Last active
January 4, 2021 23:50
-
-
Save pentateu/09f5aa8f833d6df2e02cc04473ef5f4d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## start mongo and nats streaming | |
sudo docker run -d -p 27017:27017 mongo | |
# start nats streaming on port 4222 | |
sudo docker run -d -p 4222:4222 nats-streaming -mc 0 | |
## watch docker logs ## very usefull fixing issues :) | |
sudo journalctl -fu docker.service | |
## issues starting service.. use this to see error logs | |
journalctl -u docker.service | |
## Setup Ubuntu to expose docker daemon ## | |
## Docker host setup ## | |
## create TLS certificates | |
# https://docs.docker.com/engine/security/https/ | |
# will ask u to setup a password | |
openssl genrsa -aes256 -out ca-key.pem 4096 | |
# will ask u for the password | |
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem | |
openssl genrsa -out server-key.pem 4096 | |
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr | |
echo subjectAltName = DNS:$HOST,IP:127.0.0.1 >> extfile.cnf | |
echo extendedKeyUsage = serverAuth >> extfile.cnf | |
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf | |
# client setup.. can be done on host also | |
openssl genrsa -out key.pem 4096 | |
openssl req -subj '/CN=client' -new -key key.pem -out client.csr | |
echo extendedKeyUsage = clientAuth > extfile-client.cnf | |
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf | |
## Remove requests | |
rm -v client.csr server.csr extfile.cnf extfile-client.cnf | |
#move to docker dir | |
mkdir -pv ~/.docker | |
mv .pem ~/.docker | |
cd ~/.docker | |
# protect write and reads | |
chmod -v 0444 ca.pem server-cert.pem cert.pem | |
chmod -v 0400 ca-key.pem key.pem server-key.pem | |
### Server Setup | |
https://docs.docker.com/install/linux/linux-postinstall/ | |
# create or update | |
/etc/docker/daemon.json | |
sudo nano /etc/docker/daemon.json | |
# contents: | |
{ | |
"debug": true, | |
"tls": true, | |
"tlscert": "/home/rafael/.docker/server-cert.pem", | |
"tlskey": "/home/rafael/.docker/server-key.pem", | |
"tlscacert": "/home/rafael/.docker/ca.pem", | |
"hosts": ["tcp://note-linux:2376", "unix:///var/run/docker.sock"] | |
} | |
# Restart Docker. | |
sudo systemctl restart docker.service | |
#### Networking #### | |
## Specific IP address per container ## | |
Try this tutorial | |
https://www.codesd.com/item/how-to-assign-static-public-ip-to-the-docker-container.html | |
ip addr add 192.168.1.105 dev wlxd46e0e035d55 | |
ip addr add 192.168.1.106 dev wlxd46e0e035d55 | |
OR in the visual interface Network settings > ipv4 ( I did that later) | |
## Check ports workin on host | |
sudo lsof -i -P -n | grep LISTEN | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment