Browse Source

Dokcer

master
Your Name 5 years ago
parent
commit
8af7a36b20
13 changed files with 731 additions and 0 deletions
  1. +13
    -0
      2019/Docker_Primer/docs/1.aux
  2. +129
    -0
      2019/Docker_Primer/docs/1.log
  3. BIN
      2019/Docker_Primer/docs/1.pdf
  4. +84
    -0
      2019/Docker_Primer/docs/1.tex
  5. +163
    -0
      2019/Docker_Primer/docs/1.tex~
  6. +12
    -0
      2019/Docker_Primer/docs/1.toc
  7. +13
    -0
      2019/Docker_Primer/docs/2.aux
  8. +130
    -0
      2019/Docker_Primer/docs/2.log
  9. BIN
      2019/Docker_Primer/docs/2.pdf
  10. +84
    -0
      2019/Docker_Primer/docs/2.tex
  11. +84
    -0
      2019/Docker_Primer/docs/2.tex~
  12. +12
    -0
      2019/Docker_Primer/docs/2.toc
  13. +7
    -0
      2019/Formatting_Latex/docs/notes

+ 13
- 0
2019/Docker_Primer/docs/1.aux View File

@ -0,0 +1,13 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}General Notes}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Docker Commands Reference}{2}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Specific Tips}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}YAML is space sensitive}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}If you restart a containers namesake process, it will probably restart / reset the container}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Use a single reverse proxy, to handle multiple websites}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}If you use a single reverse proxy, Lets Encrypt can be done real easy}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Give every Container a Containername}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Beware of Interrupting Initting Containers}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Put Apache or Program logs from the Container in a volume that is locally accessible}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Only Restart Containers you need to Restart}{5}}

+ 129
- 0
2019/Docker_Primer/docs/1.log View File

@ -0,0 +1,129 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016/Debian) (preloaded format=pdflatex 2019.8.17) 31 AUG 2019 00:33
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Docker_Pr
imer/docs/1.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Docker_Pri
mer/docs/1.tex
LaTeX2e <2017/01/01> patch level 3
Babel <3.9r> and hyphenation patterns for 3 language(s) loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./1.aux)
\openout1 = `1.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
No file 1.toc.
\tf@toc=\write3
\openout3 = `1.toc'.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 24.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 24.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 24.
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
LaTeX Font Info: Try loading font information for OMS+cmr on input line 34.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 34.
[2] [3]
Overfull \hbox (83.52414pt too wide) in paragraph at lines 78--79
\OT1/cmr/m/n/10.95 This means you want a vol-ume some-thing like ./con-tain-erA
[]files/logs:/var/www/log/apache2/
[]
[4] [5] (./1.aux) )
Here is how much of TeX's memory you used:
263 strings out of 494945
3163 string characters out of 6181032
51564 words of memory out of 5000000
3625 multiletter control sequences out of 15000+600000
9890 words of font info for 35 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,690b,242s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/c
m/cmbx12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr1
0.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb><
/usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/sha
re/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texli
ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf
-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/
fonts/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 1.pdf (5 pages, 109645 bytes).
PDF statistics:
52 PDF objects out of 1000 (max. 8388607)
36 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Docker_Primer/docs/1.pdf View File


+ 84
- 0
2019/Docker_Primer/docs/1.tex View File

@ -0,0 +1,84 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Docker Primer}}
\author{Steak Electronics}
\date{08/30/19}
\begin{document}
\maketitle
\tableofcontents
\section{Overview}
Docker is a program in the tradition of Virtualization. However, Docker differs from a Virtual Machine, in that it uses less resources, and allows for more containers (essentially isolated OS') to run. With Docker I can run 8 different websites on a Core 2 Duo. Docker makes it trivial to transport these websites to a new machine. It's as simple as copying the docker-compose (you should be using docker compose) yml configuration, and keeping all permenant volumes, and saved files in one folder. Docker is a little more setup upfront, but promises savings in time plus interest down the line.
\section{General Notes}
It always helps to read a book on a subject, and then keep it as a Reference. I have read ``Using Docker'' By Adrian Mouat. It is a decent book. Not bad.
Here are some general tips:
\\
\\
First off, Docker is 64 bit only for i386 architecture. ARM has a separate build. There is no 32 bit, unfortunately.
\\
\\
You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.
\\
\\
You should always use docker compose. If you read the book above, you will understand why. Docker can run on the command line (commands are somewhat complex for each container), but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it.\footnote{Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.}
\\
\\
One of the benefits of docker, is its simplicity. There are essentially two commands you will ever need to know to use docker. Both must be run as root. One is \#docker (e.g. docker restart container\_name\_here). The other is docker-compose (e.g. \#docker-compose up -d).
\\
\\
\subsection{Docker Commands Reference}
Here is just the good stuff.
\begin{itemize}
\item docker-compose up -d (starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it)
\item docker ps (lists containers running. If one fails to start, you'll see it missing from here)
\item docker logs <containername> (gives you some logging output from the container. Often enough to troubleshoot.)
\item docker exec -it <containername> /bin/bash (this will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it).
\item docker-compose restart (this will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...)
\item docker restart <containername> (this will restart one single container.)
\item docker cp <containername>:/dir/to/file dest (you can copy files from local machine to docker, or vice versa with this. Extremely useful).
\end{itemize}
Less often, you might want to know docker kill <containername> and docker rmi <containername>. The first will stop a container, the second will remove an image. If you corrupt the install of a container, the second will save you. Alternatively, you can just install a container of the same type with a new name.
\section{Specific Tips}
\subsection{YAML is space sensitive}
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
\subsection{If you restart a containers namesake process, it will probably restart / reset the container}
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
\subsection{Use a single reverse proxy, to handle multiple websites}
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
\footnote{https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far from the motorcycle.}
\subsection{If you use a single reverse proxy, Lets Encrypt can be done real easy}
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
\begin{verbatim}
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
\end{verbatim}
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:
\begin{verbatim}
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
\end{verbatim}
The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this\footnote{And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).}
\subsection{Give every Container a Containername}
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
\subsection{Beware of Interrupting Initting Containers}
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
\subsection{Put Apache or Program logs from the Container in a volume that is locally accessible}
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
\subsection{Only Restart Containers you need to Restart}
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
\end{document}

+ 163
- 0
2019/Docker_Primer/docs/1.tex~ View File

@ -0,0 +1,163 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng}
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

+ 12
- 0
2019/Docker_Primer/docs/1.toc View File

@ -0,0 +1,12 @@
\contentsline {section}{\numberline {1}Overview}{1}
\contentsline {section}{\numberline {2}General Notes}{1}
\contentsline {subsection}{\numberline {2.1}Docker Commands Reference}{2}
\contentsline {section}{\numberline {3}Specific Tips}{3}
\contentsline {subsection}{\numberline {3.1}YAML is space sensitive}{3}
\contentsline {subsection}{\numberline {3.2}If you restart a containers namesake process, it will probably restart / reset the container}{3}
\contentsline {subsection}{\numberline {3.3}Use a single reverse proxy, to handle multiple websites}{3}
\contentsline {subsection}{\numberline {3.4}If you use a single reverse proxy, Lets Encrypt can be done real easy}{3}
\contentsline {subsection}{\numberline {3.5}Give every Container a Containername}{4}
\contentsline {subsection}{\numberline {3.6}Beware of Interrupting Initting Containers}{4}
\contentsline {subsection}{\numberline {3.7}Put Apache or Program logs from the Container in a volume that is locally accessible}{4}
\contentsline {subsection}{\numberline {3.8}Only Restart Containers you need to Restart}{5}

+ 13
- 0
2019/Docker_Primer/docs/2.aux View File

@ -0,0 +1,13 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}General Notes}{2}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Docker Commands Reference}{2}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Specific Tips}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}YAML is space sensitive}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}If you restart a containers namesake process, it will probably restart / reset the container}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Use a single reverse proxy, to handle multiple websites}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}If you use a single reverse proxy, Lets Encrypt can be done easy}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Give every Container a Containername}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Beware of Interrupting Initting Containers}{5}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Put Apache or Program logs from the Container in a volume that is locally accessible}{5}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Only Restart Containers you need to Restart}{5}}

+ 130
- 0
2019/Docker_Primer/docs/2.log View File

@ -0,0 +1,130 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016/Debian) (preloaded format=pdflatex 2019.8.17) 31 AUG 2019 00:34
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Docker_Pr
imer/docs/2.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Docker_Pri
mer/docs/2.tex
LaTeX2e <2017/01/01> patch level 3
Babel <3.9r> and hyphenation patterns for 3 language(s) loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./2.aux)
\openout1 = `2.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
(./2.toc
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 3.
)
\tf@toc=\write3
\openout3 = `2.toc'.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 24.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 24.
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
Underfull \hbox (badness 10000) in paragraph at lines 15--30
[]
LaTeX Font Info: Try loading font information for OMS+cmr on input line 34.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 34.
[2] [3] [4]
Overfull \hbox (83.52414pt too wide) in paragraph at lines 78--79
\OT1/cmr/m/n/10.95 This means you want a vol-ume some-thing like ./con-tain-erA
[]files/logs:/var/www/log/apache2/
[]
[5] (./2.aux) )
Here is how much of TeX's memory you used:
267 strings out of 494945
3199 string characters out of 6181032
51564 words of memory out of 5000000
3626 multiletter control sequences out of 15000+600000
10198 words of font info for 36 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
23i,8n,19p,690b,187s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr/share
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive
/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-d
ist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/font
s/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type
1/public/amsfonts/cm/cmtt10.pfb>
Output written on 2.pdf (5 pages, 123537 bytes).
PDF statistics:
56 PDF objects out of 1000 (max. 8388607)
39 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Docker_Primer/docs/2.pdf View File


+ 84
- 0
2019/Docker_Primer/docs/2.tex View File

@ -0,0 +1,84 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Docker Primer}}
\author{Steak Electronics}
\date{08/30/19}
\begin{document}
\maketitle
\tableofcontents
\section{Overview}
Docker is a program in the tradition of Virtualization. However, Docker differs from a Virtual Machine, in that it uses less resources, and allows for more containers (essentially isolated OS') to run. With Docker I can run 8 different websites on a Core 2 Duo. Docker makes it trivial to transport these websites to a new machine. It's as simple as copying the docker-compose (you should be using docker compose) yml configuration, and keeping all permenant volumes, and saved files in one folder. Docker is a little more setup upfront, but promises savings in time plus interest down the line.
\section{General Notes}
It always helps to read a book on a subject, and then keep it as a Reference. I have read ``Using Docker'' By Adrian Mouat. It is a decent book. Not bad.
Here are some general tips:
\\
\\
First off, Docker is 64 bit only for i386 architecture. ARM has a separate build. There is no 32 bit, unfortunately.
\\
\\
You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.
\\
\\
You should always use docker compose. If you read the book above, you will understand why. Docker can run on the command line (commands are somewhat complex for each container), but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it.\footnote{Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.}
\\
\\
One of the benefits of docker, is its simplicity. There are essentially two commands you will ever need to know to use docker. Both must be run as root. One is \#docker (e.g. docker restart container\_name\_here). The other is docker-compose (e.g. \#docker-compose up -d).
\\
\\
\subsection{Docker Commands Reference}
Here is just the good stuff.
\begin{itemize}
\item docker-compose up -d (starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it)
\item docker ps (lists containers running. If one fails to start, you'll see it missing from here)
\item docker logs <containername> (gives you some logging output from the container. Often enough to troubleshoot.)
\item docker exec -it <containername> /bin/bash (this will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it).
\item docker-compose restart (this will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...)
\item docker restart <containername> (this will restart one single container.)
\item docker cp <containername>:/dir/to/file dest (you can copy files from local machine to docker, or vice versa with this. Extremely useful).
\end{itemize}
Less often, you might want to know docker kill <containername> and docker rmi <containername>. The first will stop a container, the second will remove an image. If you corrupt the install of a container, the second will save you. Alternatively, you can just install a container of the same type with a new name.
\section{Specific Tips}
\subsection{YAML is space sensitive}
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
\subsection{If you restart a containers namesake process, it will probably restart / reset the container}
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
\subsection{Use a single reverse proxy, to handle multiple websites}
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
\footnote{https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far from the motorcycle.}
\subsection{If you use a single reverse proxy, Lets Encrypt can be done easy}
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
\begin{verbatim}
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
\end{verbatim}
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:
\begin{verbatim}
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
\end{verbatim}
The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this\footnote{And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).}
\subsection{Give every Container a Containername}
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
\subsection{Beware of Interrupting Initting Containers}
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
\subsection{Put Apache or Program logs from the Container in a volume that is locally accessible}
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
\subsection{Only Restart Containers you need to Restart}
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
\end{document}

+ 84
- 0
2019/Docker_Primer/docs/2.tex~ View File

@ -0,0 +1,84 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Docker Primer}}
\author{Steak Electronics}
\date{08/30/19}
\begin{document}
\maketitle
\tableofcontents
\section{Overview}
Docker is a program in the tradition of Virtualization. However, Docker differs from a Virtual Machine, in that it uses less resources, and allows for more containers (essentially isolated OS') to run. With Docker I can run 8 different websites on a Core 2 Duo. Docker makes it trivial to transport these websites to a new machine. It's as simple as copying the docker-compose (you should be using docker compose) yml configuration, and keeping all permenant volumes, and saved files in one folder. Docker is a little more setup upfront, but promises savings in time plus interest down the line.
\section{General Notes}
It always helps to read a book on a subject, and then keep it as a Reference. I have read ``Using Docker'' By Adrian Mouat. It is a decent book. Not bad.
Here are some general tips:
\\
\\
First off, Docker is 64 bit only for i386 architecture. ARM has a separate build. There is no 32 bit, unfortunately.
\\
\\
You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.
\\
\\
You should always use docker compose. If you read the book above, you will understand why. Docker can run on the command line (commands are somewhat complex for each container), but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it.\footnote{Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.}
\\
\\
One of the benefits of docker, is its simplicity. There are essentially two commands you will ever need to know to use docker. Both must be run as root. One is \#docker (e.g. docker restart container\_name\_here). The other is docker-compose (e.g. \#docker-compose up -d).
\\
\\
\subsection{Docker Commands Reference}
Here is just the good stuff.
\begin{itemize}
\item docker-compose up -d (starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it)
\item docker ps (lists containers running. If one fails to start, you'll see it missing from here)
\item docker logs <containername> (gives you some logging output from the container. Often enough to troubleshoot.)
\item docker exec -it <containername> /bin/bash (this will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it).
\item docker-compose restart (this will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...)
\item docker restart <containername> (this will restart one single container.)
\item docker cp <containername>:/dir/to/file dest (you can copy files from local machine to docker, or vice versa with this. Extremely useful).
\end{itemize}
Less often, you might want to know docker kill <containername> and docker rmi <containername>. The first will stop a container, the second will remove an image. If you corrupt the install of a container, the second will save you. Alternatively, you can just install a container of the same type with a new name.
\section{Specific Tips}
\subsection{YAML is space sensitive}
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
\subsection{If you restart a containers namesake process, it will probably restart / reset the container}
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
\subsection{Use a single reverse proxy, to handle multiple websites}
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
\footnote{https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far from the motorcycle.}
\subsection{If you use a single reverse proxy, Lets Encrypt can be done real easy}
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
\begin{verbatim}
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
\end{verbatim}
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:
\begin{verbatim}
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
\end{verbatim}
The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this\footnote{And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).}
\subsection{Give every Container a Containername}
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
\subsection{Beware of Interrupting Initting Containers}
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
\subsection{Put Apache or Program logs from the Container in a volume that is locally accessible}
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
\subsection{Only Restart Containers you need to Restart}
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
\end{document}

+ 12
- 0
2019/Docker_Primer/docs/2.toc View File

@ -0,0 +1,12 @@
\contentsline {section}{\numberline {1}Overview}{1}
\contentsline {section}{\numberline {2}General Notes}{2}
\contentsline {subsection}{\numberline {2.1}Docker Commands Reference}{2}
\contentsline {section}{\numberline {3}Specific Tips}{3}
\contentsline {subsection}{\numberline {3.1}YAML is space sensitive}{3}
\contentsline {subsection}{\numberline {3.2}If you restart a containers namesake process, it will probably restart / reset the container}{3}
\contentsline {subsection}{\numberline {3.3}Use a single reverse proxy, to handle multiple websites}{3}
\contentsline {subsection}{\numberline {3.4}If you use a single reverse proxy, Lets Encrypt can be done easy}{4}
\contentsline {subsection}{\numberline {3.5}Give every Container a Containername}{4}
\contentsline {subsection}{\numberline {3.6}Beware of Interrupting Initting Containers}{5}
\contentsline {subsection}{\numberline {3.7}Put Apache or Program logs from the Container in a volume that is locally accessible}{5}
\contentsline {subsection}{\numberline {3.8}Only Restart Containers you need to Restart}{5}

+ 7
- 0
2019/Formatting_Latex/docs/notes View File

@ -74,6 +74,7 @@ decent, but not perfect. 7/10
https://ctan.org/pkg/langsci
Very good. perhaps, I will use this for my book (not for data sheet, unless you can horizontal line)
EDIT: too many damn blank pages need to be edited out.
https://ctan.org/pkg/elsarticle
good. 8.5/10 but needs some customization (logos, etc)
@ -124,4 +125,10 @@ https://ctan.org/pkg/microtype
not a class, but a font package that allows adjusting letterspacing. Always required.
https://ctan.org/pkg/limecv
excellent resume class. note when searching for resumes you also need to search cv or curriculum vitae whatever its called.

Loading…
Cancel
Save