Running docker with docker-machine and xhyve on macOS

xhyve is a lightweight OS X virtualization solution and can run on OS X 10.10 Yosemite and higher. xhyve currently supports FreeBSD and Linux distributions as guest systems. xhyve also has a docker-machine driver that allows you to use docker-machine to run docker containers in side a VM and easily manage the lifecycle of the docker container and the VM.

These three components combined is a nice lightweight docker solution on macOS, and all of them can be installed and updated by Homebrew. It is a much better fit with a developer’s console-based workflow - No more VirtualBox and its annoying updates!

Assuming you’ve already have Homebrew installed, here is how to install xhyve and docker-machine-driver-xhyve:

$ brew update
$ brew install --HEAD xhyve
$ brew install docker-machine-driver-xhyve

The last command will also install docker-machine as a dependency.

Then make sure you change the docker-machine-driver-xhyve binary for proper permissions (due to Homebrew policy this could not be automated):

$ sudo chown root:wheel $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve
$ sudo chmod u+s $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve

Now that you have everything installed, start a helloworld docker:

$ docker-machine create -d xhyve helloworld

Tested with the following software versions:

  • macOS 10.12 (16A323)
  • Homebrew 1.0.5
  • xhyve: stable 0.2.0
  • docker-machine: stable 0.8.2
  • docker-machine-driver-xhyve: stable 0.2.3

Securing email of your domain against spam and phishing

Securing email of your domain against spam and phishing has two aspects:

  1. You need an authentication key to sign all outgoing emails
  2. You need publish via DNS records the public key of the authentication key, along with policies about who can send for your domain and what others should do if they receive unauthenticated emails from your domain.

Hosting email of your domain on Google Apps makes things pretty easy to authenticate your emails, prevent spammers and phishing. But you’ll need a good DNS provider as well to support provisioning a number of DNS records.

Below are three articles from Google Apps that covers what you need do - they are not limited to Google Apps hosted emails and could be very informative in general:

  • Authenticate email with DKIM. This tells you how to enable Google Apps email authentication and publish the public key in a DNS TXT record for DKIM

  • Identify spam messages with SPF records. This is about how to create a DNS TXT record for SPF policy to help receiver identify spammers from your authorized sender or email gateway.

  • Prevent outgoing spam with DMARC. This describes the DNS TXT record for DMARC that publishes your desired policy of how the receiver shall deal with unauthenticated emails from your domain if the email does not pass SPF and DKIM check.

Finally, when you’ve done all your settings, use Google Apps Toolbox - Check MX to validate your domain’s MX records.

Switched to jekyll and CloudFlare

Dreamhost has been a great host for many years but there are other options for hosting a plain blog like this one these days, which makes paying out ~$50 for two years’ hosting start feeling too much.

So I finally converted to jekyll+github-pages solution and uses a free plan from CloudFlare to front the blog with HTTPS. In order to do its job, CloudFlare also becomes my domain DNS server.

CloudFlare for this site now runs in Full SSL mode, which means SSL is run between visitors and CloudFlare CDN, as well as between CloudFlare and github-pages.

I cannot run Full (strict) mode, which would ask CloudFlare to validate its connection to github-pages with a server-side certificate for my domain, because github-pages only serve HTTPS with a certificate for

Switched to HTTPS/TLS

Thanks to Dreamhost and Let’s Encrypt, this WordPress site is now serving over HTTPS only.

Switching to HTTPS with Dreamhost and Let’s Encrypt was pretty straightforward and took about 1 hour or so at most, thanks to the nice guide by Aaron. I didn’t see some of the trouble with PHP - it might well be the case that Dreamhost has updated their default PHP configuration for hosted sites.

The procedure I took was:

  1. Update WordPress and all plugins to latest.
  2. Backup your database
  3. Enable “Secure Hosting” on Dreamhost Panel
  4. Put .htaccess with the excellent permanent redirect from http to https by Aaron:

     <IfModule mod_rewrite.c>
     # enable Rewrite
     RewriteEngine On
     # make sure not already HTTPS
     RewriteCond %{HTTPS} !=on
     # redirect from original to same location using HTTPS
     RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
  5. Clean up database by replacing all local refs to use HTTPS using the SQL presented by Aaron (replace domainname with your own):

     UPDATE wp_comments SET comment_author_url = replace(comment_author_url, '', '');
     UPDATE wp_comments SET comment_content = replace(comment_content, '', '');
     UPDATE wp_options SET option_value = replace(option_value, '', '');
     UPDATE wp_postmeta SET meta_value = replace(meta_value, '', '');
     UPDATE wp_posts SET post_content = replace(post_content, '', '');
     UPDATE wp_posts SET guid = replace(guid, '', '');
     UPDATE wp_sitemeta SET meta_value = replace(meta_value, '', '');
  6. If possible update external references with HTTPS as well (e.g., serving Google fonts over HTTPS/HTTP)

Link: Defensive Bash Programming (2012)

Simple principles nicely put together:

Contents on this site are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Creative Commons License