Using Nginx as Load Balancer in Docker

Posted in System by nbctcp

-pull nginx

# docker pull nginx
# docker pull nginxdemos/hello

-run two nginx
because I want to set static ip to www1 and www2.
I need to create my own network

# docker network create –subnet=172.10.0.0/24 vlan10

# docker run –name=www1 –hostname=www1 –net vlan10 –ip 172.10.0.11 -p 81:80 -d nginxdemos/hello

# docker run –name=www2 –hostname=www2 –net vlan10 –ip 172.10.0.12 -p 82:80 -d nginxdemos/hello

-create nginx load balancer

# cat nginx.conf

upstream loadbalance {

least_conn;

server 192.168.88.66:81;

server 192.168.88.66:82;

}

server {

location / {

proxy_pass http://loadbalance;

}

# cat Dockerfile

FROM nginx

RUN rm /etc/nginx/conf.d/default.conf

COPY nginx.conf /etc/nginx/conf.d/default.conf

# docker build -t nginxbalancer .

# docker container run -p 80:80 -d nginxbalancer

-test accessing http://192.168.88.66

it should show “Server address:”

-test shutdown both www1 and www2

# docker stop www1

# docker stop www2

test accessing http://192.168.88.66

it should show bad gateway

-test run www1 again

# docker start www1

it should show “Server address:”

18Apr2018

Docker Export and Save Difference

Posted in System by nbctcp

SOURCE: https://tuhrig.de/difference-between-save-and-export-in-docker/

-pull docker image

# docker pull busybox

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox latest 8ac48589692a 12 days ago 1.15MB

-make changes to a container

# docker run busybox mkdir /home/test

# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

87fa2f411346 busybox “mkdir /home/test” About a minute ago Exited (0) About a minute ago festive_spence

-commit this changed container and create a new image called busybox-1

# docker commit 87fa2f411346 busybox-1

sha256:4ac0618d96c9f1a5cc6fef88e8310bdd32f4af7da84bf77f712c36e439b2abae

-should see the image busybox and busybox-1

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox-1 latest 4ac0618d96c9 16 seconds ago 1.15MB

busybox latest 8ac48589692a 12 days ago 1.15MB

-to see the difference between both images

# docker run busybox [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’

Directory not found

# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’

Directory found

# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

66db57b1054b busybox-1 “[ -d /home/test ]” 4 minutes ago Exited (0) 4 minutes ago suspicious_pike

2f6107852442 busybox “[ -d /home/test ]” 4 minutes ago Exited (1) 4 minutes ago infallible_euclid

-Export is used to persist a container (not an image)

NOTE: you can export while container running

# docker export 2f6107852442 > /tmp/export.tar

The result is a TAR-file which should be slightly smaller than the one from save

-Save is used to persist an image (not a container)

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox-1 latest 4ac0618d96c9 8 minutes ago 1.15MB

busybox latest 8ac48589692a 12 days ago 1.15MB

# docker save busybox-1 > /tmp/save.tar

The result is a TAR-file which should be slightly bigger than the one from export

-we clean up a little bit – we remove all containers and images we have right now

# docker rmi busybox busybox-1

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

-restore an export.tar

# cat /tmp/export.tar | sudo docker import – busybox-1-export:latest

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox-1-export latest 4ca587fe5d23 13 seconds ago 1.15MB

# sudo docker run busybox-1-export [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’

Directory not found

-restore a save.tar

# docker load < /tmp/save.tar

0314be9edf00: Loading layer 1.36MB/1.36MB

7b125480d284: Loading layer 2.048kB/2.048kB

Loaded image: busybox-1:latest

# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox-1-export latest 4ca587fe5d23 5 minutes ago 1.15MB

busybox-1 latest 4ac0618d96c9 About an hour ago 1.15MB

# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’

Directory found

So what’s the difference between both?

Well, as we saw the exported version is slightly smaller. That is because it is flattened, which means it lost its history and meta-data.

We can see this by the following command:

# docker history busybox-1-export

IMAGE CREATED CREATED BY SIZE COMMENT

4ca587fe5d23 8 minutes ago 1.15MB Imported from –

# docker history busybox-1

IMAGE CREATED CREATED BY SIZE COMMENT

4ac0618d96c9 About an hour ago mkdir /home/test 0B

<missing> 12 days ago /bin/sh -c #(nop) CMD [“sh”] 0B

<missing> 12 days ago /bin/sh -c #(nop) ADD file:c94ab8f861446c74e… 1.15MB

17Apr2018

Kali linux on Docker Installation

Posted in System by nbctcp

SOURCE: https://medium.com/@airman604/kali-linux-in-a-docker-container-5a06311624eb

# docker pull kalilinux/kali-linux-docker

# docker run -ti kalilinux/kali-linux-docker bash

# apt full-upgrade -y

-above installation is for base installation only. There are other tools packages need to be installed

https://www.kali.org/news/kali-linux-metapackages/

For examples:

* kali-linux 1.5GB

The kali-linux metapackage is a completely bare-bones installation of Kali Linux and includes various network services such as Apache and SSH, the Kali kernel, and a number of version control applications like git, svn, etc. All of the other metapackages listed below also contain kali-linux.

* kali-linux-all 15GB

In order to keep our ISO sizes reasonable, we are unable to include every single tool that we package for Kali and there are a number of tools that are not able to be used depending on hardware, such as various GPU tools. If you want to install every available Kali Linux package, you can install the kali-linux-all metapackage.

* kali-linux-forensic 3.1GB

If you are doing forensics work, you don’t want your analysis system to contain a bunch of unnecessary tools. To the rescue comes the kali-linux-forensic metapackage, which only contains the forensics tools in Kali.

* kali-linux-full 9GB

When you download a Kali Linux ISO, you are essentially downloading an installation that has the kali-linux-fullmetapackage installed. This package includes all of the tools you are familiar with in Kali.

* kali-linux-gpu 4.8GB

GPU utilities are very powerful but need special hardware in order to function correctly. For this reason, they are not included in the default Kali Linux installation but you can install them all at once with kali-linux-gpu and get cracking.

* kali-linux-pwtools 6GB

The kali-linux-pwtools metapackage contains over 40 different password cracking utilities as well as the GPU tools contained in kali-linux-gpu.

* kali-linux-rfid 1.5GB

For our users who are doing RFID research and exploitation, we have the kali-linux-rfid metapackage containing all of the RFID tools available in Kali Linux.

* kali-linux-sdr 2.4GB

The kali-linux-sdr metapackage contains a large selection of tools for your Software Defined Radio hacking needs.

* kali-linux-top10 3.5GB

In Kali Linux, we have a sub-menu called “Top 10 Security Tools”. The kali-linux-top10 metapackage will install all of these tools for you in one fell swoop.

* kali-linux-voip 1.8GB

Many people have told us they use Kali Linux to conduct VoIP testing and research so they will be happy to know we now have a dedicated kali-linux-voip metapackage with 20+ tools.

* kali-linux-web 4.9GB

Web application assessments are very common in the field of penetration testing and for this reason, Kali includes the kali-linux-web metapackage containing dozens of tools related to web application hacking.

* kali-linux-wireless 6.6GB

Like web applications, many penetration testing assessments are targeted towards wireless networks. The kali-linux-wireless metapackage contains all the tools you’ll need in one easy to install package.

# apt install kali-linux-top10 man-db exploitdb -y

To see the list of tools included in a metapackage, you can use simple apt commands. For example, to list all the tools included in the kali-linux-web metapackage, we could:

# apt-cache show kali-linux-top10 man-db |grep Depends

Depends: kali-linux, aircrack-ng, burpsuite, hydra, john, maltego, maltego-teeth, metasploit-framework, nmap, zaproxy, sqlmap, wireshark

Depends: bsdmainutils, debconf (>= 1.2.0) | debconf-2.0, groff-base (>= 1.18.1.1-15), libc6 (>= 2.17), libgdbm5 (>= 1.12), libpipeline1 (>= 1.5.0), libseccomp2 (>= 2.1.0), zlib1g (>= 1:1.1.4)

Pre-Depends: dpkg (>= 1.16.1~)

16Apr2018

Installing Mvance/Unbound Docker

Posted in System by nbctcp

-download unbound docker

# git clone https://github.com/MatthewVance/unbound-docker.git

# cd unbound-docker

-remove unneeded files

# rm -rf 1.5*

# rm -rf 1.6*

# cd 1.7.0

-modify A and PTR records

# cat a-records.conf

# A Record

local-data: “wwwngtrain.com. A 10.0.10.80″

# PTR Record

local-data-ptr: “10.0.10.80 www.ngtrain.com.”

-run unbound docker

# docker run –name unbound -d -p 53:53/udp -v $(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro –restart=always mvance/unbound:latest

# ifconfig

docker0 Link encap:Ethernet HWaddr 02:42:4c:11:0b:8e

inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0

inet6 addr: fe80::42:4cff:fe11:b8e/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:71 errors:0 dropped:0 overruns:0 frame:0

TX packets:78 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:7296 (7.2 KB) TX bytes:32517 (32.5 KB)

eth0 Link encap:Ethernet HWaddr 00:0c:29:bb:8b:8e

inet addr:10.0.10.131 Bcast:10.0.10.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:104709 errors:0 dropped:0 overruns:0 frame:0

TX packets:51577 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:138032839 (138.0 MB) TX bytes:4026802 (4.0 MB)

# nslookup

> server 10.0.10.131

Default server: 10.0.10.131

Address: 10.0.10.131#53

> vc.ngtrain.com

Server: 10.0.10.131

Address: 10.0.10.131#53

Name: vc.ngtrain.com

Address: 10.0.10.80

> exit

16Apr2018

Docker Installation

Posted in System by nbctcp

LINUX:

Ubuntu

# apt-get update

# apt-get install apt-transport-https ca-certificates curl software-properties-common

# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –

Verify that you now have the key with the fingerprint9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88, by searching for the last 8 characters of the fingerprint.

# apt-key fingerprint 0EBFCD88

pub 4096R/0EBFCD88 2017-02-22

Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88

uid Docker Release (CE deb) <docker@docker.com>

sub 4096R/F273FCD8 2017-02-22

# add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) edge”

# apt-get update

# apt-get install docker-ce

Note:
https://askubuntu.com/questions/505506/how-to-get-bash-or-ssh-into-a-running-container-in-background-mode
From the security standpoint better using sudo than docker group

-add your current user to docker group

$ sudo usermod -aG docker $USER

-test docker can run

# docker info

# docker version

# docker ps

# docker run hello-world

MAC:

-download docker edge from https://download.docker.com/mac/edge/Docker.dmg

I choose Edge because it has Kubernetes

-click 2x Docker.img

drag Docker into Applications

-open Terminal

$ docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

$ docker info

Containers: 0

Running: 0

Paused: 0

Stopped: 0

Images: 0

Server Version: 18.03.0-ce

Storage Driver: overlay2

Backing Filesystem: extfs

Supports d_type: true

Native Overlay Diff: true

Logging Driver: json-file

Cgroup Driver: cgroupfs

Plugins:

Volume: local

Network: bridge host ipvlan macvlan null overlay

Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog

Swarm: inactive

Runtimes: runc

Default Runtime: runc

Init Binary: docker-init

containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c

runc version: 4fc53a81fb7c994640722ac585fa9ca548971871

init version: 949e6fa

Security Options:

seccomp

Profile: default

Kernel Version: 4.9.87-linuxkit-aufs

Operating System: Docker for Mac

OSType: linux

Architecture: x86_64

CPUs: 2

Total Memory: 1.952GiB

Name: linuxkit-025000000001

ID: 7S3J:6MMM:ZCYZ:W2FP:Q5ER:WLAC:IN4J:C5IP:3ADB:OIIC:BDPX:U5DS

Docker Root Dir: /var/lib/docker

Debug Mode (client): false

Debug Mode (server): true

File Descriptors: 21

Goroutines: 39

System Time: 2018-04-15T09:00:17.847990624Z

EventsListeners: 2

HTTP Proxy: docker.for.mac.http.internal:3128

HTTPS Proxy: docker.for.mac.http.internal:3129

Registry: https://index.docker.io/v1/

Labels:

Experimental: true

Insecure Registries:

127.0.0.0/8

Live Restore Enabled: false

$ docker version

Client:

Version: 18.04.0-ce

API version: 1.37

Go version: go1.9.4

Git commit: 3d479c0

Built:Tue Apr 10 18:13:16 2018

OS/Arch: darwin/amd64

Experimental: false

Orchestrator: swarm

Server:

Engine:

Version: 18.03.0-ce

API version: 1.37 (minimum version 1.12)

Go version: go1.9.4

Git commit: 0520e24

Built: Wed Mar 21 23:14:32 2018

OS/Arch: linux/amd64

Experimental: true

WINDOWS:

NOTE:

-VMware Workstation vm won’t run if Hyper-V installed on Windows

Download Docker Edge from https://download.docker.com/win/edge/Docker%20for%20Windows%20Installer.exe

click 2x Docker for Windows Installer.exe

-on Configuration prompt

tick Add shortcut to desktop

click OK

click Close and Logout

-on “Hyper-V and Containers features are not enabled. Do you want to enable them for Docker to be able to work properly? Your computer will restart automatically. Note: VirtualBox will no longer work.” prompt

click OK

-run Powershell ISE

> docker version

> docker info

> docker ps

Nbctcp's Weblog

From Engineer for Engineers

Tag Archives: Docker

Using Nginx as Load Balancer in Docker

Docker Export and Save Difference

Kali linux on Docker Installation

Installing Mvance/Unbound Docker

Docker Installation