Develop Reference

Use openvpn client on a docker container

I'm trying to make a docker container which uses OpenVPN to connect to my private internet access VPN and to download some data from a web server, but when i try to connect to PIA i get an error:
2022-12-07 12:08:03 [oslo403] Peer Connection Initiated with [AF_INET]**.***.***.***:1198
2022-12-07 12:08:03 sitnl_send: rtnl: generic error (-101): Network unreachable
2022-12-07 12:08:03 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2022-12-07 12:08:03 Exiting due to fatal error
I've tried to create a /dev/net/tun device manually:
RUN mkdir -p /dev/net && mknod /dev/net/tun c 10 200 && chmod 600 /dev/net/tun
But then i get this error:
2022-12-07 12:12:35 sitnl_send: rtnl: generic error (-101): Network unreachable
2022-12-07 12:12:35 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2022-12-07 12:12:35 Exiting due to fatal error
Everything is running as root so that is not the issue.
Here is my complete dockerfile:
FROM alpine
RUN apk update && apk add bash openvpn wget unzip
# This section downloads PIA's configuration and adds login information to it.
RUN mkdir /vpn
RUN echo "********" > /vpn/login.txt
RUN echo "********" >> /vpn/login.txt
RUN wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
RUN unzip openvpn.zip -d /vpn
RUN sed -i "s/auth-user-pass/auth-user-pass \/vpn\/login.txt/" /vpn/*
# Here is my attempted fix for the problem
RUN mkdir -p /dev/net && mknod /dev/net/tun c 10 200 && chmod 600 /dev/net/tun
ENTRYPOINT [ "openvpn", "/vpn/norway.ovpn" ]
I would love some help with this. Really all I want is an example where you use openvpn with docker to for example
curl api.ipify.org

You need to add this argument to the docker command:
--cap-add=NET_ADMIN
Network changes done by OpenVPN require extra permissions provided by the NET_ADMIN capability.

Setting up a Remotely Accessible Postgres Database with Linux and PGAdmin

I'm trying to set up a remotely accessible Postgres database. I want to host this databse on one Linux based device (HOST), and to access it on another Linux based device (CLIENT).
In my specific case, HOST is a desktop device running Ubuntu. CLIENT is a Chromebook with a Linux virtual system. (I know. But it's the closest thing to a Linux based device that I have to hand.
Steps Already Taken to Set Up the Database
Installed the required software on HOST using APT.
PGP_KEY_URL="https://www.postgresql.org/media/keys/ACCC4CF8.asc"
POSTGRES_URL_STEM="http://apt.postgresql.org/pub/repos/apt/"
POSTGRES_URL="$POSTGRES_URL_STEM `lsb_release -cs`-pgdg main"
POSTGRES_VERSION="12"
PGADMIN_URL_SHORT="https://www.pgadmin.org/static/packages_pgadmin_org.pub"
PGADMIN_URL_STEM="https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt"
PGADMIN_TO_ECHO="deb $PGADMIN_URL_STEM/`lsb_release -cs` pgadmin4 main"
PGADMIN_PATH="/etc/apt/sources.list.d/pgadmin4.list"
sudo apt install curl --yes
sudo apt install gnupg2 --yes
wget --quiet -O - $PGP_KEY_URL | sudo apt-key add -
echo "deb $POSTGRES_URL" | sudo tee /etc/apt/sources.list.d/pgdg.list
sudo apt install postgresql-$POSTGRES_VERSION --yes
sudo apt install postgresql-client-$POSTGRES_VERSION --yes
sudo curl $PGADMIN_URL_SHORT | sudo apt-key add
sudo sh -c "echo \"$PGADMIN_TO_ECHO\" > $PGADMIN_PATH && apt update"
sudo apt update
sudo apt install pgadmin4 --yes
Create a new Postgres user.
NU_USERNAME="my_user"
NU_PASSWORD="guest"
NU_QUERY="CREATE USER $NU_USERNAME WITH superuser password '$NU_PASSWORD';"
sudo -u postgres psql -c "$NU_QUERY"
Created the new server and database. I did this manually, using the PGAdmin GUI.
Added test data, a table with a couple of records. I did this with a script.
Followed the steps given in this answer to make the databse remotely accessible.
Steps Already Taken to Connect to the Database REMOTELY
Installed PGAdmin on CLIENT.
Attempted to connect using PGAdmin. I used the "New Server" wizard, and entered:
Host IP Address: 192.168.1.255
Port: 5432 (same as when I set up the database on HOST)
User: my_user
Password: guest
However, when I try to save the connection, PGAdmin responds after a few seconds saying that the connection has timed out.

You have to configure listen_addresses in /var/lib/pgsql/data/postgresql.conf like this:
listen_addresses = '*'
Next make sure your firewall doesn't block the connection by checking if telnet can connect to your server:
$ telnet 192.168.1.255 5432
Connected to 192.168.1.255.
Escape character is '^]'.
If you see Connected network connectivity is ok. Next you have to configure access rights for remote hosts.

Access web UI on a remote Linux server without using SSH

Assume that you run an application with a web UI (e.g. Jupyter, Kubernetes Dashboard UI) on a Linux/UNIX server (sarah#10.0.0.100). On the server, you confirm that you can access the web UI by opening http:/ /localhost:8001 on Firefox.
You have separate workstations in the same network. Is there any easy way to access the web UI by simply opening http:/ /10.0.0.100:8001 from a web browser on the workstations?
Workaround. Establish an SSH connection with port tunneling:
$ ssh -N -L 8001:localhost:8001 sarah#10.0.0.100
You can establish a similar connection by using other SSH client tools such as PuTTY. Open http:/ /localhost:8001 from a web browser on your workstation.
But it is tedious to establish an SSH connection every time so that I need a better idea.

why not just do this?
jupyter notebook --ip=0.0.0.0 --port=8001

Ok, if you want a system-level proxy that works on your local lan, you can do the following:
on your workstation, install proxychains-ng
modify proxychains.conf with the following:
[ProxyList]
socks4 127.0.0.1 8001
on your workstation run:
proxychains4 -f proxychains.conf ssh -L 8001:0.0.0.0:8001 sarah#10.0.0.100
Now you can hit http://<your_workstation>:8001 from anywhere on your LAN and it will be proxied to your remote system.
To keep your tunnel always connected, you can install autossh, and replace the proxy command with:
proxychains4 -f proxychains.conf \
autossh -t -M 0
-o 'ServerAliveInterval=30' \
-o 'ServerAliveCountMax=10000' \
-o 'SendEnv=TERM_PROGRAM' \
-o 'ExitOnForwardFailure=no' \
-o 'TCPKeepAlive=yes' \
-L 8001:0.0.0.0:8001 \
sarah#10.0.0.100
You should also consider you using key-based auth for this.

Sending mail using GNU Mailutils inside Docker container

I have created a docker image where I install the mailutils package using:
RUN apt-get update && apt-get install -y mailutils
As a sample command, I am running:
mail -s 'Hello World' {email-address} <<< 'Message body'
When I am executing the same command on my local machine, it sends the mail. However, in docker container, it is not showing any errors but there is no mail received on the specified e-mail id.
I tried with --net=host argument in while spawning my docker container.
Following is my docker command:
docker run --net=host -p 0.0.0.0:8000:8000 {imageName}:{tagName} {arguments}
Is there anything that I am missing? Could someone explain the networking concepts behind this problem?

Install ssmtp and configure to send all mails to your relayhost.
https://wiki.debian.org/sSMTP

Thanks for the response #pilasguru. ssmtp works for sending mail from within a docker container.
Just to make the response more verbose, here are the things one would need to do.
Install ssmtp in the container. You could do this by the following command.
RUN apt-get update && apt-get -y install ssmtp.
You could configure the configurations for ssmtp at /etc/ssmtp/ssmtp.conf
Ideal configurations.
`
#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root={root-name}
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub={smtp-server}
# Where will the mail seem to come from?
rewriteDomain={domain-name}
# The full hostname
hostname=c67fcdc6361d
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
`
You can directly copy that from your root directory where you're building your docker image. For eg. you keep your configurations in file named: my.conf.
You can copy them in your docker container using the command:
COPY ./my.conf /etc/ssmtp/ssmtp.conf
Send a mail using a simple command such as:
ssmtp recipient_name#gmail.com < filename.txt
You can even send an attachment, specify to and from using the following command:
echo -e "to: {to-addr}\nFrom: {from-addr}\nsubject: {subject}\n"| (cat - && uuencode /path/to/file/inside/container {attachment-name-in mail}) | ssmtp recipient_name#gmail.com
uuencode could be installed by the command apt-get install sharutils

DC/OS ssh connection refused on port 22 - preflight

Hi I am trying to setup DC/OS in Debian 8 Jessie, I got working ssh connection with the ssh key, I am able to login without password to all masters and agents (they are running CentOS 7). Strange thing is it's not working when running --preflight, it will say connection refused for all nodes.
TASK:
/usr/bin/ssh -oConnectTimeout=10 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oBatchMode=yes -oPasswordAuthentication=no -p22 -i genconf/ssh_key -tt root#192.168.122.131 sudo rm -rf /opt/dcos_install_tmp
STDERR:
ssh: connect to host 192.168.122.131 port 22: Connection refused
STDOUT:
If I try to run this command in terminal, it works just fine. So it does not work only when running it via bash dcos_generate_config.sh --prefligh. Any idea what could be wrong please?

In bash -- denotes the end of command-line options, so what you need to probably do is:
bash dcos_generate_config.sh -- --prefligh