Docker/Pods/Wifi: Difference between revisions
From charlesreid1
| Line 26: | Line 26: | ||
Stunnel is a server/client service that allows arbitrary traffic to be transported through an encrypted HTTP over SSL layer (HTTPS). Since port 443 is usually open even on locked-down networks, this is an extremely handy tool for punching through firewalls. Due to the nature of encrypted traffic, the contents of an HTTPS packet cannot be inspected, so services that would otherwise be blocked due to their protocols, like SSH, can pass in and out of the network just fine by being wrapped up in HTTPS. | Stunnel is a server/client service that allows arbitrary traffic to be transported through an encrypted HTTP over SSL layer (HTTPS). Since port 443 is usually open even on locked-down networks, this is an extremely handy tool for punching through firewalls. Due to the nature of encrypted traffic, the contents of an HTTPS packet cannot be inspected, so services that would otherwise be blocked due to their protocols, like SSH, can pass in and out of the network just fine by being wrapped up in HTTPS. | ||
===Links=== | |||
Stunnel documentation (man page): https://www.stunnel.org/static/stunnel.html | Stunnel documentation (man page): https://www.stunnel.org/static/stunnel.html | ||
| Line 34: | Line 36: | ||
Note: container needs to bind to 0.0.0.0, not localhost, or it won't be accessible outside the container: [http://serverfault.com/questions/714340/ssh-tunnel-to-docker-container] | Note: container needs to bind to 0.0.0.0, not localhost, or it won't be accessible outside the container: [http://serverfault.com/questions/714340/ssh-tunnel-to-docker-container] | ||
===Make Container=== | |||
<pre> | <pre> | ||
| Line 243: | Line 247: | ||
cmr_stunnel latest 2b197f506e02 59 seconds ago 219 MB | cmr_stunnel latest 2b197f506e02 59 seconds ago 219 MB | ||
</pre> | </pre> | ||
===Networking/Ports Configuration=== | |||
===Load Image with Networking/Ports Configured=== | |||
Revision as of 05:31, 26 March 2017
Wifi Boat Overview
Services
UGR wifi boat ships the following services in Docker containers:
- stunnel server
- web server (hello world, report, file management)
- https web server 9hello world)
- mongodb database
Stretch goals:
- Data to inform the server about processes that are running? How to install a program that runs on the pi and tries to call home and send updates on information going on with the operating system, running processes, etc.?
Please make a note:
- The UGR wifi boat does not receive or process raw packet data. The Raspberry Pi device will extract network data, either by using a tool that extracts relevant information or by running a tool like scapy or aircrack on the Raspberry Pi to capture and process network data local to the Pi. Only small, digested, processed data is sent back to the server.
Getting Set Up For The Boat
Make sure your node is all set: Deployment/New Node Checklist
Make sure docker installed: Docker/Installing
Boat Containers
Stunnel
Stunnel is a server/client service that allows arbitrary traffic to be transported through an encrypted HTTP over SSL layer (HTTPS). Since port 443 is usually open even on locked-down networks, this is an extremely handy tool for punching through firewalls. Due to the nature of encrypted traffic, the contents of an HTTPS packet cannot be inspected, so services that would otherwise be blocked due to their protocols, like SSH, can pass in and out of the network just fine by being wrapped up in HTTPS.
Links
Stunnel documentation (man page): https://www.stunnel.org/static/stunnel.html
Stunnel Dockerfile that is about as simple as it is going to get: https://github.com/taskworld/docker-stunnel/blob/master/Dockerfile
Note: ufw needs to accept, not drop, traffic: [1]
Note: container needs to bind to 0.0.0.0, not localhost, or it won't be accessible outside the container: [2]
Make Container
$ mkdir ~/docker $ cd ~/docker $ git clone https://github.com/taskworld/docker-stunnel.git $ cd docker-stunnel $ docker build -t cmr_stunnel .
This last command will build an image called cmr_stunnel, using the Dockerfile that's in the directory. The image itself is added to Docker's internal images directory, so we don't have to worry about image files floating around.
$ docker build -t cmr_stunnel . Sending build context to Docker daemon 53.76 kB Step 1/4 : FROM ubuntu latest: Pulling from library/ubuntu d54efb8db41d: Pull complete f8b845f45a87: Pull complete e8db7bf7c39f: Pull complete 9654c40e9079: Pull complete 6d9ef359eaaa: Pull complete Digest: sha256:dd7808d8792c9841d0b460122f1acf0a2dd1f56404f8d1e56298048885e45535 Status: Downloaded newer image for ubuntu:latest ---> 0ef2e08ed3fa Step 2/4 : RUN apt-get update ---> Running in 39b44f53986d Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB] kGet:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:3 http://archive.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Get:4 http://archive.ubuntu.com/ubuntu xenial/main Sources [1103 kB] Get:5 http://archive.ubuntu.com/ubuntu xenial/restricted Sources [5179 B] Get:6 http://archive.ubuntu.com/ubuntu xenial/universe Sources [9802 kB] Get:7 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages [1558 kB] Get:8 http://archive.ubuntu.com/ubuntu xenial/restricted amd64 Packages [14.1 kB] Get:9 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages [9827 kB] Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main Sources [299 kB] Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/restricted Sources [3202 B] Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe Sources [183 kB] Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [631 kB] Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/restricted amd64 Packages [13.2 kB] Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [560 kB] Get:16 http://archive.ubuntu.com/ubuntu xenial-security/main Sources [78.6 kB] Get:17 http://archive.ubuntu.com/ubuntu xenial-security/restricted Sources [2779 B] Get:18 http://archive.ubuntu.com/ubuntu xenial-security/universe Sources [28.5 kB] Get:19 http://archive.ubuntu.com/ubuntu xenial-security/main amd64 Packages [290 kB] Get:20 http://archive.ubuntu.com/ubuntu xenial-security/restricted amd64 Packages [12.8 kB] Get:21 http://archive.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [120 kB] Fetched 25.0 MB in 5s (4806 kB/s) Reading package lists... ---> 538192504900 Removing intermediate container 39b44f53986d Step 3/4 : RUN apt-get -y install stunnel ---> Running in b4054aeb5ffc Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: ifupdown iproute2 isc-dhcp-client isc-dhcp-common libatm1 libdns-export162 libgdbm3 libisc-export160 libmnl0 libperl5.22 libssl1.0.0 libwrap0 libxtables11 netbase openssl perl perl-modules-5.22 rename tcpd Suggested packages: ppp rdnssd iproute2-doc resolvconf avahi-autoipd isc-dhcp-client-ddns apparmor ca-certificates perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make logcheck-database The following NEW packages will be installed: ifupdown iproute2 isc-dhcp-client isc-dhcp-common libatm1 libdns-export162 libgdbm3 libisc-export160 libmnl0 libperl5.22 libssl1.0.0 libwrap0 libxtables11 netbase openssl perl perl-modules-5.22 rename stunnel4 tcpd 0 upgraded, 20 newly installed, 0 to remove and 6 not upgraded. Need to get 9866 kB of archives. After this operation, 49.7 MB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 libatm1 amd64 1:2.5.1-1.5 [24.2 kB] Get:2 http://archive.ubuntu.com/ubuntu xenial/main amd64 libmnl0 amd64 1.0.3-5 [12.0 kB] Get:3 http://archive.ubuntu.com/ubuntu xenial/main amd64 libgdbm3 amd64 1.8.3-13.1 [16.9 kB] Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 libwrap0 amd64 7.6.q-25 [46.2 kB] Get:5 http://archive.ubuntu.com/ubuntu xenial/main amd64 perl-modules-5.22 all 5.22.1-9 [2641 kB] Get:6 http://archive.ubuntu.com/ubuntu xenial/main amd64 libperl5.22 amd64 5.22.1-9 [3371 kB] Get:7 http://archive.ubuntu.com/ubuntu xenial/main amd64 perl amd64 5.22.1-9 [237 kB] Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu4.6 [1082 kB] Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssl amd64 1.0.2g-1ubuntu4.6 [492 kB] Get:10 http://archive.ubuntu.com/ubuntu xenial/main amd64 netbase all 5.3 [12.9 kB] Get:11 http://archive.ubuntu.com/ubuntu xenial/universe amd64 stunnel4 amd64 3:5.30-1 [146 kB] Get:12 http://archive.ubuntu.com/ubuntu xenial/main amd64 iproute2 amd64 4.3.0-1ubuntu3 [522 kB] Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 ifupdown amd64 0.8.10ubuntu1.2 [54.9 kB] Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libisc-export160 amd64 1:9.10.3.dfsg.P4-8ubuntu1.5 [153 kB] Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libdns-export162 amd64 1:9.10.3.dfsg.P4-8ubuntu1.5 [665 kB] Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 isc-dhcp-client amd64 4.3.3-5ubuntu12.6 [223 kB] Get:17 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 isc-dhcp-common amd64 4.3.3-5ubuntu12.6 [105 kB] Get:18 http://archive.ubuntu.com/ubuntu xenial/main amd64 libxtables11 amd64 1.6.0-2ubuntu3 [27.2 kB] Get:19 http://archive.ubuntu.com/ubuntu xenial/main amd64 rename all 0.20-4 [12.0 kB] Get:20 http://archive.ubuntu.com/ubuntu xenial/main amd64 tcpd amd64 7.6.q-25 [23.0 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 9866 kB in 1s (5131 kB/s) Selecting previously unselected package libatm1:amd64. (Reading database ... 7256 files and directories currently installed.) Preparing to unpack .../libatm1_1%3a2.5.1-1.5_amd64.deb ... Unpacking libatm1:amd64 (1:2.5.1-1.5) ... Selecting previously unselected package libmnl0:amd64. Preparing to unpack .../libmnl0_1.0.3-5_amd64.deb ... Unpacking libmnl0:amd64 (1.0.3-5) ... Selecting previously unselected package libgdbm3:amd64. Preparing to unpack .../libgdbm3_1.8.3-13.1_amd64.deb ... Unpacking libgdbm3:amd64 (1.8.3-13.1) ... Selecting previously unselected package libwrap0:amd64. Preparing to unpack .../libwrap0_7.6.q-25_amd64.deb ... Unpacking libwrap0:amd64 (7.6.q-25) ... Selecting previously unselected package perl-modules-5.22. Preparing to unpack .../perl-modules-5.22_5.22.1-9_all.deb ... Unpacking perl-modules-5.22 (5.22.1-9) ... Selecting previously unselected package libperl5.22:amd64. Preparing to unpack .../libperl5.22_5.22.1-9_amd64.deb ... Unpacking libperl5.22:amd64 (5.22.1-9) ... Selecting previously unselected package perl. Preparing to unpack .../perl_5.22.1-9_amd64.deb ... Unpacking perl (5.22.1-9) ... Selecting previously unselected package libssl1.0.0:amd64. Preparing to unpack .../libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb ... Unpacking libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ... Selecting previously unselected package openssl. Preparing to unpack .../openssl_1.0.2g-1ubuntu4.6_amd64.deb ... Unpacking openssl (1.0.2g-1ubuntu4.6) ... Selecting previously unselected package netbase. Preparing to unpack .../archives/netbase_5.3_all.deb ... Unpacking netbase (5.3) ... Selecting previously unselected package stunnel4. Preparing to unpack .../stunnel4_3%3a5.30-1_amd64.deb ... Unpacking stunnel4 (3:5.30-1) ... Selecting previously unselected package iproute2. Preparing to unpack .../iproute2_4.3.0-1ubuntu3_amd64.deb ... Unpacking iproute2 (4.3.0-1ubuntu3) ... Selecting previously unselected package ifupdown. Preparing to unpack .../ifupdown_0.8.10ubuntu1.2_amd64.deb ... Unpacking ifupdown (0.8.10ubuntu1.2) ... Selecting previously unselected package libisc-export160. Preparing to unpack .../libisc-export160_1%3a9.10.3.dfsg.P4-8ubuntu1.5_amd64.deb ... Unpacking libisc-export160 (1:9.10.3.dfsg.P4-8ubuntu1.5) ... Selecting previously unselected package libdns-export162. Preparing to unpack .../libdns-export162_1%3a9.10.3.dfsg.P4-8ubuntu1.5_amd64.deb ... Unpacking libdns-export162 (1:9.10.3.dfsg.P4-8ubuntu1.5) ... Selecting previously unselected package isc-dhcp-client. Preparing to unpack .../isc-dhcp-client_4.3.3-5ubuntu12.6_amd64.deb ... Unpacking isc-dhcp-client (4.3.3-5ubuntu12.6) ... Selecting previously unselected package isc-dhcp-common. Preparing to unpack .../isc-dhcp-common_4.3.3-5ubuntu12.6_amd64.deb ... Unpacking isc-dhcp-common (4.3.3-5ubuntu12.6) ... Selecting previously unselected package libxtables11:amd64. Preparing to unpack .../libxtables11_1.6.0-2ubuntu3_amd64.deb ... Unpacking libxtables11:amd64 (1.6.0-2ubuntu3) ... Selecting previously unselected package rename. Preparing to unpack .../archives/rename_0.20-4_all.deb ... Unpacking rename (0.20-4) ... Selecting previously unselected package tcpd. Preparing to unpack .../tcpd_7.6.q-25_amd64.deb ... Unpacking tcpd (7.6.q-25) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for systemd (229-4ubuntu16) ... Setting up libatm1:amd64 (1:2.5.1-1.5) ... Setting up libmnl0:amd64 (1.0.3-5) ... Setting up libgdbm3:amd64 (1.8.3-13.1) ... Setting up libwrap0:amd64 (7.6.q-25) ... Setting up perl-modules-5.22 (5.22.1-9) ... Setting up libperl5.22:amd64 (5.22.1-9) ... Setting up perl (5.22.1-9) ... update-alternatives: using /usr/bin/prename to provide /usr/bin/rename (rename) in auto mode Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline Setting up openssl (1.0.2g-1ubuntu4.6) ... Setting up netbase (5.3) ... Setting up stunnel4 (3:5.30-1) ... Warning: The home dir /var/run/stunnel4 you specified can't be accessed: No such file or directory Adding system user `stunnel4' (UID 105) ... Adding new group `stunnel4' (GID 106) ... Adding new user `stunnel4' (UID 105) with group `stunnel4' ... Not creating home directory `/var/run/stunnel4'. invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of start. Setting up iproute2 (4.3.0-1ubuntu3) ... Setting up ifupdown (0.8.10ubuntu1.2) ... Creating /etc/network/interfaces. Setting up libisc-export160 (1:9.10.3.dfsg.P4-8ubuntu1.5) ... Setting up libdns-export162 (1:9.10.3.dfsg.P4-8ubuntu1.5) ... Setting up isc-dhcp-client (4.3.3-5ubuntu12.6) ... Setting up isc-dhcp-common (4.3.3-5ubuntu12.6) ... Setting up libxtables11:amd64 (1.6.0-2ubuntu3) ... Setting up rename (0.20-4) ... update-alternatives: using /usr/bin/file-rename to provide /usr/bin/rename (rename) in auto mode Setting up tcpd (7.6.q-25) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for systemd (229-4ubuntu16) ... ---> 2b56eadc5b36 Removing intermediate container b4054aeb5ffc Step 4/4 : CMD stunnel ---> Running in aa489cb72225 ---> 2b197f506e02 Removing intermediate container aa489cb72225 Successfully built 2b197f506e02 |
Once that's finished we should be able to see the new image in the list of docker images available:
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE cmr_stunnel latest 2b197f506e02 59 seconds ago 219 MB