Docker

Portainer

### portainer ###

docker run --name lab-portainer -d -p 9000:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /home/fplabs/portainer/data:/data portainer/portainer

### portainer agent###

docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /home/fplabs/portainer/data:/var/lib/docker/volumes portainer/agent

Duo Auth Proxy

docker run -d \

--name duoauthproxy \

-p 1812:1812/udp \

-p 18120:18120/udp \

-v /your/path/conf:/opt/duoauthproxy/conf:ro \

--read-only \

--cap-drop=all \

--cap-add=setgid \

--cap-add=setuid \

jumanjiman/duoauthproxy:latest

##If there are any errors on build- do the following

Create this file in /your/path/conf/authproxy.cfg and add some dummy config

[ad_client]

host=1.2.3.4

service_account_username=duoservice

service_account_password=password1

search_dn=DC=example,DC=com

security_group_dn=CN=DuoVPNUsers,OU=Groups,DC=example,DC=com


Create the path and dummy crt file /your/path/conf/conf/ca-bundle.crt


**https://duo.com/docs/authproxy-reference#configuration

**https://duo.com/docs/f5bigip#install-the-duo-authentication-proxy

[duo_only_client]


[radius_server_iframe]

type=f5_bigip

ikey=DIXXXXXXXXXXXXXXXXXX

skey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

api_host=api-XXXXXXXX.duosecurity.com

radius_ip_1=5.6.7.8 *F5 IP

radius_secret_1=radiussecret1

client=duo_only_client

port=1812

failmode=safe





Install Docker Ubuntu 20.04

sudo apt update

sudo apt install apt-transport-https ca-certificates curl software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"

sudo apt update

sudo apt install docker-ce

sudo usermod -aG docker ${USER}

REF;https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04


Add Docker compse

sudo apt install docker-compose


Docker images disappear


if docker images disappear after a restart just run the following command

sudo systemctl restart docker.service


OpenSpeedtest

This docker image contains the same application running at http://openspeedtest.com. This can run offline! So you can use it to test your Local Area Network or put it on a server to test your line speed to that server.Currently optimized to test speeds up to 1~2 Gbps. You can change the values and files inside this docker and can test even faster connection.

docker run --restart=unless-stopped --name=openspeedtest -d -p 80:8080 openspeedtest/latest


Home Assistant


docker run -d --restart=always --name="home-assistant" -v /home/donald/homeass:/config -v /etc/localtime:/etc/localtime:ro --net=host homeassistant/home-assistant:stable


---

*add usb zigbee

ls -l /dev/serial/by-id


version: '3'

services:

homeassistant:

container_name: home-assistant

image: homeassistant/home-assistant:stable

volumes:

- /hass/config:/config

- /etc/localtime:/etc/localtime:ro

- /dev/serial/by-id:/dev/serial/by-id

devices:

- /dev/ttyACM0:/dev/ttyACM0

environment:

- TZ=Europe/London

ports:

- 8123:8123

restart: always

network_mode: host


sudo docker-compose up -d --build homeassistant


USB ref;https://community.home-assistant.io/t/zigbee-config-docker-access-to-usb-stick/226567


Simple Website


Step 1 - Create a Directory for the Website

Make sure that you have your HTML files already in the current directory.

Step 2 - Create a file called Dockerfile

Place the following contents into the Dockerfile

FROM nginx:alpine

COPY . /usr/share/nginx/html

Step 3 - Build the Docker Image for the HTML Server

Run the following command:

docker build -t html-server-image:v1 .

You can confirm that this has worked by running the command:

docker images

And it should show you output something like this:

Step 4 - Run the Docker Container

Run the following command to run the HTML container server:

docker run -d -p 80:80 html-server-image:v1


**************** OR ****************************************


Pi-Hole Docker


sudo nano docker-compose.yml


version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/

services:

pihole:

container_name: pihole

image: pihole/pihole:latest

ports:

- "53:53/tcp"

- "53:53/udp"

- "67:67/udp"

- "80:80/tcp"

- "443:443/tcp"

environment:

TZ: 'Europe/London'

WEBPASSWORD: 'password123'

# Volumes store your data between container upgrades

volumes:

- './etc-pihole/:/etc/pihole/'

- './etc-dnsmasq.d/:/etc/dnsmasq.d/'

# Recommended but not required (DHCP needs NET_ADMIN)

# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities

cap_add:

- NET_ADMIN

restart: unless-stopped


---------------------------------------------

docker-compose up -d

docker-compose up --detach

-------

Installing on Ubuntu

Modern releases of Ubuntu (17.10+) include systemd-resolved which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53. The stub resolver should be disabled with:

sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf

This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution.

Change the /etc/resolv.conf symlink to point to /run/systemd/resolve/resolv.conf,

which is automatically updated to follow the system's netplan:

sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'

After making these changes, you should restart systemd-resolved using:

systemctl restart systemd-resolved

Once pi-hole is installed, you'll want to configure your clients to use it (see here). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at /etc/netplan, then run sudo netplan apply. Example netplan:

network:

ethernets:

ens160:

dhcp4: true

dhcp4-overrides:

use-dns: false

nameservers:

addresses: [127.0.0.1]

version: 2

Note that it is also possible to disable systemd-resolved entirely. However, this can cause problems with name resolution in vpns (see bug report). It also disables the functionality of netplan since systemd-resolved is used as the default renderer (see man netplan). If you choose to disable the service, you will need to manually set the nameservers, for example by creating a new /etc/resolv.conf.

Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.

--------------

1. List the default network set-up for the virtual machines

# virsh net-list

Name State Autostart Persistent

----------------------------------------------------------

default active yes yes

2. Destroy the network default.

# virsh net-destroy default

Network default destroyed

3. Permanently remove the default vitual network from the configuration.

# virsh net-undefine default

Network default has been undefined

4. The interface virbr0 is now gone. You can verify it in the ifconfig or ip command output.

# ifconfig virbr0

virbr0: error fetching interface information: Device not found


--------

update pihole

docker-compose pull pihole

docker-compose up -d pihole


stop using port 53 on host machine

systemctl stop systemd-resolved

systemctl disable systemd-resolved


REF;https://hub.docker.com/r/pihole/pihole


My NextCloud Setup


docker network create nextcloud-net

docker create \

--name=mariadb-nextcloud \

-e PUID=1000 \

-e PGID=1000 \

-e MYSQL_ROOT_PASSWORD=h***********\

-e TZ=Europe/London \

-e MYSQL_DATABASE=nextcloud-db \

-e MYSQL_USER=admin \

-e MYSQL_PASSWORD=h************ \

-p 3306:3306 \

-v /nextcloudDB:/config \

--network nextcloud-net \

--restart unless-stopped \

linuxserver/mariadb

docker create \

--name=nextcloud \

-e PUID=1000 \

-e PGID=1000 \

-e TZ=Europe/London \

-p 8443:443 \

-v /nextcloud/config:/config \

-v /nextcloud/data:/data \

--network nextcloud-net \

--restart unless-stopped \

linuxserver/nextcloud

docker start nextcloud mariadb-nextcloud

#notes

remember and create the directories for the various data file .e.g -v /nextcloudDB:/config and -v /nextcloud/config:/config -v /nextcloud/data:/data

during nextcloud setup choose mariadb with the details above with hostname mariadb-nextcloud:3306

Trusted Domains

this is on the local host - /nextcloud/config/www/nextcloud/config/config.php


Nextcloud - Compose

version: '2'

services:

nextcloud:

container_name: nextcloud2

restart: unless-stopped

image: linuxserver/nextcloud

ports:

- 9443:443

- 9080:80

volumes:

- /mnt/lvm-vg2-mount/dockerlab/nextcloud2/config:/config

- /mnt/lvm-vg2-mount/dockerlab/nextcloud2/data:/data

- /mnt/lvm-vg2-mount/dockerlab/nextcloud2/apps:/apps

environment:

PUID: 1000

PGID: 1000

TZ: Europe/London

depends_on:

- db

db:

container_name: maria-db2

restart: unless-stopped

image: linuxserver/mariadb

environment:

MYSQL_ROOT_PASSWORD: qwerty@nextcloud2

MYSQL_DATABASE: nextcloud2-db

MYSQL_USER: admin

MYSQL_PASSWORD: qwerty@nextcloud2

PUID: 1000

PGID: 1000

TZ: Europe/London

volumes:

- /mnt/lvm-vg2-mount/dockerlab/nextcloud2/mariadb2:/var/lib/mysql


--------------------------------------------------------------------------


alternate install

ref; https://gist.github.com/ichiTechs/83e228fa1e6c83543623a1bf06f3eb32

# NextCLoud with MariaDB/MySQL

#

# Access via "http://localhost:80" (or "http://$(docker-machine ip):80" if using docker-machine)

#

# During initial NextCLoud setup, select "Storage & database" --> "Configure the database" --> "MySQL/MariaDB"

# Database user: nextcloud

# Database password: nextcloud

# Database name: ncdb

# Database host: replace "localhost" with "maria-db" the same name as the data base container name.

#

#

# The reason for the more refined data persistence in the volumes is because if you were to

# use just the the '/var/www/html' then everytime you would want/need to update/upgrade

# NextCloud you would have to go into the volume on the host machine and delete 'version.php'

#


version: '2'

services:

nextcloud:

container_name: nextcloud

restart: unless-stopped

image: nextcloud

ports:

- 80:80

volumes:

- /containers/cloud/nextcloud/apps:/var/www/html/apps

- /containers/cloud/nextcloud/config:/var/www/html/config

- /containers/cloud/nextcloud/data:/var/www/html/data

depends_on:

- db

db:

container_name: maria-db

restart: unless-stopped

image: mariadb

environment:

MYSQL_ROOT_PASSWORD: root

MYSQL_DATABASE: ncdb

MYSQL_USER: nextcloud

MYSQL_PASSWORD: nextcloud

volumes:

- /containers/cloud/mariadb:/var/lib/mysql


------------------------------------------------------------------


#Trusted Sources Example

nano /mnt/lvm-vg2-mount/dockerlab/nextcloud/config/www/nextcloud/config/config.php


#Edit this

'trusted_domains' =>

array (

0 => 'zoltan.home:4443',

1 => '192.168.100.125:4443',

2 => 'cloud.dc1.fullproxylabs.com',

3 => 'zoltan.dc1.fullproxylabs.com',


#Edit this for external url !

'overwrite.cli.url' => 'https://cloud.dc1.fullproxylabs.com',


# SCAN

docker exec nextcloud sudo -u abc php /config/www/nextcloud/occ files:scan --all


docker exec nextcloud sudo -u abc php /config/www/nextcloud/occ files:scan --path="donald/files"


# issues

https://autoize.com/nextcloud-performance-troubleshooting/






Squid Proxy

Squid:

image: sameersbn/squid:3.5.27-2

ports:

- "3128:3128"

volumes:

- /srv/docker/squid/cache:/var/spool/squid

restart: always


PLEX


---

version: "2.1"

services:

plex:

image: ghcr.io/linuxserver/plex

container_name: plex

network_mode: host

environment:

- PUID=1000

- PGID=1000

- VERSION=docker

- UMASK_SET=022 #optional

- PLEX_CLAIM= #optional

volumes:

- /path/to/library:/config

- /path/to/tvseries:/tv

- /path/to/movies:/movies

restart: unless-stopped


UPDATE

Update all images: docker-compose pull

or update a single image: docker-compose pull plex

Let compose update all containers as necessary: docker-compose up -d

or update a single container: docker-compose up -d plex

You can also remove the old dangling images: docker image prune


Zabbix

version: '3'

services:

zabbix-app:

image: "zabbix/zabbix-appliance:latest"

ports:

- "8081:80"

- "10051:10051"

environment:

- PHP_TZ=Europe/London

- ZBX_HOSTNAME=zabbix-app

- ZBX_SERVER_HOST=zabbix-app

volumes:

- /home/donald/dockerlab/zabbix/zapp-db:/var/lib/mysql

links:

- zabbix-agent

zabbix-agent:

image: "zabbix/zabbix-agent:latest"

environment:

- ZBX_HOSTNAME=zabbix-agent

- ZBX_SERVER_HOST=zabbix-app

volumes:

zapp-db:


ref;https://codingkata.tardate.com/infrastructure/zabbix/dockerized/


Docker-compose update

docker-compose pull <servicename>

docker-compose up -d <servicename>


#example
docker-compose pull pihole

docker-compose up -d pihole

RemoteSpark

example setup

docker run --name remotespark8380 -d -p 8380:80 -v /home/donald/dockerlab/remotespark/gateway.conf:/usr/local/bin/SparkGateway/gateway.conf simonkowallik/remotespark:latest

#remember to create an empty gateway.conf

#enter docker cli

docker exec -it remotespark8380 /bin/ash


#config

http://x.x.x.x/config.html

#login

http://x.x.x.x/login.html


#SSL config

add config ?????