Whitelist IP Range docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, x.x.x.x/y" - "traefik.http.routers.whoami.middlewares=test-ipwhitelist@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" -> only “localhost” and SRC IP x.x.x.x/y can access this URL. Rest will be blocked. -> Disadvantage. Container needs to be restartet if the Source Range gets modified!
we can do this better :)
Move to File you may want to put your “IP Ranges” to a dedicated File and import it where needed.
Strip Prefix Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend …
docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme" - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" Any Comments ? sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57
docker-compose.yml let’s limit the Requests to 10 Req / 10 Seconds.
whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=10" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=0" - "traefik.http.middlewares.test-ratelimit.ratelimit.period=10s" - "traefik.http.routers.whoami.middlewares=test-ratelimit@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" restart container docker compose -f docker-compose.yml up -d Test Limiting with Curl user@docker:~$ while true; do echo $(date); curl -s https://whoami.your.domain.de |grep "Too" ; sleep 0.1; done Wed Oct 12 18:43:57 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Test Limit with hey, 10 Concurrent 100 Requests, 10 Concurrent, Wait 1 Second between Poll
Dozzle is a real-time log viewer for docker containers
URL https://dozzle.dev/ https://github.com/amir20/dozzle Pull Image and start Container docker pull amir20/dozzle:latest docker run --name dozzle -d --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:8080 amir20/dozzle:latest Docker Compose version: "3" services: dozzle: container_name: dozzle image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 8888:8080 You’re now exposing all your logfiles to the Internet on Port 8888. Apply some FW Rules on the Host, on the Cloud Provider or wherever it fit’s for you ….
Let’s Setup Docker on Debian https://docs.docker.com/engine/install/debian/ https://www.youtube.com/watch?app=desktop&v=PgICQblfWeY Get Debian on some Cloud Provider Update Apt apt-get install ca-certificates curl gnupg lsb-release add official GPG Keys mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg |gpg --dearmor -o /etc/apt/keyrings/docker.gpg add Repo to Sources echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" |tee /etc/apt/sources.list.d/docker.list > /dev/null install Docker Engine apt-get update apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin Check Version docker version root@docker:~# docker version Client: Docker Engine - Community Version: 20.
If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;)
Smokeping docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping Show Containers docker ps docker-test:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp smoke Shell into Docker docker exec -it smoke /bin/sh Check Netstat root@8f8b872ac1c3:/# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.