19 янв2023

Docker swarm

Written by Super User. Posted in Articles Unix

sudo apt-get remove docker docker-engine docker.io containerd runc

sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

docker run -d -p 3000:80 nginx

 

  docker swarm init --advertise-addr $(curl ifconfig.me)
  docker info
  docker node ls

docker network create -d overlay crm_network

 

docker service create --replicas 6 --name apa-sim -p 30000:80 cohenaj194/apache-simple

 

apt instapp jq
docker container inspect --format '{{json .NetworkSettings.Networks}}' $(docker container ls -lq) | jq '.'

https://garutilorenzo.github.io/nginx-ingress-controller/

docker network create --driver overlay ingress-routing
cat en2_dev_php_my_admin.yml cat en1_dev_php_my_admin.yml

version: '3.7'
services:

  php_my_admin:
    image: 2204198622/php_my_admin:1.3.18
    environment:
      - PMA_ARBITRARY=0
      - PMA_HOSTS=env2_db2_mysql,env2_db1_mysql
      - PMA_PORT=3306
        #    ports:
        #- 30000:80


    networks:
      - ingress
    deploy:
      replicas: 1
      restart_policy:
        condition: any
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      resources:
        limits:
          memory: 4096M
          cpus: "2"
      labels:
        ingress.host: kodak2.ksi.kiev.ua
networks:
  ingress:
    external: true
    name: ingress-routing

version: '3.7'
services:

  php_my_admin:
    image: 2204198622/php_my_admin:1.3.18
    environment:
      - PMA_ARBITRARY=0
      - PMA_HOSTS=env1_db2_mysql,env1_db1_mysql
      - PMA_PORT=3306
        #    ports:
        #      - 30000:80
    networks:
      - crm_network
    deploy:
      replicas: 1
      restart_policy:
        condition: any
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      labels:
        ingress.host: kodak1.ksi.kiev.ua
      resources:
        limits:
          memory: 4096M
          cpus: "2"
networks:
  crm_network:
    external: true
    name: ingress-routing
# docker stack deploy -c en2_dev_php_my_admin.yml en2_ # docker stack deploy -c en1_dev_php_my_admin.yml en1_
  Command  
 

docker service ls

  
  docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}} {{.Endpoint.VirtualIPs}} {{.Spec.Name}}'  $(docker service ls -q)  
  docker service ps service_name --no-trunc  
  docker exec -it $(docker ps | grep  "nginx:1.21" | awk '{print $1}') nginx -s reload  
  docker stack deploy swsvc -c  manifest.yml --with-registry-auth  
  docker stats --format "{{.Name}}  \t\t  {{.CPUPerc}} \t  {{.MemUsage}}  \t\t {{.BlockIO}}" | grep sil  
  docker service update --publish-rm published=1080,target=8080 swsvc_nginx-proxy
docker service update --publish-add published=80,target=80 swsvc_nginx-proxy		  
  docker service update  --replicas=10 swsvc_php_  
  docker run -e NAMECONTAINER --env-file ./test.env CONTEINER_REPO:1.2.3 /bin/sh -c "npm run start"  
     
     
     

 

Добавить комментарий
18 янв2023

L2TP or OpenVPN on Linux

Written by Super User. Posted in Articles Unix

Very good arcticle

 http://www.crosspeer.com/tutorial_Linux_L2TP_VPN_Client.html

https://github.com/jabas06/l2tp-ipsec-vpn-client

https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832

 

Step 0: Util Install

apt-get update
sudo apt-get -y install strongswan xl2tpd  net-tools
DesVPNsrv="x.x.x.x"
AMIip="x.x.x.x."
VPNuser="VPN_user"
VPNpass="VPNpass"
PSK="xxxxxx"

Step 1: Configure IpSec

vi /etc/ipsec.conf

cat <<EOF >> /etc/ipsec.conf
config setup
          nat_traversal=yes
          virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
          oe=off
          protostack=netkey

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret
    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn L2TP-PSK-NAT
          rightsubnet=vhost:%priv
          lso=L2TP-PSK-noNAT

conn  L2TP-PSK-noNAT
          authby=secret
          pfs=no
          auto=add
          keyingtries=3
          r4ekey=no
          ikelifetime=8h
          keylife=1h
          type=transport
          leftprotoport=17/1701
          rightprotoport=17/1701
          right=$DesVPNsrv
          auto=start
EOF

vi /etc/ipsec.secrets

0.0.0.0: xxx.xxx.xxx.xxx   PSK "XXXXXXXX"

/etc/init.d/ipsec start

sudo /etc/init.d/ipsec verify
ipsec up L2TP-PSK

Step 2: Configure L2TP

vi /etc/xl2tpd/xl2tpd.conf

cat <<EOF >> /etc/xl2tpd/xl2tpd.conf
[lac myVPN]
; set this to the ip address of your vpn server
lns = $DesVPNsrv
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

redial = yes ; Перподключаться при потере соединения
redial timeout = 5 ; Сколько ждать между попытками соединиться
autodial = yes ; Автоматически устанавливать связь при старте сервиса

EOF

vi /etc/ppp/options.l2tpd.client

cat <<EOF >> /etc/ppp/options.l2tpd.client

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
logfile /var/log/xl2tpd.log
idle 1800
mtu 1400
mru 1400
defaultroute
usepeerdns
debug
connect-delay 5000
name $VPNuser
password $VPNpass
EOF

 

Step 3: RUN L2TP

sudo service xl2tpd stop
sudo service ipsec stop
sudo mkdir -p /var/run/xl2tpd
sudo touch /var/run/xl2tpd/l2tp-control

sudo service xl2tpd restart
sudo service ipsec restart
sudo ipsec update
sudo ipsec reload
sudo service xl2tpd status
sudo service ipsec status

sleep 8 
sudo ipsec down  L2TP-PSK-noNAT
sudo ipsec up  L2TP-PSK-noNAT
sleep 8
sudo service xl2tpd restart

sleep 8
sudo bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control'
sleep 8
sudo service xl2tpd restart
sleep 8

 

Step 4: ADD ROUTE

ip route add 192.168.88.250 via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0

------------------------------------------------------------------------------------------------------------------------

OPENVPN:

apt-get install openvpn -y mkdir -p /autostart/openVPN/
cd /autostart/openVPN/

echo $Passphrase >./OVPNpassphare.txt

cat <<EOF >> ./OVPNauth.txt
$USERNAME
$PASSWORD
EOF

openvpn --config /autostart/openVPN/CI_ovp_Ar.ovpn --askpass /autostart/openVPN/OVPNpassphare.txt --daemon

cat /autostart/openVPN/CI_ovp_Ar.ovpn

client
dev tun
proto tcp
remote-cert-tls server
nobind
cipher AES-256-CBC
auth-user-pass /autostart/openVPN/OVPNauth.txt
persist-key
persist-tun
verb 3
route XXX.XXX.XXX.XXX 255.255.254.0
remote XXX.XXX.XXX.XXX PPPP

# Статус-лог переданные данные и т.п.
status /var/log/openvpn-status.log
# Лог клиента
log /var/log/openvpn.log
# Уровень логирования 0 в лог попадают только записи о критических ошибках, если нужно подробнее, то выставляем 9 для дебагинга
verb 0
# Количество записей после которых будет производиться запись в лог
mute 20

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

-----END ENCRYPTED PRIVATE KEY-----

</key>

 

Monitoring:

#!/bin/bash
AMIip="XXX.XXX.XXX.XXX"
DESTIP="XXX.XXX.XXX.XXX"
echo 'Begin ping'

ping -c 2 $AMIip > /dev/null
if [ $? -eq 0 ]
  then
    echo " $(date)  [info] OK-OK-OK L2TP ping to $AMIip " >> /var/log/siphostcheck.log
  else
    echo " $(date)  [error] NO-NO-NO L2TP ping to $AMIip " >> /var/log/siphostcheck.log
    ping -c 2 $DESTIP
        if [ $? -eq 0 ]
          then
           echo " $(date)  [info] OK-OK-OK DESTIP ping to $DESTIP " >> /var/log/siphostcheck.log
          else
            echo " $(date)  [error] NO-NO-NO DESTIP ping to $DESTIP " >> /var/log/siphostcheck.log
        fi
curl -s -X POST https://api.telegram.org/bot5710478797:-o8/sendMessage -d chat_id=-XXXXXXXXXXXXXXXXXXX -d text="VPN on PROD  server is down! Try reconect "
openvpn --config /autostart/openVPN/CI_ovp_Ar.ovpn --askpass /autostart/openVPN/OVPNpassphare.txt --daemon
fi

 

TrableShuting :

ip a | grep tun
ps -ef | grep openv      and kill demons if need restart tunel

IPDESTINATION="XXX.XXX.XXX.XXX"


sed -i "s/XXX.XXX.XXX.XXX/XXX.XXX.XXX.XXX/g" /autostart/openVPN/CI_ovp_Ar.ovpn 
cat /autostart/openVPN/CI_ovp_Ar.ovpn  
ip a | grep tun
ps -ef | grep openvpn

kill -11 
ping -c 2 $IPDESTINATION
ip a | grep tun
openvpn --config /autostart/openVPN/CI_ovp_Ar.ovpn --askpass /autostart/openVPN/OVPNpassphare.txt --daemon

ip a | grep tun
ps -ef | grep openvpn
sleep 10
ping -c 2 $IPDESTINATION

--------------------------------------------------------------------------------------------------------------

FOR Server 

local x.x.x.x
port 21788
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.x.x.x 255.255.255.0
#route 10.x.x.x 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
duplicate-cn
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 9
crl-verify crl.pem

Добавить комментарий
17 янв2023

Docker Counter replicas in docker conteiners

Written by Super User. Posted in Articles Unix

version: '3.7'
services:
  dev_mysql:
    image: mysql:8.0.16
    command: --default-authentication-plugin=mysql_native_password 
    environment:
      - MYSQL_DATABASE='dev_mysql'
      - MYSQL_USER='user'
      - MYSQL_PASSWORD='password'
      - MYSQL_ROOT_PASSWORD='xxxxxxxxxxxxxxx'
      - REPLICA={{.Task.Slot}}
    ports:
      - 3355:3306
    networks:
      - crm_network
    deploy:
      replicas: 6
      restart_policy:
        condition: any
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      resources:
        limits:
          memory: 2048M
          cpus: "2"
networks:
  crm_network:
    external: true
 

#LISTID=$(docker ps -q) && for i in $LISTID; do (docker exec -it $i "env" | grep REPLICA); done

REPLICA=5
REPLICA=2
REPLICA=4
REPLICA=6
REPLICA=3
REPLICA=1
 

Добавить комментарий
17 окт2022

mail client on Linux CLI

Written by Super User. Posted in Articles Unix

Installing mailx

yum -y update
yum install -y mailx

We can now start sending e-mails using

create a symbolic link

ln -s /bin/mailx /bin/email

###Set an External SMTP Server to Relay E-Mails

vi /etc/mail.rc

edit

set smtp=smtps://smtp.gmail.com:465
set smtp-auth=login
set smtp-auth-user=Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в вашем браузере должен быть включен Javascript.
set smtp-auth-password=YOURPASSWORD
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/

example usage :

echo "Your message" | mail -v -s "Message Subject" email@address
Добавить комментарий
10 авг2022

FTPs docker

Written by Super User. Posted in Articles Unix

Have one task -- deploy ftps 

good link 

/DATA/ftps/# cat Docker-compose.yml
version: '3'
services:
  ftps:
    image: stilliard/pure-ftpd
    container_name: ftps
    ports:
      - "21:21"
      - "30000-30009:30000-30009"
    volumes:
      - "/DATA/ftps/volumes/data:/home/foo/"
      - "/DATA/ftps/volumes/passwd:/etc/pure-ftpd/passwd"
      - "/DATA/ftps/volumes/ssl:/etc/ssl/private/"
    environment:
      PUBLICHOST: "0.0.0.0"
      FTP_USER_NAME: ftp-user
      FTP_USER_PASS: Qwerty123
      FTP_USER_HOME: /home/foo
      ADDED_FLAGS: "--tls=2"
      TLS_CN: "localhost"
      TLS_ORG: "ksi"
      TLS_C: "UA"

Start:

docker-compose up -d

Console connect:

docker exec -it {ID container} "sh"

Stop:

docker-compose down
Добавить комментарий

Еще статьи...

Login