„nodered/Dockerfile“ ändern

„nodered/Dockerfile.save“ löschen
2022-02-07 09:52:42 +01:00 · 2021-10-28 00:17:56 +02:00 · 2021-10-28 00:17:43 +02:00 · 2021-10-19 17:44:41 +02:00 · 2021-10-19 17:38:37 +02:00 · 2021-04-24 11:59:58 +02:00
8 changed files with 2 additions and 316 deletions
--- a/docker-ap/Dockerfile
+++ b/docker-ap/Dockerfile
@ -1,9 +0,0 @@
 FROM alpine
 MAINTAINER Jaka Hudoklin <offlinehacker@users.noreply.github.com>
 RUN apk add --no-cache bash hostapd iptables dhcp docker iproute2 iw
 RUN echo "" > /var/lib/dhcp/dhcpd.leases
 ADD wlanstart.sh /bin/wlanstart.sh
 ENTRYPOINT [ "/bin/wlanstart.sh" ]
--- a/docker-ap/README.md
+++ b/docker-ap/README.md
@ -1,82 +0,0 @@
 # Docker container stack: hostap + dhcp server 
 This container starts wireless access point (hostap) and dhcp server in docker
 container. It supports both host networking and network interface reattaching
 to container network namespace modes (host and guest).
 ## Requirements
 On the host system install required wifi drivers, then make sure your wifi adapter
 supports AP mode:
 ```
 # iw list
 ...
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * mesh point
 ...
 ```
 Set country regulations, for example, for Spain set:
 ```
 # iw reg set ES
 country ES: DFS-ETSI
        (2400 - 2483 @ 40), (N/A, 20), (N/A)
        (5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR
        (5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS
        (5470 - 5725 @ 160), (N/A, 26), (0 ms), DFS
        (57000 - 66000 @ 2160), (N/A, 40), (N/A)
 ```
 ## Build / run
 * Using host networking:
 ```
 sudo docker run -i -t -e INTERFACE=wlan1 -e OUTGOINGS=wlan0 --net host --privileged won10/hostapd
 ```
 * Using network interface reattaching:
 ```
 sudo docker run -d -t -e INTERFACE=wlan0 -v /var/run/docker.sock:/var/run/docker.sock --privileged offlinehacker/docker-ap
 ```
 This mode requires access to docker socket, so it can run a short lived
 container that reattaches network interface to network namespace of this
 container. It also renames wifi interface to **wlan0**, so you get
 deterministic networking environment. This mode can be usefull for example for
 pentesting, where can you use docker compose to run other wifi hacking tools
 and have deterministic environment with wifi interface.
 ## Environment variables
 * **INTERFACE**: name of the interface to use for wifi access point (default: wlan0)
 * **OUTGOINGS**: outgoing network interface (default: eth0)
 * **CHANNEL**: WIFI channel (default: 6)
 * **SUBNET**: Network subnet (default: 192.168.254.0)
 * **AP_ADDR**: Access point address (default: 192.168.254.1)
 * **SSID**: Access point SSID (default: docker-ap)
 * **WPA_PASSPHRASE**: WPA password (default: passw0rd)
 * **HW_MODE**: WIFI mode to use (default: g) 
 * **DRIVER**: WIFI driver to use (default: nl80211)
 * **HT_CAPAB**: WIFI HT capabilities for 802.11n (default: [HT40-][SHORT-GI-20][SHORT-GI-40]) 
 * **MODE**: Mode to run in guest/host (default: host)
 ## License
 MIT
 ## Author
 Jaka Hudoklin <jakahudoklin@gmail.com>
 Thanks to https://github.com/sdelrio/rpi-hostap for providing original
 implementation.
--- a/docker-ap/run.sh
+++ b/docker-ap/run.sh
@ -1,2 +0,0 @@
 #!/bin/bash
 docker run -i -t -e INTERFACE=wlan0 -e OUTGOINGS=eth0 --net host --privileged won10/hostapd
--- a/docker-ap/wlanstart.sh
+++ b/docker-ap/wlanstart.sh
@ -1,126 +0,0 @@
 #!/bin/bash -e
 # Check if running in privileged mode
 if [ ! -w "/sys" ] ; then
    echo "[Error] Not running in privileged mode."
    exit 1
 fi
 # Default values
 true ${INTERFACE:=wlan0}
 true ${SUBNET:=192.168.254.0}
 true ${AP_ADDR:=192.168.254.1}
 true ${SSID:=docker-ap}
 true ${CHANNEL:=11}
 true ${WPA_PASSPHRASE:=passw0rd}
 true ${HW_MODE:=g}
 true ${DRIVER:=nl80211}
 true ${HT_CAPAB:=[HT40-][SHORT-GI-20][SHORT-GI-40]}
 true ${MODE:=host}
 # Attach interface to container in guest mode
 if [ "$MODE" == "guest"  ]; then
    echo "Attaching interface to container"
    CONTAINER_ID=$(cat /proc/self/cgroup | grep -o  -e "/docker/.*" | head -n 1| sed "s/\/docker\/\(.*\)/\\1/")
    CONTAINER_PID=$(docker inspect -f '{{.State.Pid}}' ${CONTAINER_ID})
    CONTAINER_IMAGE=$(docker inspect -f '{{.Config.Image}}' ${CONTAINER_ID})
    docker run -t --privileged --net=host --pid=host --rm --entrypoint /bin/sh ${CONTAINER_IMAGE} -c "
        PHY=\$(echo phy\$(iw dev ${INTERFACE} info | grep wiphy | tr ' ' '\n' | tail -n 1))
        iw phy \$PHY set netns ${CONTAINER_PID}
    "
    ip link set ${INTERFACE} name wlan0
    INTERFACE=wlan0
 fi
 if [ ! -f "/etc/hostapd.conf" ] ; then
    cat > "/etc/hostapd.conf" <<EOF
 interface=${INTERFACE}
 driver=${DRIVER}
 ssid=${SSID}
 hw_mode=${HW_MODE}
 channel=${CHANNEL}
 wpa=2
 wpa_passphrase=${WPA_PASSPHRASE}
 wpa_key_mgmt=WPA-PSK
 # TKIP is no secure anymore
 #wpa_pairwise=TKIP CCMP
 wpa_pairwise=CCMP
 rsn_pairwise=CCMP
 wpa_ptk_rekey=600
 ieee80211n=1
 ht_capab=${HT_CAPAB}
 wmm_enabled=1 
 EOF
 fi
 # unblock wlan
 rfkill unblock wlan
 echo "Setting interface ${INTERFACE}"
 # Setup interface and restart DHCP service 
 ip link set ${INTERFACE} up
 ip addr flush dev ${INTERFACE}
 ip addr add ${AP_ADDR}/24 dev ${INTERFACE}
 # NAT settings
 echo "NAT settings ip_dynaddr, ip_forward"
 for i in ip_dynaddr ip_forward ; do 
  if [ $(cat /proc/sys/net/ipv4/$i) ]; then
    echo $i already 1 
  else
    echo "1" > /proc/sys/net/ipv4/$i
  fi
 done
 cat /proc/sys/net/ipv4/ip_dynaddr 
 cat /proc/sys/net/ipv4/ip_forward
 if [ "${OUTGOINGS}" ] ; then
   ints="$(sed 's/,\+/ /g' <<<"${OUTGOINGS}")"
   for int in ${ints}
   do
      echo "Setting iptables for outgoing traffics on ${int}..."
      iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
      iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE
      iptables -D FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -D FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT
   done
 else
   echo "Setting iptables for outgoing traffics on all interfaces..."
   iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -j MASQUERADE > /dev/null 2>&1 || true
   iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -j MASQUERADE
   iptables -D FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
   iptables -A FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -D FORWARD -i ${INTERFACE} -j ACCEPT > /dev/null 2>&1 || true
   iptables -A FORWARD -i ${INTERFACE} -j ACCEPT
 fi
 echo "Configuring DHCP server .."
 cat > "/etc/dhcp/dhcpd.conf" <<EOF
 option domain-name-servers 8.8.8.8, 8.8.4.4;
 option subnet-mask 255.255.255.0;
 option routers ${AP_ADDR};
 subnet ${SUBNET} netmask 255.255.255.0 {
  range ${SUBNET::-1}100 ${SUBNET::-1}200;
 }
 EOF
 echo "Starting DHCP server .."
 dhcpd ${INTERFACE}
 echo "Starting HostAP daemon ..."
 /usr/sbin/hostapd /etc/hostapd.conf 
--- a/nodered/Dockerfile
+++ b/nodered/Dockerfile
@ -1,5 +1,4 @@
-FROM nodered/node-red:1.2.9
+FROM nodered/node-red:2.2.0
 USER root
 RUN apk update && apk upgrade && \
--- a/nodered/Dockerfile.save
+++ b/nodered/Dockerfile.save
@ -1,89 +0,0 @@
 FROM node:lts-buster AS base
 # Copy scripts
 COPY scripts/*.sh /tmp/
 RUN mkdir -p /usr/src/node-red /data && \
    deluser --remove-home node && \
    adduser --gecos "" --home /usr/src/node-red --disabled-login --uid 1000 node-red && \
    chown -R node-red:node-red /data && \
    chown -R node-red:node-red /usr/src/node-red && \
    chmod +x /tmp/*.sh
 # Install tools, create Node-RED app and data dir, add user and set rights
 RUN set -ex && \
    apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y \
        bash \
        tzdata \
        iputils-ping \
        iputils-arping \
        curl \
        nano \
        git \
        openssl \
        openssh-client
 # Set work directory
 WORKDIR /usr/src/node-red
 # package.json contains Node-RED NPM module and node dependencies
 COPY package.json .
 #### Stage BUILD #######################################################################################################
 FROM base AS build
 # Install Build tools
 RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get -y install build-essential linux-headers-$(uname -r) udev python && \
    npm install --unsafe-perm --no-update-notifier --only=production
 RUN /tmp/remove_native_gpio.sh && \
    cp -R node_modules prod_node_modules
 #### Stage RELEASE #####################################################################################################
 FROM base AS RELEASE
 COPY --from=build /usr/src/node-red/prod_node_modules ./node_modules
 # Chown, install devtools & Clean up
 RUN chown -R node-red:node-red /usr/src/node-red && \
    /tmp/install_devtools.sh && \
    rm -r /tmp/*
 RUN set -ex \
 	&& apt-get install -y wget sudo net-tools dhcpdump rfkill bluetooth bluez bluez-tools arp-scan libpcap-dev
 RUN addgroup node-red sudo
 RUN cat /dev/null > /etc/sudoers \
 	&& echo -e "Set disable_coredump false\n" > /etc/sudo.conf \
 	&& touch /etc/sudoers \
 	&& echo  "node-red ALL=(ALL) NOPASSWD: ALL\n%sudo ALL=(ALL) NOPASSWD: ALL\n" > /etc/sudoers \
 	&& chmod 0440 /etc/sudoers
 RUN apt-get clean autoclean && \
    apt-get autoremove --yes && \
    rm -rf /var/lib/{apt,dpkg,cache,log}/
 USER node-red
 # Env variables
 ENV NODE_RED_VERSION=$NODE_RED_VERSION \
    NODE_PATH=/usr/src/node-red/node_modules:/data/node_modules \
    FLOWS=flows.json
 # ENV NODE_RED_ENABLE_SAFE_MODE=true    # Uncomment to enable safe start mode (flows not running)
 # ENV NODE_RED_ENABLE_PROJECTS=true     # Uncomment to enable projects option
 # User configuration directory volume
 VOLUME ["/data"]
 # Expose the listening port of node-red
 EXPOSE 1880
 # Add a healthcheck (default every 30 secs)
 HEALTHCHECK CMD curl http://localhost:1880/ || exit 1
 ENTRYPOINT ["npm", "start", "--", "--userDir", "/data"]
--- a/raspap/Dockerfile
+++ b/raspap/Dockerfile
@ -1,5 +0,0 @@
 FROM fauust/docker-systemd:debian-10
 RUN apt-get update && apt-get upgrade --yes && apt-get install curl wget sudo procps --yes
 RUN curl -sL https://install.raspap.com | bash -s -- --yes
--- a/telegraf/Dockerfile
+++ b/telegraf/Dockerfile
@ -1,3 +1,3 @@
-FROM telegraf:1.17-alpine
+FROM telegraf:alpine
 RUN apk update && apk upgrade && \
    apk --no-cache add unbound
Author	SHA1	Message	Date
Joshua Schnabel	92baa514d2	„nodered/Dockerfile“ ändern	2022-02-07 09:52:42 +01:00
Joshua Schnabel	59203c1c30	„nodered/Dockerfile.save“ löschen	2021-10-28 00:17:56 +02:00
Joshua Schnabel	9fb402fa2b	„nodered/Dockerfile“ ändern	2021-10-28 00:17:43 +02:00
Joshua Schnabel (Atlantis)	7aa52fcc2c	remove	2021-10-19 17:44:41 +02:00
Joshua Schnabel	09fbcc881b	„nodered/Dockerfile“ ändern	2021-10-19 17:38:37 +02:00
Joshua Schnabel (Atlantis)	8bd07d2a77	Merge branch 'master' of https://git.joshua-schnabel.de/joshua_schnabel/docker-images	2021-04-24 11:59:58 +02:00
Joshua Schnabel (Atlantis)	fef4e6b347	Update	2021-04-24 11:59:13 +02:00
Joshua Schnabel	b65bea2772	„telegraf/Dockerfile“ ändern	2021-04-24 11:58:10 +02:00
Joshua Schnabel	6d24d5aa21	„nodered/Dockerfile“ ändern	2021-04-24 11:57:25 +02:00
		`@ -1,2 +0,0 @@`
			`#!/bin/bash`
			`docker run -i -t -e INTERFACE=wlan0 -e OUTGOINGS=eth0 --net host --privileged won10/hostapd`