Description The CleanStart Resource-Apache-Zookeeper-Fips image provides a high-performance, security-hardened web server optimized for enterprise environments. Built with minimal attack surfaces and comprehensive security hardening, this image delivers reliable web serving capabilities with advanced security features.
Key Features Core capabilities and strengths of this runtime container
High-performance web serving capabilities Load balancing and reverse proxy support SSL/TLS termination and security features Advanced caching and compression Common Use Cases Typical scenarios where this runtime container excels
Web application hosting and serving Load balancing and traffic distribution SSL termination and security gateway Static content delivery and caching Pull Commands Download the runtime container images
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latest-devInteractive Development Start interactive session for development
bash docker run -d --name resource-apache-zookeeper-fips-server \\
-p 80:80 \\
--security-opt=no-new-privileges \\
clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latestRun Hello World Execute a simple Hello World program
bash docker run -d --name resource-apache-zookeeper-fips-custom \\
-p 8080:80 \\
-v $(pwd)/html:/usr/share/nginx/html:ro \\
clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latestMount Workspace Run container with local workspace mounted
bash docker run --rm -v $(pwd):/app -w /app clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latest-dev python --versionApplication Server Run application with port forwarding
bash docker run -d --name resource-apache-zookeeper-fips-app \
-p 8000:8000 \
-v $(pwd):/app \
-w /app \
clnstrt-images.cleanstart.com/$ORGANIZATION/resource-apache-zookeeper-fips:latestEnvironment Variables Configuration options available through environment variables
PATH System PATH configuration /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binNGINX_HOST Hostname for the web server localhostNGINX_PORT Port for the web server 80Security Best Practices Recommended security configurations and practices
Use specific image tags for production (avoid latest) Configure resource limits: memory and CPU constraints Enable read-only root filesystem when possible Run containers with non-root user (--user 1000:1000) Use --security-opt=no-new-privileges flag Regularly update container images for security patches Implement proper network segmentation Monitor container metrics for anomalies Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']Documentation Resources Essential links and resources for further information