Docker

Docker on Freebsd

Fireup FreeBSD 14 Instance on AWS ?!? Install Packages pkg install gmake go git vim Install Lima git clone https://github.com/lima-vm/lima /opt/lima Patch File cat << EOF > /opt/lima/pkg/sshutil/sshutil_others.go //go:build !darwin && !linux // +build !darwin,!linux package sshutil import ( "runtime" "github.com/sirupsen/logrus" ) func detectAESAcceleration() bool { var err error const fallback = runtime.GOARCH == "amd64" logrus.WithError(err).Warnf("cannot detect whether AES accelerator is available, assuming %v", fallback) return fallback } EOF Build gmake Copy Binaries cp /opt/lima/_output/bin/* /usr/local/bin/ mkdir -p /usr/local/share/doc/lima && cp -r /opt/lima/_output/share/doc/lima/* /usr/local/share/doc/lima/ cp -r /opt/lima/_output/share/lima /usr/local/share/lima Install QEMU pkg install qemu-nox11 Get CPU root@freebsd:/opt/lima # qemu-system-x86_64 -cpu help | grep -i cascadelake x86 Cascadelake-Server (alias configured by machine type) x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3) x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake) x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES] x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v4 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v5 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, EPT switching, XSAVES, no TSX] Export CPU export QEMU_SYSTEM_X86_64="qemu-system-x86_64 -cpu Cascadelake-Server" Start Lima switch to user

Hashicorp - Vault

some Hands’on with Hashicorp Vault Source https://developer.hashicorp.com/vault/docs/get-started/developer-qs Install on macos brew tap hashicorp/tap brew install hashicorp/tap/vault Run on Docker in Background, you have to kill it later docker run -d -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault Unseal Key: 2KTIMp0Md52V2xTb0txxxxxxxxxxxxxxxxxxxxxxxxx= Root Token: dev-only-token this is a dev instance only and has no persistent data. don’t worry. Open Browser http://localhost:8200 -> root token Export in Terminal export VAULT_ADDR='http://0.0.0.0:8200' export VAULT_TOKEN="dev-only-token" Set Key curl --header "X-Vault-Token: $VAULT_TOKEN" \ --header "Content-Type: application/json" \ --request POST \ --data '{"data": {"password": "Hashi123"}}' \ -s http://127.

Docker - Container

Stuff for the running Containers List running Containers $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f99ad3355bae blog "/home/docker/init_a…" 14 minutes ago Up 14 minutes 0.0.0.0:3031->3031/tcp quizzical_bardeen Shell into Containter docker exec -it f99ad3355bae bash first build cache apt-get update install Tools netstat ps tcpdump … apt-get install -y net-tools procps tcpdump telnet netcat Any Comments ? sha256: 27a1368fbcb11db26404131aeb2b0e15d07bc32f61df6389a7c685df61bfc5aa

Alpine - Pandas on Docker Image

How to install Pandas on Alpine Linux Run Alpine Container docker run -it alpine add packages apk update apk add python3 py3-pip gcc python3-dev g++ add / build pandas time pip install pandas real 26m 13.14s user 30m 46.40s sys 3m 27.51s Happy Pandas ! Any Comments ? sha256: afb99c7e3ed003bee48b65795a153c4fe7835fe3dae0759b70ab2bfb5adc4fd5

Acme-DNS

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

Docker - Kuma Monitoring

Intro got a hint to try a nice monitoring tool. kuma. https://github.com/louislam/uptime-kuma pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … .env we need few variables, edit the touch section appropriately cat << 'EOF' > .env # touch HOST="kuma" DOMAIN="your.domain" PORT=3001 # don't touch SERVICE="${HOST}" EOF docker-compose.yml … and the docker compose file … cat << 'EOF' > docker-compose.yml version: '3.3' networks: traefik: external: true services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptime-kuma restart: always volumes: - .

Docker - Disk Cleanup

Docker Cleanup if you play round with docker and fill up all your diskspace, as i did, the following command cleaned lot of wasted space. speciall in the /var/lib/docker/overlay2 - Folder. docker system prune --all --volumes --force Result ... yl6ajwpa4nyicajls7e8xhjwo hveehb6rp5drucnmm7ti2rc5g ot7dr6b4qpxcf2vaq1r23n56k qk2qk4dq0nch1lnghozdazjq9 3uewt5kxbyhemx1q410qamha7 Total reclaimed space: 21.45GB Any Comments ? sha256: 9770f41e2df8df14a08f6cd1ae244f7dff98afbb0baa10f076c8897210b18c44

Docker - Traefik - HugoBlog

Intro as i’m playing with traefik & docker, why not duplicate this blog in container ? for fun and profit ? let’s give at try … pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … docker compose cat << 'EOF' > docker-compose.yml version: '3' services: hugo: image: jakejarvis/hugo-extended:latest ports: - 1313:1313 volumes: - ./src:/src command: server --buildDrafts --buildFuture --bind 0.0.0.0 restart: always networks: - traefik labels: - "traefik.

Docker - Traefik - Wildcard Cert

Intro TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ? Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication. Helpful URL https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 https://www.carluccio.de/reverse-proxy-traefik-mit-wildcard-zertifikaten/ https://linuxblog.xyz/posts/traefik-2-docker-compose/ https://medium.com/@KagundaJM/proxy-buffalo-app-with-traefik-and-lets-encrypt-on-digitalocean-505060edef4c Fully Example with Docker Compose, Traefik, Digital Ocean Prepare Env cd /where/ever/you/want mkdir data touch data/acme.

Docker - Traefik - Redirect

Simple (simple ???) Redirect for all Requests to another Page. At least, it works … docker-compose.yml whoami5: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.redirect-regex.redirectregex.permanent=false" - "traefik.http.middlewares.redirect-regex.redirectregex.regex=(.)*" - "traefik.http.middlewares.redirect-regex.redirectregex.replacement=https://blog.stoege.net" - "traefik.http.routers.whoami5.middlewares=redirect-regex" - "traefik.http.routers.whoami5.rule=Host(`redirect.your.domain.de`)" - "traefik.http.routers.whoami5.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami5.tls=true" Any Comments ? sha256: f98bc4f9d6b271b301836a764b2e27e64eb9f6c774b5d7ce1887ed421ffbef75