[5 Mins Docker] Create Your Own Looking-Glass Website Deploying on Northflank Free Tier - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, July 14, 2024

[5 Mins Docker] Create Your Own Looking-Glass Website Deploying on Northflank Free Tier

Looking Glass (LG) servers are a real-time source of routing and networking related information for network administrators. Looking Glass servers are deployed in different parts of the Internet and allow on-line checking of prefixes, collected from the Internet speaking routers. LGs make network administrators more effective during troubleshooting, helping them “see” their prefixes from the “outside”.




ALS - Another Looking-Glass Server

 
Requirements:
  • RAM: 32MB or more

Features:
  •  HTML 5 Speed Test
  •  Ping - IPv4 / IPv6
  •  iPerf3 server
  •  Streaming traffic graph
  •  Speedtest.net Client
  •  Online shell box (limited commands)
  •  NextTrace Support

 Github : https://github.com/wikihost-opensource/als


Demo sites: 
  • http://lg.hk1-bgp.hkg.50network.com/
  • http://lg.korea-bgp.icn.50network.com/
  • https://glass.51sec.eu.org/

Docker Playground


Lets start with Docker Playground to test it out

1 Log into https://labs.play-with-docker.com/


2 Create an instance then paste following docker run command in

COPY: ctrl + ins

PASTE: ctrl + shift + v


docker run -d --name looking-glass --restart always --network host wikihostinc/looking-glass-server

3 Click port 80 to open Looking-glass server page in a new tab


Change configuration

# you need pass -e KEY=VALUE to docker command
# you can find the KEY below the [Image Environment Variables]
# for example, change the listen port to 8080
docker run -d \
    --name looking-glass \
    -e HTTP_PORT=8080 \
    --restart always \
    --network host \
    wikihostinc/looking-glass-server

Basic Usage



1 Browser to open http://<Public IP>:Port


2 Click "Begin test" button to start the speed test.



3 Click iPerf3 to start iperf3 server for speed test. 






4 Click Speedtest.net to test speed


There are some Chinese character in there. But you should be able to use Google Translate to understand them. Again, this speed is from the Looking-Glass server to Speedtest.net server. 

4 Click Shell to run other commands such as ping/mtr/traceroute/nexttrace/speedtest:




ALS > help
Error: unknown command "help" for ""
Run ' --help' for usage.

ALS > --hlp
Error: unknown flag: --hlp
Usage:
   [command]

Available Commands:
  mtr         
  nexttrace   
  ping        
  speedtest   
  traceroute  

Flags:
  -h, --help   help for this command

Use " [command] --help" for more information about a command.

ALS > 


Using Your Own Domain

Cloudfalre A record to your Nginx Proxy Manager

NPM:

Simple and easy setup for using your own subdomain with NPM. 

Run it in Northflank free tier docker

Northflank.com is a developer platform which provides a comprehensive suite of features to support developers to automatate DevOps lifecycle. 

Free Developer Sandbox provides test drive the Northflank experience with access to all our platform essentials. (https://northflank.com/pricing)
  • Trial the Northflank platform

  • Includes 2 services, 2 jobs, and 1 addon

  • 1 BYOC cluster

  • Limited resources and plans

  • Upgrade at any time



For the compute resources, "Deploy up to $20/mo worth of free resources on Northflank’s managed cloud.
Use up to 12 vCPU and 48 GB of memory on your free BYOC cluster."

https://app.northflank.com/



1 Register an account and log into Northflank.com:


2 Create a free project




3 Add a new service using external image:
  • docker.io/wikihostinc/looking-glass-server:latest



4 Check deployed service:


5 Add own domain for the project


add subdomain:

Custom domain

The demo site in Northflank: https://glass.51sec.eu.org/ is hosted on Northflank's free tier servers. 

Another demo site in OCP is : https://looking-glass.51sec.eu.org/



Self Hosted Docker Installation Pre-requirements

Free resources you might need to complete this docker project:


Pre-installed services:

  • Docker, 
    • apt update
    • apt install docker.io
    • apt install docker-compose
    • apt upgrade docker.io
    • mkdir /root/data/docker_data/<docker_name>
  • Docker-Compose (Using Ubuntu OS for the commands)
    • Docker-compose down
    • Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
      • cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
    • docker-compose pull
    • docker-compose up -d
    • docker image prune
  • Portainer (Optional)
    • docker volume create portainer_data
    • docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
  • Install some applications: apt install wget curl sudo vim git (Optional)
  • aapanel with Nginx (Optional)
  • Nginx Proxy Manager (Optional)
  • Install screen (Optional)
    • Install screen (Depends on the Linux Distribution if it came pre installed or not) : yum install screen
    • Initiate a Screen : screen or  screen -S <screen name> <command to execute>
    • Detach from the screen : "CTRL+A,D" not "CTRL+A+D"
    • List all the screen currently working : screen -ls
    • Reattach to a screen : screen  -r  <session number> or screen -r <screen name>
    • Kill specific screen: screen -X -S <screen name> quit
    • Kill all screens : pkill screen

Monitoring Usage

  • Docker stats
  • ncdu
    • apt install ncdu

Remove Docker and Related folders

  • docker stop <Docker Name> # stop the docker but not remove anything. 
  • docker rm -f <Docker Name>  # remove speficic container, but will not delete mapped volumes
  • rm -rf /root/data/docker_data/<Docker Mapped Volumns>  # remove all mapped volumes

Restrick Journal Log File Size:

  • journalctl --vacuum-size=100M
  • Limit it to 25M:
nano /etc/systemd/journald.conf
SystemMaxUse=25M
systemctl restart systemd-journald.service


or 
sudo bash -c 'echo "SystemMaxUse=100M" >> /etc/systemd/journald.conf'
sudo systemctl restart systemd-journald



Enable IPv6 and Limit Log File Size (Ubuntu)

Special command to cleans all logs and you don't need to stop the containers.

  • sudo sh -c 'truncate -s 0 /var/lib/docker/containers/*/*-json.log'
Add customized self defined IPv6 address segment to enable container's IPv6 fucntion. And limit log file's size and numbers in case log file to fill all hard drive's space. 

cat > /etc/docker/daemon.json << EOF
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "20m",
        "max-file": "3"
    },
    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
    "eixperimental":true,
    "ip6tables":true
}
EOF

If there is any error, or IPv6 part might not work in the platform you might want to change it to list:


cat <<EOF > /etc/docker/daemon.json
{
  "live-restore": true,
  "storage-driver": "overlay2",
  "log-opts": {
    "max-size": "10m"
  }
}
EOF


Restart Docker service:

systemctl restart docker

Limit number of log files:

cat /etc/logrotate.d/rsyslog
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

You can change 4 to some other value, such as 1, so that only one file is stored.



Videos

 







References

  • https://www.74110.net/tutorial/docker/als/

No comments:

Post a Comment