Linux

Docker - Traefik - Wildcard Subdomain

Intro

I was wondering if you can have Wildcart Certs for certain Subdomain. Idea is to provide a Service with “myservice.auth.your.domain” which automatically requests Authentication, while the same Service “myservice.whitelist.your.domain” is reachable through some Whitelisted IP only.

As Traefik can Chain Middleware, but not implements some logic (If Whitelist -> ok, else do Basic Auth …), i have to build another solution.

let’s have a look

Prepare Folders

cd /your/traffic/rootfolder
mkdir -p config/dynamic

.env File

we need two variables, so let’s put them in the .env File

Docker - Traefik - Stripprefix

Strip Prefix

Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend …

docker-compose.yml

  whoami:
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme"
      - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker"
      - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.tls=true"

Any Comments ?

sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57

Smokeping on Docker

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;)

Smokeping

docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping

Show Containers

docker ps
docker-test:~# docker ps
CONTAINER ID   IMAGE                   COMMAND   CREATED         STATUS         PORTS                               NAMES
8f8b872ac1c3   linuxserver/smokeping   "/init"   6 minutes ago   Up 6 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   smoke

Shell into Docker

docker exec -it smoke /bin/sh

Check Netstat

root@8f8b872ac1c3:/# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     406670 s
unix  2      [ ACC ]     STREAM     LISTENING     406078 /run/apache2/fcgidsock/137.0

Preview

Alpine - OpenVM Tools

Running Alpine on ESX ? Install the Open VM Tools …

Install OpenVM Tools

apk add open-vm-tools
apk add open-vm-tools-guestinfo
apk add open-vm-tools-deploypkg

Start Service

rc-service open-vm-tools start

Autostart Service

rc-update add open-vm-tools boot

All in One

apk add open-vm-tools open-vm-tools-guestinfo open-vm-tools-deploypkg
rc-update add open-vm-tools boot
rc-service open-vm-tools start

Busybox Extras

add some tools (arch, dnsd, dumpleases, fakeidentd, ftpd, ftpget, ftpput, httpd, inetd, readahead, telnet, telnetd, tftp, tftpd, udhcpd)

apk add busybox-extras

List Packages

apk info -L busybox-extras
docker# apk info -L busybox-extras
busybox-extras-1.35.0-r15 contains:
bin/busybox-extras

Any Comments ?

sha256: 5ba2c46f793ad164b6cecb62f406791adf588c1e51f589dba71067fd60e38aea

Ubuntu 20.04 LTS & Netplan

Assume you got a fresh Machine with DHCP …

Ubuntu with DHCP Config

cat /etc/netplan/01-netcfg.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens192:
      dhcp4: true
  version: 2

and you’d like to switch to Static IP, ask google how todo it an give try:

Static IP with Netplan

# This is the network config written by 'subiquity'
network:
  version: 2
  ethernets:
    ens192:
      addresses:
      - 1.2.3.4/24
      gateway4: 1.1.1.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
        search:
        - world.net

then reboot … and the machine is gone. ok, not really gone, but from IP perspective definitly. it just reboots and come back without default gateway :(

Git Tags

With Tags, we have the possibility to “Tag” a certain Point as important. Just give it a release Number (v0.1, v0.2, v1.0) or whatever you like.

list tags

list all tags for a certain repo

git tag

add Tag

when you’re fine with a version, add a tag …

git tag -a v1.0 -m "my Version 1.0"

push Tags

you have to push the Tags separatly. they do not get pushed with the common “git push” command

Go CrossCompile

Crosscompile under GoLang

Python is cool and everybody like it, but i also like the Concept of writing some Code, compile it for different Platforms and run it everywhere. Google’s Go Language got the possiblity to compile it for multiple Architectures and Operating Systems at the same time. Why not give a try … ?

Little Hello World

package main

import (
    "fmt"
    "os"
)

func main() {
    s := "world"

    if len(os.Args) > 1 {
        s = os.Args[1]
    }

    fmt.Printf("Hello, %v!", s)
    fmt.Println("")

    if s == "fail" {
        os.Exit(30)
    }
}

go.mod

module example.com/test

go 1.18

Compile and run under macOS

go build

./test
Hello, world!

CrossCompile Script

#!/usr/bin/env bash

archs=(amd64 arm64)
os=(darwin freebsd linux openbsd windows)
name="hello"

for arch in ${archs[@]}; do
  for os in ${os[@]}; do
        env GOOS=${os} GOARCH=${arch} go build -o ${name}_${os}-${arch}
  done
done

Compile it

execute it …

Git aliases

we all do like aliases, right ?

https://git-scm.com/book/en/v2/Git-Basics-Git-Aliases

Some Aliases

git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
git config --global alias.bra "branch -a"

and then, you just type:

git co
git br
git ci
git st
git bra

.gitconfig

all this stuff is saved in ~/.gitconfig

$ cat ~/gitconfig
# This is Git's per-user configuration file.
...
[alias]
  co = checkout
  br = branch
  ci = commit
  st = status
  bra = branch -a

Any Comments ?

sha256: 1175e6dde38a2eaed638973cbcd44b5d877ef48acc4e42127dbed167ec15cd1c

Bootstrap Debian

Bootstrapping Debian

a little helper how to generate a Debian Template. This time, it’s a VM Hosted on Vultr

New VM

1 CPU, 1GB RAM, 25GB Disk

upload debian-10.9.0-amd64-netinst.iso
boot from iso
install:      (text based)
lang:         english
country:      switzerland
locale:       US (en_US.UTF-8)
keymap:       Swiss German
nic:          ens3
hostname:     template-25G
domain:       your.domain.de
passwd:       xxxxxxxx
user:         firstname lastname / loginame
passwd:       xxxxxxxx
disk:         Guided - entire disk with LVM - (one partition | separate /home | separate /home, /var and /tmp)
              separate partition for large disks
              one partition for smaller disks
write:        yes
disk:         20GB (for guided partitioning), 5GB for Spare
write:        yes
another dvd:  no
mirror:       switzerland, debian.ethz.ch
survey:       no
software:     SSH Server, standard system utilities
grub:         yes, /dev/sda3

remove iso and reboot

login as user, su to root

mkdir /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

halt -p
-> snapshot template-debian-25G

Any Comments ?

sha256: 5b87992169bc05b44db33f9e79fa557f81844b871c8a7566d94b8bf11841ad32

Git Branches

Branches

some basic commands for branches. you can read Branch Basics and Branch Management for more details

create branch

you wanna develope a feature, fix a bug, test some stuff … you need a branch !

git checkout -b feature1

push upstream

if you have a central repo, push the feature upstream (so others can checkout as well)

git push --set-upstream origin feature1

show branch

you may have multiple branches, list them all. and update pager so list will not open in VIM !