No authentication means that anybody on the internet could reach those applications and play with them. This article explains how to secure applications running on a Raspberry PI with Keycloak Gatekeeper. Continuer la lecture

Use your Google Account as an OpenID Connect providerBritish flag

Publié le linkOpenID Connect schedule6 minutes

We have passwords everywhere: to unlock our computer, to reach our inbox, to login as root on our Raspberry PI, etc. Unless you have a password vault to store your credentials securely, it is very difficult to keep all your credentials safe. With the OpenID Connect protocol, you can replace the individual passwords of every web application by a Google Login. This article goes through all the steps to use your Google Account as an OpenID Connect provider and subsequent articles (check links at the bottom of this article) explain how to configure the different services and software to use your Google Account as an OpenID Connect provider. Continuer la lecture

Secure a Quarkus API with KeycloakBritish flag

Publié le linkOpenID Connect labelKeycloak labelQuarkus schedule5 minutes

Quarkus is a Java stack that is Kubernetes native, lightweight and fast. Quarkus can be used for any type of backend development, including API-enabled backends. Keycloak is an open source Single Sign On solution that can be used to secure APIs. In this article, I’m describing how to secure a Quarkus API with Keycloak using JWT tokens. Continuer la lecture

Nginx with TLS on OpenWRTBritish flag

Publié le linkEmbedded Systems labelOpenWRT labelnginx schedule7 minutes

In the article “Install OpenWRT on your Raspberry PI”, I explained how to install OpenWRT on a Raspberry PI and the first steps as an OpenWRT user. As I plan to use my Raspberry PI to host plenty of web applications, I wanted to setup a versatile reverse proxy to protect them all, along with TLS support to meet nowadays security requirements. Continuer la lecture

Install OpenWRT on your Raspberry PIBritish flag

Publié le linkEmbedded Systems labelOpenWRT schedule7 minutes

OpenWRT is a Linux distribution for embedded systems. It made design choices that take it apart from the usual Linux distributions: musl libc instead of the usual glibc, busybox instead of coreutils, ash instead of bash, etc. As a result, the system is very light and blazing fast! Continuer la lecture

Feed URLs for the most common CMS: Drupal, Wordpress, WiX and YouTubeBritish flag

Publié le schedule1 minute

If like me you are using an RSS reader to stay informed, there is nothing more frustrating than reading a website that does not advertise an RSS feed. But since most website are based on commonly found CMS, it is highly probable the RSS feeds are there, just not advertised. Continuer la lecture

Check the Ansible version number in a playbookBritish flag

Publié le linkIT Automation labelAnsible schedule1 minute

My Ansible playbooks sometimes use features that are available only in a very recent versions of Ansible. To prevent unecessary troubles to the team mates that will execute them, I like to add a task at the very beginning of my playbooks to check the Ansible version number and abort if the requirements are not met. Continuer la lecture

Ansible: Add a prefix or suffix to all items of a listBritish flag

Publié le linkIT Automation labelAnsible schedule1 minute

Recently, in one of my Ansible playbooks I had to prefix all items of a list with a chosen string. Continuer la lecture

Airgap OpenShift Installation: move the registry created using oc adm release mirror between environmentsBritish flag

Publié le linkContainers labelAnsible labelOpenShift labelSkopeo schedule4 minutes

Some customers, especially large banks, have very tight security requirements. Most of them enforce a complete disconnection of their internal networks from the Internet. When installing OpenShift in such environments (this is named “disconnected” or “airgap” installation), all the OpenShift images have to be fetched (thanks to oc adm release mirror) in a dedicated registry from a bastion host that is both on the internal network and on the Internet. Continuer la lecture