Docker

From Network Security Wiki


Basics

  • Docker Components:
- Image: Content at rest, Not the full OS, but just the basic environment
- Container: Running Image
- Engine: Software that executes commands for containers. Networking & Volumes are part of Engine.
- Registry: Stores, Distributes & Manages docker images.
- Control Plane: Management Plane for Container & Cluster Orchestration.
  • Container Orchestration:
- Docker Swarm
- Kubernetes
- Mesos Marathon
- Cloud Foundry Diego
- Amazon ECS
- Azure Container Service

Installation

Source: linuxconfig.org 

sudo apt-get update
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo apt-add-repository 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'
sudo apt-get update

It should download from repository: 

apt-cache policy docker-engine
sudo apt-get install -y docker-engine
sudo systemctl status docker
sudo usermod -aG docker $(whoami)
sudo usermod -aG docker aman
docker
docker info

Testing Docker

docker run hello-world
docker search ubuntu

Removing Images

Find out the Image ID: 

docker images

Delete the Image: 

docker rmi -f d9790ed1a768

To view all containers — active and inactive: 

docker ps -a

Stopping a running or active container: 

docker stop <container-id>

Removing a Container: 

docker rm <container-id>

Delete all containers: 

docker rm $(docker ps -a -q)

Delete all images: 

docker rmi $(docker images -q)

Force delete all images (even with linked containers): 

docker rmi $(docker images -q) --force

Remove all stopped containers, unused volumes, unused networks, all images without at least one container associated to them: 

docker system prune -a -f

Installing MediaWiki

docker search mediawiki
docker run -d --name=mediawiki -p 80:80 linuxconfig/mediawiki
docker ps

Running same container again on next reboot 

docker start mediawiki
Databases Credentials

Default Mysql credentials are: 

admin 
pass

Use the following command to update or reset MariaDB user password. The below command will set a new admin user password: 

docker exec -it mediawiki mysqladmin -uadmin -ppass password abc123

To create a new database eg. mediawiki2 enter: 

docker exec -it mediawiki mysqladmin -uadmin -ppass create mediawiki2

Use the below command to copy the LocalSetting.php file from host to Docker: 

docker cp LocalSettings.php mediawiki:/var/www/html/LocalSettings.php

Nginx

Source: digitalocean.com

Create nginx root directory: 

mkdir -p ~/docker-nginx/html
cd ~/docker-nginx/html
nano index.html

Paste below contents into this file 

<html>
<body style="background-color:green">
  <head>
    <title>Green Site - Docker </title>
  </head>
  <body>
    <div class="container">
      <h1>      GREEN WEBSITE</h1>
      <p>       This is GREEN Website.</p>
      <p>       Its color is also GREEN.</p>
    </div>
  </body>
</html>

Install nginx image for docker 

docker search nginx

Run nginx docker image with auto Restart on reboot option 

docker run --name nginx -p 80:80 -d -v ~/docker/nginx/html:/usr/share/nginx/html --restart unless-stopped nginx

Docker currently has four restart policies[1]: 

no
on-failure
unless-stopped
always
Multiple Instances

Create copies of root directory for different servers: 

cp -r ~/docker/nginx/ ~/docker/nginx8080/
cp -r ~/docker/nginx/ ~/docker/nginx8081/
cp -r ~/docker/nginx/ ~/docker/nginx8082/
cp -r ~/docker/nginx/ ~/docker/nginx8083/

Edit the Index.html file to reflect different content by editing the html code.

Start different instances of nginx to start with different ports & root directories: 

docker run --name nginx8081 -p 8081:80 -d -v ~/docker/nginx8081/html:/usr/share/nginx/html nginx
docker run --name nginx8082 -p 8082:80 -d -v ~/docker/nginx8082/html:/usr/share/nginx/html nginx
docker run --name nginx8083 -p 8083:80 -d -v ~/docker/nginx8083/html:/usr/share/nginx/html nginx
docker run --name nginx8084 -p 8084:80 -d -v ~/docker/nginx8084/html:/usr/share/nginx/html nginx

Nginx instances should now be available using below links: 

http://<IP_of_Server>:8081
http://<IP_of_Server>:8082
http://<IP_of_Server>:8083
http://<IP_of_Server>:8084
Changing port or running custom config

Copy the nginx file from docker file system to local filesystem: 

sudo docker cp nginx:/etc/nginx/conf.d/default.conf /home/aman/docker/default.conf

Edit the config file to change the listening port to 8000: 

nano default.conf

Now start the docker container with the new port: 

docker run --name docker-nginx -p 8081:8000 -v ~/docker/nginx8081/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf -d nginx
Running multiple instances with custom ports & autostart on bootup
 
 docker run --name nginx8081 -p 8081:8000 -d -v ~/docker/nginx8081/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8082 -p 8082:8000 -d -v ~/docker/nginx8082/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8083 -p 8083:8000 -d -v ~/docker/nginx8083/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8084 -p 8084:8000 -d -v ~/docker/nginx8084/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx

Ntop

Downloading and installing image first time 

docker pull lucaderi/ntopng-docker
docker run --net=host --name ntopng -t -i lucaderi/ntopng-docker ntopng -v

Let it run for few minutes.
Now press Control+C keys to terminate the process.
Now to start it type the below command: 

docker start ntopng


RancherOS

Source: rancher.com

Create a VM with atleast 1.5 GB RAM Boot the following ISO file: 

https://releases.rancher.com/os/latest/rancheros.iso

Perform basic networking using below commands: 

sudo ifconfig eth0 inet 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255
sudo route add default gw 10.10.10.1

sudo vi /etc/resolv.conf
   nameserver 10.10.10.5

Check Internet connectivity 

ping google.com

Install RancherOS 

sudo ros install -d /dev/xvda

Set the persistent networking: 

sudo vi /etc/networking/interfaces

Install Linux-dash, a minimal low-overhead web dashboard for monitoring Linux servers 

sudo system-docker run -d --net=host --name busydash husseingalal/busydash

WebUI Access: 

http://<IP_OF_MACHINE>

Default password is blank for user 'rancher'. Change it for SSH login: 

passwd

SSH Login: 

ssh-keygen

Docker Packet Captures

docker exec -it 428947239426349 tcpdump -N -A 'port 80' -w capture.pcap


References





{{#widget:DISQUS |id=networkm |uniqid=Docker |url=https://aman.awiki.org/wiki/Docker }}

Retrieved from "https://aman.awiki.org/wiki/Docker?oldid=4643"