Monthly Archives: February 2022

Uncategorized

Docker / PODMAN in linux

Leave a comment

First installed podman-compose then created docker file with name docker-compose.yml :

version: '3.1'

services:

  wordpress:
    image: wordpress1
    restart: always
    ports:
      - 8080:80
    environment:
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: mydbuser
      WORDPRESS_DB_PASSWORD: mydbpassword
      WORDPRESS_DB_NAME: mydb
    volumes:
      - wordpress:/var/www/html
      - logs:/var/log/apache2

  db:
    image: wordpress1db
    restart: always
    environment:
      MYSQL_DATABASE: mydb
      MYSQL_USER: mydbuser
      MYSQL_PASSWORD: mydbpassword
      MYSQL_RANDOM_ROOT_PASSWORD: '1'
    volumes:
      - db:/var/lib/mysql

volumes:
  wordpress:
  db:
  logs:

now run :

podman-compose up -d

It will create containers and run webserver at 8080 port.

to stop and remove the containers run

podman-compose down

The docker file will create containers for webserver from image wordpress1 and container for database server from image wordpress1db, please check and update image name incase of any problem. Also you can commit after any change to webserver / mysql configuration to create another image locally.

The running containers will share storage outside the docker for mysql database files(/var/lib/mysql) in named space db and website (/var/www/html) at named space wordpress. These named spaces can be looked by running:

# podman volume ls

DRIVER      VOLUME NAME
local       fcab36796140245f735851f808b193c38e4771143db12ead1c59ce2b5fa3177e
local       WordPress_db
local       WordPress_logs
local       WordPress_wordpress

now run following to find out the actual location of the volumes

# podman volume inspect WordPress_db WordPress_wordpress
[
    {
        "Name": "WordPress_db",
        "Driver": "local",
        "Mountpoint": "/var/lib/containers/storage/volumes/WordPress_db/_data",
        "CreatedAt": "2022-01-31T18:54:23.157971622+05:30",
        "Labels": {
            "io.podman.compose.project": "WordPress"
        },
        "Scope": "local",
        "Options": {}
    },
    {
        "Name": "WordPress_wordpress",
        "Driver": "local",
        "Mountpoint": "/var/lib/containers/storage/volumes/WordPress_wordpress/_data",
        "CreatedAt": "2022-01-31T18:54:19.661705064+05:30",
        "Labels": {
            "io.podman.compose.project": "WordPress"
        },
        "Scope": "local",
        "Options": {}
    }
]

You can add/modify webserver files located at /var/lib/containers/storage/volumes/WordPress_wordpress/_data

To login to any of the containers above first findout the names of containers by running

]# podman container ls
CONTAINER ID  IMAGE                   COMMAND               CREATED      STATUS          PORTS                                        NAMES
4f7976ee3529  k8s.gcr.io/pause:3.5                          4 hours ago  Up 4 hours ago  0.0.0.0:8080->80/tcp  bca02e003722-infra
171df0e7c268  localhost/wp1:latest    apache2-foregroun...  4 hours ago  Up 4 hours ago  0.0.0.0:8080->80/tcp  WordPress_wordpress_1
70c70112d52b  localhost/wp1db:latest  mysqld                4 hours ago  Up 4 hours ago  0.0.0.0:8080->80/tcp  WordPress_db_1

the last word in each line is the name i.e. WordPress_wordpress_1 and WordPress_db_1 are the container names. Now to login to wordpress (webserver) type the following

# podman exec -ti WordPress_wordpress_1 /bin/bash
root@171df0e7c268:/var/www/html#

similarly for the db server type:

podman exec -ti WordPress_db_1 /bin/bash
root@70c70112d52b:/#

Uncategorized

Installation of Reverse Proxy HAPROXY

Leave a comment

Generated dhparams.pem for haproxy moved to its directory linked it in the haproxy.cfg file

Kept most global options in the cfg file. Add lines for frontend and backend.

frontend default
   bind :80
   http-request redirect scheme https unless { ssl_fc }
   use_backend % [req.hdr(host),lower,map_dom(/etc/haproxy/maps/hosts.map,be_default)]

   default_backend             acer2

create hosts.map file for each and every host, each line must have host name and backend name like

acer2.nmlindia.org acer2

for each altername port create a frontend like above just replace :80 with say :8080 and provide another map file for hosts handing this port

    backend acer2
        mode http
        http-request redirect scheme https unless { ssl_fc }
        server acer2 acer2.nmlindia.org:8888 check

the line

http-request redirect scheme https unless { ssl_fc }

controls the reirection in case the traffic is SSL

if nonSSL site comment out in both default block and backend block

the port 8888 indicates the port where the website is running

frontend https
   bind *:443 ssl crt-list /etc/haproxy/ssl/private/crt-list.txt   # crt /etc/haproxy/ssl/bdpc-ssl.pem
   mode tcp
   tcp-request inspect-delay 5s
   tcp-request content accept if { req_ssl_hello_type 1 }
   use_backend acer2 if { ssl_fc_sni acer2.nmlindia.org }

Provide certificate path and mode should be tcp for SSL port