- Export the container to a tarball
docker export <CONTAINER ID> > /home/export.tar
- Move your tarball to new machine
- Import it back
cat /home/export.tar | docker import - some-name:latest
- Copy config files and docker-compose file and then start the docker container
- clean up any extra image files if not being used.
How to move a docker container
Posted in Uncategorized.
rev="post-1206" No comments
– March 5, 2024
How to fix permissions on wordpress docker file system
docker exec -t -i mycontainer /bin/bash
chown -R www-data:www-data *
Posted in Uncategorized.
rev="post-1198" No comments
– December 12, 2023
edgerouter
#edgerouter
Create CA
First, you’ll need to become root.
sudo su –
Next, move into the necessary directory and create a new CA certificate.
cd /usr/lib/ssl/misc/
./CA.sh -newca
Once this completes, you’ll have a new directory called demoCA. The two most important files in here are as follows:
private/cakey.pem – This is the private key for your CA (keep this secret)
cacert.pem – This the public key for your CA (you’ll be giving this out to your clients)
Create server certificate
Next, we’ll generate a public/private key for the server. The Common Name (CN) of your server certificate should be something unique (I used my dynamic DNS name).
./CA.sh -newreq
Once this completes, you’ll have two new files, as follows:
newkey.pem – This is the private key for your server (keep this secret)
newreq.pem – This is the unsigned public key of the server (this needs to be signed by your CA)
Now, sign the request.
./CA.sh -sign
You’ll have one more file, shown below.
newcert.pem – This is the public key for your server
Move files
I recommend moving the important files to a directory where they won’t be wiped out during a firmware upgrade. In addition to moving the files, we’re also renaming them.
cp /usr/lib/ssl/misc/demoCA/cacert.pem /config/auth/
cp /usr/lib/ssl/misc/demoCA/private/cakey.pem /config/auth/
mv /usr/lib/ssl/misc/newcert.pem /config/auth/host.pem
mv /usr/lib/ssl/misc/newkey.pem /config/auth/host.key
DH parameters
Next, generate Diffie-Hellman (DH) parameters to ensure Perfect Forward Secrecy (PFS). Expect this to take 5-10 minutes with one CPU at 100%.
openssl dhparam -out /config/auth/dh2048.pem -2 2048
A good explanation of DH parameters and why you need them is located here.
Create user certificate(s)
Next, generate a request and sign it for a new user certificate. The Common Name (CN) of your user certificate should be something unique (I used my client’s host name).
./CA.sh -newreq
./CA.sh -sign
Move the new files into your preserved directory while renaming them.
mv newcert.pem /config/auth/client1.pem
mv newkey.pem /config/auth/client1.key
Repeat this as necessary for each client.
Decrypt keys
You’ll need to remove the password from the host and client(s) keys so that OpenVPN can run in interactive mode.
openssl rsa -in /config/auth/host.key -out /config/auth/host-decrypted.key
openssl rsa -in /config/auth/client1.key -out /config/auth/client1-decrypted.key
Repeat this as necessary for each client(s).
EdgeRouter setup
First, I would recommend exiting back to the normal ubnt user.
exit
whoami
Create interface
Now, we’ll need to create a new interface for the VPN and set a few settings.
configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 description “OpenVPN server”
set interfaces openvpn vtun0 mode server
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 hash sha256
set interfaces openvpn vtun0 server subnet 192.168.105.0/24
set interfaces openvpn vtun0 server push-route 192.168.5.0/24
set interfaces openvpn vtun0 server name-server 192.168.5.254
set interfaces openvpn vtun0 tls ca-cert-file /config/auth/cacert.pem
set interfaces openvpn vtun0 tls cert-file /config/auth/host.pem
set interfaces openvpn vtun0 tls key-file /config/auth/host-decrypted.key
set interfaces openvpn vtun0 tls dh-file /config/auth/dh2048.pem
set interfaces openvpn vtun0 openvpn-option “–port 1194”
set interfaces openvpn vtun0 openvpn-option –tls-server
set interfaces openvpn vtun0 openvpn-option “–comp-lzo yes”
set interfaces openvpn vtun0 openvpn-option –persist-key
set interfaces openvpn vtun0 openvpn-option –persist-tun
set interfaces openvpn vtun0 openvpn-option “–keepalive 10 120”
set interfaces openvpn vtun0 openvpn-option “–user nobody”
set interfaces openvpn vtun0 openvpn-option “–group nogroup”
commit
save
Setup firewall
We’ll need to open a port in the firewall for OpenVPN. If you’re not using the standard port (1194), change it appropriately.
configure
set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description “OpenVPN”
set firewall name WAN_LOCAL rule 50 destination port 1194
set firewall name WAN_LOCAL rule 50 log enable
set firewall name WAN_LOCAL rule 50 protocol udp
commit
save
Set DNS
Tell DNS to listen for requests on the new vtun0 interface.
configure
set service dns forwarding listen-on vtun0
commit
save
Setup client configuration
The client configuration will vary from client-to-client, but the configuration below should work for Android phones or Linux clients. If you’re using Windows, you’re going to have a tougher time, because it needs some extra options.
Posted in HowTo, Uncategorized.
rev="post-1128" No comments
– April 16, 2018
media box build list(update June 2018)
media box build list(update June 2018)
setup influxdb and Grafana for smarthings
copy files
setup nfs
setup samba
setup apache
-setup mysql
-setup phpmysql
setup websites
setup mythtv
setup cron jobs
setup plex
setup ssl
-setup email server
-setup unifi and attach aps to it
https://help.ubnt.com/hc/en-us/articles/220066768-UniFi-How-to-Install-Update-via-APT-on-Debian-or-Ubuntu
echo ‘deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti’ | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
apt-key adv –keyserver keyserver.ubuntu.com –recv 06E85760C0A52C50
apt-get update
apt-get install openjdk-8-jdk-headless openjdk-8-jre-headless; update-alternatives –config java
apt-get install unifi
https://community.ubnt.com/t5/UniFi-Routing-Switching/MongoDB-3-6/td-p/2195435/page/2
setup awstats
setup cacti
direct all computers to new server
direct all nfs mounts to new server
sync 1s and 2s
unmount 1s and 2s and mount 1s as local file system
direct all internet traffic to media
start cron sync job and verify
stop cron jobs on old vm
backup new vm
turn off old vm
delete old vms
Posted in Uncategorized.
rev="post-1126" No comments
– August 6, 2016
esxi 6.0
patching
https://esxi-patches.v-front.de/ESXi-6.0.0.html
update 1a
esxcli software profile update -p ESXi-6.0.0-20151004001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
11/25/2016
esxcli software profile update -p ESXi-6.0.0-20151104001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
update 1b
esxcli software profile update -p ESXi-6.0.0-20160104001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
esxcli software profile update -p ESXi-6.0.0-20160101001s-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
2/23/2016
esxcli software profile update -p ESXi-6.0.0-20160204001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Posted in Uncategorized.
rev="post-1123" No comments
– March 7, 2016
freenas
#freenas
Speedup nfs access
vfs.zfs.cache_flush_disable value 1 Type loader
zfs.cache_flush_disable value 1 Type loader
owncloud
edit /mnt/v1/Jail/owncloud_1/usr/pbi/owncloud-amd64/www/owncloud/.htaccess
to increase file limits
add server name to config
edit /mnt/v1/Jail/owncloud_1/usr/pbi/owncloud-amd64/www/owncloud/config/config.php
example add 1 => ‘files.newy.org’,
Posted in Uncategorized.
rev="post-1122" No comments
– February 25, 2016
edgerouter copy restart
#edgerouter
when upgrading the edgerouter lite work on the following
right after the upgrade
apt-get update
apt-get install rsync iftop iptraf vnstat nano
webvnstat config:
ln -s /config/newy/vnstat /var/www/htdocs/stat
Verify the first line is in the /etc/lighttpd/lighttpd.conf file after the upgrade
url.rewrite-once = (
“^/stat/(.*)” => “/stat/$1”,
“^(/(lib|media|ws|tests)/.*)” => “$0”,
“^/([^\?]+)(\?(.*))?$” => “/index.php/$1?$3”
)
restart lighttpd:
sudo kill -SIGTERM $(cat /var/run/lighttpd.pid)
sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
verify https://gw5.newy.org/stat/index.php
contents of /config/scripts/firstboot.d/postinstall.sh
#!/bin/bash
doneit=’/var/lib/my_packages’
packages=’rsync iftop iptraf vnstat nano’
if [ -e $doneit ]; then
exit 0;
fi
#copy old vnstat data
cp -a /root.dev/w.o/var/lib/vnstat /var/lib/
apt-get update
apt-get install -y $packages
if [ $? == 0 ]; then
echo package install successful
touch $doneit
else
echo package install failed
fi
exit 0
#restart vnstat
service vnstat restart
Posted in Uncategorized.
rev="post-1121" No comments
– February 23, 2016
ubuntu zfs
#ubuntu
#zfs
ZFS on linux http://zfsonlinux.org/
https://launchpad.net/~zfs-native/+archive/stable
sudo apt-add-repository ppa:zfs-native/stable && sudo apt-get update
sudo apt-get install ubuntu-zfs zfs-auto-snapshot
commands: https://wiki.ubuntu.com/ZFS/ZPool
Posted in Uncategorized.
rev="post-1120" No comments
– January 22, 2016
edgerouter
#edgerouter
This assumes your wan interfaces is eth0 and your lan interface is eth1
1. sudo vi /etc/sysctl.conf
Add the following lines:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.accept_ra = 2
2. Load your changes:
sudo sysctl -p /etc/sysctl.conf
3. Setup the wide-dhcpv6 client
sudo vi /etc/wide-dhcpv6/dhcp6c.conf
Add the following at the end:
interface eth0 {
send ia-pd 0;
request domain-name-servers;
};
id-assoc pd 0 {
prefix-interface eth1 {
sla-id 1;
sla-len 0;
};
};
4. Start wide-dhcpv6:
sudo /etc/init.d/wide-dhcpv6-client start
Check your eth1 interface for an IPv6 address..
sudo ipconfig
Look for lines like…
inet6 addr: fe80::618:d6ff:fef0:7744/64 Scope:Link
inet6 addr: 2602:306:bdbe:966f:xxxx:xxxx:xxxx:xxxx/64 Scope:Global
5. Set up radvd
Use the following commands:
configure
set interfaces ethernet eth1 ipv6 router-advert prefix ::/64
commit
Workstations should now get addresses and all should be well.
Posted in Uncategorized.
rev="post-1119" No comments
– June 8, 2015
edgerouter
#edgerouter
build ubnt router from ground up
backup vnstat db’s
setup wan
setup lan1
setup lan2
setup vlans
setup dhcp
setup firewall
setup nat
setup repos
apt-get install vnstat vnstati nano iftop
setup vnstat to auto run
restore vnstat db’s
setup ddns
go over configs to compare old to new and fix anything missed
Posted in Uncategorized.
rev="post-1118" No comments
– November 11, 2014
Recent Comments