Last active
December 3, 2021 12:24
-
-
Save olidroide/191e66123a141bc039a13e7729a6f0e1 to your computer and use it in GitHub Desktop.
Docker Raspberry pi steps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install Flash tool from https://github.com/hypriot/flash | |
| flash https://downloads.raspberrypi.org/raspbian_lite_latest | |
| - OR - | |
| curl -O https://downloads.raspberrypi.org/raspbian_lite_latest | |
| lsblk | |
| sudo dd if=raspbian_latest.img of=/dev/sdb bs=4M | |
| sync | |
| For headless setup, SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. | |
| # USB HDD quirks | |
| sudo lsusb | |
| Bus 001 Device 004: ID 2537:1068 Norelsys NS1068/NS1068X SATA Bridge Controller | |
| sudo nano /boot/cmdline.txt | |
| usb-storage.quirks=2537:1068:u | |
| sudo nano /boot/config.txt | |
| max_usb_current=1 | |
| ################################### | |
| # Find raspberry pi in your network | |
| nmap -sP 192.168.1.0/24 | |
| ssh pi@192.168.1.204 | |
| raspberry | |
| passwd | |
| # Ubuntu server 17+ | |
| sudo cp /etc/netplan/01-netcfg.yaml{,.bak} | |
| sudo editor /etc/netplan/01-netcfg.yaml | |
| network: | |
| version: 2 | |
| renderer: networkd | |
| ethernets: | |
| ens33: | |
| dhcp4: no | |
| dhcp6: no | |
| addresses: [192.168.1.2/24] | |
| gateway4: 192.168.1.1 | |
| nameservers: | |
| addresses: [8.8.8.8,8.8.4.4] | |
| sudo netplan apply | |
| ######################### | |
| # Configuring a static IP | |
| sudo editor /etc/network/interfaces | |
| #iface eth0 inet dhcp | |
| iface eth0 | |
| static address 192.168.1.10 | |
| static gateway 192.168.1.1 | |
| #google dns servers | |
| static domain_name_servers=192.168.1.1, 8.8.8.8, 8.8.4.4 | |
| sudo editor /etc/dhcpcd.conf | |
| interface eth0 | |
| static ip_address=192.168.1.10/24 | |
| static routers=192.168.1.1 | |
| static domain_name_servers=192.168.1.1 8.8.8.8 8.8.4.4 | |
| sudo editor /etc/hosts | |
| sudo editor /etc/hostname | |
| ##################### | |
| #INCREASE memory RAM | |
| ###################### | |
| sudo editor /boot/config.txt | |
| gpu_mem=16 | |
| ###### | |
| # ZRAM | |
| ###### | |
| sudo wget -O /usr/bin/zram.sh https://raw.githubusercontent.com/novaspirit/rpi_zram/master/zram.sh | |
| sudo chmod +x /usr/bin/zram.sh | |
| sudo nano /etc/rc.local | |
| # add line BEFORE exit 0 | |
| /usr/bin/zram.sh & | |
| ######################### | |
| # USBMOUNT not automount? | |
| This link https://github.com/rbrito/usbmount/issues/2 has the solution. | |
| sudo editor /lib/systemd/system/systemd-udevd.service | |
| MountFlags=slave to MountFlags=shared | |
| sudo reboot | |
| sudo reboot | |
| ssh pi@192.168.1.10 | |
| # remove dhcp | |
| sudo rm /var/lib/dhcp/dhclient.leases | |
| sudo rm /var/lib/dhcpcd5/dhcpcd-eth0.lease | |
| # Update | |
| sudo apt update && sudo apt upgrade -y && sudo apt-get autoclean && sudo apt-get autoremove | |
| # Utils | |
| sudo apt install -y cpufrequtils nano htop mc wavemon usbmount autofs | |
| sudo raspi-config | |
| ############## | |
| # SECURIZE SSH | |
| sudo cp /etc/ssh/sshd_config{,.bak} | |
| sudo editor /etc/ssh/sshd_config | |
| Port 2222 | |
| UsePAM yes | |
| ChallengeResponseAuthentication yes | |
| PasswordAuthentication no | |
| # Add Latch protection http://blog.elevenpaths.com/2016/11/usando-latch-como-totp-para-ssh-en-linux.html | |
| sudo apt-get install libpam-google-authenticator | |
| google-authenticator | |
| sudo editor /etc/pam.d/sshd | |
| # In the first line | |
| auth required pam_google_authenticator.so | |
| #edit | |
| sudo editor /etc/ssh/sshd_config | |
| ChallengeResponseAuthentication yes | |
| (CLIENT) ssh-copy-id pi@192.168.1.10 | |
| sudo service ssh restart | |
| - OR - | |
| sudo systemctl restart ssh | |
| - OR - | |
| sudo reboot | |
| ######## | |
| # Docker | |
| curl -sSL https://get.docker.com | sh | |
| # OR | |
| curl -fsSL get.docker.com -o get-docker.sh && sudo sh get-docker.sh | |
| # Set Docker to auto-start | |
| sudo systemctl enable docker | |
| sudo usermod -aG docker pi | |
| # Docker Compose | |
| sudo apt -y install python-pip | |
| pip install --user docker-compose | |
| PATH="/home/pi/.local/bin${PATH:+:${PATH}}"; export PATH; | |
| # OR USE this script | |
| https://gist.github.com/wdullaer/f1af16bd7e970389bad3 | |
| ######## | |
| # DINAIP | |
| ######## | |
| sudo apt install libwww-perl | |
| cd ~ && mkdir Git && cd Git && git clone https://github.com/dinahosting/dinaip-linux-shell.git && cd dinaip-linux-shell/source | |
| sudo su | |
| sh install.sh | |
| exit | |
| perl -MCPAN -e'install "LWP::Simple"' | |
| sudo dinaip -i -u [user] -p [pass] | |
| ########### | |
| # BENCHMARK | |
| # https://github.com/haydenjames/bench-scripts/blob/master/README.md#benchsh | |
| ########### | |
| wget -qO- bench.sh | bash | |
| ############ | |
| # Partitions | |
| ############ | |
| lsblk | |
| # LET'S ENCRYPT CERTIFICATES | |
| https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-8 | |
| # OR | |
| https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 | |
| # NGINX PROXY | |
| # https://fourteenislands.io/2016/04/nginx-reverse-proxy-docker-and-a-raspberry-pi/ | |
| # https://github.com/jwilder/nginx-proxy | |
| editor docker-compose.yml | |
| # docker-compose.yml for the nginx reverse proxy | |
| version: '2' | |
| services: | |
| nginx-proxy: | |
| image: lroguet/rpi-nginx-proxy:latest | |
| container_name: nginx-proxy | |
| ports: | |
| - "80:80" | |
| volumes: | |
| - ./nginx/logs:/var/log/nginx | |
| - ./nginx/portainer.local_location:/etc/nginx/vhost.d/portainer.local_location | |
| - ./nginx/conf.d/:/etc/nginx/conf.d/ | |
| - /var/run/docker.sock:/tmp/docker.sock:ro | |
| whoami: | |
| image: hypriot/rpi-whoami | |
| container_name: whoami | |
| environment: | |
| - VIRTUAL_HOST=whoami.local | |
| dockerui: | |
| image: hypriot/rpi-dockerui | |
| restart: always | |
| container_name: dockerui | |
| volumes: | |
| - '/var/run/docker.sock:/var/run/docker.sock' | |
| expose: | |
| - "9000" | |
| ports: | |
| - "9001:9000" | |
| environment: | |
| - VIRTUAL_HOST=dockerui.local | |
| portainer: | |
| image: portainer/portainer:arm | |
| restart: always | |
| container_name: portainer | |
| volumes: | |
| - './portainer/data:/data' | |
| - '/var/run/docker.sock:/var/run/docker.sock' | |
| expose: | |
| - "9000" | |
| ports: | |
| - "9000:9000" | |
| environment: | |
| - VIRTUAL_HOST=portainer.local | |
| # edit | |
| editor ~/nginx/portainer.local_location | |
| roxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| # Create and start containers on background | |
| docker-compose up -d | |
| - OR - | |
| docker-compose run -d --service-ports nginx-proxy | |
| # Stop services | |
| docker-compose stop | |
| #Stop and remove containers, networks, images, and volumes | |
| docker-compose down | |
| # Open a terminal on specific container | |
| docker exec -it nginx-proxy /bin/bash | |
| # Blog with Ghost | |
| docker run --name blog -d -p 80:2368 alexellis2/ghost-on-docker:armv7 | |
| # Watch Docker proccess | |
| docker ps | |
| # Status of Docker | |
| docker stats | |
| # MORE INFO IN: | |
| # http://blog.alexellis.io/getting-started-with-docker-on-raspberry-pi/ | |
| # Pi-Hole ad blocker https://github.com/diginc/docker-pi-hole | |
| docker run diginc/pi-hole:arm | |
| wget https://raw.githubusercontent.com/diginc/docker-pi-hole/master/docker_run.sh | |
| # edit docker_run.sh | |
| sh docker_run.sh | |
| - OR - | |
| docker run -p 53:53/tcp -p 53:53/udp -p 80:80 --cap-add=NET_ADMIN -e ServerIP=192.168.10 -e WEBPASSWORD=PASSWORD --restart=always --name pihole -d diginc/pi-hole:arm | |
| docker exec -it pihole bash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment