pentateu/Docker Stuff :)

## Docker Stuff :)
## start mongo and nats streaming
sudo docker run -d -p 27017:27017 mongo

# start nats streaming on port 4222
sudo docker run -d -p 4222:4222 nats-streaming -mc 0

## watch docker logs ## very usefull fixing issues :)
sudo journalctl -fu docker.service

## issues starting service.. use this to see error logs
journalctl -u docker.service

## Setup Ubuntu to expose docker daemon ##

## Docker host setup ##

## create TLS certificates
# https://docs.docker.com/engine/security/https/

# will ask u to setup a password
openssl genrsa -aes256 -out ca-key.pem 4096

# will ask u for the password
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

openssl genrsa -out server-key.pem 4096

openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$HOST,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

# client setup.. can be done on host also
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr

echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf

## Remove requests
rm -v client.csr server.csr extfile.cnf extfile-client.cnf

#move to docker dir
mkdir -pv ~/.docker
mv .pem ~/.docker
cd ~/.docker

# protect  write and reads
chmod -v 0444 ca.pem server-cert.pem cert.pem
chmod -v 0400 ca-key.pem key.pem server-key.pem


### Server Setup
https://docs.docker.com/install/linux/linux-postinstall/

# create or update
/etc/docker/daemon.json

sudo nano /etc/docker/daemon.json

# contents:
{
  "debug": true,
  "tls": true,
  "tlscert": "/home/rafael/.docker/server-cert.pem",
  "tlskey": "/home/rafael/.docker/server-key.pem",
  "tlscacert": "/home/rafael/.docker/ca.pem",
  "hosts": ["tcp://note-linux:2376", "unix:///var/run/docker.sock"]
}

# Restart Docker.
sudo systemctl restart docker.service


#### Networking ####
## Specific IP address per container ##
Try this tutorial
https://www.codesd.com/item/how-to-assign-static-public-ip-to-the-docker-container.html

ip addr add 192.168.1.105 dev wlxd46e0e035d55
ip addr add 192.168.1.106 dev wlxd46e0e035d55

OR in the visual interface Network settings > ipv4 ( I did that later)

## Check ports workin on host
sudo lsof -i -P -n | grep LISTEN
	## start mongo and nats streaming
	sudo docker run -d -p 27017:27017 mongo

	# start nats streaming on port 4222
	sudo docker run -d -p 4222:4222 nats-streaming -mc 0

	## watch docker logs ## very usefull fixing issues :)
	sudo journalctl -fu docker.service

	## issues starting service.. use this to see error logs
	journalctl -u docker.service

	## Setup Ubuntu to expose docker daemon ##

	## Docker host setup ##

	## create TLS certificates
	# https://docs.docker.com/engine/security/https/

	# will ask u to setup a password
	openssl genrsa -aes256 -out ca-key.pem 4096

	# will ask u for the password
	openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

	openssl genrsa -out server-key.pem 4096

	openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

	echo subjectAltName = DNS:$HOST,IP:127.0.0.1 >> extfile.cnf
	echo extendedKeyUsage = serverAuth >> extfile.cnf
	openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

	# client setup.. can be done on host also
	openssl genrsa -out key.pem 4096
	openssl req -subj '/CN=client' -new -key key.pem -out client.csr

	echo extendedKeyUsage = clientAuth > extfile-client.cnf
	openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf

	## Remove requests
	rm -v client.csr server.csr extfile.cnf extfile-client.cnf

	#move to docker dir
	mkdir -pv ~/.docker
	mv .pem ~/.docker
	cd ~/.docker

	# protect write and reads
	chmod -v 0444 ca.pem server-cert.pem cert.pem
	chmod -v 0400 ca-key.pem key.pem server-key.pem


	### Server Setup
	https://docs.docker.com/install/linux/linux-postinstall/

	# create or update
	/etc/docker/daemon.json

	sudo nano /etc/docker/daemon.json

	# contents:
	{
	"debug": true,
	"tls": true,
	"tlscert": "/home/rafael/.docker/server-cert.pem",
	"tlskey": "/home/rafael/.docker/server-key.pem",
	"tlscacert": "/home/rafael/.docker/ca.pem",
	"hosts": ["tcp://note-linux:2376", "unix:///var/run/docker.sock"]
	}

	# Restart Docker.
	sudo systemctl restart docker.service


	#### Networking ####
	## Specific IP address per container ##
	Try this tutorial
	https://www.codesd.com/item/how-to-assign-static-public-ip-to-the-docker-container.html

	ip addr add 192.168.1.105 dev wlxd46e0e035d55
	ip addr add 192.168.1.106 dev wlxd46e0e035d55

	OR in the visual interface Network settings > ipv4 ( I did that later)

	## Check ports workin on host
	sudo lsof -i -P -n \| grep LISTEN