Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker-deluge [2024-01-10 Wed wk02 19:51] – [OpenVPN setup] baumkpdocker_notes:docker-deluge [2024-12-12 Thu wk50 22:19] (current) – [OpenVPN setup] baumkp
Line 1: Line 1:
-{{tag>linux docker image container init s6 s6-rc openvpn "docker compose" wireguard macvlan nftables}}+{{tag>linux docker image container openvpn "docker compose" wireguard macvlan nftables}}
 ======Docker Deluge Image / Service====== ======Docker Deluge Image / Service======
 I want a torrent service that uses a VPN and is set-up to block non VPN WAN (internet) access.  On my virtual machine implementation of this I used the following 3 packages: deluge (deluged with deluge-web), openvpn and nftables.  I have used both iptables and nftables and find nftables is definitely more elegant to use.  As far as I can tell there is not a Docker image that will meet my needs. I want a torrent service that uses a VPN and is set-up to block non VPN WAN (internet) access.  On my virtual machine implementation of this I used the following 3 packages: deluge (deluged with deluge-web), openvpn and nftables.  I have used both iptables and nftables and find nftables is definitely more elegant to use.  As far as I can tell there is not a Docker image that will meet my needs.
Line 5: Line 5:
 I have been successfully been running this in a container on my home server since early 2023.  This replaced the a similar setup that have I been operating since about 2017 on a virtual machine using Linux KVM/Libvirt/QEMU. I have been successfully been running this in a container on my home server since early 2023.  This replaced the a similar setup that have I been operating since about 2017 on a virtual machine using Linux KVM/Libvirt/QEMU.
  
-=====s6 supervision rc system===== 
-I decided to build this container image based upon Alpine Linux using the [[https://www.skarnet.org/software/s6/index.html|S6]] init system. The Skarnet.org is the S6 authors web site and main repository. 
  
-S6 [[http://www.skarnet.org/software/s6/servicedir.html|Service directories]] 
- 
-++++Basic S6 commands:| 
- 
-  *''s6-svstat /run/service/servicename'' or ''s6-svstat /run/s6-rc/servicedirs/deluged'' - check a daemon status, longrun only! 
-  *''s6-rc -u change servicename'' - enable and start a daemon (up) 
-  *''s6-rc -d change servicename'' - disable and stop a daemon (down) 
-  *''s6-rc-db list all|services|oneshots|longruns|bundles'' - lists the nominated services in the active s6-rc-db 
-  *''s6-rc-db type servicename'' - Prints the type of servicename: oneshot, longrun or bundle 
-  *''s6-rc-db dependencies servicename'' - lists the dependencies in the servicename directory, i.e. in servicesname/dependencies.d  
-  *''s6-rc-db dependencies servicename'' - lists all the dependencies of servicename 
-  *''s6-rc-db -d|-u timeout servicename'' - lists the timeout, -d for timeout down and -u for timeout up  
- 
-BTW dont spell dependencies as dependencies and wonder why things don't work, lol the English language sucks. 
-++++ 
- 
- 
-Reference: 
-  *[[https://github.com/just-containers/s6-overlay| just-containers/s6-overlay]] (Version 3.1.6.2 as of 2023-12-30) 
-  *[[https://skarnet.org/software/s6-rc/s6-rc-compile.html|The s6-rc-compile program]] Describes the functionality of the S6-rc system 
-  *[[https://forum.level1techs.com/t/easy-to-follow-beginner-guide-on-s6-starter-pack/178411|Easy to follow Beginner Guide on s6 Starter Pack]] 
- 
----- 
- 
-Other Supervisor software discussions: 
-  *[[https://ahmet.im/blog/minimal-init-process-for-containers/|Choosing an init process for multi-process containers]] - Interesting discussion on different init systems, current at that time. (Seems relevant now too.) 
-  *supervisord: [[http://supervisord.org/|Supervisor: A Process Control System]] 
-  *[[https://stackoverflow.com/questions/33117068/use-of-supervisor-in-docker|Use of Supervisor in docker]] 
 =====dockerfile===== =====dockerfile=====
 ++++Dockerfile| ++++Dockerfile|
Line 110: Line 80:
         * where $lan is set to lan interface, e.g. enp1s0          * where $lan is set to lan interface, e.g. enp1s0 
   * ''%%docker run -it --network macnet1 --ip=192.168.1.98 --cap-add=NET_ADMIN --name alpine deluge-openvpn-nftables /bin/sh%%''   * ''%%docker run -it --network macnet1 --ip=192.168.1.98 --cap-add=NET_ADMIN --name alpine deluge-openvpn-nftables /bin/sh%%''
-  * When running nftables to stop leakage of vpn it was found that the docker networking cause failure.  Docker use loop address 127.0.0.11 to resolve its dns queries and then refers to the nominated local dns. See ''/etc/resolv.conf''. The docker documentation states that the user should not directly modify the resolv.conf file as it may adversely affect docker performance. As the openvpn program rewrites resolv.conf anyway I decided to do the same in a oneshot to point dns directly . +  * When running nftables to stop leakage of vpn it was found that the docker networking cause failure.  Docker use loop address 127.0.0.11 to resolve its dns queries and then refers to the nominated local dns. See ''/etc/resolv.conf''. The docker documentation states that the user should not directly modify the resolv.conf file as it may adversely affect docker performance. As the openvpn program rewrites resolv.conf anyway I decided to do the same in a oneshot to point dns directly.  I subsequently remembered the basics of UNIX the /etc/hosts file, this is the lowest level DNS on every machine.  I simply added the relevant Private VPN end hosts files in here and this worked a beaut
   * Need to manually create ++/dev/net/tun|<code bash>   * Need to manually create ++/dev/net/tun|<code bash>
 #!/bin/sh #!/bin/sh
Line 118: Line 88:
 chmod 660 /dev/net/tun chmod 660 /dev/net/tun
  
-echo "nameserver 192.168.1.14" >> /etc/resolv.config  #This adds my primary LAN name server 
-echo "nameserver 192.168.1.2" >> /etc/resolv.config  #This adds my secondary LAN name server 
 echo "103.231.89.219 au-mel.pvdata.host"  >> /etc/hosts #This adds a PrivatVPN host to the host DNS echo "103.231.89.219 au-mel.pvdata.host"  >> /etc/hosts #This adds a PrivatVPN host to the host DNS
 echo "103.231.88.203 au-mel.pvdata.host"  >> /etc/hosts #This adds a PrivatVPN host to the host DNS echo "103.231.88.203 au-mel.pvdata.host"  >> /etc/hosts #This adds a PrivatVPN host to the host DNS
Line 135: Line 103:
   *To check external IP ''wget -qO - icanhazip.com'', reference from [[https://linuxnightly.com/check-external-ip-from-linux-command-line/|Check External IP From Linux Command Line]]   *To check external IP ''wget -qO - icanhazip.com'', reference from [[https://linuxnightly.com/check-external-ip-from-linux-command-line/|Check External IP From Linux Command Line]]
   *OpenVPN [[https://openvpn.net/community-resources/how-to/|2x HOW TO]] Look at troubleshooting   *OpenVPN [[https://openvpn.net/community-resources/how-to/|2x HOW TO]] Look at troubleshooting
 +
 +  *[[https://bbs.archlinux.org/viewtopic.php?id=300928|openvpn ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)]]
 +    *Add ''privileged: true'' after image in docker-compose.yml
 +    *Or  
 +<code>devices:
 +      - /dev/net/tun
 +      </code>
 +      
 =====docker external volumes===== =====docker external volumes=====
 There are 2 type of volume needs in this set up. There are 2 type of volume needs in this set up.
Line 262: Line 238:
  
 A list of [[https://boxmatrix.info/wiki/BusyBox-Commands|BusyBox Commands]] A list of [[https://boxmatrix.info/wiki/BusyBox-Commands|BusyBox Commands]]
 +
 +====Shell Builtin Commands====
 +Many shells have builtin commands that can be listed with the command ''help''
 +
 +Some additional related commands:
 +  *''type command'' will return the command type, inbuilt or path to external command, or no entry if not found.
 +  *''whereis command'' return the path of external commands
 +
 +See: 
 +  *The Unix School [[https://www.theunixschool.com/2012/03/internal-vs-external-commands.html|Internal vs External commands]]
 +  *[[https://www.geeksforgeeks.org/internal-and-external-commands-in-linux/|Internal and External Commands in Linux]]
  
 =====References===== =====References=====