docker

Docker - Container

Stuff for the running Containers List running Containers $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f99ad3355bae blog "/home/docker/init_a…" 14 minutes ago Up 14 minutes 0.0.0.0:3031->3031/tcp quizzical_bardeen Shell into Containter docker exec -it f99ad3355bae bash first build cache apt-get update install Tools netstat ps tcpdump … apt-get install -y net-tools procps tcpdump telnet netcat sha256: 27a1368fbcb11db26404131aeb2b0e15d07bc32f61df6389a7c685df61bfc5aa

Alpine - Pandas on Docker Image

How to install Pandas on Alpine Linux Run Alpine Container docker run -it alpine add packages apk update apk add python3 py3-pip gcc python3-dev g++ add / build pandas time pip install pandas real 26m 13.14s user 30m 46.40s sys 3m 27.51s Happy Pandas ! sha256: afb99c7e3ed003bee48b65795a153c4fe7835fe3dae0759b70ab2bfb5adc4fd5

Acme-DNS

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

Docker - Kuma Monitoring

Intro got a hint to try a nice monitoring tool. kuma. https://github.com/louislam/uptime-kuma pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … .env we need few variables, edit the touch section appropriately cat << 'EOF' > .env # touch HOST="kuma" DOMAIN="your.domain" PORT=3001 # don't touch SERVICE="${HOST}" EOF docker-compose.yml … and the docker compose file … cat << 'EOF' > docker-compose.yml version: '3.3' networks: traefik: external: true services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptime-kuma restart: always volumes: - .

Docker - Disk Cleanup

Docker Cleanup if you play round with docker and fill up all your diskspace, as i did, the following command cleaned lot of wasted space. speciall in the /var/lib/docker/overlay2 - Folder. docker system prune --all --volumes --force Result ... yl6ajwpa4nyicajls7e8xhjwo hveehb6rp5drucnmm7ti2rc5g ot7dr6b4qpxcf2vaq1r23n56k qk2qk4dq0nch1lnghozdazjq9 3uewt5kxbyhemx1q410qamha7 Total reclaimed space: 21.45GB sha256: 9770f41e2df8df14a08f6cd1ae244f7dff98afbb0baa10f076c8897210b18c44

Docker - Traefik - HugoBlog

Intro as i’m playing with traefik & docker, why not duplicate this blog in container ? for fun and profit ? let’s give at try … pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … docker compose cat << 'EOF' > docker-compose.yml version: '3' services: hugo: image: jakejarvis/hugo-extended:latest ports: - 1313:1313 volumes: - ./src:/src command: server --buildDrafts --buildFuture --bind 0.0.0.0 restart: always networks: - traefik labels: - "traefik.

Docker - Traefik - Wildcard Cert

Intro TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ? Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication. Helpful URL https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 https://www.carluccio.de/reverse-proxy-traefik-mit-wildcard-zertifikaten/ https://linuxblog.xyz/posts/traefik-2-docker-compose/ https://medium.com/@KagundaJM/proxy-buffalo-app-with-traefik-and-lets-encrypt-on-digitalocean-505060edef4c Fully Example with Docker Compose, Traefik, Digital Ocean Prepare Env cd /where/ever/you/want mkdir data touch data/acme.

Docker - Traefik - Redirect

Simple (simple ???) Redirect for all Requests to another Page. At least, it works … docker-compose.yml whoami5: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.redirect-regex.redirectregex.permanent=false" - "traefik.http.middlewares.redirect-regex.redirectregex.regex=(.)*" - "traefik.http.middlewares.redirect-regex.redirectregex.replacement=https://blog.stoege.net" - "traefik.http.routers.whoami5.middlewares=redirect-regex" - "traefik.http.routers.whoami5.rule=Host(`redirect.your.domain.de`)" - "traefik.http.routers.whoami5.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami5.tls=true" sha256: f98bc4f9d6b271b301836a764b2e27e64eb9f6c774b5d7ce1887ed421ffbef75

Docker - Traefik - IPWhitelist

Whitelist IP Range docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, x.x.x.x/y" - "traefik.http.routers.whoami.middlewares=test-ipwhitelist@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" -> only “localhost” and SRC IP x.x.x.x/y can access this URL. Rest will be blocked. -> Disadvantage. Container needs to be restartet if the Source Range gets modified! we can do this better :) Move to File you may want to put your “IP Ranges” to a dedicated File and import it where needed.

Docker - Traefik - Stripprefix

Strip Prefix Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend … docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme" - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57

Docker - Traefik - Ratelimiting

docker-compose.yml let’s limit the Requests to 10 Req / 10 Seconds. whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=10" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=0" - "traefik.http.middlewares.test-ratelimit.ratelimit.period=10s" - "traefik.http.routers.whoami.middlewares=test-ratelimit@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" restart container docker compose -f docker-compose.yml up -d Test Limiting with Curl user@docker:~$ while true; do echo $(date); curl -s https://whoami.your.domain.de |grep "Too" ; sleep 0.1; done Wed Oct 12 18:43:57 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Test Limit with hey, 10 Concurrent 100 Requests, 10 Concurrent, Wait 1 Second between Poll

Docker - Dozzle - Realtime Logs

Dozzle is a real-time log viewer for docker containers URL https://dozzle.dev/ https://github.com/amir20/dozzle Pull Image and start Container docker pull amir20/dozzle:latest docker run --name dozzle -d --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:8080 amir20/dozzle:latest Docker Compose version: "3" services: dozzle: container_name: dozzle image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 8888:8080 You’re now exposing all your logfiles to the Internet on Port 8888. Apply some FW Rules on the Host, on the Cloud Provider or wherever it fit’s for you ….

Docker on Debian

Let’s Setup Docker on Debian https://docs.docker.com/engine/install/debian/ https://www.youtube.com/watch?app=desktop&v=PgICQblfWeY Get Debian on some Cloud Provider Update Apt apt-get install ca-certificates curl gnupg lsb-release add official GPG Keys mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg |gpg --dearmor -o /etc/apt/keyrings/docker.gpg add Repo to Sources echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" |tee /etc/apt/sources.list.d/docker.list > /dev/null install Docker Engine apt-get update apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin Check Version docker version root@docker:~# docker version Client: Docker Engine - Community Version: 20.

Smokeping on Docker

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;) Smokeping docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping Show Containers docker ps docker-test:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp smoke Shell into Docker docker exec -it smoke /bin/sh Check Netstat root@8f8b872ac1c3:/# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.