30 มีนาคม 2567

Mikrotik container + observium

/interface veth
add address=10.0.0.11/24 gateway=10.0.0.1 name=veth-mariadb
add address=10.0.0.12/24 gateway=10.0.0.1 name=veth-observium

/interface bridge port
add bridge=Docker interface=veth-mariadb
add bridge=Docker interface=veth-observium

/container envs
add name=mariadb key=MYSQL_ROOT_PASSWORD value=root_pass
add name=mariadb key=MYSQL_USER value=observium
add name=mariadb key=MYSQL_PASSWORD value=db_pass
add name=mariadb key=MYSQL_DATABASE value=observium
add name=mariadb key=TZ value=Asia/Bangkok
add name=observium key=OBSERVIUM_ADMIN_USER value=admin
add name=observium key=OBSERVIUM_ADMIN_PASS value=admin
add name=observium key=OBSERVIUM_DB_HOST value=10.0.0.11
add name=observium key=OBSERVIUM_DB_NAME value=observium
add name=observium key=OBSERVIUM_DB_USER value=observium
add name=observium key=OBSERVIUM_DB_PASS value=db_pass
add name=observium key=OBSERVIUM_BASE_URL value=http://10.0.0.12
add name=observium key=TZ value=Asia/Bangkok

/container mounts
add name=mariadb_data src=/mariadb/data dst=/var/lib/mysql
add name=observium_rrd src=/observium_log/rrd dst=/opt/observium/rrd
add name=observium_log src=/observium_log/log dst=/opt/observium/logs

/container
add interface=veth-mariadb mounts=mariadb_data envlist=mariadb remote-image=mariadb:latest dns=10.0.0.1 start-on-boot=yes logging=yes
add interface=veth-observium mounts=observium_rrd,observium_log envlist=observium remote-image=mbixtech/observium:latest dns=10.0.0.1 start-on-boot=yes logging=yes

25 มีนาคม 2567

Pi-hole Mikrotik container

/system/device-mode/update container=yes

/container config
set registry-url=https://registry-1.docker.io

/interface bridge
add name=Docker

/ip address
add address=10.0.0.1/24 interface=Docker

/ip firewall nat
add chain=srcnat src-address=10.0.0.0/24 action=masquerade

/interface veth
add address=10.0.0.12/24 gateway=10.0.0.1 name=veth-pihole

/interface bridge port
add bridge=Docker interface=veth-pihole

/container envs
add key=TZ name=pihole_envs value=Asia/Bangkok
add key=WEBPASSWORD name=pihole_envs value=mypassword
add key=DNSMASQ_USER name=pihole_envs value=root

/container mounts
add dst=/etc/pihole name=pihole-etc src=/pihole/etc-pihole
add dst=/etc/dnsmasq.d name=pihole-dnsmasq src=/pihole/etc-dnsmasq.d

/container
add interface=veth-pihole remote-image=pihole/pihole:latest envlist=pihole_envs mounts=pihole-etc,pihole-dnsmasq start-on-boot=yes logging=yes

22 มีนาคม 2567

cloudflare docker


container_name: tomcat9-jdk8
network name: tomcat9-jdk8_default
map ports: 8980:8080

Quick Tunnels

# host network

docker run --rm --network host --name cloudflared cloudflare/cloudflared:latest tunnel --url http://127.0.0.1:8980

# container network

docker run --rm --network tomcat9-jdk8_default --name cloudflared cloudflare/cloudflared:latest tunnel --url http://tomcat9-jdk8:8080


Cloudflare account

# host network

public hostname url http://127.0.0.1:8980
 
docker run -d --rm --network host --name cloudflared cloudflare/cloudflared:latest tunnel --no-autoupdate run --token XXXX


# container network

public hostname url http://tomcat9-jdk8:8080

docker run -d --rm --network tomcat9-jdk8_default --name cloudflared cloudflare/cloudflared:latest tunnel --no-autoupdate run --token XXXX
 
 

# docker compose

public hostname url http://tomcat9-jdk8:8080
 
services:

  tomcat9-jdk8:
    container_name: tomcat9-jdk8
    ...

  cloudflared:
    image: cloudflare/cloudflared
    container_name: cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=XXXXX
 

11 มีนาคม 2567

acme.sh with alias challenge and cloudflare api

issue domain : domain.tld
alias domain : alias-domain.tld

- set CNAME
_acme-challenge.domain.tld CNAME _acme-challenge.alias-domain.tld

- cloudflare token for edit dns zone alias-dmain.tld


acme.sh command

Issue cert

export CF_Token="xxx"

acme.sh --issue --server letsencrypt -k ec-256 --dns dns_cf --challenge-alias alias-domain.tld  -d domain.tld --home /home/user/docker/nginx/acme.sh


Install cert
acme.sh --install-cert -d domain.tld  --key-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.key --fullchain-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.crt --reloadcmd "docker exec nginx /etc/init.d/nginx reload"  --home /home/user/docker/nginx/acme.sh

# renew cert
acme.sh --cron --home /home/user/docker/nginx/acme.sh 

acme.sh docker

Issue cert
docker run --rm -it -e CF_Token="xxx" -v /home/user/docker/nginx/acme.sh:/acme.sh neilpang/acme.sh --issue --server letsencrypt -k ec-256 --dns dns_cf --challenge-alias alias-domain.tld -d domain.tld

Install cert
docker run --rm -it -v /home/user/docker/nginx/acme.sh:/acme.sh -v /home/user/docker/nginx/etc-nginx-certs:/etc/nginx/cert neilpang/acme.sh --install-cert -d domain.tld --key-file /etc/nginx/certs/domain.tld.key --fullchain-file /etc/nginx/certs/domain.tld.crt && docker exec -it nginx /etc/init.d/nginx restart

Renew cert
docker run --rm -it -v /home/user/docker/nginx/acme.sh:/acme.sh -v /home/user/docker/nginx/etc-nginx-certs:/etc/nginx/certs neilpang/acme.sh --cron && docker exec -it nginx /etc/init.d/nginx restart