Author: Bian Xi

SSH Proxy

Posted on by Bian Xi Leave a Comment on SSH Proxy

SSH Proxy

When access remote servers, proxy server/jump host could be a good choice.

Two servers definition

jump_host

This is the proxy server, normally can be in the form of user@proxy_host.

target

This is the target server, has the form of target_user@target_host.

Jump host

This is the most simplest method which uses remote ssh command to login to target server. If just wants to use one SSH server to access another SSH server, run following command

ssh -t <jump_host> ssh <target>

Here -t is to create a pseudo-terminal, otherwise, the remote server could not display message because no tty can be used.

Proxy Jump

This is using SSH building proxy function.

ssh -o "ProxyJump <jump_host>" <target>

Proxy Command

This is to run an external command to build communication. For example, use nc command, and pass two parameters, %h is the target host, %p is the port.

ssh -o "ProxyCommand ssh <jump_host> nc %h %p" <target>

Use ssh client configuration

./ssh/cofig

Instead of using command, ProxyJump and ProxyCommand can be set in ssh client configuration file.

Host <connection_name>
  HostName <target_host>
  User <target_user>
  ProxyCommand ssh <jump_host> nc %h %p

For one server

Host target
  HostName 192.168.1.2
  User user1
  ProxyCommand ssh user2@proxy nc %h %p

For all servers

Host * !proxy
  HostName %h
  User target_user
  # ProxyCommand ssh proxy_user@proxy nc %h %p

/etc/ssh/ssh_config

This is the same as previous example, except it is a global setting.

References

4 ways to SSH & SCP via proxy (jump) server in Linux

Learning – Dockerfile

Posted on by Bian Xi Leave a Comment on Learning – Dockerfile

Learning - Dockerfile

This is to refresh my Dockerfile knowledge.

alphine

Create Dockerfile

FROM alphine:3.4
MAINTAINER Mark Takacs mark@takacsmark.com

RUN ark update
RUN ark add vim
RUN apk add curl

Build

docker build -t taka/alpine-smarter:1.0 .

Intermediate images

The Docker intermediate images can speed up the rebuilding process.

docker images -a

To reduce number of intermediate images, update Dockerfile as below

FROM alphine:3.4
MAINTAINER Mark Takacs mark@takacsmark.com

RUN ark update && \
       ark add vim && \
       apk add curl

Clean up dangling image

docker images --filter "dangling=true"
docker rmi $(docker images -q --filter "dangling=true")

python

Dockerfile

  • For normal python
FROM python:3.6.1

RUN pip install numpy
  • For alpine version takes much longer time to build
FROM python:3.6.1-alpine

RUN apk update && apk add build-base
RUN ln -s /usr/include/locale.h /usr/include/xlocale.h

RUN pip install numpy scipy

conda3

  • miniconda3
docker run --rm -ti continuumio/miniconda3 /bin/bash
conda list
conda install numpy
  • anaconda3
docker run --rm -ti continuumio/anaconda3 /bin/bash
conda list

phpslim

Dockerfile

Choose php:7.1.2-apache

Got to https://getcomposer.org, and run installation commands in container

FROM php:7.1.2-apache

RUN ....

COPY ./composer.json /var/www/html/

RUN apt-get update & apt-get install -y git

RUN composer install

Map directory

To run docker container with option -v /var/www/html/vendor to indicate using image /var/www/html/vendor folder.

docker run --rm -v $(pwd):/var/www/html/ -v /var/www/html/vendor -p 80:80 takacsmark/phpslim-tut:1.0

As the result, the /var/www/html is mapped to local directory, but /var/www/html/vendor is image directory.

Change DocumentRoot

Add following line into Dockerfile to change the DocumentRoot to /var/www/html/public

RUN set -i 's/DocumentRoot.*$/DocumentRoot \/var\/www\/html\/public/' /etc/apache2/sites-enabled/000-default.conf

Enable default hello message

Create a file /var/www/html/public/.htaccess

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]

Run following command in container to enable module rewrite

a2enmod rewrite

Then add following line in Dockerfile

RUN a2enmod rewrite

Options

COPY

COPY ./config.txt /usr/src/config.txt

ADD

  • Add URL file from internet

  • Add tar file

  • Add compressed file

RUN

EXPOSE

Port

USER

WORKDIR

ARG

LABEL

ENTRYPOINT & CMD

To run command echo Welcome after container created, following configuration can be used.

CMD "Welcome"
ENTRYPOINT echo

The CMD option can be replace using docker run command line, ENTRYPOINT can't. For example, following command will run echo Hello.

docker run echo_image 'Hello'

ENV

References

Dockerfile Tutorial by Example - ( Part I - Basics )
Dockerfile Tutorial by Example - ( Part II - Best practices )
Dockerfile Tutorial by Example - ( Part III - Creating a docker PHP Slim image )

Proxmox Notification Email Error

Posted on by Bian Xi Leave a Comment on Proxmox Notification Email Error

Proxmox Notification Email Error

Proxmox is using postfix as email software, and the configuration of sender email uses local hostname+domain name as below in /etc/postfix/main.cf

myhostname=full qualified hostname

Issue

The postfix tries to look for email receiver's email server, and send emails directly to the email server using myhostname defined in /etc/postfix/main.cf as senders DNS name. But the server hostname normally isn't using the public valid domain name, which causes email server rejects notification emails.

Fix

Change the default myhostname in /etc/postfix/main.cf to a valid public email domain name.