Denis Ledoux beledouxdenis

## docker-restrict-internet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                beledouxdenis
                / docker-restrict-internet.md
            
            
              Last active
              October 21, 2020 13:04
            
              
                Docker - restrict internet
              
          
    The goal is to restrict docker processes to lan only
while being able to forward port to the host using e.g. -p 80:80
docker network create lan
docker network inspect lan # copy network ip subnet, e.g. "Subnet": "172.18.0.0/16",
sudo iptables --insert DOCKER-USER -s 172.18.0.0/16 -j REJECT --reject-with icmp-port-unreachable
sudo iptables --insert DOCKER-USER -s 172.18.0.0/16 -m state --state RELATED,ESTABLISHED -j RETURN
docker run --network lan -p 8069:8069 ...

If the forward port is not needed, the below is enough:

  
## proxy.conf
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header 	X-Forwarded-Host $host;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header 	X-Forwarded-Proto $scheme;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;

## test_nginx
server {
    include    /etc/nginx/proxy.conf;
    listen 80;
    listen 443 ssl;
    ssl_certificate      /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;
    server_name test_nginx;
    location / {
        proxy_pass http://127.0.0.1:8000;
    }

## flood.py
#!/usr/bin/env python3
import requests
import sys
import threading

from urllib3.exceptions import InsecureRequestWarning

# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

## server.py
#!/usr/bin/env python3
import threading
import time
from http.server import HTTPServer, BaseHTTPRequestHandler
from socketserver import ThreadingMixIn

USE_HTTPS = False
if USE_HTTPS:
    import ssl

## print-badge.py
#!/usr/bin/env python3
import base64
import subprocess
import threading

import requests


def print_badge(barcode):
    pdf_filename = "badge-%s.pdf" % barcode

## odoo-all-modules.py
#!/usr/bin/env python3
import os
import sys

BLACKLIST = ['auth_ldap', 'document_ftp', 'base_gengo',
             'website_gengo', 'website_instantclick',
             'pad', 'pad_project', 'note_pad',
             'pos_cache', 'pos_blackbox_be', 'hw_', 'theme_', 'l10n_']

version = sys.argv[1]

## autosort.py
#!/usr/bin/python3
import os
import re
import requests
import subprocess

from Levenshtein import distance

DOWNLOAD_DIR = '/media/Downloads/'
MOVIES_DIR = os.path.expanduser('~/Movies/')

## odoo-send-email.py
#!/usr/bin/env python3
import base64
import requests

from argparse import ArgumentDefaultsHelpFormatter, ArgumentParser
from urllib.parse import urljoin

parser = ArgumentParser(description='Send an email to Odoo databases',
                        formatter_class=ArgumentDefaultsHelpFormatter)
parser.add_argument('eml_file', help='EML File to send')

## dell-vostro-5481-noisy-fan.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              4 stars
            
          
                beledouxdenis
                / dell-vostro-5481-noisy-fan.md
            
            
              Last active
              February 25, 2020 10:16
            
              
                Dell Vostro 5481 Ubuntu Noisy fans solution
              
          
    Make sure to disable secure boot in bios, otherwise /usr/local/bin/dell-bios-fan-control 0 will return a segfault.
cd /tmp
git clone https://github.com/TomFreudenberg/dell-bios-fan-control
cd dell-bios-fan-control
make
sudo cp dell-bios-fan-control /usr/local/bin/
sudo apt install i8kutils
sudo mkdir /etc/systemd/system/i8kmon.service.d
echo "[Service]
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	client_max_body_size 10m;
	client_body_buffer_size 128k;
	proxy_connect_timeout 90;
	proxy_send_timeout 90;
	server {
	include /etc/nginx/proxy.conf;
	listen 80;
	listen 443 ssl;
	ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
	server_name test_nginx;
	location / {
	proxy_pass http://127.0.0.1:8000;
	}
	#!/usr/bin/env python3
	import requests
	import sys
	import threading

	from urllib3.exceptions import InsecureRequestWarning

	# Suppress only the single warning from urllib3 needed.
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	#!/usr/bin/env python3
	import threading
	import time
	from http.server import HTTPServer, BaseHTTPRequestHandler
	from socketserver import ThreadingMixIn

	USE_HTTPS = False
	if USE_HTTPS:
	import ssl
	#!/usr/bin/env python3
	import base64
	import subprocess
	import threading

	import requests


	def print_badge(barcode):
	pdf_filename = "badge-%s.pdf" % barcode
	#!/usr/bin/env python3
	import os
	import sys

	BLACKLIST = ['auth_ldap', 'document_ftp', 'base_gengo',
	'website_gengo', 'website_instantclick',
	'pad', 'pad_project', 'note_pad',
	'pos_cache', 'pos_blackbox_be', 'hw_', 'theme_', 'l10n_']

	version = sys.argv[1]
	#!/usr/bin/python3
	import os
	import re
	import requests
	import subprocess

	from Levenshtein import distance

	DOWNLOAD_DIR = '/media/Downloads/'
	MOVIES_DIR = os.path.expanduser('~/Movies/')