Переглядів 2,551
In this video we'll install a whole OpenZiti overlay network (using an AWS micro machine) and demonstrate how to protect a simple webapp hosted inside a docker network!
Here are the commands run in the video:
--------------------------------------------------
make the clients
ziti edge create identity user windowsweb -o windowsweb.jwt
ziti edge create identity device ubuvm -o ubuvm.jwt
create the host/intercept configs
ziti edge create config sample-web-app-host.v1 host.v1 '{"protocol":"tcp", "address":"sample-web-app","port":8000}'
ziti edge create config sample-web-app-intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["sample-web-app.ziti"], "portRanges":[{"low":8000, "high":8000}]}'
create the service
ziti edge create service sample-web-app --configs "sample-web-app-intercept.v1","sample-web-app-host.v1"
create the service policies
ziti edge create service-policy sample-web-app-binding Bind --service-roles '@sample-web-app' --identity-roles '@ubuvm'
ziti edge create service-policy sample-web-app-dialing Dial --service-roles '@sample-web-app' --identity-roles '@demoweb'
setup the dummy http server using the myFirstZitiNetwork docker network
docker network create myFirstZitiNetwork
docker run \
--rm \
--network myFirstZitiNetwork \
--network-alias sample-web-app \
crccheck/hello-world
mkdir -p ~/.ziti/ids
scp the ubuvm.jwt into ~/.ziti/ids
#provide access into the docker network using openziti!
docker run \
--rm \
--network myFirstZitiNetwork \
--network-alias zet \
--name ziti-edge-tunnel \
--volume ~/.ziti/ids:/ziti-edge-tunnel \
--env=NF_REG_NAME=ubuvm \
openziti/ziti-edge-tunnel:latest run-host