docker

Docker - Traefik

Docker Traefik Example cat << EOF > docker-compose.yml version: "3.3" services: traefik: image: "traefik:v2.9" container_name: "traefik" command: # Traefik Log - "--log.level=DEBUG" - "--log.filePath=/logs/traefik.log" - "--api.insecure=true" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" # Access Log - "--accesslog=true" - "--accesslog.filePath=/logs/access.log" # Prometheus metrics ## Enable prometheus metrics - "--metrics.prometheus=true" ## Create a manual router instead of the default one. - "--metrics.prometheus.manualrouting=true" - "--metrics.prometheus.addrouterslabels=true" ports: - "80:80" - "8080:8080" volumes: - "/var/run/docker.

Docker on Freebsd

Fireup FreeBSD 14 Instance on AWS ?!? Install Packages pkg install gmake go git vim Install Lima git clone https://github.com/lima-vm/lima /opt/lima Patch File cat << EOF > /opt/lima/pkg/sshutil/sshutil_others.go //go:build !darwin && !linux // +build !darwin,!linux package sshutil import ( "runtime" "github.com/sirupsen/logrus" ) func detectAESAcceleration() bool { var err error const fallback = runtime.GOARCH == "amd64" logrus.WithError(err).Warnf("cannot detect whether AES accelerator is available, assuming %v", fallback) return fallback } EOF Build gmake Copy Binaries cp /opt/lima/_output/bin/* /usr/local/bin/ mkdir -p /usr/local/share/doc/lima && cp -r /opt/lima/_output/share/doc/lima/* /usr/local/share/doc/lima/ cp -r /opt/lima/_output/share/lima /usr/local/share/lima Install QEMU pkg install qemu-nox11 Get CPU root@freebsd:/opt/lima # qemu-system-x86_64 -cpu help | grep -i cascadelake x86 Cascadelake-Server (alias configured by machine type) x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3) x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake) x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES] x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v4 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v5 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, EPT switching, XSAVES, no TSX] Export CPU export QEMU_SYSTEM_X86_64="qemu-system-x86_64 -cpu Cascadelake-Server" Start Lima switch to user

Hashicorp - Vault

some Hands’on with Hashicorp Vault Source https://developer.hashicorp.com/vault/docs/get-started/developer-qs Install on macos brew tap hashicorp/tap brew install hashicorp/tap/vault Run on Docker in Background, you have to kill it later docker run -d -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault Unseal Key: 2KTIMp0Md52V2xTb0txxxxxxxxxxxxxxxxxxxxxxxxx= Root Token: dev-only-token this is a dev instance only and has no persistent data. don’t worry. Open Browser http://localhost:8200 -> root token Export in Terminal export VAULT_ADDR='http://0.0.0.0:8200' export VAULT_TOKEN="dev-only-token" Set Key curl --header "X-Vault-Token: $VAULT_TOKEN" \ --header "Content-Type: application/json" \ --request POST \ --data '{"data": {"password": "Hashi123"}}' \ -s http://127.

Docker - Container

Stuff for the running Containers List running Containers $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f99ad3355bae blog "/home/docker/init_a…" 14 minutes ago Up 14 minutes 0.0.0.0:3031->3031/tcp quizzical_bardeen Shell into Containter docker exec -it f99ad3355bae bash first build cache apt-get update install Tools netstat ps tcpdump … apt-get install -y net-tools procps tcpdump telnet netcat sha256: 27a1368fbcb11db26404131aeb2b0e15d07bc32f61df6389a7c685df61bfc5aa

Alpine - Pandas on Docker Image

How to install Pandas on Alpine Linux Run Alpine Container docker run -it alpine add packages apk update apk add python3 py3-pip gcc python3-dev g++ add / build pandas time pip install pandas real 26m 13.14s user 30m 46.40s sys 3m 27.51s Happy Pandas ! sha256: afb99c7e3ed003bee48b65795a153c4fe7835fe3dae0759b70ab2bfb5adc4fd5

Acme-DNS

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

Docker - Kuma Monitoring

Intro got a hint to try a nice monitoring tool. kuma. https://github.com/louislam/uptime-kuma pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … .env we need few variables, edit the touch section appropriately cat << 'EOF' > .env # touch HOST="kuma" DOMAIN="your.domain" PORT=3001 # don't touch SERVICE="${HOST}" EOF docker-compose.yml … and the docker compose file … cat << 'EOF' > docker-compose.yml version: '3.3' networks: traefik: external: true services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptime-kuma restart: always volumes: - .

Docker - Disk Cleanup

Docker Cleanup if you play round with docker and fill up all your diskspace, as i did, the following command cleaned lot of wasted space. speciall in the /var/lib/docker/overlay2 - Folder. docker system prune --all --volumes --force Result ... yl6ajwpa4nyicajls7e8xhjwo hveehb6rp5drucnmm7ti2rc5g ot7dr6b4qpxcf2vaq1r23n56k qk2qk4dq0nch1lnghozdazjq9 3uewt5kxbyhemx1q410qamha7 Total reclaimed space: 21.45GB sha256: 9770f41e2df8df14a08f6cd1ae244f7dff98afbb0baa10f076c8897210b18c44

Docker - Traefik - HugoBlog

Intro as i’m playing with traefik & docker, why not duplicate this blog in container ? for fun and profit ? let’s give at try … pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … docker compose cat << 'EOF' > docker-compose.yml version: '3' services: hugo: image: jakejarvis/hugo-extended:latest ports: - 1313:1313 volumes: - ./src:/src command: server --buildDrafts --buildFuture --bind 0.0.0.0 restart: always networks: - traefik labels: - "traefik.

Docker - Traefik - Wildcard Cert

Intro TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ? Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication. Helpful URL https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 https://www.carluccio.de/reverse-proxy-traefik-mit-wildcard-zertifikaten/ https://linuxblog.xyz/posts/traefik-2-docker-compose/ https://medium.com/@KagundaJM/proxy-buffalo-app-with-traefik-and-lets-encrypt-on-digitalocean-505060edef4c Fully Example with Docker Compose, Traefik, Digital Ocean Prepare Env cd /where/ever/you/want mkdir data touch data/acme.

Docker - Traefik - Redirect

Simple (simple ???) Redirect for all Requests to another Page. At least, it works … docker-compose.yml whoami5: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.redirect-regex.redirectregex.permanent=false" - "traefik.http.middlewares.redirect-regex.redirectregex.regex=(.)*" - "traefik.http.middlewares.redirect-regex.redirectregex.replacement=https://blog.stoege.net" - "traefik.http.routers.whoami5.middlewares=redirect-regex" - "traefik.http.routers.whoami5.rule=Host(`redirect.your.domain.de`)" - "traefik.http.routers.whoami5.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami5.tls=true" sha256: f98bc4f9d6b271b301836a764b2e27e64eb9f6c774b5d7ce1887ed421ffbef75

Docker - Traefik - IPWhitelist

Whitelist IP Range docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, x.x.x.x/y" - "traefik.http.routers.whoami.middlewares=test-ipwhitelist@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" -> only “localhost” and SRC IP x.x.x.x/y can access this URL. Rest will be blocked. -> Disadvantage. Container needs to be restartet if the Source Range gets modified! we can do this better :) Move to File you may want to put your “IP Ranges” to a dedicated File and import it where needed.

Docker - Traefik - Stripprefix

Strip Prefix Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend … docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme" - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57

Docker - Traefik - Ratelimiting

docker-compose.yml let’s limit the Requests to 10 Req / 10 Seconds. whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=10" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=0" - "traefik.http.middlewares.test-ratelimit.ratelimit.period=10s" - "traefik.http.routers.whoami.middlewares=test-ratelimit@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" restart container docker compose -f docker-compose.yml up -d Test Limiting with Curl user@docker:~$ while true; do echo $(date); curl -s https://whoami.your.domain.de |grep "Too" ; sleep 0.1; done Wed Oct 12 18:43:57 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Test Limit with hey, 10 Concurrent 100 Requests, 10 Concurrent, Wait 1 Second between Poll

Docker - Dozzle - Realtime Logs

Dozzle is a real-time log viewer for docker containers URL https://dozzle.dev/ https://github.com/amir20/dozzle Pull Image and start Container docker pull amir20/dozzle:latest docker run --name dozzle -d --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:8080 amir20/dozzle:latest Docker Compose version: "3" services: dozzle: container_name: dozzle image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 8888:8080 You’re now exposing all your logfiles to the Internet on Port 8888. Apply some FW Rules on the Host, on the Cloud Provider or wherever it fit’s for you ….