## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/
All the Dockerfiles I use.
Notes:
- Each container is a 12 factor application. Every container is meant to have maximum portability and replicability.
- Containers can be started by using simple variables.
- Persistency. When passing in a volume, the data will be PERSISTENT. Thus if you
docker rmand re-create the container, data is neither lost no ovewritten. - Each container is automatically built and pushed to https://hub.docker.com/r/cdrage/ on each commit.
- You may also
git clone https://github.com/cdrage/dockerfilesand build it yourself (docker build -t username/container .).
Descriptions:
Below is a general overview (with instructions) on each Docker container I use. This is automatically generated from the comments that I have left in each Dockerfile.
CentOS 7 Systemd base file. Here be dragons.
Description:
Run Chrome in a container (thx jess)
Note: Disabled sandbox due to running-in-a-container issue with userns enabled in kernel, see: jessfraz/dockerfiles#149
Running:
docker run -d \
--memory 3gb \
-v /etc/localtime:/etc/localtime:ro \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=unix$DISPLAY \
-v $HOME/.chrome:/data \
-v $HOME/docker_files/chrome_downloads:/root/Downloads \
-v /dev/shm:/dev/shm \
--device /dev/dri \
--name chrome \
cdrage/chromeDescription:
Couch Potato is a torrent grepper / downloader
Pass in -v ./couchpotato_config:/root/.couchpotato for persistent data
Running:
docker run -d \
-p 5050:5050 \
--name couchpotato \
cdrage/couchpotato Running with persistent data:
docker run -d \
-p 5050:5050 \
--name couchpotato \
-v ./couchpotato_config:/root/.couchpotato \
cdrage/couchpotato Description:
Dynamic DNS for DigitalOcean
Source: https://github.com/gbolo/dockerfiles/tree/master/digitalocean-ddns
Running:
docker run \
-d \
--restart always \
-e DODDNS_TOKEN=your_api_key \
-e DODDNS_DOMAIN=your.domain.com \
cdrage/ddnsDescription:
Source: https://github.com/AMilassin/docker-dodns
Docker to update DigitalOcean DNS similar to DynDNS.
It's as easy as running the container and then editing the configuration file.
Running:
docker run \
--name digitalocean-dns \
-d \
-v /var/digitalocean-dns:/config:rw \
--restart=always \
cdrage/digitalocean-dnsConfiguration:
After running, open /var/digitalocean-dns/dodns.conf.js and edit it to your liking.
Dockerfile to allow the ability to run docker-in-docker and an SSH server. See: https://github.com/docker-library/docs/tree/master/centos#systemd-integration Also: moby/moby#35317
Description:
Run Hamsket in a container (multi-app chat tool)
Running:
docker run -d \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=unix$DISPLAY \
-v /dev/shm:/dev/shm \
--device /dev/dri \
--name hamsket \
cdrage/hamsketDescription:
Encrypted journal (for writing your life entries!, not logs!)
In my case, I enter a timestamp each time I open the file and switch to vim insert mode.
Pass in your encrypted txt file and type in your password. It'll then open it up in vim for you to edit and type up your latest entry.
Remember, this is aes-256-cbc, so it's like hammering a nail with a screwdriver: http://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files
Public / Private key would be better, but hell, this is just a text file.
First, encrypt a text file:
openssl aes-256-cbc -a -md md5 -salt -in foobar.txt -out foobar.enc
Now run it!
Running:
docker run -it --rm \
-v ~/txt.enc:/tmp/txt.enc \
-v /etc/localtime:/etc/localtime:ro \
cdrage/jrlThis will ask for your password, decrypt it to a tmp folder and open it in vim. Once you :wq the file, it'll save.
Description:
A terminal interface for Mattermost via the client Matterhorn https://github.com/matterhorn-chat/matterhorn
To run, simply supply a username, hostname and (additionally) a port number. For example:
Running:
docker run -it --rm \
-e [email protected] \
-e MM_PASS=foobar \
-e MM_HOST=gitlab.mattermost.com \
-e MM_PORT=443 \
--name matterhorn \
cdrage/matterhornDescription:
Source: https://github.com/treemo/docker-mattermost-desktop/blob/master/Dockerfile
Running:
docker run \
-d \
-e DISPLAY \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v $HOME/.config/Mattermost:/home/user/.config/Mattermost \
--name mattermost-desktop \
cdrage/mattermost-desktopDescription:
Source: https://github.com/playlyfe/docker-moodle
Setup:
First, grab moodle and extract.
wget https://github.com/moodle/moodle/archive/v3.0.0.tar.gz
tar -xvf v3.0.0.tar.gz
mkdir /var/www
mv moodle-3.0.0 /var/www/htmlTODO: SSL stuffs
Running:
docker run -d \
-p 80:80 \
-p 443:443 \
-p 3306:3306 \
-v /var/www/html:/var/www/html \
--name moodle \
moodleSetup after running:
Setup permissions once running (with the moodle configuration inside):
Head over to localhost:80 and proceed through the installation (remember to create the config.php file too during install!)
MySQL username: moodleuser
password: moodleAll other values default :)
chmod -R 777 /var/www/html #yolo
Description: Mosh = SSH + mobile connection
Running:
To normally use it:
docker run -it --rm \
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/mosh user@blahblahserverHow I use it (since I pipe it through a VPN):
docker run -it --rm \
--net=container:vpn
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/mosh user@blahblahserverDescription: Mosh = SSH + mobile connection
Running:
To normally use it:
docker run -it --rm \
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/mosh user@blahblahserverHow I use it (since I pipe it through a VPN):
docker run -it --rm \
--net=container:vpn
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/mosh user@blahblahserverDescription:
My mutt configuration in a docker container
Running:
docker run -it --rm \
-e TERM=xterm-256color \
-e MUTT_NAME \
-e MUTT_EMAIL \
-e MUTT_PASS \
-e MUTT_PGP_KEY \
-v $HOME/.gnupg:/home/user/.gnupg \
-v $HOME/dropbox/etc/signature:/home/user/.mutt/signature \
-v $HOME/dropbox/etc/aliases:/home/user/.mutt/aliases \
-v /etc/localtime:/etc/localtime:ro \
cdrage/mutt-gmailDescription:
This is used to create a DNS cacher/forwarder in order to spoof the location when accessing Netflix. Similar to how a VPN does it, but this is with DNS.
IP is the IP of the sniproxy / haproxy server if you're running it on the same host, it's your ip (eth0 or whatever).
WARNING: it's a really bad idea to run an open recurse DNS server (prone to DNS DDoS aplification attacks), it's suggested to have some form of IP firewall for this. (hint: just use iptables)
Running:
docker run \
-p 53:53/udp \
-e IP=10.10.10.1 \
--name dnsmasq
-d \
cdrage/dnsmasqDescription:
Source: https://github.com/trick77/dockerflix
DNS proxy (netflix unblocker) open source. Used in conjuction with netflix-dnsmasq :)
build Dockerfile.uk for uk version
Running:
docker run \
-d \
-p 80:80 \
-p 443:443 \
--name sniproxy \
cdrage/sniproxyDescription:
Source: https://github.com/sjiveson/nfs-server-alpine
An NFS server (I use this to host volumes for Kubernetes deployments). Simple, deployed over 2049 TCP, NFSv4 on Alpine Linux.
Running:
docker run \
-d \
--restart=always \
--net=host \
--name nfs \
--privileged \
-v /var/nfs:/nfsshare \
-e SHARED_DIRECTORY=/nfsshare \
cdrage/nfs-server-alpineUsing:
# This should work
sudo mount -v <IP>:/ /media/mountpoint
# But do this if not
sudo mount -v -o vers=4 <IP>:/ /media/mountpointDescription:
An openvpn-client in an Alpine Linux container
go check your public ip online and you'll see you're connected to the VPN :)
Running:
docker run -it
-v /filesblahblah/hacktheplanet.ovpn:/etc/openvpn/hacktheplanet.ovpn \
--net=host --device /dev/net/tun:/dev/net/tun --cap-add=NET_ADMIN \
cdrage/openvpn-client hacktheplanet.ovpnDescription:
OpenVPN within an Ubuntu container
Run then ctrl+p + ctrl+q after authenticating (this exists the container)
Then from another container just use --net=container:openvpn
Remember to add
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
to your openvpn.conf file!
Running:
docker run \
--cap-add=NET_ADMIN \
--device /dev/net/tun \
-h openvpn \
--name openvpn \
-it \
cdrage/openvpn-client-dockerDescription:
Source: https://github.com/jpetazzo/dockvpn
NOTE: The keys are generate on EACH reboot and the private key is used in both the server and the client for simplicity reasons. If someone obtains your client information, they will be able to access the server and perhaps spoof a session. It's recommended that you find an alternative way of deploying a VPN server if you are keen to have 100% security.
If you wish to re-generate the certificates, simply restart your Docker container.
Running:
Start the openvpn server:
docker run -d --privileged -p 1194:1194/udp -p 443:443/tcp --name vpn cdrage/openvpn-serverCreate a http server to termporarily download the configuration:
docker run --rm -ti -p 8080:8080 --volumes-from vpn cdrage/openvpn-server serveconfigDownload the configuration for your client to use:
wget https://IP:8080/ --no-check-certificate -O config.ovpnDescription:
Stream from a magnet torrent
Running:
docker run -it -p 8888:8888 cdrage/peerflix $MAGNET_URLThen open up VLC and use localhost:8888 to view
Notes: TODO
Description:
Source: https://github.com/dperson/samba
Samba in a Docker container (why? why not.)
Running:
(how I use it at least)
docker run \
-it \
--name samba \
-p 139:139 \
-p 445:445 \
-p 137:137/udp \
-p 138:138/udp \
-d \
--network host \
-v /var/samba:/mount \
--restart=always \
dperson/samba \
-u "admin;password" \
-s "backup;/mount/backup;yes;no;no;admin" \
-w "WORKGROUP" \
-n Description:
Source: https://bitbucket.org/xcgd-team/seafile-client
After a lot of frustation, I've taken the solution from: https://bitbucket.org/xcgd-team/seafile-client and fiddled around with it for my needs.
Running:
mkdir ~/seafile
docker run \
-d \
--name seafile-client \
-v ~/seafile:/data \
--restart=always \
cdrage/seafile-clientThe seaf-cli is accessible via:
docker exec seafile-client /usr/bin/seaf-cliIn order to "add" a folder, you must sync it via the "sync" command line action
# change "foobar" to your folder
# mkdir must be created first in order to create proper permissions
# Due to issues with python + passing in a password, you must
# exec into the container to add your initial folder.
mkdir -p ~/seafile/foobar
docker exec -it seafile-client bash
/usr/bin/seaf-cli sync -l YOUR_LIBRARY_ID -s YOUR_SEAFILE_SERVER -d /data/foobar -u YOUR_EMAIL -p YOUR_PASSWORDTo check the status:
docker exec -it seafile-client /usr/bin/seaf-cli statusDescription:
Source: https://github.com/strator-dev/docker-seafile
Okay, this Seafile Server container I've been using for a whileeeee and it's been great. But there are a few caveats you need to understand before deploying.
First off, choose if you are going to use HTTP or HTTPS.
Second, you need to make sure that SEAFILE_HOST is actually your domain name or a public IP address that will NOT change. If you set it to 0.0.0.0 you'll be able to access it and all, but come uploading/downloading files, it'll fall flat on it's face.
Environment variables:
| Variable | Usage |
|---|---|
| SEAFILE_VERSION | Set the initial version of the Seafile Server. This will download and apply the current version set. |
| SEAFILE_ADMIN_EMAIL | Admin login email (this can be changed afteR) |
| SEAFILE_ADMIN_PASSWORD | Admin password (this can be changed after) |
| SEAFILE_HOST | The public IP address / A record of the host |
| SEAFILE_PORT | Just use 8080 (fails on using 80 or 443 for some reason... too lazy to debug) |
| SEAFILE_USE_HTTPS | Set 1 to enable https and 0 to disable. |
Running:
docker run \
-d \
-e "SEAFILE_VERSION=6.2.2" \
-e "[email protected]" \
-e "SEAFILE_ADMIN_PASSWORD=YOURPASSWORD" \
-e "SEAFILE_HOST=example.domain.com" \
-e "SEAFILE_USE_HTTPS=1" \
-e "SEAFILE_PORT=8080" \
-v /var/seafile:/opt/seafile \
-p 8080:8080 \
--name="seafile" \
cdrage/seafile-serverUsing TLS / HTTPS:
Back-in-the-day Seafile used to use their own https / TLS setup, but it ended up being buggy, cumbersome, and constantly breaking. So now they simply ask for users to reverse proxy / throw an NGINX server in-front of Seafile.
To do that, I've written a tutorial on how to use Let's Encrypt and nginx-proxy to create a TLS certificate in-front of a Docker Container: https://charliedrage.com/letsencrypt-on-docker
Once you've set that up, it's as simple as doing:
docker run \
-d \
-e "SEAFILE_VERSION=6.2.2" \
-e "[email protected]" \
-e "SEAFILE_ADMIN_PASSWORD=YOURPASSWORD" \
-e "SEAFILE_HOST=example.domain.com" \
-e "SEAFILE_USE_HTTPS=1" \
-e "SEAFILE_PORT=8080" \
-e "VIRTUAL_HOST=example.com.com" \
-e "VIRTUAL_PORT="8080" \
-v /var/seafile:/opt/seafile \
-p 8080:8080 \
--name="seafile" \
cdrage/seafile-serverProblems uploading files?
So I used https://github.com/jwilder/nginx-proxy for creating a reverse proxy in-front of the container. Big problem is that by default, there is a 100MB client_max_body_size in-front of the nginx proxy. Make sure that THIS has been added to nginx-proxy:
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;Other documentation There's some more documentation that I will add later, but this is based upon a source image. See: https://github.com/strator-dev/docker-seafile for more details on how to run the garbage collector, etc.
Description:
Source: https://github.com/arypurnomoz/sensu-client.docker
This container allows you to run sensu in a container (yay) although there are some caveats.
This is a basic container with NO checks. This is enough to get you setup and connecting to the sensu master. However, in order to add checks you'd have to pass in a folder of plugins (if you wish to pass them as a volume) or add them HERE to the Dockerfile.
In my example, I use the docker-api and docker folder since I'll be mounting a -v /checks folder containing a few plugins. This is all optional and you may modify it to your own will.
You'll also have to modify the checks.json file on the sensu master server in order to make sure you are using the correct plugins in the respective folders.
Running:
docker run \
-v /etc/sensu/ssl/cert.pem:/etc/sensu/ssl/cert.pem \
-v /etc/sensu/ssl/key.pem:/etc/sensu/ssl/key.pem \
-v /etc/sensu/plugins:/etc/sensu/plugins \
-e CLIENT_NAME=sensu-client \
-e CLIENT_ADDRESS=10.0.0.1 \
-e RABBITMQ_HOST=rabbitmq.local \
-e RABBITMQ_PORT=5671 \
-e RABBITMQ_VHOST="/sensu" \
-e RABBITMQ_USER=sensu \
-e RABBITMQ_PASS=sensu \
-e SUB=metrics,check \
cdrage/sensu-clientor use the Makefile provided. ex.
make all SSL=/etc/sensu/ssl IP=10.10.10.1 NAME=sensu SUB=default RABBIT_HOST=10.10.10.10 RABBIT_USERNAME=sensu RABBIT_PASS=sensuDescription: SSH in a Docker container :)
Running:
To normally use it:
docker run -it --rm \
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/ssh user@blahblahserverHow I use it (since I pipe it through a VPN):
docker run -it --rm \
--net=container:vpn
-e TERM=xterm-256color \
-v $HOME/.ssh:/root/.ssh \
cdrage/ssh user@blahblahserverDescription:
Source: https://github.com/luzifer-docker/docker-teamspeak3
Praise Gaben! Teamspeak in a docker container :)
All your files will be located within ~/ts (sqlite database, whitelist, etc.). This is your persistent folder. This will containe your credentials, whitelist, etc. So keep it safe. If you ever want to upgrade your teamspeak server (dif version or hash), simply point the files to there again. To find out the admin key on initial boot. Use docker logs teamspeak
Running:
docker run \
--name teamspeak \
-d \
-p 9987:9987/udp \
-p 30033:30033/tcp \
-v $HOME/ts:/teamspeak3 \
cdrage/teamspeakDescription:
Source:* https://github.com/dperson/transmission
ENV VARIABLES
TRUSER - set username for transmission auth
TRPASSWD - set password for transmission auth
TIMEZONE - set zoneinfo timezone
Running:
docker run \
--name transmission \
-p 9091:9091 \
-v ~/Downloads:/var/lib/transmission-daemon/downloads \
-e TRUSER=admin \
-e TRPASSWD=admin \
-d \
cdrage/transmissionDescription:
Weechat IRC!
recommended to daemonize it and run in background for collection of logs, etc while idle, simply attach to container. ctrl+p ctrl+q to quit
port 40900 is used for weechat relay (if you decide to use it)
run then docker attach weechat
Running:
docker run -it -d \
-e TERM=xterm-256color \
-v /etc/localtime:/etc/localtime:ro \
--name weechat \
-p 40900:40900 \
cdrage/weechatDescription:
Source: https://github.com/dlandon/zoneminder
Run zoneminder in a container.
Zoneminder GUI: http://IP:8080/zm or https://IP:8443/zm
zmNinja Notification Sever: https://IP:9000
Running:
docker run -d --name zoneminder \
--net bridge \
--privileged \
-p 8080:80/tcp \
-p 8443:443/tcp \
-p 9000:9000/tcp \
-e TZ="America/New_York" \
-e SHMEM="50%" \
-e PUID="99" \
-e PGID="100" \
-v ~/zm/config:/config \
-v ~/zm/data:/var/cache/zoneminder \
cdrage/zoneminder