12 ธันวาคม 2567

openssl generate CSR

rsa:2048

openssl req -new -newkey rsa:2048 -nodes \
  -keyout domain.tld.key \
  -out domain.tld.csr \
  -subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld"
 

rsa:2048 with SAN

openssl req -new -newkey rsa:2048 -nodes \
  -keyout domain.tld.key \
  -out domain.tld.csr \
  -subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld"  \
  -addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
 

P-256 (ECC)

openssl req -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
  -keyout domain.tld.key \
  -out domain.tld.csr \
  -subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld
 

P-256 (ECC) with SAN

openssl req -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
  -keyout domain.tld.key \
  -out domain.tld.csr \
  -subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld" \
  -addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
 
 
C = Country Name (2 letter code)
ST = State or Province Name
O = Organization Name
OU = Organizational Unit
CN = Common Name
เขียนโดย ที่

02 ธันวาคม 2567

mikrotk wol script

 # Define variables
:local serverIP "192.168.1.100"  # Replace with the server's IP address
:local macAddress "AA:BB:CC:DD:EE:FF"  # Replace with the server's MAC address
:local interface "ether1"  # Replace with the appropriate interface

# Check if the server is reachable
:if ([/ping $serverIP count=3 interval=1] = 0) do={
    # If the server is unreachable, send a WoL packet
    /tool wol mac=$macAddress interface=$interface
    :log info "WoL packet sent to $macAddress"
} else={
    :log info "Server $serverIP is already online"
}


Script by ChatGPT

เขียนโดย ที่

12 ตุลาคม 2567

local DOH DOT with coredns

# Corefile
.:53{
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
}
https://.:443 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}
tls://.:853 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}


$ docker run --rm -d --name coredns \
    -p 443:443/tcp -p 853:853/tcp \
    -v $PWD/Corefile:/etc/coredns/Corefile \
    -v $PWD/domain.tld.crt:/etc/coredns/certs/domain.tld.crt \
    -v $PWD/domain.tld.key:/etc/coredns/certs/domain.tld.key \
    coredns/coredns:latest \
    -conf /etc/coredns/Corefile

 

 https://coredns.io/plugins/tls/
เขียนโดย ที่

local DOH DOT with adguard/dnsproxy

$ docker run --rm -d --name dnsproxy \
-p 53:53/udp -p 53:53/tcp -p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key


# Add -p 0 if you also want to disable plain-DNS handling and make dnsproxy only serve DoH with Basic Auth checking.

$ docker run --rm -d --name dnsproxy \
-p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key \
-p 0

https://hub.docker.com/r/adguard/dnsproxy
https://github.com/AdguardTeam/dnsproxy
เขียนโดย ที่

05 กันยายน 2567

Running erisamoe/cloudflared on mikrotik container with 56MB tmpfs

Testing hardware
- hAP ax lite
- hAP ax2

/interface veth
add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port
add bridge=br-lan interface=cf-tunnel
 
/container envs
add name=cf-tunnel key=TUNNEL_TOKEN  value=XXX

/disk
add slot=tmpfs tmpfs-max-size=56M type=tmpfs

/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script
add name=addCloudflared source=":delay 20s\
    \n/container remove [find tag~\"cloudflared\"]\
    \n:delay 5s\
    \n/container add remote-image=erisamoe/cloudflared:latest interface=cf-tunnel envlist=cf-tunnel cmd=\"tunnel run\" logging=yes root-dir=tmpfs\
    \n:delay 10s\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 10s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"

add name=restartCloudflared source=\
    "/container stop [find tag~\"cloudflared\"]\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 3s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"
    
/system scheduler
add name=startCloudflare on-event=addCloudflared start-time=startup

/system/script/run restartCloudflared
เขียนโดย ที่

Running official cloudflared on mikrotik container with 128MB tmpfs (amd64 / amd64)

Testing hardware
- hAP ax² 

/interface veth
add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port
add bridge=br-lan interface=cf-tunnel

/disk
add slot=tmpfs tmpfs-max-size=128M type=tmpfs

/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script
add name=addCloudflared source=":delay 20s\
    \n/container remove [find tag~\"cloudflared\"]\
    \n:delay 5s\
    \n/container add remote-image=cloudflare/cloudflared root-dir=tmpfs interface=cf-tunnel logging=yes cmd=\"tunnel --no-autoupdate run --token XXX\"\
    \n:delay 30s\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 10s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"

/system scheduler
add name=startCloudflare on-event=addCloudflared start-time=startup
เขียนโดย ที่

15 สิงหาคม 2567

Running cloudflared tunnel with alpine container on mikrotik

Support arm, arm64, amd64
 
Testing hardware
- hAP ax lite
- hAP ax² 


/container/add interface=veth-cf-tunnel remote-image=alpine cmd="sleep infinity" start-on-boot=yes logging=yes

/container/start number=0

/container/shell number=0

# apk add --no-cache ca-certificates curl && curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared && apk del curl ca-certificates && rm -rf /var/cache/apk/* /tmp/* /var/lib/apt/lists/* /usr/share/man /usr/share/doc /usr/share/doc-base

# exit

/container/stop number=0

/container/set numbers=0 cmd="cloudflared tunnel --no-autoupdate run --token XXX"

/container/start number=0
 
 
Note : select binary depend on your architecture
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
เขียนโดย ที่
สมัครสมาชิก: บทความ (Atom)