No public IP address is required; an internet connection alone is sufficient.
/container mounts
add dst=/opt/key-networks/ztncui/etc name=ztncui src=/ztncui
add dst=/var/lib/zerotier-one name=zerotier-one src=/zerotier-one
/container envs
add key=NODE_ENV name=zerotier value=production
add key=HTTPS_PORT name=zerotier value=3443
add key=ZTNCUI_PASSWD name=zerotier value=password
/container
add comment=zeerotier envlist=zerotier interface=veth-zerotier logging=yes mounts=ztncui,zerotier-one start-on-boot=yes workdir=/
WARNING: IF YOU DO NOT SET PASSWORD, YOU HAVE TO USE container shell <CONTAINER ID>, and then cat /var/log/docker-ztncui.log to get your random password. This is gatekeeper.
ref
- https://gist.github.com/dnburgess/b839c2230890068c30bb5ed5ee2d22ba
- https://github.com/key-networks/ztncui-aio
05 กุมภาพันธ์ 2568
Mikrotik hex refresh cloudflared container
For devices with EN7562CT CPU, only arm32v5 container images are supported.
/disk
add slot=tmpfs tmpfs-max-size=160M type=tmpfs
/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs
/file
add name=/opt-cf/cloudflared.sh type=file contents="/bin/apt update\n\
/bin/apt -y install wget\n\
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -O /tmp/cloudflared\n\
chmod +x /tmp/cloudflared\n\
/tmp/cloudflared tunnel --no-autoupdate run --token XXX"
/container mounts
add dst=/opt-cf name=opt-cf src=/opt-cf
/container
add remote-image=arm32v5/debian:bookworm-slim interface=cf-tunnel mounts=opt-cf root-dir=tmpfs logging=yes cmd="bash /opt-cf/cloudflared.sh"
add slot=tmpfs tmpfs-max-size=160M type=tmpfs
/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs
/file
add name=/opt-cf/cloudflared.sh type=file contents="/bin/apt update\n\
/bin/apt -y install wget\n\
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -O /tmp/cloudflared\n\
chmod +x /tmp/cloudflared\n\
/tmp/cloudflared tunnel --no-autoupdate run --token XXX"
/container mounts
add dst=/opt-cf name=opt-cf src=/opt-cf
/container
add remote-image=arm32v5/debian:bookworm-slim interface=cf-tunnel mounts=opt-cf root-dir=tmpfs logging=yes cmd="bash /opt-cf/cloudflared.sh"
12 ธันวาคม 2567
openssl generate CSR
rsa:2048
openssl req -new -newkey rsa:2048 -nodes \
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld"
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld"
rsa:2048 with SAN
openssl req -new -newkey rsa:2048 -nodes \
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld" \
-addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld" \
-addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
P-256 (ECC)
openssl req -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld
P-256 (ECC) with SAN
openssl req -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld" \
-addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
-keyout domain.tld.key \
-out domain.tld.csr \
-subj "/C=TH/ST=Bangkok/O=Organization/OU=IT/CN=www.domain.tld" \
-addext "subjectAltName = DNS:www.domain2.tld,DNS:www.domain3.tld"
C = Country Name (2 letter code)
ST = State or Province Name
O = Organization Name
OU = Organizational Unit
CN = Common Name
ST = State or Province Name
O = Organization Name
OU = Organizational Unit
CN = Common Name
02 ธันวาคม 2567
mikrotk wol script
# Define variables
:local serverIP "192.168.1.100" # Replace with the server's IP address
:local macAddress "AA:BB:CC:DD:EE:FF" # Replace with the server's MAC address
:local interface "ether1" # Replace with the appropriate interface
# Check if the server is reachable
:if ([/ping $serverIP count=3 interval=1] = 0) do={
# If the server is unreachable, send a WoL packet
/tool wol mac=$macAddress interface=$interface
:log info "WoL packet sent to $macAddress"
} else={
:log info "Server $serverIP is already online"
}
Script by ChatGPT
12 ตุลาคม 2567
local DOH DOT with coredns
# Corefile
.:53{
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
}
}
https://.:443 {
tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
forward . 127.0.0.1
}
tls://.:853 {
tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
forward . 127.0.0.1
}
$ docker run --rm -d --name coredns \
-p 443:443/tcp -p 853:853/tcp \
-v $PWD/Corefile:/etc/coredns/Corefile \
-v $PWD/domain.tld.crt:/etc/coredns/certs/domain.tld.crt \
-v $PWD/domain.tld.key:/etc/coredns/certs/domain.tld.key \
coredns/coredns:latest \
-conf /etc/coredns/Corefile
https://coredns.io/plugins/tls/
local DOH DOT with adguard/dnsproxy
$ docker run --rm -d --name dnsproxy \
-p 53:53/udp -p 53:53/tcp -p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key
# Add -p 0 if you also want to disable plain-DNS handling and make dnsproxy only serve DoH with Basic Auth checking.
$ docker run --rm -d --name dnsproxy \
-p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key \
-p 0
https://hub.docker.com/r/adguard/dnsproxy
https://github.com/AdguardTeam/dnsproxy
05 กันยายน 2567
Running erisamoe/cloudflared on mikrotik container with 56MB tmpfs
Testing hardware
- hAP ax lite
- hAP ax2
/interface veth
add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel
/interface bridge port
add bridge=br-lan interface=cf-tunnel
/container envs
add name=cf-tunnel key=TUNNEL_TOKEN value=XXX
add name=cf-tunnel key=TUNNEL_TOKEN value=XXX
/disk
add slot=cf-tunnel tmpfs-max-size=56M type=tmpfs
/container config
set tmpdir=tmpfs
/system script
add name=addCloudflared source=":delay 20s\
\n/container remove [find tag~\"cloudflared\"]\
\n:delay 5s\
\n/container add remote-image=erisamoe/cloudflared:latest interface=cf-tunnel envlist=cf-tunnel cmd=\"tunnel run\" root-dir=cf-tunnel logging=yes\
\n:delay 10s\
\nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
\n :delay 10s\
\n /container start [find tag~\"cloudflared\"]\
\n}"
add name=restartCloudflared source=\
"/container stop [find tag~\"cloudflared\"]\
\nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
\n :delay 3s\
\n /container start [find tag~\"cloudflared\"]\
\n}"
/system scheduler
add name=startCloudflare on-event=addCloudflared start-time=startup
/system/script/run restartCloudflared
สมัครสมาชิก:
บทความ (Atom)