I do not want to use it from the desktop application. I need software that works on the web.
I want to use it on a server. Personnel who want to use ZAP need to do this by connecting to that server.
I could only run the desktop application
We have a plan for this, otherwise known as ZAP as a Service (ZaaS). Its not progressing as quickly as we'd like, due to lack of contributors. If you (or anyone else) has suitable skills and would like to work on ZAP then we'd be very pleased to hear from you :)
Simon (ZAP project lead)
One of the options you could follow is setting up a VNC Server ( https://archive.realvnc.com/products/vnc/documentation/4.6/unix/man/Xvnc.html) on the target and grant user/SSH access to N desktops for your users so that each could spawn it's own proxy - providing they don't port collide. There's a security recommendation to provide VNC access through an SSH tunnel, so you need to keep that in mind. Also would recommend to disable 'password' SSH access and work with users with properly protected SSH identities aka keys.
While waiting for a native Web GUI you can do as the ZAP team did with ZAP on docker using Webswing.
Webswing allows you to use a Java Swing application through the browser, so the result will be the ZAP GUI through your browser.
First you'll have to install Webswing and ZAP and if you're using a headless linux server you'll have to install xvfb.
Second you'll have to create a Webswing configuration file for running ZAP through Webswing. You can use the configuration file used by the ZAP docker or you can create one using the tutorial provided by Webswing
Finally, enjoy!
One possible option, is to run the official container with webswing according to the official wiki: https://www.zaproxy.org/docs/docker/webswing/
TLDR; Stable:
docker run -d --name zaproxy -u zap -p 8080:8080 -p 8090:8090 -i owasp/zap2docker-stable zap-webswing.sh
visit http://localhost:8080 (http! not https!)
Starting with version 2.5.0 you can run the ZAP Desktop UI in your
browser without having to install Java, thanks to the magic of Docker
and Webswing
To do this you will just need Docker installed. Start the container
with webswing support:
Stable: docker run -u zap -p 8080:8080 -p 8090:8090 -i
owasp/zap2docker-stable zap-webswing.sh
Weekly: docker run -u zap -p
8080:8080 -p 8090:8090 -i owasp/zap2docker-weekly zap-webswing.sh Then
point your browser at:
http://localhost:8080/zap You will then see the familiar ZAP splash
screen while ZAP starts up.
Related
enter image description here
Any help is much appreciated.
There are multiple platform versions (Windows™, Linux®, or macOS )of the CloudCtl [Ref1], and install the appropriate CLI
you can list the files using curl
curl -kL https://--masterNodeIpAddress--:8443/api/cli
"cloudctl-darwin-amd64"
"cloudctl-linux-amd64"
"cloudctl-linux-ppc64le"
"cloudctl-linux-s390x"
"cloudctl-win-amd64.exe"
replace the --masterNodeIPAddress- for your cluster
##for linux x86
use the curl to download
curl -kLo /tmp/cloudctl-linux-amd64 https://--masterNodeIpAddress--:8443/api/cli/cloudctl-linux-amd64
Change permission to execute and copy to local path
chmod +x /tmp/cloudctl-linux-amd64
cp /tmp/cloudctl-linux-amd64 /usr/local/bin/cloudctl
Login to the cluster
cloudctl login -a https://--masterNodeIpAddress--:8443
-- replace masteNodeIPaddress with masternode IP address or haproxy, or load balancer used for the High availability master node
Customized Instructions to install clients from ICP console
You can also find the customized instructions for downloading and installing all the clients.
Log-in in to your IBM Cloud Private cluster management console from a web browser.
Connect to the URL https://masterORloadBalenacer:8443 and use the appropriate credentials.
Menu ( left BurgerIcon) left navigation -> CommandLine tools
Direct link https://masterORloadBalancerHostname:8443/console/tools/cli
Ref-1: Installing the IBM® Cloud Private CLI
https://www.ibm.com/docs/en/cloud-private/3.2.0?topic=cloudctl-installing-cloud-private-cli
I am trying to start the demo version of JBPM 7.26.0 (windows).
After a successful "ant start.demo", the wildfly server log fills up with
WARN [org.kie.server.common.KeyStoreHelperUtil] (Thread-149) Unable
to load key store. Using password from configuration
http://localhost:8080/jbpm-casemgmt/jbpm-cm.html never loads after logging in (spins indefinitely).
Any suggestions on how to troubleshoot?
thanks!
Beside the Single Zip Distribution you can also try the provided Docker builds.
Just install Docker and run docker run -p 8080:8080 -p 8001:8001 -d --name jbpm-server-full jboss/jbpm-server-full:7.26.0.Final and browse to http://localhost:8080/business-central
This works fine for me.
We can use the command docker images to list the Docker images we have on local host.
Now I want to get the same information from a remote server by sending an HTTP GET request in Firefox or Chrome. Does Docker provide some REST API to do this?
I did a lot of search. For example:
Examples using the Docker Engine SDKs and Docker API
It provides a way something like this:
curl --unix-socket /var/run/docker.sock http:/v1.24/containers/json
I know a little about Unix sockets, and I don't think this is what I want. The URL (http:/v1.24/containers/json) is so weird and don't even have a server name in it. I don't think it can work on a remote server. (It does work on a local server.)
Is there any official documentation that Docker provides on this topic?
You need to expose the Docker daemon on a port.
You can configure the Docker daemon to listen to multiple sockets at the same time using multiple -H options:
listen using the default Unix socket, and on two specific IP addresses on this host.
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
The Docker client will honor the DOCKER_HOST environment variable to set the -H flag for the client. Use one of the following commands:
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option
You need to do this by creating a systemd dropin:
mkdir -p /etc/systemd/system/docker.service.d/
cat > /etc/systemd/system/docker.service.d/10_docker.conf <<EOF
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:2376
EOF
Then reload and restart Docker:
systemctl daemon-reload
systemctl restart docker
Note: this way you would be exposing your host and you shouldn't do it this way in production. Please read more about this on the link I shared earlier.
I like to use scrapyRT to connect all my scraper spiders to the Angular front-end.
The documentation recommends to run in it in production as follows:
docker run -p 9080:9080 -tid -v /home/user/quotesbot:/scrapyrt/project scrapinghub/scrapyrt
This will expose port 9080 to the outside world.
I'm concerned about the safety of this.
How can I properly secure this to avoid bots visiting the end points?
If Scrapyrt is running on the same machine as your frontend, you could make Scrapyrt listen only on localhost:
docker run -p 9080:9080 -tid -v /home/user/quotesbot:/scrapyrt/project scrapinghub/scrapyrt -i 127.0.0.1
That way it will be accessible only from that machine (e.g. from the frontend application).
Otherwise use firewall to allow communication from your frontend machine only.
I am trying to deploy a Scala based application to dokku, the application runs a http server and a customised sshd server.
The problem I have is it seems that dokku only supports one port for the application.
I need dokku to expose both my applications ports to the web.
In docker this is possible and quite straight forward to do, but when I implement the same technique in the dokku file, I get an error.
Any suggestions on allowing two ports to be accessible?
Since this is, after all, docker, you can use an ambassador...
You will need a line like:
docker run -t -i -link mysql:mysql -name mysql_ambassador -p 3306:3306 ctlc/ambassador
Replacing with your port and mysql with your container name (from docker images)
See https://www.ctl.io/developers/blog/post/deploying-multi-server-docker-apps-with-ambassadors
NOTE: Make sure you docker pull svendowideit/ambassador:latest before...