docker-compose.yml
services: elasticsearch: logstash: kibana: nginx: docker-compose run ngnix
docker-compose run kibana
restart docker service iptables be reset
Docker Basic rule (New Docker maybe change somethings)
*nat
:PREROUTING ACCEPT [27:11935]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [598:57368]
:POSTROUTING ACCEPT [591:57092]
:DOCKER - [0:0]
-A PREROUTING -m addrtype –dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype –dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
COMMIT
# Completed on Sun Sep 20 17:35:31 2015
# Generated by iptables-save v1.
http://blog.pulipuli.info/2011/07/
http://linux.vbird.org/linux_server/0250simple_firewall.php
iptables \[-AI 鏈\] \[-io 網路介面\] \[-p tcp,udp\] \\ \> \[-s 來源IP/網域\] \[--sport 埠口範圍\] \\ \> \[-d 目標IP/網域\] \[--dport 埠口範圍\] -j \[ACCEPT|DROP|REJECT\] 選項與參數: \--sport 埠口範圍:限制來源的埠口號碼,埠口號碼可以是連續的,例如 1024:65535 \--dport 埠口範圍:限制目標的埠口號碼。 \[root@www ~\]# iptables -A INPUT \[-m state\] \[--state 狀態\] 選項與參數: \-m :一些 iptables 的外掛模組,主要常見的有: state :狀態模組 mac :網路卡硬體位址 (hardware address) \--state :一些封包的狀態,主要有: INVALID :無效的封包,例如資料破損的封包狀態 ESTABLISHED:已經連線成功的連線狀態; NEW :想要新建立連線的封包狀態; RELATED :這個最常用!表示這個封包是與我們主機發送出去的封包有關 範例:只要已建立或相關封包就予以通過,只要是不合法封包就丟棄 \[root@www ~\]# iptables -A INPUT -m state \\ \> \--state RELATED,ESTABLISHED -j ACCEPT \[root@www ~\]# iptables -A INPUT -m state --state INVALID -j DROP https://www.
https://meta.discourse.org/t/applying-docker-discourse-iptables-rules-when-using-csf-firewall/70531/5
csf v12.08
NOTE: This feature is currently in BETA testing, so may not work correctly
This section provides the configuration of iptables rules to allow Docker
containers to communicate through the host. If the generated rules do not
work with your setup you will have to use a /etc/csf/csfpost.sh file and add
your own iptables configuration instead
1 to enable, 0 to disable
https://gist.github.com/javahippie/efee5417c69aaad3baf297dd2cd71fc6
version: '3.3' services: go-ethereum: build: context: go-ethe/ ports: - "8545:8545" - "30303:30303" networks: - elk networks: elk: driver: bridge FROM ubuntu:xenial RUN apt-get update \ && apt-get install -y wget \ && rm -rf /var/lib/apt/lists/* WORKDIR "/opt" ARG BINARY="geth-linux-amd64-1.8.17-8bbe7207.tar.gz" RUN wget "https://gethstore.blob.core.windows.net/builds/$BINARY" RUN tar -xzvf $BINARY --strip 1 RUN rm $BINARY ADD ./genesis.json ./genesis.json RUN ./geth init genesis.json CMD nohup ./geth --dev --rpc --rpcaddr "0.0.0.0" --rpccorsdomain "*" --mine #geth --syncmode "light" --cache=2048 EXPOSE 8545 EXPOSE 30303
1、Get key Key Path
c:\user\xxxooo\.docker\machine\machines\%%%%%
xxxooo user
%%%%% machine name
id_rsa This is key 2、Need vm ip、id_rsa Get IP:
1. docker-machine ssh %%%%%
2. ifconfig
If need PPK:winscp can auto change id_rsa to ppk
3、last step login VM account:docker ===========
https://github.com/boot2docker/boot2docker
Docker Machine auto logs in using the generated SSH key, but if you want to SSH into the machine manually (or you’re not using a Docker Machine managed VM), the credentials are:
Suggestion is use docker-machine for make docker machine is more easy. VirtualBox
windows Use HFS.exe for copy file to docker machine instance.
Directory < ethtest >
||=docker-compose.yml
||=< go-ether >
      ||=Dockerfile
      ||=start.sh
      ||=< genesis >
        ||=genesis.json
1、docker-compose.yml
import:
.keystore maybe no use, because run again docker-compose need to delete /go-ether/keystore
.entrypoint must have together Dockerfile ENTRYPOINT
` version: '3.3' services: go-ether: build: context: go-ether/ volumes: #- ./go-ether/keystore:/root/.ethereum/devchain/keystore:rw - ./go-ether/genesis/genesis.json:/root/genesis/genesis.json:ro - /etc/localtime:/etc/localtime:ro entrypoint: /root/start.
