Public | Automated Build

Last pushed: 3 years ago
Short Description
Short description is empty for this repo.
Full Description

Conjur docker-webservice

Docker image providing Conjur CLI tools and web service/web application inbound gatekeeper and outbound proxy.

An excellent way to Conjurize web applications easily.

Basic usage

(See for a more complete example.)

Application images

Base a docker image on conjur/webservice:

FROM conjurinc/webservice

Conjur/webservice is based on Alpine Linux; use
apk to install packages, eg.

RUN apk update
RUN apk add openjdk7-jre-base bash

ADD /tmp/neo4j.tar.gz
RUN ["tar", "-C", "/opt", "-zxf", "/tmp/neo4j.tar.gz"]

Put a launch script into /etc/scripts/launch

COPY launch /etc/scripts/


/opt/neo4j-community-*/bin/neo4j start

Put a container config in /etc/conjur.container

COPY conjur.container /etc/


# port 80 is gated by Conjur and redirected to 7474
gate 80, to: 7474

Expose the port


Build the image

docker build -t example/neo4j examples/neo4j


Gating and proxying requires a host identity for the container.
Gated requests are allowed based on execute permission on the host.

The easiest way to setup a host identity is to create a policy, eg.

policy "neo4j-0.0.1" do
  users = group "neo4j-users"
  clients = layer "neo4j-clients" do
    add_host host("neo4j-client") # a client host

  layer "neo4j", name: "Neo4j database servers" do
    add_member "use_host", users # use_host permission on layer grants execute on hosts
    add_member "use_host", clients

    add_host host("docker/neo4j")
conjur policy load -c policy.json examples/neo4j/policy.rb


A helper script is provided to easily launch containers from policy context file:

./bin/policy-run policy.json docker/neo4j --name neo4j -d -p 8080:80 example/neo4j
Docker Pull Command
Source Repository