From 741584446cf032227c5be8e99ab0eaf304110c4b Mon Sep 17 00:00:00 2001 From: ZennDev1337 Date: Thu, 21 Dec 2023 13:00:56 +0100 Subject: [PATCH] Added Wiki for Linux Proxmox and div. Software-installs --- Linux/Dotfiles-sync-git.md | 132 ++++ Linux/Git.md | 122 +++ Linux/Grep.md | 583 +++++++++++++++ Linux/Qemu.md | 36 + Linux/SSH.md | 16 + Linux/UFW-Essentials.md | 661 ++++++++++++++++ Linux/WSL.md | 123 +++ Proxmox/Notification/Email-Konfigurieren.md | 85 +++ Proxmox/Notification/ZFS-Alarm.md | 53 ++ Software-Install/Bitwarden/Cert.md | 188 +++++ Software-Install/Bitwarden/Install.md | 252 +++++++ Software-Install/Docker/Compose.md | 197 +++++ Software-Install/Docker/Guide-de.md | 787 +++++++++++++++++++ Software-Install/Docker/Guide-en.md | 788 ++++++++++++++++++++ Software-Install/Docker/Install-ce.md | 223 ++++++ Software-Install/Minecraft-Server.md | 80 ++ Software-Install/Wordpress.md | 211 ++++++ 17 files changed, 4537 insertions(+) create mode 100644 Linux/Dotfiles-sync-git.md create mode 100644 Linux/Git.md create mode 100644 Linux/Grep.md create mode 100644 Linux/Qemu.md create mode 100644 Linux/SSH.md create mode 100644 Linux/UFW-Essentials.md create mode 100644 Linux/WSL.md create mode 100644 Proxmox/Notification/Email-Konfigurieren.md create mode 100644 Proxmox/Notification/ZFS-Alarm.md create mode 100644 Software-Install/Bitwarden/Cert.md create mode 100644 Software-Install/Bitwarden/Install.md create mode 100644 Software-Install/Docker/Compose.md create mode 100644 Software-Install/Docker/Guide-de.md create mode 100644 Software-Install/Docker/Guide-en.md create mode 100644 Software-Install/Docker/Install-ce.md create mode 100644 Software-Install/Minecraft-Server.md create mode 100644 Software-Install/Wordpress.md diff --git a/Linux/Dotfiles-sync-git.md b/Linux/Dotfiles-sync-git.md new file mode 100644 index 0000000..1035de7 --- /dev/null +++ b/Linux/Dotfiles-sync-git.md @@ -0,0 +1,132 @@ +## Kompletter Neueinstieg + +Wenn du deine Konfigurationen noch nicht in einem Git-Repository verfolgt hast, kannst diese Technik einfach mit diesen Zeilen verwenden: + +``` +git init --bare $HOME/.cfg +alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +config config --local status.showUntrackedFiles no +echo "alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME'" >> $HOME/.bashrc +``` + +- Die erste Zeile erstellt den Ordner `~/.cfg`, der ein [Git-Bare-Repository](http://www.saintsjd.com/2011/01/what-is-a-bare-git-repository/) ist, das unsere Dateien verfolgt. +- Dann erstellen wir eine Alias-`config`, die wir anstelle des regulären `git` verwenden, wenn wir mit unserem Konfigurations-Repository interagieren möchten. +- Wir setzen lokal für das Repository ein Flag, um Dateien auszublenden, die wir noch nicht explizit verfolgen. Auf diese Weise werden Dateien, die du nicht verfolgen möchtest, nicht als `nicht verfolgt` angezeigt, wenn du später `config status` und andere Befehle eingibst. +- Du kannst die Aliasdefinition auch von Hand zu deiner `.bashrc` hinzufügen oder die vierte Zeile verwenden, die der Einfachheit halber zur Verfügung gestellt wird. + +Ich habe die obigen Zeilen in ein [Snippet](https://bitbucket.org/snippets/nicolapaolucci/ergX9) in Bitbucket gepackt und über eine kurze URL verlinkt. Auf diese Weise kannst du hiermit deine Einrichtung vornehmen: + +``` +curl -Lks http://bit.do/cfg-init | /bin/bash +``` + +Nachdem du die Einrichtung ausgeführt hast, kann jede Datei im `$HOME-Ordner` mit normalen Befehlen versioniert werden, wobei `git` durch deinen neu erstellten `config`-Alias ersetzt wird, wie z. B.: + +``` +config status +config add .vimrc +config commit -m "Add vimrc" +config add .bashrc +config commit -m "Add bashrc" +config push +``` + +## Installation deiner Punktdateien auf einem neuen System (oder Migration zu diesem Setup) + +Wenn du deine Konfigurations-/Punktdateien bereits in einem [Git-Repository](https://www.atlassian.com/de/git) aufbewahrst, kannst du auf einem neuen System mit den folgenden Schritten zu dieser Einrichtung migrieren: + +- Vergewissere dich vor der Installation, dass du den Alias für deine `.bashrc` oder `.zsh` committet hast: + +``` +alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +``` + +- Dein Quell-Repository muss den Ordner ignorieren, in dem du es klonen wirst, damit keine seltsamen Rekursionsprobleme verursacht werden: + +``` +echo ".cfg" >> .gitignore +``` + +- Klone nun deine Punktdateien in ein [Bare](http://www.saintsjd.com/2011/01/what-is-a-bare-git-repository/)-Repository in einem "_Punkt_"-Ordner deines `$HOME`: + +``` +git clone --bare  $HOME/.cfg +``` + +- Definiere den Alias im aktuellen Shell-Bereich: + +``` +alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +``` + +- Checke den eigentlichen Inhalt aus dem Bare-Repository in deinen `$HOME`-Ordner aus: + +``` +config checkout +``` + +- Der obige Schritt schlägt möglicherweise mit einer Meldung wie folgt fehl: + +``` +error: The following untracked working tree files would be overwritten by checkout: +    .bashrc +    .gitignore +Please move or remove them before you can switch branches. +Aborting +``` + +Dies liegt daran, dass dein `$HOME`-Ordner möglicherweise bereits einige Standardkonfigurationsdateien enthält, die von Git überschrieben würden. Die Lösung ist einfach: Sichere die Dateien, wenn sie dir wichtig sind, und entferne sie, wenn sie nicht von Bedeutung sind. Mit dem folgenden Shortcut kannst du alle störenden Dateien automatisch in einen Sicherungsordner verschieben: + +``` +mkdir -p .config-backup &&\ +config checkout 2>&1 | egrep "\s+\." | awk {'print $1'} |\ +xargs -I{} mv {} .config-backup/{} +``` + +- Führe das Auschecken erneut durch, wenn du Probleme hattest: + +``` +config checkout +``` + +- Setze das Flag `showUntrackedFiles` in diesem spezifischen (lokalen) Repository auf `no`: + +``` +config config --local status.showUntrackedFiles no +``` + +- Nun bist du fertig und kannst ab jetzt `config`-Befehle eingeben, um deine Punktdateien hinzuzufügen und zu aktualisieren: + +``` +config status +config add .vimrc +config commit -m "Add vimrc" +config add .bashrc +config commit -m "Add bashrc" +config push +``` + +Um dich nicht an all diese Schritte erinnern zu müssen, wenn du einen neuen Rechner einrichten möchtest, kannst du ein einfaches Skript erstellen, es wie ich [als Bitbucket-Snippet speichern](https://bitbucket.org/snippets/nicolapaolucci/7rE9K), [eine kurze URL dafür erstellen](http://bit.do/) und es so aufrufen: + +``` +curl -Lks http://bit.do/cfg-install | /bin/bash +``` + +Der Vollständigkeit halber habe ich das gemacht (getestet auf vielen frischgebackenen [Alpine Linux-Containern](http://www.alpinelinux.org/)): + +``` +git clone --bare https://bitbucket.org/durdn/cfg.git $HOME/.cfg +function config { +   /usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME $@ +} +mkdir -p .config-backup +config checkout +if [ $? = 0 ]; then +  echo "Checked out config."; +  else +    echo "Backing up pre-existing dot files."; +    config checkout 2>&1 | egrep "\s+\." | awk {'print $1'} | xargs -I{} mv {} .config-backup/{} +fi; +config checkout +config config status.showUntrackedFiles no +``` diff --git a/Linux/Git.md b/Linux/Git.md new file mode 100644 index 0000000..459eb60 --- /dev/null +++ b/Linux/Git.md @@ -0,0 +1,122 @@ +# Git Basic commands + +Neue Files werden mit `git add .` gestasht somit sind diese in der Que um hochgeladen zu werden. Alle files aus der `.gitignore` file werden dabei ignoriert. + +``` +git add . +``` + +Wir können einen neuen Commit mit `git commit -m " "` erstellen in den Anführungszeichen, kommt die Message bzw. der Kommentar hin. + +``` +git commit -m "Commit Message" +``` + +Wenn du nicht spezifische files in einen Commit staschen willst sondern alle geänderten files commiten willst kannst du damit alles adden und commiten: + +``` +git commit -am "Commit Message" +``` + +Um deine Commits in den Remote zu laden: + +``` +git push -u origin [master/main] # bzw. BranchName anstelle von Master/Main +``` + +Um deinen Lokalen Master/Main auf den neusten Stand zu bringen verwende: + +``` +git pull origin [master/main] +``` + +Um den neusten Commit zu löschen verwende: + +``` +git reset HEAD~1 +``` + +## Branches + +Neue Remote Branches können mit git fetch geladen werden. + +``` +git fetch --all +``` + +Um eine Lokale Branch zu erstellen kannst du folgenden command verwenden: + +``` +git checkout -b +``` + +Um diese Branch auch im Remote Origin zu erstellen benutze: + +``` +git push --set-upstream origin branch-name +``` + +Um eine Lokale Branch zu löschen kannst du folgenden command verwenden: + +``` +git branch -d +``` + +Mit git switch kannst du direkt auf eine Branch einen checkout machen welche nur im remote existiert. + +``` +git switch # Checkout und fetch einer bestehenden Branch im Remote + +git switch -c # Erstellt eine neue Branch +``` + +## Git Merge + +Um die neusten updates in deine Branch zu fetchen kannst du folgende commands ausführen: + +``` +git checkout yourWorkingBranch # Moved dich in deine Branch +git fetch origin # Updated deine Origin Branch +git merge origin/[master/main] # Update deiner branch mit dem Master/Main +``` + +# Git init neue Repo + +Um ein neues repo zu erstellen, benutzen wir Lokal git init. + +``` +git init +``` + +Damit wird der .git folder erstellt.\ +Wir erstellen jetzt die Main Branch welche wir auch in unserem Remote haben werden. + +``` +git branch -M main +``` + +Wir müssen nun ein Remote hinzufügen. Dies ist mit folgendem command möglich: + +``` +git remote add origin git@github.com:[DeinUsername]/DeinProjektName.git +``` + +Jetzt können wir unseren ersten Commit Pushen damit das Projekt ersteinmal auf dem Remote ist. + +``` +git add . +git commit -m "first commit" +git push -u origin main +``` + +# Git Config + +``` +git config --global user.name "YOUR_USERNAME" +git config --global user.email "im_satoshi@musk.com" +git config --global --list # Um deine Infos zu überprüfen +``` + +# Upload / Sync 2 Repos + + diff --git a/Linux/Grep.md b/Linux/Grep.md new file mode 100644 index 0000000..67f3dd8 --- /dev/null +++ b/Linux/Grep.md @@ -0,0 +1,583 @@ +# Using Grep & Regular Expressions to Search for Text Patterns in Linux + +## Introduction + +The `grep` command is one of the most useful commands in a Linux terminal environment. The name `grep` stands for "global regular expression print". This means that you can use `grep` to check whether the input it receives matches a specified pattern. This seemingly trivial program is extremely powerful; its ability to sort input based on complex rules makes it a popular link in many command chains. + +In this tutorial, you will explore the `grep` command's options, and then you'll dive into using regular expressions to do more advanced searching. + +## Prerequisites + +To follow along with this guide, you will need access to a computer running a Linux-based operating system. This can either be a virtual private server which you've connected to with SSH or your local machine. Note that this tutorial was validated using a Linux server running Ubuntu 20.04, but the examples given should work on a computer running any version of any Linux distribution. + +If you plan to use a remote server to follow this guide, we encourage you to first complete our [Initial Server Setup guide](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04). Doing so will set you up with a secure server environment --- including a non-**root** user with `sudo` privileges and a firewall configured with UFW --- which you can use to build your Linux skills. + +## Basic Usage + +In this tutorial, you'll use `grep` to search the [GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.en.html) for various words and phrases. + +If you're on an Ubuntu system, you can find the file in the `/usr/share/common-licenses` folder. Copy it to your home directory: + +``` +cp /usr/share/common-licenses/GPL-3 . + +``` + +If you're on another system, use the `curl` command to download a copy: + +``` +curl -o GPL-3 https://www.gnu.org/licenses/gpl-3.0.txt + +``` + +You'll also use the BSD license file in this tutorial. On Linux, you can copy that to your home directory with the following command: + +``` +cp /usr/share/common-licenses/BSD . + +``` + +If you're on another system, create the file with the following command: + +``` +cat << 'EOF' > BSD +Copyright (c) The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1\. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2\. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3\. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. +EOF + +``` + +Now that you have the files, you can start working with `grep`. + +In the most basic form, you use `grep` to match literal patterns within a text file. This means that if you pass `grep` a word to search for, it will print out every line in the file containing that word. + +Execute the following command to use `grep` to search for every line that contains the word `GNU`: + +``` +grep "GNU" GPL-3 + +``` + +The first argument, `GNU`, is the pattern you're searching for, while the second argument, `GPL-3`, is the input file you wish to search. + +The resulting output will be every line containing the pattern text: + +``` +Output + GNU GENERAL PUBLIC LICENSE + The GNU General Public License is a free, copyleft license for +the GNU General Public License is intended to guarantee your freedom to +GNU General Public License for most of our software; it applies also to + Developers that use the GNU GPL protect your rights with two steps: + "This License" refers to version 3 of the GNU General Public License. + 13. Use with the GNU Affero General Public License. +under version 3 of the GNU Affero General Public License into a single +... +... + +``` + +On some systems, the pattern you searched for will be highlighted in the output. + +### Common Options + +By default, `grep` will search for the exact specified pattern within the input file and return the lines it finds. You can make this behavior more useful though by adding some optional flags to `grep`. + +If you want `grep` to ignore the "case" of your search parameter and search for both upper- and lower-case variations, you can specify the `-i` or `--ignore-case` option. + +Search for each instance of the word `license` (with upper, lower, or mixed cases) in the same file as before with the following command: + +``` +grep -i "license" GPL-3 + +``` + +The results contain: `LICENSE`, `license`, and `License`: + +``` +Output + GNU GENERAL PUBLIC LICENSE + of this license document, but changing it is not allowed. + The GNU General Public License is a free, copyleft license for + The licenses for most software and other practical works are designed +the GNU General Public License is intended to guarantee your freedom to +GNU General Public License for most of our software; it applies also to +price. Our General Public Licenses are designed to make sure that you +(1) assert copyright on the software, and (2) offer you this License + "This License" refers to version 3 of the GNU General Public License. + "The Program" refers to any copyrightable work licensed under this +... +... + +``` + +If there was an instance with `LiCeNsE`, that would have been returned as well. + +If you want to find all lines that **do not** contain a specified pattern, you can use the `-v` or `--invert-match` option. + +Search for every line that does not contain the word `the` in the BSD license with the following command: + +``` +grep -v "the" BSD + +``` + +You'll receive this output: + +``` +Output +All rights reserved. + +Redistribution and use in source and binary forms, with or without +are met: + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +... +... + +``` + +Since you did not specify the "ignore case" option, the last two items were returned as not having the word `the`. + +It is often useful to know the line number that the matches occur on. You can do this by using the `-n` or `--line-number` option. Re-run the previous example with this flag added: + +``` +grep -vn "the" BSD + +``` + +This will return the following text: + +``` +Output +2:All rights reserved. +3: +4:Redistribution and use in source and binary forms, with or without +6:are met: +13: may be used to endorse or promote products derived from this software +14: without specific prior written permission. +15: +16:THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +17:ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +... +... + +``` + +Now you can reference the line number if you want to make changes to every line that does not contain `the`. This is especially handy when working with source code. + +## Regular Expressions + +In the introduction, you learned that `grep` stands for "global regular expression print". A "regular expression" is a text string that describes a particular search pattern. + +Different applications and programming languages implement regular expressions slightly differently. In this tutorial you will only be exploring a small subset of the way that `grep` describes its patterns. + +### Literal Matches + +In the previous examples in this tutorial, when you searched for the words `GNU` and `the`, you were actually searching for basic regular expressions which matched the exact string of characters `GNU` and `the`. Patterns that exactly specify the characters to be matched are called "literals" because they match the pattern literally, character-for-character. + +It is helpful to think of these as matching a string of characters rather than matching a word. This will become a more important distinction as you learn more complex patterns. + +All alphabetical and numerical characters (as well as certain other characters) are matched literally unless modified by other expression mechanisms. + +### Anchor Matches + +Anchors are special characters that specify where in the line a match must occur to be valid. + +For instance, using anchors, you can specify that you only want to know about the lines that match `GNU` at the very beginning of the line. To do this, you could use the `^` anchor before the literal string. + +Run the following command to search the `GPL-3` file and find lines where `GNU` occurs at the very beginning of a line: + +``` +grep "^GNU" GPL-3 + +``` + +This command will return the following two lines: + +``` +Output +GNU General Public License for most of our software; it applies also to +GNU General Public License, you may choose any version ever published + +``` + +Similarly, you use the `$` anchor at the end of a pattern to indicate that the match will only be valid if it occurs at the very end of a line. + +This command will match every line ending with the word `and` in the `GPL-3` file: + +``` +grep "and$" GPL-3 + +``` + +You'll receive this output: + +``` +Output +that there is no warranty for this free software. For both users' and + The precise terms and conditions for copying, distribution and + License. Each licensee is addressed as "you". "Licensees" and +receive it, in any medium, provided that you conspicuously and + alternative is allowed only occasionally and noncommercially, and +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +provisionally, unless and until the copyright holder explicitly and +receives a license from the original licensors, to run, modify and +make, use, sell, offer for sale, import and otherwise run, modify and + +``` + +### Matching Any Character + +The period character (.) is used in regular expressions to mean that any single character can exist at the specified location. + +For example, to match anything in the `GPL-3` file that has two characters and then the string `cept`, you would use the following pattern: + +``` +grep "..cept" GPL-3 + +``` + +This command returns the following output: + +``` +Output +use, which is precisely where it is most unacceptable. Therefore, we +infringement under applicable copyright law, except executing it on a +tells the user that there is no warranty for the work (except to the +License by making exceptions from one or more of its conditions. +form of a separately written license, or stated as exceptions; + You may not propagate or modify a covered work except as expressly + 9. Acceptance Not Required for Having Copies. +... +... + +``` + +This output has instances of both `accept` and `except` and variations of the two words. The pattern would also have matched `z2cept` if that was found as well. + +### Bracket Expressions + +By placing a group of characters within brackets (`\[` and `\]`), you can specify that the character at that position can be any one character found within the bracket group. + +For example, to find the lines that contain `too` or `two`, you would specify those variations succinctly by using the following pattern: + +``` +grep "t[wo]o" GPL-3 + +``` + +The output shows that both variations exist in the file: + +``` +Output +your programs, too. +freedoms that you received. You must make sure that they, too, receive + Developers that use the GNU GPL protect your rights with two steps: +a computer network, with no transfer of a copy, is not conveying. +System Libraries, or general-purpose tools or generally available free + Corresponding Source from a network server at no charge. +... +... + +``` + +Bracket notation gives you some interesting options. You can have the pattern match anything **except** the characters within a bracket by beginning the list of characters within the brackets with a `^` character. + +This example is like the pattern `.ode`, but will not match the pattern `code`: + +``` +grep "[^c]ode" GPL-3 + +``` + +Here's the output you'll receive: + +``` +Output + 1\. Source Code. + model, to give anyone who possesses the object code either (1) a +the only significant mode of use of the product. +notice like this when it starts in an interactive mode: + +``` + +Notice that in the second line returned, there is, in fact, the word `code`. This is not a failure of the regular expression or grep. Rather, this line was returned because earlier in the line, the pattern `mode`, found within the word `model`, was found. The line was returned because there was an instance that matched the pattern. + +Another helpful feature of brackets is that you can specify a range of characters instead of individually typing every available character. + +This means that if you want to find every line that begins with a capital letter, you can use the following pattern: + +``` +grep "^[A-Z]" GPL-3 + +``` + +Here's the output this expression returns: + +``` +Output +GNU General Public License for most of our software; it applies also to +States should not allow patents to restrict development and use of +License. Each licensee is addressed as "you". "Licensees" and +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +System Libraries, or general-purpose tools or generally available free +Source. +User Product is transferred to the recipient in perpetuity or for a +... +... + +``` + +Due to some legacy sorting issues, it is often more accurate to use POSIX character classes instead of character ranges like you just used. + +To discuss every POSIX character class would be beyond the scope of this guide, but an example that would accomplish the same procedure as the previous example uses the `\[:upper:\]` character class within a bracket selector: + +``` +grep "^[[:upper:]]" GPL-3 + +``` + +The output will be the same as before. + +### Repeat Pattern Zero or More Times + +Finally, one of the most commonly used meta-characters is the asterisk, or `*`, which means "repeat the previous character or expression zero or more times". + +To find each line in the `GPL-3` file that contains an opening and closing parenthesis, with only letters and single spaces in between, use the following expression: + +``` +grep "([A-Za-z ]*)" GPL-3 + +``` + +You'll get the following output: + +``` +Output + Copyright (C) 2007 Free Software Foundation, Inc. +distribution (with or without modification), making available to the +than the work as a whole, that (a) is included in the normal form of +Component, and (b) serves only to enable use of the work with that +(if any) on which the executable work runs, or a compiler used to + (including a physical distribution medium), accompanied by the + (including a physical distribution medium), accompanied by a + place (gratis or for a charge), and offer equivalent access to the +... +... + +``` + +So far you've used periods, asterisks, and other characters in your expressions, but sometimes you need to search for those characters specifically. + +### Escaping Meta-Characters + +There are times where you'll need to search for a literal period or a literal opening bracket, especially when working with source code or configuration files. Because these characters have special meaning in regular expressions, you need to "escape" these characters to tell `grep` that you do not wish to use their special meaning in this case. + +You escape characters by using the backslash character (`\`) in front of the character that would normally have a special meaning. + +For instance, to find any line that begins with a capital letter and ends with a period, use the following expression which escapes the ending period so that it represents a literal period instead of the usual "any character" meaning: + +``` +grep "^[A-Z].*\.$" GPL-3 + +``` + +This is the output you'll see: + +``` +Output +Source. +License by making exceptions from one or more of its conditions. +License would be to refrain entirely from conveying the Program. +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. +SUCH DAMAGES. +Also add information on how to contact you by electronic and paper mail. + +``` + +Now let's look at other regular expression options. + +## Extended Regular Expressions + +The `grep` command supports a more extensive regular expression language by using the `-E` flag or by calling the `egrep` command instead of `grep`. + +These options open up the capabilities of "extended regular expressions". Extended regular expressions include all of the basic meta-characters, along with additional meta-characters to express more complex matches. + +### Grouping + +One of the most useful abilities that extended regular expressions open up is the ability to group expressions together to manipulate or reference as one unit. + +To group expressions together, wrap them in parentheses. If you would like to use parentheses without using extended regular expressions, you can escape them with the backslash to enable this functionality. This means that the following three expressions are functionally equivalent: + +``` +grep "\(grouping\)" file.txt +grep -E "(grouping)" file.txt +egrep "(grouping)" file.txt + +``` + +### Alternation + +Similar to how bracket expressions can specify different possible choices for single character matches, alternation allows you to specify alternative matches for strings or expression sets. + +To indicate alternation, use the pipe character `|`. These are often used within parenthetical grouping to specify that one of two or more possibilities should be considered a match. + +The following will find either `GPL` or `General Public License` in the text: + +``` +grep -E "(GPL|General Public License)" GPL-3 + +``` + +The output looks like this: + +``` +Output + The GNU General Public License is a free, copyleft license for +the GNU General Public License is intended to guarantee your freedom to +GNU General Public License for most of our software; it applies also to +price. Our General Public Licenses are designed to make sure that you + Developers that use the GNU GPL protect your rights with two steps: + For the developers' and authors' protection, the GPL clearly explains +authors' sake, the GPL requires that modified versions be marked as +have designed this version of the GPL to prohibit the practice for those +... +... + +``` + +Alternation can select between more than two choices by adding additional choices within the selection group separated by additional pipe (`|`) characters. + +### Quantifiers + +Like the `*` meta-character that matched the previous character or character set zero or more times, there are other meta-characters available in extended regular expressions that specify the number of occurrences. + +To match a character zero or one times, you can use the `?` character. This makes character or character sets that came before optional, in essence. + +The following matches `copyright` and `right` by putting `copy` in an optional group: + +``` +grep -E "(copy)?right" GPL-3 + +``` + +You'll receive this output: + +``` +Output + Copyright (C) 2007 Free Software Foundation, Inc. + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +know their rights. + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License + "Copyright" also means copyright-like laws that apply to other kinds of +... + +``` + +The `+` character matches an expression one or more times. This is almost like the `*` meta-character, but with the `+` character, the expression **must** match at least once. + +The following expression matches the string `free` plus one or more characters that are not white space characters: + +``` +grep -E "free[^[:space:]]+" GPL-3 + +``` + +You'll see this output: + +``` +Output + The GNU General Public License is a free, copyleft license for +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to + When we speak of free software, we are referring to freedom, not +have the freedom to distribute copies of free software (and charge for +you modify it: responsibilities to respect the freedom of others. +freedomss that you received. You must make sure that they, too, receive +protecting users' freedom to change the software. The systematic +of the GPL, as needed to protect the freedom of users. +patents cannot be used to render the program non-free. + +``` + +### Specifying Match Repetition + +To specify the number of times that a match is repeated, use the brace characters (`{` and `}`). These characters let you specify an exact number, a range, or an upper or lower bounds to the amount of times an expression can match. + +Use the following expression to find all of the lines in the `GPL-3` file that contain triple-vowels: + +``` +grep -E "[AEIOUaeiou]{3}" GPL-3 + +``` + +Each line returned has a word with three vowels: + +``` +Output +changed, so that their problems will not be attributed erroneously to +authors of previous versions. +receive it, in any medium, provided that you conspicuously and +give under the previous paragraph, plus a right to possession of the +covered work so as to satisfy simultaneously your obligations under this + +``` + +To match any words that have between 16 and 20 characters, use the following expression: + +``` +grep -E "[[:alpha:]]{16,20}" GPL-3 + +``` + +Here's this command's output: + +``` +Output + certain responsibilities if you distribute copies of the software, or if + you modify it: responsibilities to respect the freedom of others. + c) Prohibiting misrepresentation of the origin of that material, or + +``` + +Only lines containing words within that length are displayed. + +## Conclusion + +`grep` is useful in finding patterns within files or within the file system hierarchy, so it's worth spending time getting comfortable with its options and syntax. + +Regular expressions are even more versatile, and can be used with many popular programs. For instance, many text editors implement regular expressions for searching and replacing text. + +Furthermore, most modern programming languages use regular expressions to perform procedures on specific pieces of data. Once you understand regular expressions, you'll be able to transfer that knowledge to many common computer-related tasks, from performing advanced searches in your text editor to validating user input. diff --git a/Linux/Qemu.md b/Linux/Qemu.md new file mode 100644 index 0000000..890f96c --- /dev/null +++ b/Linux/Qemu.md @@ -0,0 +1,36 @@ +# QEMU install + +install these packages + +``` +qemu virt-manager virt-viewer dnsmasq vde2 bridge-utils openbsd-netcat + +``` + +start the services + +edit this file + +``` +/etc/libvirt/libvirtd.conf + +``` + +for windows you need also the Virt IO Driver + + + +for windows delete 2 lines in the xml config + +``` + + + +``` + +and put this on yes + +``` + + +``` diff --git a/Linux/SSH.md b/Linux/SSH.md new file mode 100644 index 0000000..e9ec14c --- /dev/null +++ b/Linux/SSH.md @@ -0,0 +1,16 @@ +# SSH Key erstellen + +The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate: + +``` +ssh-keygen -t rsa -b 4096 +ssh-keygen -t dsa +ssh-keygen -t ecdsa -b 521 +ssh-keygen -t ed25519 +``` + +To upload a public key to a server use the following command: + +``` +ssh-copy-id -i ~/.ssh/id_rsa.pub YOUR_USER_NAME@IP_ADDRESS_OF_THE_SERVER +``` diff --git a/Linux/UFW-Essentials.md b/Linux/UFW-Essentials.md new file mode 100644 index 0000000..336209e --- /dev/null +++ b/Linux/UFW-Essentials.md @@ -0,0 +1,661 @@ +# UFW Essentials: Common Firewall Rules and Commands + +## Introduction + +UFW (**u**ncomplicated **f**ire**w**all) is a firewall configuration tool that runs on top of `iptables`, included by default within Ubuntu distributions. It provides a streamlined interface for configuring common firewall use cases via the command line. + +This cheat sheet-style guide provides a quick reference to common UFW use cases and commands, including examples of how to allow and block services by port, network interface, and source IP address. + +### How To Use This Guide + +- This guide is in cheat sheet format with self-contained command-line snippets. +- Jump to any section that is relevant to the task you are trying to complete. +- When you see highlighted text in this guide's commands, keep in mind that this text should refer to IP addresses from your own network. + +Remember that you can check your current UFW ruleset with `sudo ufw status` or `sudo ufw status verbose`. + +## Verify UFW Status + +To check if `ufw` is enabled, run: + +``` +sudo ufw status + +``` + +``` +Output +Status: inactive + +``` + +The output will indicate if your firewall is active or not. + +## Enable UFW + +If you got a `Status: inactive` message when running `ufw status`, it means the firewall is not yet enabled on the system. You'll need to run a command to enable it. + +By default, when enabled UFW will block external access to all ports on a server. In practice, that means if you are connected to a server via SSH and enable `ufw` before allowing access via the SSH port, you'll be disconnected. Make sure you follow the section on [how to enable SSH access](https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands) of this guide before enabling the firewall if that's your case. + +To enable UFW on your system, run: + +``` +sudo ufw enable + +``` + +You'll see output like this: + +``` +Output +Firewall is active and enabled on system startup + +``` + +To see what is currently blocked or allowed, you may use the `verbose` parameter when running `ufw status`, as follows: + +``` +sudo ufw status + +``` + +``` +Output +Status: active +Logging: on (low) +Default: deny (incoming), allow (outgoing), deny (routed) +New profiles: skip + +``` + +## Disable UFW + +If for some reason you need to disable UFW, you can do so with the following command: + +``` +sudo ufw disable + +``` + +Be aware that this command will fully disable the firewall service on your system. + +## Block an IP Address + +To block all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to block: + +``` +sudo ufw deny from 203.0.113.100 + +``` + +``` +Output +Rule added + +``` + +In this example, `from 203.0.113.100` specifies a **source** IP address of "203.0.113.100". + +If you run `sudo ufw status` now, you'll see the specified IP address listed as denied: + +``` +Output +Status: active + +To Action From +-- ------ ---- +Anywhere DENY 203.0.113.100 + +``` + +All connections, coming in or going out, are blocked for the specified IP address. + +### Block a Subnet + +If you need to block a full subnet, you may use the subnet address as `from` parameter on the `ufw deny` command. This would block all IP addresses in the example subnet `203.0.113.0/24`: + +``` +sudo ufw deny from 203.0.113.0/24 + +``` + +``` +Output +Rule added + +``` + +## Block Incoming Connections to a Network Interface + +To block incoming connections from a specific IP address to a specific network interface, run the following command, replacing the highlighted IP address with the IP address you want to block: + +``` +sudo ufw deny in on eth0 from 203.0.113.100 + +``` + +``` +Output +Rule added + +``` + +The `in` parameter tells `ufw` to apply the rule only for **incoming** connections, and the `on eth0` parameter specifies that the rule applies only for the `eth0` interface. This might be useful if you have a system with several network interfaces (including virtual ones) and you need to block external access to some of these interfaces, but not all. + +## Allow an IP Address + +To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access: + +``` +sudo ufw allow from 203.0.113.101 + +``` + +``` +Output +Rule added + +``` + +If you run `sudo ufw status` now, you'll see output similar to this, showing the word `ALLOW` next to the IP address you just added. + +``` +Output +Status: active + +To Action From +-- ------ ---- +... +Anywhere ALLOW 203.0.113.101 + +``` + +You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as `203.0.113.0/24`. + +## Allow Incoming Connections to a Network Interface + +To allow incoming connections from a specific IP address to a specific network interface, run the following command, replacing the highlighted IP address with the IP address you want to allow: + +``` +sudo ufw allow in on eth0 from 203.0.113.102 + +``` + +``` +Output +Rule added + +``` + +The `in` parameter tells `ufw` to apply the rule only for **incoming** connections, and the `on eth0` parameter specifies that the rule applies only for the `eth0` interface. + +If you run `sudo ufw status` now, you'll see output similar to this: + +``` +Output +Status: active + +To Action From +-- ------ ---- +... +Anywhere on eth0 ALLOW 203.0.113.102 + +``` + +## Delete UFW Rule + +To delete a rule that you previously set up within UFW, use `ufw delete` followed by the rule (`allow` or `deny`) and the target specification. The following example would delete a rule previously set to allow all connections from an IP address of `203.0.113.101`: + +``` +sudo ufw delete allow from 203.0.113.101 + +``` + +``` +Output +Rule deleted + +``` + +Another way to specify which rule you want to delete is by providing the rule ID. This information can be obtained with the following command: + +``` +sudo ufw status numbered + +``` + +``` +Output +Status: active + + To Action From + -- ------ ---- +[ 1] Anywhere DENY IN 203.0.113.100 +[ 2] Anywhere on eth0 ALLOW IN 203.0.113.102 + +``` + +From the output, you can see that there are two active rules. The first rule, with highlighted values, denies all connections coming from the IP address `203.0.113.100`. The second rule allows connections on the `eth0` interface coming in from the IP address `203.0.113.102`. + +Because by default UFW already blocks all external access unless explicitly allowed, the first rule is redundant, so you can remove it. To delete a rule by its ID, run: + +``` +sudo ufw delete 1 + +``` + +You will be prompted to confirm the operation and to make sure the ID you're providing refers to the correct rule you want to delete. + +``` +Output +Deleting: + deny from 203.0.113.100 +Proceed with operation (y|n)? y +Rule deleted + +``` + +If you list your rules again with `sudo ufw status`, you'll see that the rule was removed. + +## List Available Application Profiles + +Upon installation, applications that rely on network communications will typically set up a UFW profile that you can use to allow connection from external addresses. This is often the same as running `ufw allow from`, with the advantage of providing a shortcut that abstracts the specific port numbers a service uses and provides a user-friendly nomenclature to referenced services. + +To list which profiles are currently available, run the following: + +``` +sudo ufw app list + +``` + +If you installed a service such as a web server or other network-dependent software and a profile was not made available within UFW, first make sure the service is enabled. For remote servers, you'll typically have OpenSSH readily available: + +``` +Output +Available applications: + OpenSSH + +``` + +## Enable Application Profile + +To enable a UFW application profile, run `ufw allow` followed by the name of the application profile you want to enable, which you can obtain with a `sudo ufw app list` command. In the following example, we're enabling the OpenSSH profile, which will allow all incoming SSH connections on the default SSH port. + +``` +sudo ufw allow "OpenSSH" + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +Remember to quote profile names that consist of multiple words, such as `Nginx HTTPS`. + +## Disable Application Profile + +To disable an application profile that you had previously set up within UFW, you'll need to remove its corresponding rule. For example, consider the following output from `sudo ufw status`: + +``` +sudo ufw status + +``` + +``` +Output +Status: active + +To Action From +-- ------ ---- +OpenSSH ALLOW Anywhere +Nginx Full ALLOW Anywhere +OpenSSH (v6) ALLOW Anywhere (v6) +Nginx Full (v6) ALLOW Anywhere (v6) + +``` + +This output indicates that the `Nginx Full` application profile is currently enabled, allowing any and all connections to the web server both via HTTP as well as via HTTPS. If you'd want to only allow HTTPS requests from and to your web server, you'd have to first enable the most restrictive rule, which in this case would be `Nginx HTTPS`, and then disable the currently active `Nginx Full` rule: + +``` +sudo ufw allow "Nginx HTTPS" +sudo ufw delete allow "Nginx Full" + +``` + +Remember you can list all available application profiles with `sudo ufw app list`. + +## Allow SSH + +When working with remote servers, you'll want to make sure that the SSH port is open to connections so that you are able to log in to your server remotely. + +The following command will enable the OpenSSH UFW application profile and allow all connections to the default SSH port on the server: + +``` +sudo ufw allow OpenSSH + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +Although less user-friendly, an alternative syntax is to specify the exact port number of the SSH service, which is typically set to `22` by default: + +``` +sudo ufw allow 22 + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +## Allow Incoming SSH from Specific IP Address or Subnet + +To allow incoming connections from a specific IP address or subnet, you'll include a `from` directive to define the source of the connection. This will require that you also specify the destination address with a `to` parameter. To lock this rule to SSH only, you'll limit the `proto` (protocol) to `tcp` and then use the `port` parameter and set it to `22`, SSH's default port. + +The following command will allow only SSH connections coming from the IP address `203.0.113.103`: + +``` +sudo ufw allow from 203.0.113.103 proto tcp to any port 22 + +``` + +``` +Output +Rule added + +``` + +You can also use a subnet address as `from` parameter to allow incoming SSH connections from an entire network: + +``` +sudo ufw allow from 203.0.113.0/24 proto tcp to any port 22 + +``` + +``` +Output +Rule added + +``` + +## Allow Incoming Rsync from Specific IP Address or Subnet + +The [Rsync](https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories) program, which runs on port `873`, can be used to transfer files from one computer to another. + +To allow incoming `rsync` connections from a specific IP address or subnet, use the `from` parameter to specify the source IP address and the `port` parameter to set the destination port `873`. The following command will allow only Rsync connections coming from the IP address `203.0.113.103`: + +``` +sudo ufw allow from 203.0.113.103 to any port 873 + +``` + +``` +Output +Rule added + +``` + +To allow the entire `203.0.113.0/24` subnet to be able to `rsync` to your server, run: + +``` +sudo ufw allow from 203.0.113.0/24 to any port 873 + +``` + +``` +Output +Rule added + +``` + +## Allow Nginx HTTP / HTTPS + +Upon installation, the Nginx web server sets up a few different UFW profiles within the server. Once you have Nginx installed and enabled as a service, run the following command to identify which profiles are available: + +``` +sudo ufw app list | grep Nginx + +``` + +``` +Output + Nginx Full + Nginx HTTP + Nginx HTTPS + +``` + +To enable both HTTP and HTTPS traffic, choose `Nginx Full`. Otherwise, choose either `Nginx HTTP` to allow only HTTP or `Nginx HTTPS` to allow only HTTPS. + +The following command will allow both HTTP and HTTPS traffic on the server (ports `80` and `443`): + +``` +sudo ufw allow "Nginx Full" + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +## Allow Apache HTTP / HTTPS + +Upon installation, the Apache web server sets up a few different UFW profiles within the server. Once you have Apache installed and enabled as a service, run the following command to identify which profiles are available: + +``` +sudo ufw app list | grep Apache + +``` + +``` +Output + Apache + Apache Full + Apache Secure + +``` + +To enable both HTTP and HTTPS traffic, choose `Apache Full`. Otherwise, choose either `Apache` for HTTP or `Apache Secure` for HTTPS. + +The following command will allow both HTTP and HTTPS traffic on the server (ports `80` and `443`): + +``` +sudo ufw allow "Nginx Full" + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +## Allow All Incoming HTTP (port `80`) + +Web servers, such as Apache and Nginx, typically listen for HTTP requests on port `80`. If your default policy for incoming traffic is set to drop or deny, you'll need to create a UFW rule to allow external access on port `80`. You can use either the port number or the service name (`http`) as a parameter to this command. + +To allow all incoming HTTP (port `80`) connections, run: + +``` +sudo ufw allow http + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +An alternative syntax is to specify the port number of the HTTP service: + +``` +sudo ufw allow 80 + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +### Allow All Incoming HTTPS (port `443`) + +HTTPS typically runs on port `443`. If your default policy for incoming traffic is set to drop or deny, you'll need to create a UFW rule to allow external access on port `443`. You can use either the port number or the service name (`https`) as a parameter to this command. + +To allow all incoming HTTPS (port `443`) connections, run: + +``` +sudo ufw allow https + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +An alternative syntax is to specify the port number of the HTTPS service: + +``` +sudo ufw allow 443 + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +## Allow All Incoming HTTP and HTTPS + +If you want to allow both HTTP and HTTPS traffic, you can create a single rule that allows both ports. This usage requires that you also define the protocol with the `proto` parameter, which in this case should be set to `tcp`. + +To allow all incoming HTTP and HTTPS (ports `80` and `443`) connections, run: + +``` +sudo ufw allow proto tcp from any to any port 80,443 + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +## Allow MySQL Connection from Specific IP Address or Subnet + +MySQL listens for client connections on port `3306`. If your MySQL database server is being used by a client on a remote server, you'll need to create a UFW rule to allow that access. + +To allow incoming MySQL connections from a specific IP address or subnet, use the `from` parameter to specify the source IP address and the `port` parameter to set the destination port `3306`. + +The following command will allow the IP address `203.0.113.103` to connect to the server's MySQL port: + +``` +sudo ufw allow from 203.0.113.103 to any port 3306 + +``` + +``` +Output +Rule added + +``` + +To allow the entire `203.0.113.0/24` subnet to be able to connect to your MySQL server, run: + +``` +sudo ufw allow from 203.0.113.0/24 to any port 3306 + +``` + +``` +Output +Rule added + +``` + +## Allow PostgreSQL Connection from Specific IP Address or Subnet + +PostgreSQL listens for client connections on port `5432`. If your PostgreSQL database server is being used by a client on a remote server, you need to be sure to allow that traffic. + +To allow incoming PostgreSQL connections from a specific IP address or subnet, specify the source with the `from` parameter, and set the port to `5432`: + +``` +sudo ufw allow from 203.0.113.103 to any port 5432 + +``` + +``` +Output +Rule added + +``` + +To allow the entire `203.0.113.0/24` subnet to be able to connect to your PostgreSQL server, run: + +``` +sudo ufw allow from 203.0.113.0/24 to any port 5432 + +``` + +``` +Output +Rule added + +``` + +## Block Outgoing SMTP Mail + +Mail servers, such as Sendmail and Postfix, typically use port `25` for SMTP traffic. If your server shouldn't be sending outgoing mail, you may want to block that kind of traffic. To block outgoing SMTP connections, run: + +``` +sudo ufw deny out 25 + +``` + +``` +Output +Rule added +Rule added (v6) + +``` + +This configures your firewall to **drop** all outgoing traffic on port `25`. If you need to reject outgoing connections on a different port number, you can repeat this command and replace `25` with the port number you want to block. + +## Conclusion + +UFW is a powerful tool that can greatly improve the security of your servers when properly configured. This reference guide covers some common UFW rules that are often used to configure a firewall on Ubuntu. + +Most of the commands in this guide can be adapted to fit different use cases and scenarios, by changing parameters such as the source IP address and/or destination port. For more detailed information about each command parameter and available modifiers, you can use the `man` utility to check UFW's manual: + +``` +man ufw + +``` + +The [official UFW page on Ubuntu's documentation](https://help.ubuntu.com/community/UFW) is another resource you can use as reference for more advanced use cases and examples. diff --git a/Linux/WSL.md b/Linux/WSL.md new file mode 100644 index 0000000..ab263aa --- /dev/null +++ b/Linux/WSL.md @@ -0,0 +1,123 @@ +# Run Multiple Instances of the Same Linux Distro on WSL + +Step 1.1: Open "Settings" + +Step 1.2: Click on "Apps" + +Step 1.3: Click on "Installed Apps" + +Step 1.4: Select Linux Distro Name --- e.g., Ubuntu 22.04.1 LTS + +Step 1.5: Click on the "Advanced Options" link + +Step 1.6: Click on the "Reset" button to reset your Linux Distro (e.g., Ubuntu 22.04.1 LTS) to the initial install state. Please note that everything will be deleted. + +Step 1.7: When the reset is completed, start your Linux Distro (e.g., Ubuntu 22.04.1 LTS) then set up your Linux Distro by entering both username and password. + +Step 1.8: Run "`sudo apt-get update`" (for Ubuntu 22.04.1 LTS) to retrieve information about what packages can be installed, including what updates to currently installed packages are available, from Internet sources. + +Step 1.9: Run "`sudo apt-get upgrade`" (for Ubuntu 22.04.1 LTS) to install available upgrades of all packages currently installed on the system from Internet sources. + +2\. Export Linux Distro on WSL + +_The second step is to create an export image of your Linux Distro. This image will be used to create multiple instances of the same Linux Distro._ + +Step 2.1: Open a new command prompt or a new Powershell. + +Step 2.2: Run the command + +``` +wsl --list +``` + +to view a list of Windows Subsystems for Linux Distributions installed on your computer. For example on my computer, it would be "Ubuntu-20.04". + +![](https://miro.medium.com/v2/resize:fit:700/1*3j_mQSc4t7tbmXVW26HFlA.png) + +Step 2.3: Run the command + +``` +wsl --export +``` + +or + +``` +wsl --export Ubuntu-22.04.1 rootfs.tar.gz +``` + +to export your Linux distros to a TAR file. This will create a file entitled "rootfs.tar.gz" on your computer. Keep this file safe since you will need this file to create a new instance of the WSL Linux Distro. + +![](https://miro.medium.com/v2/resize:fit:700/1*dOwj1uqXukoz4GBVdM_dGg.png) + +Step 2.4: Copy the newly created file named "rootfs.tar.gz" to your desired directory. For example on my computer, I have copied the file to c:\linux directory. + +3\. Install a New Instance of the Same Linux Distro on WSL + +Step 3.1. Open a new command prompt or a new Powershell then run the following command to import exported instance as a new instance of Linux in WSL. + +``` +wsl --import DistroName InstallationPath ExportedFileLocation +``` + +for example, + +``` +wsl --import Ubuntu-22.04.1.02 c:\linux\ubuntu-22.04.1.02 c:\linux\rootfs.tar.gz +``` + +_I have named DistroName as Ubuntu-22.04.1.02 to specify this is Ubuntu 22.04.1 Instance 2._ + +For WSL2, the installation process should create "ext4.vhdx" file. Delete copied "rootfs.tar.gz" after the installation is completed. + +![](https://miro.medium.com/v2/resize:fit:700/1*UhY0AqYXr8Ue0ujHWS10KA.png) + +Step 3.2. Run the newly imported Linux distro. + +``` +wsl -d DistroName +``` + +for example + +``` +wsl -d Ubuntu-22.04.1.02 +``` + +This should start the new instance of Linux Distro in WSL. + +![](https://miro.medium.com/v2/resize:fit:700/1*-XtsR5URNKzlUd8yU4SdjA.png) + +Step 3.3. Configure new Linux distro by creating "/etc/wsl.conf" file. + +then enter the following to wsl.conf file then save the file. This is needed to replicate the default behavior of your default Linux distro instance on WSL where you are logged in as a specified user and mounted to its home directory. + +``` +[automount] +enabled=true +root=/ +[user] +default=sungkim +[interop] +appendWindowsPath = false +[boot] +systemd=true +``` + +_Please note that you will have to change your username (e.g., sungkim). For more information on wsl.conf, please refer to this website from Microsoft =>_ [_https://learn.microsoft.com/en-us/windows/wsl/wsl-config_](https://learn.microsoft.com/en-us/windows/wsl/wsl-config)_._ + +Step 3.4. Restart Linux Distro + +Exit out of Linux Distro + +``` +exit +``` + +then from either the command prompt or PowerShell, enter + +``` +wsl --shutdown +``` + +Close Windows Terminal then restart Windows Terminal. A new WSL instance will just show up in Windows Terminal. In Windows Terminal, click on drop-arrow then select the Linux distro name (e.g., Ubuntu-22.04.1.02) to start your new terminal session. diff --git a/Proxmox/Notification/Email-Konfigurieren.md b/Proxmox/Notification/Email-Konfigurieren.md new file mode 100644 index 0000000..0392c53 --- /dev/null +++ b/Proxmox/Notification/Email-Konfigurieren.md @@ -0,0 +1,85 @@ +# Emails Konfigurieren + +## Konfigurieren der Benutzer-E-Mail-Adresse + +- Navigieren Sie in einem Webbrowser zur Proxmox Web UI und melden Sie sich an +- Wählen Sie Datacenter > Permissions > Users aus dem linken Navigationsmenü +- Doppelklicken Sie auf den zu konfigurierenden Benutzer +- Füllen Sie das Feld "E-Mail" im Formular "Benutzer bearbeiten" aus > Klicken Sie auf "OK". + +## Einfache Konfiguration über Web UI + +Standardmäßig versucht Proxmox, den Domänenanteil der "E-Mail von-Adresse" als E-Mail-Relay-Server zu verwenden. + +- Wählen Sie in den linken Navigationsmenüs Datacenter > Options +- Doppelklicken Sie auf das Feld E-Mail von Adresse +- Geben Sie die E-Mail-Adresse ein, von der Proxmox ausgehende E-Mails senden soll > Klicken Sie auf OK +- Erweitern Sie Datacenter > Wählen Sie den Knotennamen aus > Klicken Sie in den linken Navigationsmenüs auf Shell +- Führen Sie die folgenden Befehle im Terminal aus + +``` +# send a basic test email +echo "Test email from Proxmox: $(hostname)" | /usr/bin/proxmox-mail-forward +# output the mail log +cat /var/log/mail.log +``` + +- Beachten Sie, dass das Relais die Domäne (i12bretro.local) aus der Einstellung "E-Mail von" ist. + +## Erweiterte Konfiguration über CLI + +Um erweiterte Konfigurationsänderungen vorzunehmen, wie z. B. die Verwendung eines Gmail-Kontos, müssen Sie die Postfix-Einstellungen über die Kommandozeile bearbeiten + +- Zurück in der Proxmox-Web-Shell, führen Sie die folgenden Befehle im Terminal aus + +``` +# install libsasl +apt install libsasl2-modules -y +# edit the postfix config +nano /etc/postfix/main.cf +``` + +- Drücken Sie CTRL+W und suchen Sie nach mydestination +- Kommentieren Sie mydestination aus, indem Sie ein # an den Anfang der Zeile setzen +- Drücken Sie CTRL+W und suchen Sie nach relayhost +- Kommentieren Sie relayhost aus, indem Sie ein # an den Anfang der Zeile setzen +- Aktualisieren oder fügen Sie die folgende Konfiguration hinzu + +``` +relayhost = smtp.gmail.com:587 +smtp_use_tls = yes +smtp_sasl_auth_enable = yes +smtp_sasl_security_options = +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem +``` + +- Drücken Sie CTRL+O, Enter, CTRL+X, um die Änderungen zu übernehmen. +- Fahren Sie mit den folgenden Befehlen im Terminal fort + +``` +# create /etc/postfix/sasl_passwd +nano /etc/postfix/sasl_passwd +``` + +- Fügen Sie eine Zeile zur Konfiguration der Google Mail-Authentifizierung hinzu + +``` +smtp.gmail.com:587 <%youraccount%>@gmail.com:<%yourpassword%> +``` + +- Drücken Sie CTRL+O, Enter, CTRL+X, um die Änderungen zu übernehmen +- Fahren Sie mit den folgenden Befehlen im Terminal fort + +``` +# update postfix lookup tables +postmap hash:/etc/postfix/sasl_passwd +# limit access to sasl_passwd to only root +chmod 600 /etc/postfix/sasl_passwd +# restart postfix service +systemctl restart postfix +# test from postfix directly +echo "Test email from Proxmox: $(hostname)" | mail -s "Proxmox Testing" <%youraccount%>@gmail.com +# send a test from proxmox +echo "Test email from Proxmox: $(hostname)" | /usr/bin/proxmox-mail-forward +``` diff --git a/Proxmox/Notification/ZFS-Alarm.md b/Proxmox/Notification/ZFS-Alarm.md new file mode 100644 index 0000000..45e6f7d --- /dev/null +++ b/Proxmox/Notification/ZFS-Alarm.md @@ -0,0 +1,53 @@ +# ZFS Alarm + +[Richte zuerst dein Proxmox ein um Emails zu senden.](/Linux/Proxmox/Notification/konfigurieren) + +## Erstelle ein neues Script + +``` +#!/bin/bash + +# pool to check +POOLS=("Name-deines-Tanks" "Name-deines-Tanks2" "Name-deines-Tanks3") + +# needed paths +LOGFILE="/var/log/poolStatusCheck.log" +ZFS="/sbin/zfs" + +for POOL in ${POOLS[@]}; do + if [ "$(zpool status $POOL -x)" != "pool '$POOL' is healthy" ]; then + echo "$(date) - Alarm - zPool $POOL is not healthy" >> $LOGFILE + echo $'From: Proxmox \nSubject: ZFS ALARM\n'$(date)' - Alarm - zPool '$POOL' is not healthy' | proxmox-mail-forward + fi +done +``` + +Bearbeite das Script. + +Ändere die Poolnamen\ +Ändere die From Email. Die From Email muss die gleiche sein wie die in deiner SMTP Einstellung, oder die deines Root Accounts.\ +Wichtig: Die <> Klammern braucht es. + +## Autorun Cronjob + +Mit Cronjobs kannst du commands automatisch starten. + +> Arbeite in der Root shell + +Gib dafür `crontab -e` in deiner Konsole ein. + +Auf der Website [cron.help](https://cron.help/) kannst du ein Pattern erstellen. + +``` +*/10 * * * * * +``` + +Dieses Pattern wird dafür sorgen, dass das Script alle 10 Minuten ausgeführt wird. + +In der Konsole sollte jetzt Crontab offen sein und da kannst du ganz unten nun die folgende Zeile einfügen: + +``` +*/10 * * * * /PFAD/ZU/DEINEM/SCRIPT.sh +``` + +Fertig. diff --git a/Software-Install/Bitwarden/Cert.md b/Software-Install/Bitwarden/Cert.md new file mode 100644 index 0000000..7624013 --- /dev/null +++ b/Software-Install/Bitwarden/Cert.md @@ -0,0 +1,188 @@ +# Bitwarden Certificate Options + +This article defines the certificate options available to self-hosted instances of Bitwarden. You will select your certificate option during installation. + +## Generate a certificate with Let's Encrypt + +[Let's Encrypt](https://letsencrypt.org/how-it-works/) is a certificate authority (CA) that issues trusted SSL certificates free of charge for any domain. The Bitwarden installation script offers the option to generate a trusted SSL certificate for your domain using Let's Encrypt and [Certbot](https://certbot.eff.org). + +Certificate renewal checks occur each time Bitwarden is restarted. Using Let's Encrypt will require you to enter an email address for certificate expiration reminders. + +Using Let's Encrypt requires ports 80 and 443 to be open on your machine. + +## Manually update a Let's Encrypt certificate + +If you change the domain name of your Bitwarden server, you will need to manually update your generated certificate. Run the following commands to create a backup, update your certificate, and rebuild Bitwarden: + +Bash + +``` +./bitwarden.sh stop + +mv ./bwdata/letsencrypt ./bwdata/letsencrypt_backup + +mkdir ./bwdata/letsencrypt + +chown -R bitwarden:bitwarden ./bwdata/letsencrypt + +chmod -R 740 ./bwdata/letsencrypt + +docker pull certbot/certbot + +docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /bwdata/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly --email --logs-dir /etc/letsencrypt/logs +``` + +Select 1, then follow the instructions: + +``` +openssl dhparam -out ./bwdata/letsencrypt/live//dhparam.pem 2048 +./bitwarden.sh rebuild +./bitwarden.sh start +``` + +PowerShell + +### tip + +You will need to install a build of OpenSSL for Windows. + +``` +.\bitwarden.ps1 -stop +mv .\bwdata\letsencrypt .\bwdata\letsencrypt_backup +mkdir .\bwdata\letsencrypt +docker pull certbot/certbot +docker run -i --rm --name certbot -p 443:443 -p 80:80 -v \bwdata\letsencrypt\:/etc/letsencrypt/ certbot/certbot certonly --email --logs-dir /etc/letsencrypt/logs +Select 1, then follow instructions + dhparam -out .\bwdata\letsencrypt\live\\dhparam.pem 2048 +.\bitwarden.ps1 -rebuild +.\bitwarden.ps1 -start +``` + +## Use an existing SSL certificate + +You may alternatively opt to use an existing SSL certificate, which will require you to have the following files: + +A server certificate (`certificate.crt`) + +A private key (`private.key`) + +A CA certificate (`ca.crt`) + +You may need to bundle your primary certificate with intermediate CA certificates to prevent SSL trust errors. All certificates should be included in the server certificate file when using a CA certificate. The first certificate in the file should be your server certificate, followed by any intermediate CA certificate(s), followed by the root CA. + +Under the default configuration, place your files in `./bwdata/ssl/your.domain`. You may specify a different location for your certificate files by editing the following values in `./bwdata/config.yml`: + +``` +ssl_certificate_path: +ssl_key_path: +ssl_ca_path: +``` + +### note + +The values defined in `config.yml` represent locations inside the NGINX container. Directories on the host are mapped to directories within the NGINX container. Under the default configuration, mappings line up as follows: + +The following values in `config.yml`: + +``` +ssl_certificate_path: /etc/ssl/your.domain/certificate.crt +ssl_key_path: /etc/ssl/your.domain/private.key +ssl_ca_path: /etc/ssl/your.domain/ca.crt +``` + +Map to the following files on the host: + +``` +./bwdata/ssl/your.domain/certificate.crt +./bwdata/ssl/your.domain/private.key +./bwdata/ssl/your.domain/ca.crt +``` + +**You should only ever need to work with files in** `**./bwdata/ssl/**`**. Working with files directly in the NGINX container is not recommended.** + +### Using Diffie-Hellman key exchange + +Optionally, if using Diffie-Hellman key exchange to generate ephemeral parameters: + +Include a `dhparam.pem` file in the same directory. + +Set the `ssl_diffie_hellman_path:` value in `config.yml`. + +### note + +You can create your own `dhparam.pem` file using OpenSSL with `openssl dhparam -out ./dhparam.pem 2048`. + +## Using a self-signed Certificate + +You may alternatively opt to use a self-signed certificate, however this is only recommended for testing. + +Self-signed certificates will not be trusted by Bitwarden client applications by default. You will be required to manually install this certificate to the trusted store of each device you plan to use Bitwarden with. + +Generate a self-signed certificate: + +``` +mkdir ./bwdata/ssl/bitwarden.example.com +openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365\ + -keyout ./ssl/bitwarden.example.com/private.key\ + -out ./ssl/bitwarden.example.com/certificate.crt\ + -reqexts SAN -extensions SAN\ + -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:bitwarden.example.com\nbasicConstraints=CA:true'))\ + -subj "/C=US/ST=New York/L=New York/O=Company Name/OU=Bitwarden/CN=bitwarden.example.com" +``` + +Your self-signed certificate (`.crt`) and private key (`private.key`) can be placed in the `./bwdata/ssl/self/your.domain` directory and configured in the `./bwdata/config.yml`: + +``` +ssl_certificate_path: /etc/ssl/bitwarden.example.com/certificate.crt +ssl_key_path: /etc/ssl/bitwarden.example.com/private.key +``` + +## Trust a self-signed certificate + +### Windows + +To trust a self-signed certificate on Windows, run `certmgr.msc` and import your certificate into the Trusted Root Certification Authorities. + +### Linux + +To trust a self-signed certificate on Linux, add your certificate to the following directories: + +``` +/usr/local/share/ca-certificates/ +/usr/share/ca-certificates/ +``` + +And run the following commands: + +``` +sudo dpkg-reconfigure ca-certificates +sudo update-ca-certificates +``` + +For our Linux desktop app, accessing the web vault using Chromium-based browsers, and the Directory Connector desktop app, you also need to complete [this Linux cert management procedure](https://chromium.googlesource.com/chromium/src/+/refs/heads/master/docs/linux/cert_management.md). + +For the [Bitwarden CLI](https://bitwarden.com/help/cli/) and [Directory Connector CLI](https://bitwarden.com/help/directory-sync-cli/), your self-signed certificate must be stored in a local file and referenced by a `NODE_EXTRA_CA_CERTS=` environment variable, for example: + +``` +export NODE_EXTRA_CA_CERTS=~/.config/Bitwarden/certificate.crt +``` + +### Android + +To trust a self-signed certificate on an Android device, refer to Google's [Add & remove certificates documentation](https://support.google.com/pixelphone/answer/2844832?hl=en). + +### note + +If you are **not self-hosting** and encounter the following certificate error on your android device: + +``` +Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. +``` + +You will need to upload Bitwarden's certificates to your device. Refer to [this community thread](https://community.bitwarden.com/t/android-client-login-bitwarden-https-cert-problem/12132) for help finding the certificates. + +## Use no certificate + +### warning + +If you opt to use no certificate, you **must front your installation with a proxy that serves Bitwarden over SSL**. This is because Bitwarden requires HTTPS; trying to use Bitwarden without the HTTPS protocol will trigger errors. diff --git a/Software-Install/Bitwarden/Install.md b/Software-Install/Bitwarden/Install.md new file mode 100644 index 0000000..326bfeb --- /dev/null +++ b/Software-Install/Bitwarden/Install.md @@ -0,0 +1,252 @@ +# Install and Deploy - Linux + +This article will walk you through the procedure to install and deploy Bitwarden to your own Linux server. Bitwarden can also be installed and deployed on [Windows](https://wiki.zenndev.xyz/#help/install-on-premise-windows/) machines. + +## System specifications + +|   | Minimum | Recommended | +| -------------- | ---------------------------- | ---------------------------- | +| Processor | x64, 1.4GHz | x64, 2GHz dual core | +| Memory | 2GB RAM | 4GB RAM | +| Storage | 12GB | 25GB | +| Docker Version | Engine 19+ and Compose 1.24+ | Engine 19+ and Compose 1.24+ | + +> #### **TIP** +> +> If you are looking for a quality provider with affordable prices, we recommend DigitalOcean. [Get started today](https://marketplace.digitalocean.com/apps/bitwarden) or read our [blog post about Bitwarden on DigitalOcean](https://wiki.zenndev.xyz/#blog/digitalocean-marketplace/). + +## TL;DR + +The following is a summary of the installation procedure in this article. Links in this section will jump to detailed **Installation procedure** sections: + +[**Configure your domain**](https://wiki.zenndev.xyz/#software-install/bitwarden/#configure-your-domain). Set DNS records for a domain name pointing to your machine, and open ports 80 and 443 on the machine. + +[**Install Docker and Docker Compose**](https://wiki.zenndev.xyz/#software-install/bitwarden/#install-docker-and-docker-compose) on your machine. + +[**Create a Bitwarden user & directory**](https://wiki.zenndev.xyz/#software-install/bitwarden/#create-bitwarden-local-user--directory) from which to complete installation. + +Retrieve an installation id and key from [**https://bitwarden.com/host**](https://wiki.zenndev.xyz/#host/) for use in installation. + +> For more information, see [What are my installation id and installation key used for?](https://wiki.zenndev.xyz/#help/hosting-faqs/#general) + +[**Install Bitwarden**](https://wiki.zenndev.xyz/#software-install/bitwarden/#install-bitwarden) on your machine. + +[**Configure your environment**](https://wiki.zenndev.xyz/#software-install/bitwarden/#post-install-configuration) by adjusting settings in `./bwdata/env/global.override.env`. + +> #### **TIP** +> +> At a minimum, configure the `globalSettings__mail__smtp...` variables to setup an email server for inviting and verifying users. + +[**Start your instance**](https://wiki.zenndev.xyz/#software-install/bitwarden/#start-bitwarden). + +Test your installation by opening your configured domain in a web browser. + +Once deployed, we recommend regularly [backing up your server](https://wiki.zenndev.xyz/#help/backup-on-premise/) and [checking for system updates](https://wiki.zenndev.xyz/#help/updating-on-premise/). + +# Installation procedure + +## Configure your domain + +By default, Bitwarden will be served through ports 80 (`http`) and 443 (`https`) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation. + +We recommend configuring a domain name with DNS records that point to your host machine (for example, `bitwarden.example.com`), especially if you are serving Bitwarden over the internet. + +## Install Docker and Docker Compose + +Bitwarden will be deployed and run on your machine using an array of [Docker containers](https://docs.docker.com/get-started/). Bitwarden can be run with any Docker edition or plan. Evaluate which edition is best for your installation. + +Deployment of containers is orchestrated using [Docker Compose](https://docs.docker.com/compose/). Some Docker installations, including Docker for macOS, come with Docker Compose already installed. + +**Install Docker and Docker Compose on your machine before proceeding with installation.** Refer to the following Docker documentation for help: + +[Install Docker Engine](https://docs.docker.com/engine/installation/) + +[Install Docker Compose](https://docs.docker.com/compose/install/) + +## Create Bitwarden local user & directory + +We recommend configuring your Linux server with a dedicated `bitwarden` service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server. + +**These steps are Bitwarden-recommended best practices, but are not required.** For more information, see Docker's [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) documentation. + +Create a bitwarden user: + +``` +sudo adduser bitwarden +``` + +Set password for bitwarden user (strong password): + +``` +sudo passwd bitwarden +``` + +Create a docker group (if it doesn't already exist): + +``` +sudo groupadd docker +``` + +Add the bitwarden user to the docker group: + +``` +sudo usermod -aG docker bitwarden +``` + +Create a bitwarden directory: + +``` +sudo mkdir /opt/bitwarden +``` + +Set permissions for the `/opt/bitwarden` directory: + +``` +sudo chmod -R 700 /opt/bitwarden +``` + +Set the bitwarden user as owner of the `/opt/bitwarden` directory: + +``` +sudo chown -R bitwarden:bitwarden /opt/bitwarden +``` + +## Install Bitwarden + +Bitwarden provides a shell script for easy installation on Linux and macOS (Bash), or Windows (PowerShell). Complete the following steps to install Bitwarden using the shell script: + +> #### **TIP** +> +> If you have [created a Bitwarden user & directory](https://wiki.zenndev.xyz/#software-install/bitwarden/#create-bitwarden-local-user--directory), complete the following as the `bitwarden` user from the `/opt/bitwarden` directory. + +Download the Bitwarden installation script (`bitwarden.sh`) to your machine: + +``` +curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh +``` + +Run the installer script. A `./bwdata` directory will be created relative to the location of `bitwarden.sh`. + +``` +./bitwarden.sh install +``` + +Complete the prompts in the installer: + +**Enter the domain name for your Bitwarden instance:** + +Typically, this value should be the configured DNS record. + +**Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):** + +Specify `y` to generate a trusted SSL certificate using Let's Encrypt. You will be prompted to enter an email address for expiration reminders from Let's Encrypt. For more information, see [Certificate Options](https://wiki.zenndev.xyz/#help/certificates/). + +Alternatively, specify `n` and use the **Do you have a SSL certificate to use?** option. + +**Enter your installation id:** + +Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://wiki.zenndev.xyz/#host/). For more information, see [what are my installation id and installation key used for?](https://wiki.zenndev.xyz/#help/hosting-faqs/#general) + +**Enter your installation key:** + +Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://wiki.zenndev.xyz/#host/). For more information, see [What are my installation id and installation key used for?](https://wiki.zenndev.xyz/#help/hosting-faqs/#general) + +**Do you have a SSL certificate to use? (y/n):** + +If you already have your own SSL certificate, specify `y` and place the necessary files in the `./bwdata/ssl/your.domain` directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see [Certificate Options](https://wiki.zenndev.xyz/#help/certificates/). + +Alternatively, specify `n` and use the **self-signed SSL certificate?** option, which is only recommended for testing purposes. + +**Do you want to generate a self-signed SSL certificate? (y/n):** + +Specify `y` to have Bitwarden generate a self-signed certificate for you. This option is only recommended for testing. For more information, see [Certificate Options](https://wiki.zenndev.xyz/#help/certificates/). + +If you specify `n`, your instance will not use an SSL certificate and you will be required to front your installation with a HTTPS proxy, or else Bitwarden applications will not function properly. + +# Post-install configuration + +Configuring your environment can involve making changes to two files; an [environment variables file](https://wiki.zenndev.xyz/#software-install/bitwarden/#environment-variables) and an [installation file](https://wiki.zenndev.xyz/#software-install/bitwarden/#installation-configuration): + +## Environment variables (_required_) + +Some features of Bitwarden are not configured by the `bitwarden.sh` script. Configure these settings by editing the environment file, located at `./bwdata/env/global.override.env`. **At a minimum, you should replace the values for:** + +``` +... +globalSettings__mail__smtp__host= +globalSettings__mail__smtp__port= +globalSettings__mail__smtp__ssl= +globalSettings__mail__smtp__username= +globalSettings__mail__smtp__password= +... +adminSettings__admins= +... +``` + +Replace `globalSettings__mail__smtp...=` placeholders to connect to the SMTP mail server that will be used to send verification emails to new users and invitations to organizations. Adding an email address to `adminSettings__admins=` will provision access to the admin portal. + +After editing `global.override.env`, run the following command to apply your changes: + +``` +./bitwarden.sh restart +``` + +## Installation file + +The Bitwarden installation script uses settings in `./bwdata/config.yml` to generate the necessary assets for installation. Some installation scenarios (such as installations behind a proxy with alternate ports) may require adjustments to `config.yml` that were not provided during standard installation. + +Edit `config.yml` as necessary and apply your changes by running: + +``` +./bitwarden.sh rebuild +``` + +## Start Bitwarden + +Once you have completed all previous steps, start your Bitwarden instance: + +``` +./bitwarden.sh start +``` + +## note + +The first time you start Bitwarden it may take some time as it downloads all of the images from Docker Hub. + +Verify that all containers are running correctly: + +``` +docker ps +``` + +Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your web browser to confirm that it's working. + +You may now register a new account and log in. You will need to have configured `smtp` environment variables (see [Environment Variables](https://wiki.zenndev.xyz/#help/environment-variables/)) in order to verify the email for your new account. + +> #### **TIP** +> +> Once deployed, we recommend regularly [backing up your server](https://wiki.zenndev.xyz/#help/backup-on-premise/) and [checking for system updates](https://wiki.zenndev.xyz/#help/updating-on-premise/). + +## Script commands reference + +The Bitwarden installation script (`bitwarden.sh` or `bitwarden.ps1`) has the following commands available: + +## note + +PowerShell users will run the commands with a prefixed `-` (switch). For example `.\bitwarden.ps1 -start`. + +| Command | Description | +| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| install | Start the installer. | +| start | Start all containers. | +| restart | Restart all containers (same as start). | +| stop | Stop all containers. | +| update | Update all containers and the database. | +| updatedb | Update/initialize the database. | +| updaterun | Update the `run.sh` file. | +| updateself | Update this main script. | +| updateconf | Update all containers without restarting the running instance. | +| uninstall | Before this command executes, you will be prompted to save database files. `y` will create a tarfile of your database including the most recent backup. Stops containers, deletes the `bwdata` directory and all its contents, and removes ephemeral volumes. After executing, you will be asked whether you also want to purge all Bitwarden images. | +| renewcert | Renew certificates. | +| rebuild | Rebuild generated installation assets from `config.yml`. | +| help | List all commands. | diff --git a/Software-Install/Docker/Compose.md b/Software-Install/Docker/Compose.md new file mode 100644 index 0000000..f02c864 --- /dev/null +++ b/Software-Install/Docker/Compose.md @@ -0,0 +1,197 @@ +# How To Install Docker Compose on Linux + +How do I install Docker Compose on Ubuntu 22.04/20.04/18.04 | Debian 11/10 | CentOS 8 | Fedora 36/35/34/33/32?. This guide will show you how to Install the Latest Docker Compose on Linux. Compose is a tool for defining and running multi-container Docker application. A YAML file is used to configure your application's services. + +This post aims to be a concise instructional step-by-step guide for developers and SysAdmins seeking to setup Docker Compose on Linux. We will check the Github API releases page for the project, and pull the latest binary file. + +## How To Install Docker Compose on Linux + +You need curl and wget installed on your system for this operation. And definitely, access to the Terminal as a user with sudo privileges. + +``` +### CentOS / RHEL ### +sudo yum -y install curl wget + +### Debian / Ubuntu ### +sudo apt update +sudo apt install -y curl wget + +### Fedora ### +sudo dnf -y install curl wget +``` + +Once curl has been installed, download the latest Compose on your Linux machine. + +``` +curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi - +``` + +Make the binary file executable. + +``` +chmod +x docker-compose-linux-x86_64 +``` + +Move the file to your PATH. + +``` +sudo mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose +``` + +Confirm version. + +``` +$ docker-compose version +Docker Compose version v2.11.2 +``` + +Add user to docker group: + +``` +sudo usermod -aG docker $USER +newgrp docker +``` + +## Configure Compose Command-line completion + +Compose has [command completion](https://en.wikipedia.org/wiki/Command-line_completion) for the bash and zsh shell. + +## For Bash users + +Place the completion script in `/etc/bash_completion.d`/. + +``` +sudo curl -L https://raw.githubusercontent.com/docker/compose/master/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose +``` + +Source the file or re-login to enjoy completion feature. + +``` +source /etc/bash_completion.d/docker-compose +``` + +## For Zsh users + +Download the completion script in your `~/.zsh/completion/` + +``` +mkdir -p ~/.zsh/completion +curl -L https://raw.githubusercontent.com/docker/compose/master/contrib/completion/zsh/_docker-compose > ~/.zsh/completion/_docker-compose +``` + +Include the directory in your `$fpath` by adding in `~/.zshrc`: + +``` +fpath=(~/.zsh/completion $fpath) +``` + +Make sure `compinit` is loaded or do it by adding in `~/.zshrc`: + +``` +autoload -Uz compinit && compinit -i +``` + +Then reload your shell: + +``` +exec $SHELL -l +``` + +## Test Docker Compose installation. + +Our comprehensive guide is on [Managing Docker Containers with Docker Compose](https://computingforgeeks.com/managing-docker-containers-with-docker-compose/) + +Create a test Docker Compose file. + +``` +vim docker-compose.yml +``` + +Add below data to the file. + +``` +version: '3' +services: + web: + image: nginx:latest + ports: + - "8080:80" + links: + - php + php: + image: php:7-fpm +``` + +Start service containers. + +``` +$ docker-compose up -d +Creating network "root_default" with the default driver +Pulling php (php:7-fpm)... +7-fpm: Pulling from library/php +b4d181a07f80: Pull complete +78b85dd8f014: Pull complete +8589b26a90be: Pull complete +f5af5d641946: Pull complete +4611dfe4969e: Pull complete +8d335174dcfe: Pull complete +e4ac2aba3855: Pull complete +1ec2992b064f: Pull complete +d0702e432261: Pull complete +508ceaa40a86: Pull complete +Digest: sha256:c5132fe8a019128a89bcc157f5e2b8544ea3078fb9aba076bfe27486f34b0fb5 +Status: Downloaded newer image for php:7-fpm +Pulling web (nginx:latest)... +latest: Pulling from library/nginx +b4d181a07f80: Already exists +edb81c9bc1f5: Pull complete +b21fed559b9f: Pull complete +03e6a2452751: Pull complete +b82f7f888feb: Pull complete +5430e98eba64: Pull complete +Digest: sha256:47ae43cdfc7064d28800bc42e79a429540c7c80168e8c8952778c0d5af1c09db +Status: Downloaded newer image for nginx:latest +Creating root_php_1 ... done +Creating root_web_1 ... done +``` + +Show running Containers + +``` +$ docker-compose ps + Name Command State Ports +------------------------------------------------------------------------------------------ +root_php_1 docker-php-entrypoint php-fpm Up 9000/tcp +root_web_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8080->80/tcp,:::8080->80/tcp +``` + +Destroy containers + +``` +$ docker-compose stop +Stopping root_web_1 ... done +Stopping root_php_1 ... done + +$ docker-compose rm -f +Going to remove root_web_1, root_php_1 +Removing root_web_1 ... done +Removing root_php_1 ... done +``` + +Go through Official[ Docker documentation](https://docs.docker.com/) and [Docker Compose documentation](https://docs.docker.com/compose/) to learn more. + +### Best Docker Learning Courses: + +- [Docker Mastery: with Kubernetes +Swarm from a Docker Captain](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-mastery%2F) +- [Docker for the Absolute Beginner -- Hands On -- DevOps](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Flearn-docker%2F) +- [Docker and Kubernetes: The Complete Guide](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-and-kubernetes-the-complete-guide%2F) +- [Docker -- SWARM -- Hands-on -- DevOps](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Flearn-docker-advanced%2F) +- [Docker Swarm Mastery: DevOps Style Cluster Orchestration](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-swarm-mastery%2F) + +### More guides: + +- [Ctop -- Top command for container metrics](https://computingforgeeks.com/top-command-for-container-metrics/) +- [How to Install Portainer Docker UI manager](https://computingforgeeks.com/install-docker-ui-manager-portainer/) +- [How To run Local Kubernetes clusters in Docker](https://computingforgeeks.com/how-to-run-local-kubernetes-clusters-in-docker/) +- [Deploy Lightweight Kubernetes with MicroK8s and Snap](https://computingforgeeks.com/deploy-lightweight-kubernetes-with-microk8s-and-snap/) +- [How to run Minikube on KVM](https://computingforgeeks.com/how-to-run-minikube-on-kvm/) diff --git a/Software-Install/Docker/Guide-de.md b/Software-Install/Docker/Guide-de.md new file mode 100644 index 0000000..e25260b --- /dev/null +++ b/Software-Install/Docker/Guide-de.md @@ -0,0 +1,787 @@ +Was ist Docker?\ +Docker ist eine Plattform zum Erstellen und Ausführen von Anwendungen in Containern. Container sind leichte und portable Pakete, die alles enthalten, was zur Ausführung der Anwendung benötigt wird. Docker stellt Werkzeuge zum Erstellen, Verwalten und Bereitstellen von Containern bereit und bietet Vorteile wie Konsistenz, Portabilität, Effizienz und Sicherheit. + +# Installation + +## Linux + +[Debian (Engine)](https://docs.docker.com/engine/install/debian/)\ +[Ubuntu (Desktop)](https://docs.docker.com/desktop/install/ubuntu/)\ +[Fedora (Desktop)](https://docs.docker.com/desktop/install/fedora/)\ +[Arch-based distro's (Desktop)](https://docs.docker.com/desktop/install/archlinux/) + +## Andere + +[Windows](https://docs.docker.com/desktop/install/windows-install/)\ +[Mac](https://docs.docker.com/desktop/install/mac-install/) + +## Nach der Installation + +Es kann sein, dass Sie als nicht-root-Benutzer nicht die Berechtigungen haben, Docker zu bearbeiten und auszuführen. Bitte beachten Sie, dass die folgenden Schritte für Debian/Ubuntu gelten. Hier sind die Schritte, um dies zu ändern: + +Falls Sie keinen nicht-root-Benutzer erstellt haben, führen Sie Folgendes aus: + +``` +sudo useradd -s /bin/bash -m +``` + +Um dem gerade erstellten Benutzer die Berechtigung für sudo zu geben, navigieren Sie zu /etc/sudoers und bearbeiten Sie die Datei mit nano oder vim. Es wird empfohlen, visudo zu verwenden, da es die Syntax überprüft, um Fehler zu vermeiden. In diesem Beispiel verwende ich nano wie folgt: + +``` +sudo nano /etc/sudoers +``` + +Fügen Sie am Ende der Datei Folgendes hinzu: + +``` + ALL=(ALL:ALL) ALL +``` + +Stellen Sie anschließend sicher, dass Sie sich als root abmelden und sich als der neue Benutzer anmelden. Versuchen Sie etwas mit sudo auszuführen. In diesem Beispiel habe ich Debian wie folgt aktualisiert: + +``` +sudo apt update +``` + +Wenn Sie keine Fehlermeldungen erhalten haben, waren die obigen Schritte erfolgreich. Jetzt müssen wir den Benutzer zur Docker-Gruppe hinzufügen, damit wir die Operationen in Docker durchführen können, ohne dem Benutzer vollen Zugriff auf das System zu geben. + +> Hinweis\ +> Führen Sie Docker nicht mit Root-Rechten aus. + +Überprüfen Sie, ob die Docker-Gruppe bereits erstellt wurde: + +``` +getent group docker +``` + +Die Ausgabe sollte ungefähr wie folgt aussehen: + +``` +docker:x:975 +``` + +Wenn das Terminal keine Ausgabe liefert, erstellen Sie eine neue Gruppe namens "docker": + +``` +sudo groupadd docker +``` + +Fügen Sie nun Ihren Benutzer zur Gruppe hinzu und aktivieren Sie die Änderungen sofort: + +``` +sudo usermod -aG docker $USER +newgrp docker +``` + +Um zu testen, ob alles korrekt konfiguriert wurde, geben Sie Folgendes ein: + +``` +docker run --name test hello-world +``` + +# Werkzeuge für die Entwicklung + +## Visual Studio + +[Visual Studio Remote WSL](https://learn.microsoft.com/en-us/cpp/linux/connect-to-your-remote-linux-computer?view=msvc-170)\ +[Microsoft Docker Extension for VS Code](https://code.visualstudio.com/docs/containers/overview)\ +[VS with Docker Development Tools](https://learn.microsoft.com/en-us/visualstudio/containers/overview?view=vs-2022) + +## Eclipse + +[Doclipser](https://github.com/domeide/doclipser) + +## GitLab & Docker + +[GitLab Docker images](https://docs.gitlab.com/ee/install/docker.html) + +## Applications + +| Platform | Name | Link | Comment | +| -------- | ---------- | --------------------------------------------------- | ------------------------------ | +| Linux | Whaler | [Link](https://github.com/sdv43/whaler) | Flatpak | +| Terminal | Lazydocker | [Link](https://github.com/jesseduffield/lazydocker) | \ | +| | +| Docker | Portainer | [Link](https://www.portainer.io/) | Web-UI | +| Docker | Rancher | [Link](https://github.com/rancher/rancher) | Web-UI + better for Kubernetes | + +# Nützliche Befehle und Tipps + +Um die vollständige Docker CLI-Dokumentation zu sehen, folgen Sie bitte diesem [Link](https://docs.docker.com/engine/reference/commandline/cli/).Dort finden Sie Anleitungen für jeden Docker-Befehl, den Sie ausführen können, einschließlich Themen wie Docker Compose-Dateien, Dockerfiles, APIs und vielem mehr. + +Standardmäßig zeigt der Befehl "docker ps" nur die laufenden Container an und nicht die beendeten. Mit dem folgenden Alias, den Sie in Ihrer .bashrc-Datei hinzufügen können, können Sie alle Container anzeigen und nur die wichtigen Informationen sehen: + +``` +alias dockerps='docker container ls -a --format "table {{.Image}}\t{{.Names}}\t{{.Ports}}\t{{.State}}"' +``` + +Dieser Alias definiert den Befehl "dockerps", der die Option "-a" verwendet, um alle Container anzuzeigen, und das Format "table", um nur die Spalten für Image, Namen, Ports und Zustand anzuzeigen. Sie können dann einfach "dockerps" ausführen, um eine übersichtliche Liste aller Container und ihrer relevanten Informationen anzuzeigen. + +Dies kann besonders praktisch sein, wenn Sie einen schnellen Überblick über alle Container auf Ihrem System benötigen. + +## Curl + +Der Curl-Befehl ist ein Befehlszeilentool, das verwendet wird, um Daten von oder zu einem Server zu übertragen. Es unterstützt verschiedene Protokolle wie HTTP, HTTPS, FTP, FTPS und mehr. Der Curl-Befehl ist auf den meisten Unix-basierten Betriebssystemen verfügbar und kann für eine Vielzahl von Aufgaben verwendet werden, wie das Herunterladen von Dateien, das Hochladen von Daten, das Testen von APIs und mehr. Hier sind einige Anwendungsbeispiele und Optionen für diesen Befehl: + +``` +# download the file and save it in the current directory: +curl -O http://example.com/myfile.txt + +# download the file and save it in the current directory but under a different name: +curl -o mynewfile.txt http://example.com/myfile.txt + +# for more options run folling: +curl --help +``` + +Mit diesen Beispielen können Sie eine Datei von einer bestimmten URL herunterladen und im aktuellen Verzeichnis speichern. Sie können auch den Dateinamen ändern, unter dem die heruntergeladene Datei gespeichert wird. Weitere Optionen und Funktionen des Curl-Befehls finden Sie in der Dokumentation oder indem Sie den Befehl "curl --help" ausführen. + +# Images + +Ein Docker-Image ist ein ausführbares Paket, das alles enthält, was benötigt wird, um eine Software auszuführen. Es umfasst den Code, die Laufzeitumgebung, Systemwerkzeuge, Bibliotheken und Einstellungen. Docker-Images werden aus Dockerfiles erstellt. Wenn Sie den Befehl "docker images" ausführen, sehen Sie folgende Informationen: + +- Repository: The name of the repository from which the image was pulled. +- Tag: The specific version of the image. +- Image ID: A unique identifier for the image. +- Created: The date and time at which the image was created. +- Size: The size of the image in bytes. + +## Docker hub + +Um alle verfügbaren Container anzuzeigen, besuchen Sie [hub.docker.com](https://hub.docker.com/)\ +oder suchen Sie nach den Containern über das Terminal mit: + +``` +docker search +``` + +## Herunterladen (Pull) + +Um ein Image herunterzuladen, führen Sie den folgenden Befehl aus: + +``` +docker pull +``` + +Wenn Sie nicht angegeben haben, welche Version heruntergeladen werden soll, wird standardmäßig die ":latest"-Version heruntergeladen. Um eine spezifische Version des Containers herunterzuladen, verwenden Sie: + +``` +docker pull :version +``` + +Beispiel: Um den Nginx-Webserver herunterzuladen, der auf Alpine Linux läuft: + +``` +docker pull linuxserver/nginx +``` + +## Anzeigen + +Um alle Images anzuzeigen, verwenden Sie den Befehl: + +``` +docker images +``` + +## Löschen + +Um ein Image zu löschen, verwenden Sie den Befehl: + +``` +docker image rm # Ein einzelnes Container-Image entfernen +docker image rm :1.04 # Eine spezifische Version eines Images entfernen +docker image rm # Mehrere Container-Images entfernen +``` + +> **Hinweis**\ +> Löschen Sie kein Image, das von einem laufenden Container verwendet wird. + +## Bereinigen (Prune) + +Das Prune-Kommando löscht nicht verwendete Images. Verwenden Sie es mit Vorsicht. + +> **Verwenden Sie auf eigene Gefahr** + +``` +docker image prune +``` + +# Volumes + +Sie können ein Volume erstellen, um Daten zu persistieren und zwischen Containern und dem Host zu teilen. Ein Volume ist ein Verzeichnis, das außerhalb des Dateisystems des Containers gespeichert wird und von Docker verwaltet wird. Nachdem das Volume erstellt wurde, erstellt Docker ein neues Verzeichnis, das Sie in einem Container einbinden können. + +> **Hinweis**\ +> Sie müssen kein Container-Volume erstellen, wenn der Container nur einmal verwendet wird. + +## Erstellen + +Um ein Volume zu erstellen, verwenden Sie den folgenden Befehl: + +``` +docker volume create +``` + +## Inspektion & Auflistung + +Um alle Volumes anzuzeigen oder Informationen zu einem bestimmten Volume anzuzeigen, verwenden Sie die folgenden Befehle: + +``` +docker volume ls # Alle Volumes auflisten +docker volume inspect # Informationen zu einem Volume anzeigen +``` + +## Löschen von Volumes + +Um ein bestimmtes Volume zu löschen, verwenden Sie den folgenden Befehl: + +``` +docker volume rm # Ein einzelnes Volume entfernen +docker volume rm # Mehrere Volumes entfernen +``` + +Um alle Volumes zu löschen, die von keinem Container verwendet werden, verwenden Sie den Befehl: + +``` +docker volume prune +``` + +> **Verwenden Sie auf eigene Gefahr** + +# docker run + +Der Befehl "docker run" ist ein All-in-One-Tool. Wenn Sie diesen Befehl ausführen, wird das Image heruntergeladen (falls noch nicht vorhanden), der Container erstellt und gestartet. Der Befehl "docker run" besteht aus den folgenden Schritten: + +``` +docker image pull +docker container create +docker container start +``` + +Es ist ratsam, Docker-Container im Hintergrund auszuführen (detached). Das bedeutet, dass Sie die Protokolle nicht sehen und nicht in Echtzeit mit dem Container interagieren können. Um einen Container im Hintergrund auszuführen, fügen Sie einfach **_-d_** hinzu, z.B.: + +``` +docker run -d --name +``` + +Um den Port anzugeben, verwenden Sie den folgenden Befehl: + +``` +docker run -p : --name +``` + +Um weitere Optionen anzuzeigen, verwenden Sie den Befehl: + +``` +docker run --help +``` + +> **Hinweis** +> +> - Es spielt keine Rolle, welche Optionen und in welcher Reihenfolge sie angegeben werden. +> - Wenn Sie weitere Optionen hinzufügen möchten, ist es besser, dies mit Docker Compose zu tun, da es einfacher ist, eine Datei anstatt eines Befehls zu bearbeiten. + +Hier ist ein Beispiel für den Befehl **_docker run_**: + +``` +docker run -d\ + --name=calibre-web\ + -e PUID=1000\ + -e PGID=1000\ + -e TZ=Etc/UTC\ + -e DOCKER_MODS=linuxserver/mods:universal-calibre `#optional`\ + -e OAUTHLIB_RELAX_TOKEN_SCOPE=1 `#optional`\ + -p 8083:8083\ + -v /PATH/TO/DATA:/config\ + -v /PATH/TO/CALIBRE/LIBRARY:/books\ + --restart unless-stopped\ + lscr.io/linuxserver/calibre-web:latest +``` + +# Docker-Container + +Der Befehl "docker container" bietet eine Reihe von Unterbefehlen zum Erstellen, Starten, Stoppen und Löschen von Containern sowie zur Überprüfung und Verwaltung ihrer Konfiguration, Protokolle und Leistung. Hier sind einige wichtige Befehle: + +## List + +Mit diesem Befehl können Sie alle Container auflisten. Sie können auch Filter verwenden, um die Standardansicht anzupassen. Dies kann am besten mit einem Alias in Linux erfolgen. + +``` +docker container ls # Alle laufenden Container auflisten +docker container ls -a # Alle Container auflisten +``` + +## Create + +Dieser Befehl erstellt den Container, ohne ihn zu starten. Hier ist ein Beispiel: + +``` +docker container create --name my_container -p 8080:80 nginx:latest +``` + +## Start & Stop, Kill + +Mit diesen Befehlen können Sie den Container starten und stoppen. Mit dem Befehl **_docker container kill_** können Sie den Container abrupt beenden. Beachten Sie jedoch, dass dabei keine Aufräumarbeiten im Container durchgeführt werden. Verwenden Sie **_kill_** daher mit Vorsicht. + +``` +docker container start # Einen oder mehrere Container starten +docker container stop # Einen oder mehrere Container stoppen +docker container kill # Vorsicht: Container abrupt beenden +``` + +## Pause & Unpause + +Diese Befehle sind nützlich, um die Prozesse eines Containers vorübergehend anzuhalten, ohne den Container zu stoppen oder zu löschen. Dadurch können Wartungs- oder Problembehandlungsaufgaben durchgeführt werden, während der Zustand des Containers erhalten bleibt. + +``` +docker container ls #list all running container +docker container ls -a #list all container +``` + +## Rename + +Um den Namen eines Containers zu ändern, verwenden Sie den folgenden Befehl: + +``` +docker container +``` + +## Exec + +Mit diesem Befehl können Sie Befehle im Container ausführen und die Ausgabe anzeigen. Hier sind einige Beispiele: + +- Um den Inhalt des Home-Verzeichnisses anzuzeigen: + +``` +docker container exec my_container ls /home +``` + +- Um eine Verbindung zum Terminal des Containers herzustellen: + +``` +docker container exec -it bash +``` + +## Logs + +Dieser Befehl ermöglicht es Ihnen, die Protokolle des Containers anzuzeigen. Beachten Sie, dass dieser Befehl nur funktioniert, wenn der Docker-Container mit dem "json-file" oder "journald" Protokollierungs-Treiber gestartet wurde. Wenn in der "daemon.json"-Konfigurationsdatei keine spezifische Protokollierungskonfiguration angegeben ist, ist "json-file" der Standardtreiber. Die "daemon.json"-Datei befindet sich unter "/etc/docker". Verwenden Sie den folgenden Befehl, um die Protokolle des Containers anzuzeigen. Sie können auch weitere Optionen verwenden, um die Ausgabe anzupassen: + +``` +docker container logs # Vollständiges Protokoll anzeigen +docker container logs --details # Alle Protokolldetails anzeigen +docker container logs -f # Echtzeitprotokoll anzeigen +docker container logs --tail # Ausgabe begrenzen +``` + +Zusätzlich stehen die Optionen --since und --until zur Verfügung. Um weitere Informationen zu erhalten, führen Sie den folgenden Befehl aus: + +``` +docker container logs --help +``` + +## Alternative + +> Die meisten häufig verwendeten Befehle sind bereits in Docker integriert. Zum Beispiel können Sie anstelle von **_docker container start_** den Befehl **_docker start_** verwenden + +# Docker-File + +Mit einem Dockerfile können Sie ein Container-Image erstellen. In den folgenden Beispielen verwenden wir ein bereits vorhandenes Container-Image und passen es an unsere Bedürfnisse an. Schauen wir uns an, aus welchen Teilen ein Dockerfile besteht: + +| Command | Alternative | Explanation | +| ------- | ----------- | ------------------------------------------------------------------------------------------------------------------------- | +| FROM | - | Gibt das Basis-Image an | +| WORKDIR | - | Legt das Arbeitsverzeichnis fest | +| COPY | ADD | Kopiert Dateien vom Hostsystem in den Container | +| RUN | - | Führt Befehle im Container aus, um Pakete zu installieren, das System zu aktualisieren oder die Umgebung zu konfigurieren | +| EXPOSE | - | Gibt an, auf welchen Ports der Container hören soll | +| CMD | ENTRYPOINT | Definiert den Standardbefehl, der beim Starten des Containers ausgeführt werden soll | + +## Wichtig + +CMD und RUN sind nicht dasselbe. RUN wird verwendet, um Befehle im Container während des Build-Prozesses auszuführen. Dies wird normalerweise verwendet, um etwas einmalig auszuführen, z.B. das Aktualisieren und Installieren von Paketen. Wenn Sie mehrere Dinge installieren müssen, führen Sie nicht mehrere RUN-Befehle aus. Verwenden Sie stattdessen den folgenden Syntax: + +``` +RUN apt update && apt upgrade && apt install python3 +``` + +Achten Sie darauf, den richtigen Port für die webbasierte Anwendung freizugeben. + +## 1\. Beispiel: Node.js-Anwendung + +``` +# Verwenden Sie ein offizielles Node.js-Laufzeitimage als Basisimage +FROM node:14-alpine + +# Setzen Sie das Arbeitsverzeichnis im Container +WORKDIR /app + +# Kopieren Sie die package.json- und package-lock.json-Dateien in den Container +COPY package*.json ./ + +# Installieren Sie die Abhängigkeiten +RUN npm install + +# Kopieren Sie den Anwendungscode in den Container +COPY . . + +# Exponieren Sie den Port 3000 nach außen +EXPOSE 3000 + +# Definieren Sie den Befehl zum Starten der Anwendung beim Starten des Containers +CMD [ "npm", "start" ] +``` + +## 2\. Beispiel: Wordpress + +``` +# Verwenden Sie ein offizielles PHP-Laufzeitimage als Basisimage +FROM php:7.4-apache + +# Setzen Sie das Arbeitsverzeichnis im Container +WORKDIR /var/www/html + +# Kopieren Sie die WordPress-Dateien in den Container +COPY . . + +# Setzen Sie den Besitzer der WordPress-Dateien auf den Webserver-Benutzer +RUN chown -R www-data:www-data . + +# Installieren Sie die erforderlichen PHP-Erweiterungen für WordPress +RUN docker-php-ext-install mysqli pdo_mysql + +# Exponieren Sie den Port 80 nach außen +EXPOSE 80 + +# Definieren Sie den Befehl zum Starten des Apache-Webservers +CMD [ "apache2-foreground" ] +``` + +## 3\. Beispiel: Apache Webserver + +``` +# Verwenden Sie ein offizielles Apache-Laufzeitimage als Basisimage +FROM httpd:2.4-alpine + +# Kopieren Sie die benutzerdefinierte Konfigurationsdatei in den Container +COPY httpd.conf /usr/local/apache2/conf/httpd.conf + +# Exponieren Sie den Port 80 nach außen +EXPOSE 80 + +# Definieren Sie den Befehl zum Starten des Apache-Webservers +CMD [ "httpd-foreground" ] +``` + +## Erstellen und Veröffentlichen des Containers + +Nachdem Sie das Dockerfile erstellt haben, um den Docker-Container auszuführen, müssen Sie das Image erstellen und veröffentlichen. Es gibt zwei Möglichkeiten, es zu veröffentlichen: lokal oder im Docker-Register (Docker Hub).\ +Um das Image lokal zu erstellen und zu veröffentlichen: + +``` +docker build -t +docker push +``` + +Um das Image im Docker Hub zu erstellen und zu veröffentlichen: + +``` +# Falls noch nicht angemeldet, über das Terminal anmelden +docker login +# Sie können auch zuvor die Anmeldeinformationen angeben, z.B.: +docker login -u -p + +docker build -t +docker push -t / +``` + +Es besteht auch die Möglichkeit, das Image unter einer anderen Version zu veröffentlichen. Verwenden Sie dazu folgendes Format: + +``` +# Lokal +docker push :v1.0 + +# Docker Hub +docker push /:v1.0 +``` + +Beachten Sie, dass, wenn Sie keine Image-Version angeben, standardmäßig immer die Version **_:latest_** verwendet wird. + +# docker compose + +Dieses Tool wird verwendet, um einzelne oder mehrere Docker-Anwendungen mit mehreren Containern zu definieren und auszuführen. Es ermöglicht Ihnen, eine Reihe von Diensten mit jeweils eigener Konfiguration zu definieren und sie mit einem einzigen Befehl zu starten und zu stoppen. Docker Compose verwendet eine YAML-Datei, um die Dienste, Netzwerke und Volumes für die Anwendung zu definieren.\ +Der beste Weg, Anwendungen mit Docker Compose zu installieren, besteht darin, die vom Herausgeber bereitgestellte Konfigurationsdatei zu bearbeiten. + +## Installation + +Um Docker Compose zu installieren, folgen Sie diesem [Link](https://docs.docker.com/compose/install/)\ +Um zu überprüfen, ob die Installation erfolgreich war, führen Sie den folgenden Befehl aus: + +``` +docker-compose --version +``` + +Um den Workflow zu optimieren, habe ich für jede Anwendung und Gruppe ein Verzeichnis erstellt und die YAML-Datei und die Verzeichnisse für die Volumes darin platziert. Zum Beispiel: + +``` +mkdir calibre-web +cd calibre-web +mkdir books config +nano docker-compose.yaml +``` + +## Bereitstellung + +Die folgenden Befehle sind wichtig, um die compose.yaml auszuführen: + +``` +docker-compose up # ähnlich wie docker run / docker container start +docker-compose down # stoppt den Container-Stack +``` + +### Einzelner Container + +Zunächst schauen wir uns an, wie man einen einzelnen Container erstellt. In diesem Beispiel verwenden wir calibre-web. Auf der Website hat der Herausgeber folgendes gepostet: + +``` +version: "2.1" +services: + calibre-web: + image: lscr.io/linuxserver/calibre-web:latest + container_name: calibre-web + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - DOCKER_MODS=linuxserver/mods:universal-calibre #optional + - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional + volumes: + - /path/to/data:/config + - /path/to/calibre/library:/books + ports: + - 8083:8083 + restart: unless-stopped +``` + +Wir sehen, dass der Herausgeber die Konfiguration für die Bereitstellung bereits festgelegt hat. Das Einzige, was wir jetzt tun müssen, ist die Pfade zu den Volumes und falls gewünscht den Port anzupassen. Nach der Anpassung könnte das docker-compose.yaml-File wie folgt aussehen: + +``` +version: "2.1" +services: + calibre-web: + image: lscr.io/linuxserver/calibre-web:latest + container_name: calibre-web + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - /home/admoin/callibre-web/config:/config + - /home/admoin/callibre-web/books:/books + ports: + - 80:8083 + restart: unless-stopped +``` + +### multiple container + +Um mehrere Container bereitzustellen, habe ich ein Beispiel mit Wordpress erstellt. Wie oben können Sie die Volumes-Pfade und andere Einstellungen anpassen. In diesem Beispiel verwende ich Wordpress.\ +Erstellen Sie zunächst das Verzeichnis und die **_.yaml_**-file: + +``` +mkdir ~/wordpress && cd ~/wordpress +mkdir /html /database +nano docker-compose.yaml +``` + +Fügen Sie nun den folgenden Inhalt in die Datei ein, aber denken Sie daran, die Dateipfade für Ihren Benutzernamen, den DB-Benutzer und das Passwort sowie die IP-Adresse anzupassen: + +``` +wordpress_wordpress: + image: wordpress + links: + - mariadb:mysql + environment: + - WORDPRESS_DB_PASSWORD=password + - WORDPRESS_DB_USER=root + ports: + - "public_ip:80:80" + volumes: + - /home/admoin/wordpress/html:/var/www/html +wordpress_mariadb: + image: mariadb + environment: + - MYSQL_ROOT_PASSWORD=password + - MYSQL_DATABASE=wordpress + volumes: + - /home/admoin/wordpress/database:/var/lib/mysql +``` + +> Für weitere Informationen zu Docker Compose folgen Sie diesem [Link](https://docs.docker.com/compose/compose-file/) + +# Netzwerk + +Dieser Befehl ermöglicht das Erstellen und Verwalten von Netzwerken.\ +Standardmäßig erstellt Docker drei integrierte Netzwerke: + +- _default bridge_ +- _host_ +- _none_ + +Folgende Netzwerke werden von Docker nicht standardmäßig erstellt werden, aber Sie können sie erstellen: + +- _user-defined bridge_ +- _macvlan (L2, L3)_ +- _ipvlan_ + +Es gibt auch zwei weitere Optionen, die jedoch veraltet oder nicht häufig verwendet werden: + +- _docker swarm_ +- _overlay_ + +Hier sind die Befehle zum Erstellen und Verwalten von Netzwerken: + +``` +docker network create # Erstellt das Netzwerk +docker network rm # Entfernt das Netzwerk +docker network ls # Listet alle Netzwerke auf +docker network inspect # Zeigt detaillierte Informationen an +docker network connect # Verbindet den Container mit einem Netzwerk +docker network disconnect # Trennt den Container vom Netzwerk +``` + +Von der Docker-Hostmaschine aus gibt es zwei sehr nützliche Befehle bei der Arbeit mit Docker: + +``` +ip address show +ifconfig # Ähnlich wie der obige Befehl +bridge link +``` + +> **Note** +> +> - Führen Sie --help für weitere Optionen aus oder verwenden Sie die [docker docs](https://docs.docker.com/engine/reference/commandline/network/) um vollständige Informationen zu jedem Docker-Befehl anzuzeigen. +> - Hilfreiches YouTube-Video [Link](https://www.youtube.com/watch?v=bKFMS5C4CG0)\ +> **_Bitte beachten Sie, dass NetworkChuck Docker nicht korrekt installiert hat und jeden Container mit Root-Rechten ausführt. Das liegt an dem Inhalt. Das bedeutet auch, dass jeder Container volle Root-Rechte hat._** + +## default bridge + +Dieses Netzwerk erstellt ein virtuelles Netzwerk auf dem Host und verbindet den Container mit dem Netzwerk. Dieses Netzwerk ermöglicht es mehreren Containern, miteinander zu kommunizieren, erfordert jedoch, dass Sie Portweiterleitungen konfigurieren, um den externen Zugriff auf die Container zu ermöglichen. Die standardmäßige Docker-Bridge hat einen IP-Adressbereich. Der Docker-Host würde die Adresse **_172.17.0.1/16_** erhalten. Alle Docker-Container werden mit diesem Netzwerk verbunden, sofern kein anderes Netzwerk angegeben wurde. + +## host + +In diesem Netzwerkmodus kann ein Container den Netzwerkstack des Hosts verwenden. Wenn ein Container im host-Netzwerkmodus gestartet wird, teilt er denselben Netzwerknamespace wie der Host und kann dieselben Schnittstellen und Dienste wie der Host nutzen. Die Container kommunizieren über die MAC-Adresse des Hosts und erhalten eine eigene IP-Adresse. + +> **_Bitte beachten Sie, dass diese Art der Netzwerkkommunikation nicht isoliert ist, was bedeutet, dass Ihr Docker-Container frei mit anderen Geräten oder Maschinen im Netzwerk kommunizieren kann_** + +Führen Sie die folgenden Befehle aus, um einen Container in diesem Netzwerkmodus auszuführen: + +``` +docker run --name --network host nginx +``` + +## none + +Wie der Name schon sagt, deaktiviert dieses Netzwerk die Netzwerkkonnektivität für einen Container. Wenn Sie einen Container im none-Netzwerkmodus starten, hat der Container keinen Zugriff auf Netzwerkschnittstellen und kann nicht mit anderen Containern oder externen Netzwerken kommunizieren. Dieser Modus ist nützlich, um Aufgaben auszuführen, die keine Netzwerkkonnektivität erfordern. + +``` +docker run --name websrv-test --network host nginx +``` + +## Benutzerdefinierte Bridge + +Dieses Netzwerk funktioniert ähnlich wie die Standard-Bridge. Der Unterschied besteht darin, dass ein neues virtuelles Netzwerk erstellt wird, in dem Sie Informationen wie IP-Adresse, Bereich, Gateway usw. festlegen können. Dieses Netzwerk verbessert die Leistung, da der Datenverkehr zwischen Containern im selben Netzwerk nicht über eine NAT-Firewall geroutet werden muss. Diese Netzwerke bieten eine flexible und anpassbare Möglichkeit zur Verwaltung der Container-Netzwerkkommunikation und sind ein nützliches Werkzeug zum Aufbau skalierbarer und zuverlässiger verteilter Anwendungen. + +Um dieses Netzwerk zu erstellen, verwenden Sie den folgenden Befehl: + +``` +docker network create +``` + +Dieser Befehl erstellt nicht nur ein neues Netzwerk, sondern legt auch einen neuen IP-Bereich, Subnetz, Gateway usw. fest. Die neue Netzwerk-ID wäre standardmäßig **_172.18.0.0/16_**, wenn sie nicht spezifiziert wird. + +## macvlan + +Dieser Netzwerktreiber ermöglicht es Ihnen, eine Netzwerkschnittstelle in einem Container mit einer eindeutigen MAC-Adresse zu erstellen, sodass der Container wie ein separates Gerät direkt mit dem physischen Netzwerk verbunden erscheint. Jeder Container erhält seine eigene MAC-Adresse.\ +MACvlan hat einige Modi: + +- **bridge**\ + _In diesem Modus wird jeder Container mit einem physischen Netzwerk gebridged und der Docker-Host routet den Datenverkehr zwischen dem physischen Netzwerk und den Containern._ +- **passthru**\ + _Dieser Modus gibt die Netzwerkkarte an die Container weiter._ +- **private**\ + _In diesem Modus kann jeder Container mit anderen Geräten kommunizieren, jedoch nicht mit Containern im selben Netzwerk._ + +Standardmäßig wird bei Erstellung des macvlan-Netzwerks ohne Angabe des Modus der **bridge**-Modus verwendet.\ +Erstellen wir ein macvlan-Netzwerk: + +``` +# bridge mode +sudo docker network create -d macvlan\ +--subnet 192.168.0.0/24\ +--gateway 191.168.0.1\ +-o parent=enp0s3.0\ +mynetwork-bridge + +# passthru mode +docker network create -d macvlan\ +--subnet=192.168.1.0/24\ +--gateway=192.168.1.1\ +--aux-address="mode=passthru"\ +-o parent=enp0s3.1\ +mynetwork-passthru + +# private mode +docker network create -d macvlan\ +--subnet=192.168.2.0/24\ +--gateway=192.168.2.1\ +--aux-address="mode=private"\ +-o parent=enp0s3.2\ +mynetwork-private +``` + +> **Hinweis**\ +> In diesem Netzwerk können Sie auch die Sub-Schnittstelle angeben. + +## ipvlan + +This network allows you to create a network interface that shares the same MAC address as the parent interface, but has a separate and unique IP address. It provides a way to create multiple containers with their own IP addresses, while using the same physical or virtual network interface. + +### L2 + +Dieses Netzwerk ermöglicht es Ihnen, eine Netzwerkschnittstelle zu erstellen, die dieselbe MAC-Adresse wie die übergeordnete Schnittstelle teilt, jedoch eine separate und eindeutige IP-Adresse besitzt. Es bietet eine Möglichkeit, mehrere Container mit ihren eigenen IP-Adressen zu erstellen, während dieselbe physische oder virtuelle Netzwerkschnittstelle verwendet wird. + +``` +docker network create -d ipvlan\ +--subnet 10.7.1.0/24\ +--gateway 10.7.1.3\ +-o parent=enp0s3\ +ip-vlan_l2 +``` + +### L3 + +In diesem Modus hat jeder Container seine eigene IP-Adresse, teilt jedoch dieselbe MAC-Adresse wie die übergeordnete Schnittstelle. Die Container kommunizieren mit anderen Geräten im Netzwerk über IP-Routing. + +``` +docker network create -d ipvlan\ +--subnet 192.168.94.0/24\ +-o parent=enp0s3 -o ipvlan_mode=L3\ +--subnet 192.168.95.0/24\ +ip-vlan_l3 +``` + +> Um den Container in der Lage zu machen, mit dem globalen Netzwerk zu kommunizieren, müssen Sie eine statische Route erstellen. + +### L2bridge + +Dies ist ein Hybridmodus, der die Aspekte der L2- und L3-Modi kombiniert. Jeder Container hat seine eigene IP-Adresse und teilt dieselbe MAC-Adresse wie die übergeordnete Schnittstelle. Container innerhalb dieses Netzwerks können über IP-Routing mit anderen Geräten im Netzwerk kommunizieren und dabei Layer-2-Bridging verwenden. + +``` +docker network create -d ipvlan\ +--subnet 192.168.101.0/24\ +-o parent=enp0s3 -o ipvlan_mode=mode=l2bridge\ +ip-vlan_l2bridge +``` + +## weitere Netzwerke + +Es gibt zwei weitere Netzwerkoptionen: das Overlay-Netzwerk und das Docker-Swarm. Diese werden jedoch nicht häufig verwendet und/oder sind veraltet. Wenn Sie erfahren möchten, wie Docker Swarm funktioniert, empfehle ich Ihnen, sich mit Kubernetes zu befassen, da diese Art der Containerisierung mehr Optionen bietet. diff --git a/Software-Install/Docker/Guide-en.md b/Software-Install/Docker/Guide-en.md new file mode 100644 index 0000000..a6a4c6b --- /dev/null +++ b/Software-Install/Docker/Guide-en.md @@ -0,0 +1,788 @@ +# What is Docker? + +Docker is a platform for building and running applications inside containers. Containers are lightweight and portable packages that include everything needed to run the application. Docker provides tools for building, managing, and deploying containers, and it offers benefits such as consistency, portability, efficiency, and security. + +# Installation + +## Linux + +[Debian (Engine)](https://docs.docker.com/engine/install/debian/)\ +[Ubuntu (Desktop)](https://docs.docker.com/desktop/install/ubuntu/)\ +[Fedora (Desktop)](https://docs.docker.com/desktop/install/fedora/)\ +[Arch-based distro's (Desktop)](https://docs.docker.com/desktop/install/archlinux/) + +## Other + +[Windows](https://docs.docker.com/desktop/install/windows-install/)\ +[Mac](https://docs.docker.com/desktop/install/mac-install/) + +## Post-install + +You may do not have the rights as a non-root user to edit and deploy docker. Please note that the steps below work for Debian/ Ubuntu. Here are the steps to change it:\ +If you didn't create a non-root user run following: + +``` +sudo useradd -s /bin/bash -m +``` + +To give the user you have just created the right for sudo navigate to the /etc/sudoers and edit the file with nano or vim. It is reccomended to use the visudo because the performs synthax checking for preventing errors. In this example I will use the nano as following: + +``` +sudo nano /etc/sudoers +``` + +Now add the following to the bottom of the file: + +``` + ALL=(ALL:ALL) ALL +``` + +Afterwise be shure that you logout from root and login as the new user.\ +Try to perform something with sudo. In this Example I tried to update Debian like this: + +``` +sudo apt update +``` + +The steps above were successful if you haven't ancounted any errors. Now we need to add the user to the docker group so that we could perform the operations in docker without giving the full access to the system. + +> **Note**\ +> Do not run docker with root rights + +Check if the docker group has already been created: + +``` +getent group docker +``` + +The output should be something like this: + +``` +docker:x:975 +``` + +If Terminal didn't give any output give create a new group called docker: + +``` +sudo groupadd docker +``` + +Now add your user to the group and activate the changes immidiatly: + +``` +sudo usermod -aG docker $USER +newgrp docker +``` + +To test if everything was configured correctly enter following: + +``` +docker run --name test hello-world +``` + +# Tools for developing + +## Visual Studio + +[Visual Studio Remote WSL](https://learn.microsoft.com/en-us/cpp/linux/connect-to-your-remote-linux-computer?view=msvc-170)\ +[Microsoft Docker Extension for VS Code](https://code.visualstudio.com/docs/containers/overview)\ +[VS with Docker Development Tools](https://learn.microsoft.com/en-us/visualstudio/containers/overview?view=vs-2022) + +## Eclipse + +[Doclipser](https://github.com/domeide/doclipser) + +## GitLab & Docker + +[GitLab Docker images](https://docs.gitlab.com/ee/install/docker.html) + +## Applications + +| Platform | Name | Link | Comment | +| -------- | ---------- | --------------------------------------------------- | ------------------------------ | +| Linux | Whaler | [Link](https://github.com/sdv43/whaler) | Flatpak | +| Terminal | Lazydocker | [Link](https://github.com/jesseduffield/lazydocker) | \ | +| | +| Docker | Portainer | [Link](https://www.portainer.io/) | Web-UI | +| Docker | Rancher | [Link](https://github.com/rancher/rancher) | Web-UI + better for Kubernetes | + +# Useful + +To see the full docker cli documentation follow this [Link](https://docs.docker.com/engine/reference/commandline/cli/)\ +There are Guides for every docker command that you can execute including stuff like docker compose-files, docker-files, API's and so on.\ +By running the "docker ps" command it doesn't display not running containers. With this alias, that you can put in your .bashrc, you can display all containers and see only the important stuff + +``` +alias dockerps='docker container ls -a --format "table {{.Image}}\t{{.Names}}\t{{.Ports}}\t{{.State}}"' +``` + +## Curl + +This command is a command-line tool that is used to transfer data from or to a server, using a variety of protocols such as HTTP, HTTPS, FTP, FTPS, and more. The curl command is available on most Unix-based operating systems and can be used to perform a wide range of tasks, such as downloading files, uploading data, testing APIs, and more. Below are some use cases and options for this comand: + +``` +# download the file and save it in the current directory: +curl -O http://example.com/myfile.txt + +# download the file and save it in the current directory but under a different name: +curl -o mynewfile.txt http://example.com/myfile.txt + +# for more options run folling: +curl --help +``` + +# Images + +A Docker image is a executable package that contains everything needed to run a piece of software. It includes: the code, runtime, system tools, libraries, and settings. Docker images are created from a docker files. By runnung "docker images" you would see following: + +- Repository: The name of the repository from which the image was pulled. +- Tag: The specific version of the image. +- Image ID: A unique identifier for the image. +- Created: The date and time at which the image was created. +- Size: The size of the image in bytes. + +## Docker hub + +To see all available containers go to [hub.docker.com](https://hub.docker.com/)\ +or search for the containers via Terminal with: + +``` +docker search +``` + +## Download (pull) + +To download the image run following: + +``` +docker pull +``` + +If you haven't specified which version to pull it will pull the ":latest".\ +To download a specific version of the container: + +``` +docker pull :version +``` + +For example: to download the nginx webserver that runs alpine-linux underneath: + +``` +docker pull linuxserver/nginx +``` + +## View + +To view all images run following: + +``` +docker images +``` + +## Delete + +To delete a image run following: + +``` +docker image rm # To remove a single container image +docker image rm :1.04 # To remove specific version of an image +docker image rm # To remove a multiple containers images +``` + +> **Note**\ +> Do not delete an image when used by a running container + +## Prune + +Prune is like delete but it deletes all images that are not used by any container + +> **Use at your own risk** + +``` +docker image prune +``` + +# Volumes + +You can create a volume to persist data and share data between containers and the host. A volume is a directory that is stored outside of the container's filesystem and is managed by Docker. After creating the volume, docker creates a new directory that you can mount to to a container. + +> **Note**\ +> You don't need to create a container-volume if the container is a one time use only + +## Create + +To create a volume paste following: + +``` +docker volume create +``` + +## Inspect & List + +To view all the containers or view info about a specific container paste following: + +``` +docker volume ls # list all volumes +docker volume inspect # list all information about a volume +``` + +## Delete volume(s) + +To delete a specific volume run following: + +``` +docker volume rm # To remove a single container +docker volume rm # To remove a multiple containers +``` + +To delete all volumes that are not in use by any container: + +``` +docker volume prune +``` + +> **Use at your own risk** + +# docker run + +This command is a All-in-One Tool. By executing this command you will pull the image (if not pulled), create the container and start it. This command consist of: + +``` +docker image pull +docker container create +docker container start +``` + +You should run docker containers detached. Running container detached means you won't see the logs and interact with it in real time) To do so just add **_-d_** like so: + +``` +docker run -d --name +``` + +To specify the port run following: + +``` +docker run -p : --name +``` + +to display more options run following: + +``` +docker run --help +``` + +> **Note** +> +> - It does not matter which options and which sequence they are +> - If you would like to add more options then it's better to do it with docker-compose since it is easier to edit a file instead of a command + +This is how a **_docker run_** could look like: + +``` +docker run -d\ + --name=calibre-web\ + -e PUID=1000\ + -e PGID=1000\ + -e TZ=Etc/UTC\ + -e DOCKER_MODS=linuxserver/mods:universal-calibre `#optional`\ + -e OAUTHLIB_RELAX_TOKEN_SCOPE=1 `#optional`\ + -p 8083:8083\ + -v /PATH/TO/DATA:/config\ + -v /PATH/TO/CALIBRE/LIBRARY:/books\ + --restart unless-stopped\ + lscr.io/linuxserver/calibre-web:latest +``` + +# docker container + +This command provides a set of sub-commands for creating, starting, stopping, and deleting, as well as for inspecting and managing their configuration, logs and performance. Here are some few: + +## List + +With this command you can list all the container. You can also filter them if you don't like the standard view (best done with alias in linux) + +``` +docker container ls #list all running container +docker container ls -a #list all container +``` + +## Create + +This command creates the container witout starting it. For example: + +``` +docker container create --name my_container -p 8080:80 nginx:latest +``` + +## Start & Stop, Kill + +With these commands you can start and stop the container. By using **_docker container kill_** you will pull out the power plug from the container. Please use the **_kill_**-command with care since it the container does no cleanup before. Command as follows: + +``` +docker container start # start one or muliple container +docker container stop # stop one or multiple container +docker container kill # use with caution. may result errors +``` + +## Pause & Unpause + +Those commands are useful for temporarly suspending a containers processes without stopping or deleting the container, allowing to perform the maintenance or troubleshooting tasks while preserving the container's state + +``` +docker container ls #list all running container +docker container ls -a #list all container +``` + +## Rename + +To rename a single container paste following: + +``` +docker container +``` + +## Exec + +With this command you can execute commands into the container and get the output.\ +Here are some examples: + +- to see what's in the home directory: + +``` +docker container exec my_container ls /home +``` + +- To make a connection to the containers- terminal + +``` +docker container exec -it bash +``` + +## Logs + +This command allows you to see logs of the container. This command only works if the docker container was started with with the .json file or journald. If in deamon.json wasn't any specified configuration file then json-file would be the default driver. The deamon.json is located in **/etc/docker**. To see logs of the container run the first command. If you would like to specify the output use one or more commands below: + +``` +docker container logs # show full log +docker container logs --details # show all details +docker container logs -f # show real time log +docker container logs --tail # to reduce the output +``` + +Also available options are --since and --until. To know more run following: + +``` +docker container logs --help +``` + +## Alternative + +> Most used commands are already build into docker. For example:\ +> Instead of using the **_docker container start_** you can use the: **_docker start_** + +# Docker-File + +With a docker-file you can create a container-image. In these following examples we will use a already finished container image and modify it to our needs.\ +Let's start with looking out of which parts the docker-file is build: + +| Command | Alternative | Explanation | +| ------- | ----------- | ------------------------------------------------------------------------------------------------------ | +| FROM | - | Specifies the base image | +| WORKDIR | - | Sets the working directory | +| COPY | ADD | Copies the Files from host system into the container | +| RUN | - | Executes Command in the container to install packages, update the system, or configure the environment | +| EXPOSE | - | Specifies which ports the container shouls listen on | +| CMD | ENTRYPOINT | Defines the default command to run when the container starts | + +## Important + +CMD and RUN aren't the same things. RUN is used to execute the commands inside the container during the build prescess. This is typically used to execute something once like update and install packages.\ +If you need to install multiple things **do not** run multiple RUN commands. Instead run it like so: + +``` +RUN apt update && apt upgrade && apt install python3 +``` + +Make sure to expose correct Port for the web-based application. + +## 1\. Example: Node.js Applicaton + +``` +# Use an official Node.js runtime as the base image +FROM node:14-alpine + +# Set the working directory inside the container +WORKDIR /app + +# Copy the package.json and package-lock.json files into the container +COPY package*.json ./ + +# Install the dependencies +RUN npm install + +# Copy the application code into the container +COPY . . + +# Expose port 3000 to the outside world +EXPOSE 3000 + +# Define the command to run the application when the container starts +CMD [ "npm", "start" ] +``` + +## 2\. Example: Wordpress + +``` +# Use an official PHP runtime as the base image +FROM php:7.4-apache + +# Set the working directory inside the container +WORKDIR /var/www/html + +# Copy the WordPress files into the container +COPY . . + +# Set the ownership of the WordPress files to the web server user +RUN chown -R www-data:www-data . + +# Install the necessary PHP extensions for WordPress +RUN docker-php-ext-install mysqli pdo_mysql + +# Expose port 80 to the outside world +EXPOSE 80 + +# Define the command to start the Apache web server +CMD [ "apache2-foreground" ] +``` + +## 3\. Example: Apache Webserver + +``` +# Use an official Apache runtime as the base image +FROM httpd:2.4-alpine + +# Copy the custom configuration file into the container +COPY httpd.conf /usr/local/apache2/conf/httpd.conf + +# Expose port 80 to the outside world +EXPOSE 80 + +# Define the command to start the Apache web server +CMD [ "httpd-foreground" ] +``` + +## Building and Publishing the container + +After the creation of the docker-file to run the docker container you need to build the image and push it. There are two ways of pushing it, locally and in the docker-registy (Docker Hub).\ +To build and to publish the image locally: + +``` +docker build -t +docker push +``` + +To build and to publish the image into the docker hub: + +``` +# if not logged in login via Terminal: +docker login +# you can also specify the login credentials before, like so: +docker login -u -p + +docker buld -t +docker push -t / +``` + +There is also the option to push the image under a different version. To do so add following: + +``` +# locally +docker push :v1.0 + +# docker hub +docker push /:v1.0 +``` + +Remember, if you don't specify the image it will push always as the **_:latest_** + +# docker compose + +This tool is used to define and run single-, multi-container Docker applications. It allows you to define a set of services, each with its own configuration, and start and stop them all with a single command. Docker Compose uses a YAML file to define the services, networks, and volumes needed for the application.\ +Best way to install applications with docker compose is by editing the configuration file given by the publisher(s). + +## install + +To install docker compose follow this [Link](https://docs.docker.com/compose/install/)\ +To proove that installation was successful run following: + +``` +docker-compose --version +``` + +To optimise the workflow I have created for every application and a group a directory and pasted inside the yaml file and the directories for the volumes. For example: + +``` +mkdir calibre-web +cd calibre-web +mkdir books config +nano docker-compose.yaml +``` + +## deployment + +Following commands are important to run the compose.yaml + +``` +docker-compose up # is like docker run/ docker container start +docker-compose down # stops the container-stack +``` + +### single container + +First let's look how to build a single container. In this example we will use the calibre-web. On the website publisher have posted following: + +``` +version: "2.1" +services: + calibre-web: + image: lscr.io/linuxserver/calibre-web:latest + container_name: calibre-web + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - DOCKER_MODS=linuxserver/mods:universal-calibre #optional + - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional + volumes: + - /path/to/data:/config + - /path/to/calibre/library:/books + ports: + - 8083:8083 + restart: unless-stopped +``` + +We see that the publisher have already specified the configuration for the deployment. The only thing that we have to do now is to customize the paths to the volumes and if we want the port. After the customization the docker-compose.yaml could look like so: + +``` +version: "2.1" +services: + calibre-web: + image: lscr.io/linuxserver/calibre-web:latest + container_name: calibre-web + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - /home/admoin/callibre-web/config:/config + - /home/admoin/callibre-web/books:/books + ports: + - 80:8083 + restart: unless-stopped +``` + +### multiple container + +To deploy multiple container I have created an wordpress example. As above you can customise the paths volumes and so on. In this example I used wordpress.\ +First create the directory and the **_.yaml_**-file: + +``` +mkdir ~/wordpress && cd ~/wordpress +mkdir /html /database +nano docker-compose.yaml +``` + +Now paste following into the file but remember to change the filepath to your username, DB user and password and the ip: + +``` +wordpress_wordpress: + image: wordpress + links: + - mariadb:mysql + environment: + - WORDPRESS_DB_PASSWORD=password + - WORDPRESS_DB_USER=root + ports: + - "public_ip:80:80" + volumes: + - /home/admoin/wordpress/html:/var/www/html +wordpress_mariadb: + image: mariadb + environment: + - MYSQL_ROOT_PASSWORD=password + - MYSQL_DATABASE=wordpress + volumes: + - /home/admoin/wordpress/database:/var/lib/mysql +``` + +> For more information about docker compose follow this [Link](https://docs.docker.com/compose/compose-file/) + +# Network + +This command allows you to create and manage networks.\ +By default docker creates three build-in networks:\* + +- _default bridge_ +- _host_ +- _none_ + +Following one's docker doesn't ship but you can create them: + +- _user-defined bridge_ +- _macvlan (L2, L3)_ +- _ipvlan_ + +Following you also can create but they are outdated or not used: + +- _docker swarm_ +- _overlay_ + +These are the commands to create or manage networks: + +``` +docker network create # Creates the network +docker network rm # Removes the network +docker network ls # list all networks +docker network inspect # See detailed information +docker network connect # Connects the container to a network +docker network disconnect # Disconnects the container from a network +``` + +From the docker host there are two very useful commands when working with docker: + +``` +ip address show +ifconfig # similar to the command above +bridge link +``` + +> **Note** +> +> - Run _--help_ for more options or use the [docker docs](https://docs.docker.com/engine/reference/commandline/network/) to see full infromation about every docker command +> - Helpful Youtube video [Link](https://www.youtube.com/watch?v=bKFMS5C4CG0)\ +> **_Please note that networkchuck didn't install correctly docker and runs every container with root that's because of the content. That also means that every container has full root rights._** + +## default bridge + +This network creates a virtual network on the host and connects the container to the network. This network allows multiple containers to communicate with each other but it requires that you configure port mappings to allow external access to the containers. Docker's default bridge has a ip address range. The docker host would get the address **_172.17.0.1/16_**\ +All docker container get connected to this network if network hasn't been specified. + +## host + +This netork allows a container to use the network stack of the host machine. When a container is started in _host_ network mode, it shares the same network namespace as the host, which means that it ca access the same interfaces and services as the host. The containers communicate through the hosts MAC-address and get's it's own ip address. + +> **_Please note that this type of network communication is not not isolated, which means that your docker container can communicate freely with other devices or machines in the network_** + +Run following commands to run a container in this network: + +``` +docker run --name --network host nginx +``` + +## none + +As the name may already say this network disables networking for a container. When you start a container in _none_ network mode, the container does not have access to any network interfaces and cannot communicate with other containers or external networks. This mode is useful to run and perform useful work. + +``` +docker run --name websrv-test --network host nginx +``` + +## user-defined bridge + +This network works similiar to the default bridge. The difference between them, is that a new virtual network is created and in this network you can specifiy the information like ip, range, gateway and so on. This network boosts the performance because the traffic between the container on the same network doesn't need to be routed through a NAT firewall. These networks provide a flexible and customizable way to manage container networking and it's useful tool for building scalable and reliable distributed applications. + +To create this network run following: + +``` +docker network create +``` + +This command not only creates a nw network but also sets up a new ip-range, subnet, gateway and so on. The new net-id would be **_172.18.0.0/16_** if not specified + +## macvlan + +This network driver allows you to create a network interface in a container with a unique MAC aderess, making it appear as if the container is connected directly to the physical network as a separate device. Each container is assigned its own MAC address.\ +MACvlan has a few modes: + +- **bridge**\ + _In this mode each container is bridged to a physical network and the docker host routes traffic between the physical network and the containers_ +- **passthru**\ + _This mode passes the network card to the containers_ +- **private**\ + _In this mode every container can communicate with other devices but not to the containers in the same network_ + +By default when you create the macvlan network without specifying the mode ot will use the **bridge** mode.\ +Let's create a macvlan: + +``` +# bridge mode +sudo docker network create -d macvlan\ +--subnet 192.168.0.0/24\ +--gateway 191.168.0.1\ +-o parent=enp0s3.0\ +mynetwork-bridge + +# passthru mode +docker network create -d macvlan\ +--subnet=192.168.1.0/24\ +--gateway=192.168.1.1\ +--aux-address="mode=passthru"\ +-o parent=enp0s3.1\ +mynetwork-passthru + +# private mode +docker network create -d macvlan\ +--subnet=192.168.2.0/24\ +--gateway=192.168.2.1\ +--aux-address="mode=private"\ +-o parent=enp0s3.2\ +mynetwork-private +``` + +> **Note**\ +> In this network you can also specify the sub interface + +## ipvlan + +This network allows you to create a network interface that shares the same MAC address as the parent interface, but has a separate and unique IP address. It provides a way to create multiple containers with their own IP addresses, while using the same physical or virtual network interface. + +### L2 + +In this mode every container can communicate with ither devices on the network as if the were physically connected. Every container gets its own uniqe IP and MAC address. + +``` +docker network create -d ipvlan\ +--subnet 10.7.1.0/24\ +--gateway 10.7.1.3\ +-o parent=enp0s3\ +ip-vlan_l2 +``` + +### L3 + +In this mode each container has its own IP address but shares the same MAC address as the parent interface. Containers communcate with other devices on the network using IP routing. + +``` +docker network create -d ipvlan\ +--subnet 192.168.94.0/24\ +-o parent=enp0s3 -o ipvlan_mode=L3\ +--subnet 192.168.95.0/24\ +ip-vlan_l3 +``` + +> To make the container able to talk to the global netwoek you need t create a static route + +### L2bridge + +This is a hybrid mode that combines the aspects of the L2, L3 modes. Wach container has its own IP address and shares the same MAC address as the parent interface. Containers within this network can communicate with other devices on the network through IP routing while usinf Layer 2 bridging. + +``` +docker network create -d ipvlan\ +--subnet 192.168.101.0/24\ +-o parent=enp0s3 -o ipvlan_mode=mode=l2bridge\ +ip-vlan_l2bridge +``` + +## other + +There are two more network options: the overlay netowork and the docker swarm. But these are not commonly used and/or are outdated. If you want to learn how the docker swarm works I would reccomend you to look into Kubernetes, because this type of containerisation has more options. diff --git a/Software-Install/Docker/Install-ce.md b/Software-Install/Docker/Install-ce.md new file mode 100644 index 0000000..d67452f --- /dev/null +++ b/Software-Install/Docker/Install-ce.md @@ -0,0 +1,223 @@ +# Install Docker-ce + +How do I install Docker CE on Debian 11/10?, How can I install Docker Compose on Debian 11/10 Linux system?. In this guide, I'll discuss a step by step installation of Docker and Docker Compose on Debian 11/10. + +Docker is the most popular and widely used container runtime. It enables you to package and run your applications in isolated containers in a single server or cluster of Linux servers orchestrated by Kubernetes and similar tools. + +## Docker Editions + +There are two editions of Docker available. + +- **Community Edition (CE)**: ideal for individual developers and small teams looking to get started with Docker and experimenting with container-based apps. +- **Enterprise Edition (EE)**: Designed for enterprise development and IT teams who build, ship, and run business-critical applications in production at scale. + +This guide will cover installation of Docker CE on Debian 10 / Debian 11 Linux. But let's first look at common docker terminologies. + +## Docker Components / Terminologies + +Below are commonly used terminologies in Docker ecosystem. + +- **Docker daemon**: This is also called Docker Engine, it is a background process which runs on the host system responsible for building and running of containers. +- **Docker Client**: This is a command line tool used by the user to interact with the Docker daemon. +- **Docker Image**: An image is an immutable file that's essentially a snapshot of a container. A docker image has a file system and application dependencies required for running applications. +- **Docker container**: This is a running instance of a docker image with an application and its dependencies. Each container has a unique process ID and isolated from other containers. The only thing containers share is the Kernel. +- **Docker registry**: This is an application responsible for managing storage and delivery of Docker container images. It can be private or public. + +# Install Docker CE on Debian 11 (Bullseye) / Debian 10 (Buster) + +Follow the steps covered in the next parts of this article to install and use Docker CE on Debian 11/10. + +## Step 1: Install Dependency packages + +Start the installation by ensuring that all the packages used by docker as dependencies are installed. + +``` +sudo apt update +sudo apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common +``` + +## Step 2: Add Docker's official GPG key: + +Import Docker GPG key used for signing Docker packages. + +``` +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker-archive-keyring.gpg +``` + +## Step 3: Add the Docker repository to Debian 10 / Debian 11 + +Add Docker repository which contain the latest stable releases of Docker CE. + +``` +sudo add-apt-repository\ + "deb [arch=amd64] https://download.docker.com/linux/debian\ + $(lsb_release -cs)\ + stable" +``` + +This command will add the line shown in `/etc/apt/sources.list` file. + +## Step 4: Install Docker & Docker Compose on Debian 11/10 + +Update the `apt` package index. + +``` +sudo apt update +``` + +To install Docker CE on Debian, run the command: + +``` +sudo apt install docker-ce docker-ce-cli containerd.io -y +``` + +Start and enable docker service: + +``` +sudo systemctl enable --now docker +``` + +This installation will add `docker` group to the system without any users. Add your user account to the group to run docker commands as non-privileged user. + +``` +sudo usermod -aG docker $USER +newgrp docker +``` + +Check docker and compose version. + +``` +$ docker version +Client: Docker Engine - Community + Version: 20.10.17 + API version: 1.41 + Go version: go1.17.11 + Git commit: 100c701 + Built: Mon Jun 6 23:03:17 2022 + OS/Arch: linux/amd64 + Context: default + Experimental: true + +Server: Docker Engine - Community + Engine: + Version: 20.10.17 + API version: 1.41 (minimum version 1.12) + Go version: go1.17.11 + Git commit: a89b842 + Built: Mon Jun 6 23:01:23 2022 + OS/Arch: linux/amd64 + Experimental: false + containerd: + Version: 1.6.6 + GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 + runc: + Version: 1.1.2 + GitCommit: v1.1.2-0-ga916309 + docker-init: + Version: 0.19.0 + GitCommit: de40ad0 +``` + +Log out and log back in so that your group membership is re-evaluated. + +``` +exit +``` + +### Install Docker Compose on Debian + +Use the guide below to install latest Docker Compose on Debian 10 / Debian 11 + +- [How To Install Latest Docker Compose on Linux](https://computingforgeeks.com/how-to-install-latest-docker-compose-on-linux/) + +## Step 5: Test Docker installation + +Run a test docker container: + +``` +$ docker run --rm -it --name test alpine:latest /bin/sh +latest: Pulling from library/alpine +2408cc74d12b: Pull complete +Digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c +Status: Downloaded newer image for alpine:latest + + / # cat /etc/os-release +NAME="Alpine Linux" +ID=alpine +VERSION_ID=3.16.0 +PRETTY_NAME="Alpine Linux v3.16" +HOME_URL="https://alpinelinux.org/" +BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues" + + / # exit +``` + +## Step 6: Test Docker Compose installation. + +Create a test Docker Compose file. + +``` +vim docker-compose.yml +``` + +Add below data to the file. + +``` +version: '3' +services: + web: + image: nginx:latest + ports: + - "8080:80" + links: + - php + php: + image: php:7-fpm +``` + +Start service containers. + +``` +$ docker-compose up -d +``` + +Output: + +![docker compose start containers](https://computingforgeeks.com/wp-content/uploads/2019/03/docker-compose-start-containers.png?ezimgfmt=rs:696x404/rscb23/ng:webp/ngcb23) + +Show running Containers + +``` +$ docker-compose ps +``` + +Destroy containers + +``` +$ docker-compose stop +$ docker-compose rm +Going to remove vagrant_web_1, vagrant_php_1 +Are you sure? [yN] y +Removing vagrant_web_1 ... done +Removing vagrant_php_1 ... done +``` + +You have successfully installed Docker on Debian 10 / Debian 11 Linux. Go through Official[ Docker documentation](https://docs.docker.com/) and [Docker Compose documentation](https://docs.docker.com/compose/) to learn more. + +## Setup Docker UI (Optional) + +If you need a UI management console for Docker hosts and containers, checkout Portainer. + +- [How to Install Portainer Docker UI manager](https://computingforgeeks.com/install-docker-ui-manager-portainer/) + +## Monitoring Docker containers + +Monitoring Docker containers can be achieved by using Monitoring tools such as [Netdata, Prometheus and Grafana](https://computingforgeeks.com/category/monitoring/). Below guide should also be helpful [Check Container container metrics with Ctop.](https://computingforgeeks.com/top-command-for-container-metrics/) + +### Best Docker Learning Courses: + +- [Docker Mastery: with Kubernetes +Swarm from a Docker Captain](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-mastery%2F) +- [Docker for the Absolute Beginner -- Hands On -- DevOps](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Flearn-docker%2F) +- [Docker and Kubernetes: The Complete Guide](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-and-kubernetes-the-complete-guide%2F) +- [Docker -- SWARM -- Hands-on -- DevOps](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Flearn-docker-advanced%2F) +- [Docker Swarm Mastery: DevOps Style Cluster Orchestration](https://click.linksynergy.com/deeplink?id=2sb89XJC/EQ&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fdocker-swarm-mastery%2F) diff --git a/Software-Install/Minecraft-Server.md b/Software-Install/Minecraft-Server.md new file mode 100644 index 0000000..29763cb --- /dev/null +++ b/Software-Install/Minecraft-Server.md @@ -0,0 +1,80 @@ +# Install a Minecraft Server + +Aktualisiere dein Debian System auf die neueste Version. + +``` +sudo apt update + +sudo apt upgrade +``` + +## Java installieren + +``` +sudo apt install openjdk-17-jdk openjdk-17-jre +``` + +Check the version + +``` +java -version +``` + +You should get something like this as output: + +``` +openjdk 17.0.2 2022-01-18 +OpenJDK Runtime Environment (build 17.0.2+8-Ubuntu-120.04) +OpenJDK 64-Bit Server VM (build 17.0.2+8-Ubuntu-120.04, mixed mode, sharing +``` + +## Minecraft installieren + +Make a new folder & go to that folder + +``` +mkdir minecraft && cd minecraft +``` + +Download the newest version of Spigot from [Spigot Download](https://getbukkit.org/download/spigot) + +``` +wget https://download.getbukkit.org/spigot/spigot-1.19.2.jar +``` + +rename the spigot-{version}.jar + +``` +mv spigot-1.19.2.jar server.jar +``` + +## Create the Startup-Script + +``` +nano start.sh +``` + +Write the following in the file: + +``` +java -Xms2048M -Xmx2048M -jar server.jar nogui +``` + +## Make start.sh exec + +``` +sudo chmod +x start.sh +``` + +## Run the server + +``` +./start.sh +``` + +## Commands + +``` +whitelist add {Username} +op {Username} +``` diff --git a/Software-Install/Wordpress.md b/Software-Install/Wordpress.md new file mode 100644 index 0000000..f5bf6f1 --- /dev/null +++ b/Software-Install/Wordpress.md @@ -0,0 +1,211 @@ +# Wordpress install + +## Dependencies Installation + +Mit den folgenden Commandos Updaten wir die Lokale Repo und installieren diverse Dependencies. Einige davon sind optional (Ghostscript) andere braucht es zwingend. + +Updaten des Systems + +``` +sudo apt update +``` + +Installieren der Dependencies + +``` +sudo apt install apache2 ghostscript libapache2-mod-php mysql-server php php-bcmath php-curl php-imagick php-intl php-json php-mbstring php-mysql php-xml php-zip +``` + +Bei der Installation von mysql-server wird man nach einem root Passwort gefragt dieses ist sehr wichtig bei der Einrichtung der Datenbank daher ist es wichtig sich dieses zu merken der weiteren sollte dieses sehr sicher sein da es sonst zu einer Übernahme der Datenbank kommen kann. PHP so wie alle Module (php-{modulname}) sind wichtig da WordPress auf genau diese vertraut. mysql-server ist die Datenbank, welche wir brauchen um Posts so wie Accountdaten zu Speichern. + +## Datenbank (MySql) Konfiguration + +Wenn der User Root kein Passwort hat bzw. bei der Installation nicht eins eingegeben werden konnte, muss man folgendermassen vorgehen: + +``` +sudo mysql +``` + +Ändern des root Passworts + +``` +ALTER USER root@localhost IDENTIFIED WITH mysql_native_password BY 'Das.Ist.Ein.Sicheres.Passwort.123'; +``` + +Wir Logen uns im Terminal in der Datenbank ein mit dem Commando: + +``` +sudo mysql -u root +``` + +Nun sind wir in mysql eingeloggt, was wir daran erkennen das der Consolen-Ps2 nun so aussieht + +``` +mysql> +``` + +Nun können wir mit dem folgenden Commandos eine neue Datenbank erstellen. + +``` +CREATE DATABASE wordpress; +``` + +Es ist bad praktice wenn wir uns mit dem Root Account einloggen würden (innerhalb der WordPress Installation) daher erstellen wir einen neuen User in MySql mit dem Befehl: + +``` +CREATE USER wordpress@localhost IDENTIFIED BY 'Dies.Ist.Ein.Sicheres.Passwort.123'; +``` + +Dies.Ist.Ein.Sicheres.Passwort.123 ist natürlich kein sicheres Passwort dies sollte durch ein mindestens 8-stelliges Passwort geändert werden. Der Neue User hat noch keine Berechtigungen innerhalb der Datenbank diese können wir mit dem folgenden Befehl verteilen: + +``` +GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON wordpress.* TO wordpress@localhost; +``` + +Die neu erteilten Berechtigungen müssen noch angewendet werden dies machen wir mit dem Befehl: + +``` +FLUSH PRIVILEGES; +``` + +Nun haben wir alles was in MySql einzurichten ist erledigt innerhalb des cli. Mit folgendem Befehl schlissen wir die Datenbank wieder: + +``` +quit +``` + +Es gäbe eigentlich viele verschiedene Methoden, um die Datenbank einzurichten. Eine weiter wäre mit PHPMyAdmin. Wir dachten uns aber, dass es mehr Sinn machen würde, wenn wir die Einrichtung der Datenbank direkt innerhalb der Console umsetzen. + +## Webserver (Apache2) Konfiguration + +Um die apache2 Seite zu veröffentlichen, erstellen wir die Datei: `sudo nano /etc/apache2/sites-available/wordpress.conf` und schreiben folgendes in die Datei rein: + +``` + + DocumentRoot /var/www/html + + Options FollowSymLinks + AllowOverride Limit Options FileInfo + DirectoryIndex index.php + Require all granted + + + Options FollowSymLinks + Require all granted + + +``` + +Damit sagen wir dem Apache Webserver, wo er das Verzeichnis findet wo WordPress liegt. Des Weiteren geben wir mit dem zweiten Directory Tag an wo der Content liegt, zB. Bilder Videos und sonstige Dateien. Nun müssen wir unsere neue Seite in Apache2 noch aktivieren mit dem Command: + +``` +sudo a2ensite wordpress +``` + +Nun müssen wir noch ein Plugin von Apache2 aktivieren damit uns WordPress weiterleiten darf. Dafür verwenden wir den Command: + +``` +sudo a2enmod rewrite +``` + +Jetzt haben wir noch das kleine Problem, dass die Apache2 Installation eine Standard-Config hat, diese deaktivieren wir mit dem Command: + +``` +sudo a2dissite 000-default +``` + +Als letztes müssen wir noch den Apache2 Deamon neustarten. Dies gelingt uns mit folgendem Befehl: + +``` +sudo service apache2 reload +``` + +## Wordpress Initialisierung + +Das der User Zugriff auf die Dateien hat und nicht nur root. + +``` +sudo chown www-data: /var/www/html +``` + +In den richtigen Pfad gelangen + +``` +cd /var/www/html +``` + +Die neuste Version von Wordpress als Ordner herunterladen + +``` +sudo -u www-data wget https://wordpress.org/latest.tar.gz +``` + +Den Wordpress Ordner entpacken + +``` +sudo -u www-data tar -xzvf latest.tar.gz +``` + +Alle Dateien vom Wordpress Ordner rausziehen ins html Verzeichnis + +``` +sudo -u www-data cp -r /var/www/html/wordpress/* /var/www/html/ +``` + +(Den Gepackten Ordner entfernen, wir haben alle Dateien, welche wir brauchen in das html Verzeichnis geladen) + +``` +sudo rm latest.tar.gz +``` + +## Wordpress mit der Datenbank verbinden + +Das man die wp-config.php erstellt + +``` +sudo -u www-data cp /var/www/html/wp-config-sample.php /var/www/html/ wp-config.php +``` + +Datenbank Name, Nutzername, Passwort setzen + +``` +sudo -u www-data sed -i 's/database_name_here/wordpress/' /var/www/html/wp-config.php + +sudo -u www-data sed -i 's/username_here/wordpress/' /var/www/html/wp-config.php + +sudo -u www-data sed -i 's/password_here//' /var/www/html/wp-config.php +``` + +Das man zum wp-config.php gelangt. Danach verwendet man einzigartige Schlüsseln, um es zu sichern. + +``` +sudo -u www-data nano /var/www/html/wp-config.php +``` + +Mit der Webseite https://api.wordpress.org/secret-key/1.1/salt/ kann man zufällige Schlüsseln generieren. Und die füllt man dann in den Platzhalter ein. + +``` +define( 'AUTH_KEY', ' Einzigartigen Schlüssel einfügen ' ); +define( 'SECURE_AUTH_KEY', ' Einzigartigen Schlüssel einfügen ' ); +define( 'LOGGED_IN_KEY', ' Einzigartigen Schlüssel einfügen ' ); +define( 'NONCE_KEY', ' Einzigartigen Schlüssel einfügen ' ); +define( 'AUTH_SALT', ' Einzigartigen Schlüssel einfügen ' ); +define( 'SECURE_AUTH_SALT', ' Einzigartigen Schlüssel einfügen ' ); +define( 'LOGGED_IN_SALT', ' Einzigartigen Schlüssel einfügen ' ); +define( 'NONCE_SALT', ' Einzigartigen Schlüssel einfügen ' ); +``` + +Diese Schlüssel wurden generiert von: https://api.wordpress.org/secret-key/1.1/salt/ + +``` +define('AUTH_KEY', '{oX [>u-'); +define('SECURE_AUTH_SALT', 'I9dO^U2Q&xe7r41jPh-s-sfy98VnwO-;|d~Yo54[rYYH@e HH9$IO(e!Ip-mv;Hk'); +define('LOGGED_IN_SALT', 'o$LhIz@K/2=6fve*_*cj`oERU,rikp-$M+l;3,z3T]0ah/9)M6g-=jQe+}PMd.~)'); +define('NONCE_SALT', 'e-=+EReQF)/g4C0QU&nMEU=@02J:Era0oM_y|>:-?xIPD95:?3&D)