Latest Posts

Collection for Interesting Docker Images

Sometimes, while browsing internet, there are some interesting docker images attracting my attention. I found it had better save them somewhere before I forgot them. Here comes this post. All those dockers have been tested @ Play with Docker .
  • Install Docker/Docker Composer
  • Matomo - Web analytics app
  • Shiori - a Simple Bookmarks Manager
  • A Simple PHP Web Proxy:miniProxy
  • Instantbox-Create a Web temp linux
  • Jellyfin - A Personal Media Server
  • Deploy a CentOS Container
  • HTML5-Based Speedtest to Your VPS
  • ServerStatus
  • NetData
  • ttyd - Share your terminal over the web
  • Yahei Php Probe
  • Grafana+InfluxDB for Monitoring
  • Ubuntu18.04 Xfce4 (VNC/noVNC)
  • Poste Mail Server
  • MediaWiki
  • WebSSH
Other related posts:

Install Docker / Docker Composer

Install Docker
#CentOS 6
rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 
yum update -y 
yum -y install docker-io 
service docker start chkconfig docker on 

#CentOS 7, Debian, Ubuntu 
curl -sSL https://get.docker.com/ | sh 
systemctl start docker 
systemctl enable docker
 
Or , references of my posts:


Install Docker Composer
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose



Or Play with Docker online.


Matomo - Web analytics app

Matomo is a free and open source web analytics application runs on a PHP/MySQL web server. It tracks online visits to one or more websites and displays reports on these visits for analysis.

Docker URL:https://github.com/crazy-max/docker-matomo


#Pull Matomo image docker run --restart=always -d --name matomo \ -p 8000:8000 \ -v ~/matomo/data:/data \ crazymax/matomo

#Pull MySQL image docker run --restart=always --name mysqlmatomo -d \ -p 3306:3306 \ -e MYSQL_ROOT_PASSWORD=51sec123 \ -e MYSQL_DATABASE=matomo \ -e MYSQL_USER=matomo \ -e MYSQL_PASSWORD=51sec123 \ -v ~/matomo/mysql:/var/lib/mysql \ mysql:5.6



Shiori - a Simple Bookmarks Manager

Shiori is a simple bookmarks manager written in Go language. Intended as a simple clone of Pocket. You can use it as command line application or as web application. This application is distributed as a single binary, which means it can be installed and used easily.

Github URL:https://github.com/go-shiori/shiori

docker run -d --name shiori --restart=always -p 8080:8080 -v ~/shiori:/srv/shiori radhifadlillah/shiori

After installation, visit the address: http: // ip: 8080, the initial administrator username and password are shiori and gopher



A Simple PHP Web Proxy:miniProxy


#use ip to visit docker run --name miniproxy -d \ --restart=always \ -p 80:80 \ moerats/miniproxy #use domain name to visit docker run --name miniproxy -d \ --restart=always \ -p 80:80 \ -p 443:443 \ -e domain=www.moerats.com \ moerats/miniproxy



Instantbox-Create a Web temp linux 

Instantbox spins up temporary Linux systems with instant webshell access from any browser and currently supports various versions of Ubuntu, CentOS, Arch Linux, Debian, Fedora and Alpine.

https://github.com/instantbox/instantbox

Install Instantbox:

#期间会要你输入IP and 端口等信息 mkdir instantbox && cd $_ bash <(curl -sSL https://raw.githubusercontent.com/instantbox/instantbox/master/init.sh) #启动容器 docker-compose up -d

By default it is ip:8888


Jellyfin - A Personal Media Server

Similar as Plex and Emby


Docker Installation:

docker run -d -p 8096:8096 -v /jellyfin/config:/config -v /jellyfin/media:/media jellyfin/jellyfin


Access ip:8096

You might need to fill in ffmpeg path ,which usually is at /usr/bin. You can check path by enter 'which ffmpeg'



Deploy a CentOS Container

startup command:
docker run -d -p 2222:22 --name CentOS-Docker ilemonrain/centos-sshd 
Parameter Description:
-d:start with Daemon mode
-p 2222:22 # host is 2222, mapping to container's port 22
--name CentOS-Docker:container name
ilemonrain/centos-sshd:version
Please expose the corresponding port according to your actual needs.
More instructions:
#for different ports: -p 80:80 -p 53:53。For different protocols, -p 80:80/tcp -p 53:53/udp。

#ilemonrain/centos-sshd default is CentOS 6.9,if need CentOS 7.4,the parameter need to change at the end, ilemonrain/centos-sshd:7.4, similar as other version。

After deployment, SSHlogin information:
username:root
password:centos
Please SSHchange your SSHpassword immediately after successful login to prevent malicious blasting.


HTML5-Based Speedtest to Your VPS

Screenshot
Please enter a picture description
Use commands to configure mirroring :
docker run [-t/-d] -p [6688]:80 ilemonrain/html5-speedtest:alpine
Detailed parameters:
-t:show logs after started,Ctrl+C change it to backend
-d:backend mode start docker
-p 6688:80:mapping host 6688 to container port 80
Example command:
docker run -d -p 6688:80 ilemonrain/html5-speedtest:alpine
Then open it http://ip:6688.



ServerStatus


#Create folder
mkdir /home/ServerStatus
#get configuration file
cd /home/ServerStatus
wget --no-check-certificate https://raw.githubusercontent.com/91yun/ServerStatus/master/server/config.json
#create docker container sss
docker create --name=sss \
--restart=always \
-v /home/ServerStatus/config.json:/ServerStatus/server/config.json \
-p 3561:3561 \
-p 80:80 \
rongdede/serverstatus:server
docker start sss
http://<public ip>:80

More configuration details can be found from github site.





NetData

Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.
Netdata provides unparalleled insightsin real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components, or it can be integrated to existing monitoring toolchains (Prometheus, Graphite, OpenTSDB, Kafka, Grafana, etc).
Netdata is fast and efficient, designed to permanently run on all systems (physical & virtual servers, containersIoT devices), without disrupting their core function.
Netdata is free, open-source software and it currently runs on LinuxFreeBSD, and MacOS.
docker run -d --name=netdata \
  -p 19999:19999 \
  -v /proc:/host/proc:ro \
  -v /sys:/host/sys:ro \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  --cap-add SYS_PTRACE \
  --security-opt apparmor=unconfined \
  netdata/netdata
The above can be converted to docker-compose file for ease of management:
version: '3'
services:
  netdata:
    image: netdata/netdata
    hostname: example.com # set to fqdn of host
    ports:
      - 19999:19999
    cap_add:
      - SYS_PTRACE
    security_opt:
      - apparmor:unconfined
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro




ttyd - Share terminal over the web

ttyd is a simple command-line tool for sharing terminal over the web.
screenshot

https://hub.docker.com/r/tsl0922/ttyd/

$ docker run --restart=always --name ttyd -d -p 7681:7681 tsl0922/ttyd
1e156c668714c78a00755a3533b2031e0af03b3b555526a300909a52babe6c5d
[node1] (local) [email protected] ~/ttyd/build



Yahei PHP Probe


  Used in Linux system (not recommended for Windows system).
  You can view server hard disk resources, memory usage, network card traffic, system load, server time and other information in real time, refreshing once every 1 second.
  And including the server IP address, Web server environment monitoring, php and other information.

GitHub Repository: https://github.com/malaohu/php-yahei-tz

Command line:
git clone https://github.com/malaohu/php-yahei-tz.git -b ibm_tz && mv php-yahei-tz/* ./

Run in docker:
docker run -d --name tz -p 80:80 malaohu/php-yahei-tz


Grafana+InfluxDB

新建docker-compose:
mkdir -p /opt/pingmonitor && cd /opt/pingmonitor && nano docker-compose.yml
写入如下配置:
version: '3.5'

volumes: 
    grafana-data:
    influxdb-data:

services: 
    grafana:
        image: grafana/grafana
        container_name: grafana
        environment:
            - GF_AUTH_ANONYMOUS_ENABLED=true
        ports:
            - 3000:3000
        volumes:
            - grafana-data:/var/lib/grafana
        restart: unless-stopped

    influxdb:
        image: influxdb
        container_name: influxdb
        environment: 
            - INFLUXDB_HTTP_AUTH_ENABLED=true
            - INFLUXDB_DB=telegraf
            - INFLUXDB_ADMIN_USER=admin
            - INFLUXDB_ADMIN_PASSWORD=password
            - INFLUXDB_USER=telegraf
            - INFLUXDB_USER_PASSWORD=password
        ports:
            - 8086:8086
        volumes: 
            - influxdb-data:/var/lib/influxdb
        restart: unless-stopped
注:
1.GF_AUTH_ANONYMOUS_ENABLED是方便公开你的仪表板给别人访问。
2.INFLUXDB_ADMIN_PASSWORD设置HTTP身份验证的账号密码。
3.INFLUXDB_USER_PASSWORD设置数据库用户的密码。
确认无误后up起来即可:
docker-compose up -d
访问你的IP:3000打开Grafana,默认的管理员账号密码均是admin,登录进去之后添加数据源:

https://itprosec.com/index.php/community/network/grafanainfluxdb%e5%9f%ba%e4%ba%8edocker%e6%90%ad%e5%bb%bavps%e4%b8%89%e7%bd%91%e7%9b%91%e6%8e%a7%e5%b9%b3%e5%8f%b0/


Ubuntu18.04 Xfce4 (VNC/noVNC)


mkdir -p /opt/ubuntu-xfce-vnc && nano docker-compose.yml
version: '3.5'

services:
    ubuntu-xfce-vnc:
        container_name: xfce
        image: imlala/ubuntu-xfce-vnc-novnc:latest
        shm_size: "1gb" # 防止高分辨率下Chromium崩溃
        ports:
            - 5900:5900
            - 6080:6080
        environment: 
            - VNC_PASSWD=51sec
            - GEOMETRY=1280x768
            - DEPTH=24
        volumes: 
            - ./Downloads:/root/Downloads
        restart: unless-stopped
1.5900是TigerVNC的服务端口,6080是noVNC的服务端口。
2.VNC_PASSWD=设置你的VNC密码
3.GEOMETRY=屏幕分辨率,800×600/1024×768诸如此类的可自己调整。
4.DEPTH=颜色位数16/24/32可用,越高画面越细腻,但网络不好的也会更卡。
5.Chromium/Deluge/qBittorrent/Transmission下载的文件默认保存位置都是root/Downloads下。
没问题的话,up起来即可:
docker-compose up -d
打开你的浏览器访问VPSIP:6080即可看到noVNC的界面,输入密码即可访问到桌面了。




Poste - Mail Server

由于基于Docker, 因此大部分Linux发行版均可以运行Poste. 运行的Poste占用内存在800 MB左右,因此建议选择一个内存1 GB或者以上的VPS进行搭建。

开始安装之前,建议您先设置好一部分DNS. 我们需要设置这样的几条记录 (请用您自己的域名替代下文中的51sec.org):


  1. 51sec.org. A Any_IP
  2. mx.51sec.org. A 88.88.88.88
  3. 51sec.org. MX mx.51sec.org. 10
  4. mail.51sec.org. CNAME mx.51sec.org.
  5. smtp.51sec.org. CNAME mx.51sec.org.
  6. imap.51sec.org. CNAME mx.51sec.org.
  7. 51sec.org. IN TXT “v=spf1 mx ~all”
  8. _dmarc.51sec.org. IN TXT “v=DMARC1; p=none; rua=mailto:[email protected]
  9. 88.88.88.88 PTR mx.51sec.org

其中,4, 5, 6, 8项为可选,第九项为域名PTR, 需要您在自己的服务器提供商处设定。


执行下面的命令安装Poste.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
docker run \
-p 25:25 \
-p 80:80 \
-p 110:110 \
-p 143:143 \
-p 443:443 \
-p 587:587 \
-p 993:993 \
-p 995:995 \
-v /etc/localtime:/etc/localtime:ro \
-v /srv/poste/data:/data \
--name "PosteServ" \
-h "mx.test.com" \
-t analogic/poste.io
如果没有报错,Poste应该已经安装完毕并开始运行了。整个过程仅需2-3分钟。
安装好Poste之后,我们就可以登录mx.test.com来配置Poste了。初次登录,会提示设置服务器名和管理员邮箱与密码,

More details: https://itprosec.com/index.php/community/related-forum/%e5%8d%81%e5%88%86%e9%92%9f%e9%83%a8%e7%bd%b2%e4%b8%80%e4%b8%aa%e5%9f%ba%e4%ba%8edocker%e7%9a%84%e9%82%ae%e4%bb%b6%e6%9c%8d%e5%8a%a1%e5%99%a8-poste/


MediaWiki

https://hub.docker.com/_/mediawiki

The basic pattern for starting a mediawiki instance is:
$ docker run --name some-mediawiki -d mediawiki
If you'd like to be able to access the instance from the host without the container's IP, standard port mappings can be used:
$ docker run --name some-mediawiki -p 8080:80 -d mediawiki
Then, access it via http://localhost:8080 or http://host-ip:8080 in a browser.


WebSSH

Docker Image: https://hub.docker.com/r/snsyzb/webssh
To start a container from this image:
$ docker run -d -p 8080:8080 snsyzb/webssh
The container will start a web application on 8080 port, so you can visit your own ssh client web application via openning localhost:8080 in your browser. Or you could use command parameter in docker run to identify the address and port:
$ docker run -d -p 10000:10000 snsyzb/webssh wssh --address=0.0.0.0 --port=10000
The command above will start running a container listening the port 10000





1 comment: