Docker

Alpine is a super small linux distribution. I am using it for all my new VMs running a docker instance. Install alpine Download alpine (virtual edition) ISO from https://alpinelinux.org/downloads/ Boot ISO and login with root and no password. Start setup with setup-alpine command and follow instructions Add SSH Key apk add curl mkdir -p /root/.ssh curl -L https://<yourserver>/ssh_key > /root/.ssh/authorized_keys Install docker apk add nano nano /etc/apk/repositories Enable edge-community repository....

Checking your phone’s network traffic is often very interesting. I usually use mitmproxy for that. You can simply install it as a docker container and just need to change your phone’s proxy settings. docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-iface 0.0.0.0 There is a super handy webinterface running under http://localhost:8081 to check the transmitted data. As SSL wont be correctly signed / working then using a Man-in-the-middle proxy you have to install a CA certificate on your phone by visiting: http://mitm....

I recently created a new mysql backup script. It is compatible with local mysql-servers or can be used to backup the databases of a docker container. It will save on dump every hour and holds 6 of them normally and one every day, holding a complete week. I am running this script every hour via crontab: 0 * * * * /opt/mysql/backup.sh > /dev/null 2>&1

I was recently introduced to a new software called Traefik. A reverse proxy / load balancer that’s easy, dynamic, automatic, fast, full-featured, open source, production proven, provides metrics, and integrates with every major cluster technology… No wonder it’s so popular! What else to say? Sounds exactly like a tool I would love. As my setup is already based on a great diversity of docker containers it sounded interesting to me to have a reverse proxy that is handling routing and load balancing automatically to them and can even manage the necessary Let’s encrypt certificates for me....

I recently started to add some security features to my asterisk server. One was adding a fail2ban jail. Because I have asterisk running inside of docker, I mounted my log folder and changed fail2ban (installed on my docker host itself) to use the message file (in my case: /opt/asterisk/log/messages) . Start by editing /etc/fail2ban/jail.d/asterisk.conf: [asterisk] enabled = true filter = asterisk action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] banaction = iptables-multiport logpath = /opt/asterisk/log/messages maxretry = 5 findtime = 3h bantime = 1d Fail2ban needs a specific timestamp format and to prevent asterisk from creating GBs of logs I changed it to only log notice and error messages in the /etc/asterisk/logger....

There are diffrent ways to support IPv6 in Docker. The easiest is to enable ipv6 on the docker host and simply use the docker proxy to forward ipv6 via ipv4 to the containers. But one disadvantage of this method is, that your container is unable to see the clients remote address. Each request seems to be send from the docker host. Especially nginx and php or a spam filter for your mailserver are depending on a correct client ip....

nano /lib/systemd/system/docker.service and change ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 [...] and restart docker with: systemctl daemon-reload service docker restart Source: [StackOverflow][1] tested on: Distributor ID: Ubuntu Description: Ubuntu 17.10 Release: 17.10 Codename: artful Distributor ID: Ubuntu Description: Ubuntu 16.04.4 LTS Release: 16.04 Codename: xenial [1]: https://stackoverflow.com/questions/26561963/how-to-detect-a-docker-daemon-port

Useful commands Remove dangling images docker rmi $(docker images --quiet --filter "dangling=true") Update Composer Project Dependencies docker run --rm -ti -v $PWD:/app -v /home/anton/.ssh/:/root/.ssh composer update --ignore-platform-reqs --no-scripts echo "" > $(docker inspect --format='{{.LogPath}}' <container_name_or_id>)