Links
Comment on page

Setup

Setting up the development environment

Setup

Environment

  • Ubuntu 20.04 with Linux Kernel ≥ 5.11
  • CPU: Intel Xeon E-2288G
  • Docker (>= 20.10.21) & Docker-Compose

Prepare SSH Keys

To access a private GitHub repository in Dockerfile, you need to configure your SSH keys:
# do not enter passphrase
ssh-keygen -t ed25519 -C "[email protected]"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
cp ~/.ssh/id_ed25519 .
Then, you need to add the content in ~/.ssh/id_ed25519.pub to GitHub SSH keys by clicking the New SSH keys button.

Prepare Cert Files

To establish a TLS connection, we need a CA and a client cert for mutual authentication. We store them in the cert directory:
  • Generate cert/ca.key:
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIYNTGhDVj0XKpNhlaHZhv8R8kZopjQg+3lLUiKWJpe2oAoGCCqGSM49
AwEHoUQDQgAEbVU0oGETuO9OYCGAPIyyN5i3RrFZqWBaBPBCFj8VsjoAMOagumK+
FxY7ULghfAjmAmvEERHmA2U0fcb6rHWU9A==
-----END EC PRIVATE KEY-----
  • Generate cert/ca.crt:
-----BEGIN CERTIFICATE-----
MIIB5DCCAYugAwIBAgIJAKiaGxooa8n+MAoGCCqGSM49BAMCME8xCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJDQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
THRkMRAwDgYDVQQDDAdNZXNhVEVFMB4XDTE4MDkwNjIxNDA0MloXDTI4MDkwMzIx
NDA0MlowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB01lc2FURUUwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARtVTSgYRO4705gIYA8jLI3mLdGsVmpYFoE8EIWPxWy
OgAw5qC6Yr4XFjtQuCF8COYCa8QREeYDZTR9xvqsdZT0o1AwTjAdBgNVHQ4EFgQU
rPy6Pz/NV6jhmu7gK8EtWCnSiUowHwYDVR0jBBgwFoAUrPy6Pz/NV6jhmu7gK8Et
WCnSiUowDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBCrqD8MQpzw6h5
YzUgaOSirSRHP4ttNq6e5r0QWMbeqAIgPqY/wh+deICX84whZExBgKEMnAHA23X5
KHk00RMV/vY=
-----END CERTIFICATE-----
  • Generate client private key:
openssl ecparam -genkey -name prime256v1 -out cert/client.key
  • Export keys to pkcs8 in unencrypted format:
openssl pkcs8 -topk8 -nocrypt -in cert/client.key -out cert/client.pkcs8
  • Generate client CSR:
openssl req -new -SHA256 -key cert/client.key -nodes -out cert/client.csr
  • Generate client cert:
openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,DNS:www.example.com") -days 3650 -in cert/client.csr -CA cert/ca.crt -CAkey cert/ca.key -CAcreateserial -out cert/client.crt

Pull Docker Images

  • public.ecr.aws/clique/clique-sibyl-base:1.0.0
  • public.ecr.aws/clique/clique-sibyl-mtls-base:1.0.0
  • public.ecr.aws/clique/clique-sibyl-dcsv2-base:1.0.0
  • public.ecr.aws/clique/clique-sibyl-dcsv2-mtls-base:1.0.0
Browse our container registry for the latest version.