initial commit

README.md

@@ -1 +1,5 @@
+<<<<<<< HEAD
 # Sthope.dev examples and templates
+=======
+# Sthope.dev
+>>>>>>> ec2f9d52c1c5cdfbb0c70f0e6d62b0bd872e37e7

custom-cmds-in-ubuntu/bin_examples/sshkeys.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+## NOT FINISHED!!!
+
+function openssl_genrsa_pass {
+
+    LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > /opt/certs/remember2delete
+}
+
+$(openssl_genrsa_pass)
+
+
+mkdir -p /opt/.certs/;cd /opt/.certs/

docker_portainer_stacks/jekyll/stack.yaml

@@ -0,0 +1,16 @@
+---
+version: "3.8"
+services:
+  jekyll:
+    image: "jekyll/jekyll:latest"
+    container_name: "jekyll"
+    hostname: "jekyll"
+    command: "jekyll serve --force_polling"
+    network_mode: "bridge"
+    environment:
+      - "TZ=Europe/Amsterdam"
+    volumes:
+      - "/home/sthope/jekyll:/srv/jekyll"
+    ports:
+      - "4000:4000"
+    restart: "unless-stopped"

docker_portainer_stacks/portainer/README.md

@@ -1,8 +1,6 @@
 # Portainer
 
 Docker-compose stack with Portainer, VSCode, WatchTower
-
-
 Install with 1 line cmd (running as sudo/root)
 ```
 clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/src/branch/master/docker_portainer_stacks/raw/branch/master/portainer/script/install_nosudo)"
@@ -18,4 +16,17 @@ wget https://git.sthope.dev/sthope/sthope-examples/src/branch/master/docker_port
 ```
 bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/src/branch/master/docker_portainer_stacks/raw/branch/master/portainer/install-portainer-agent)" EDGE_ID EDGE_KEY
 ```
-Replace `EDGE_ID` and `EDGE_KEY` with ones given by Portainer
+Replace `EDGE_ID` and `EDGE_KEY` with ones given by Portainer
+
+# Portainer EndPoint DockerAPI
+no TLS
+```
+clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-notls)"
+```
+TLS Master
+```
+clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh)"
+```
+TLS Slave
+```
+clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls.sh)"

docker_portainer_stacks/portainer/install-portainer-agent

@@ -4,7 +4,11 @@
 ###################################
 
 #### USAGE
+<<<<<<< HEAD
 # bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/src/branch/master/docker_portainer_stacks/raw/branch/master/portainer/install-portainer-agent)" EDGE_ID EDGE_KEY
+=======
+# bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/install-portainer-agent)" EDGE_ID EDGE_KEY
+>>>>>>> ec2f9d52c1c5cdfbb0c70f0e6d62b0bd872e37e7
 # 
 
 sudo docker run -d \

docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+###################################
+############ by Sthope ############
+###################################
+
+#### USAGE
+# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)"
+#
+mkdir -p /opt/certs
+
+findRandomTcpPort(){
+	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
+	while :
+	do
+		(echo >/dev/tcp/localhost/$port) &>/dev/null &&  port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) || break
+	done
+	echo "$port"
+}
+p=$(findRandomTcpPort)
+
+# MY_HOSTNAME=$(getent hosts $(hostname) | awk '{print $2}')
+# MY_HOSTNAME=$(getent hosts $(hostname) | awk '{print $1}')
+MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
+
+function openssl_genrsa_pass {
+    LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > /opt/certs/remember2delete
+}
+
+$(openssl_genrsa_pass);cat /opt/certs/remember2delete
+
+openssl genrsa -aes256  -passout file:/opt/certs/remember2delete -out /opt/certs/ca-key.pem 4096
+
+openssl req -new -x509 -days 365 -key /opt/certs/ca-key.pem -sha256 -out /opt/certs/ca.pem -passin file:/opt/certs/remember2delete \
+ -subj "/C=US/CN=$MY_IP"
+
+openssl genrsa -out /opt/certs/server-key.pem 4096
+
+echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> /opt/certs/extfile.cnf
+echo extendedKeyUsage = serverAuth >> /opt/certs/extfile.cnf
+
+openssl x509 -req -days 365 -sha256 -in /opt/certs/server.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
+  -CAcreateserial -out /opt/certs/server-cert.pem -extfile /opt/certs/extfile.cnf
+
+clear
+echo "##########################################################"
+echo "Save this password and delete the file: ";cat remember2delete; echo "                  "
+echo "##########################################################"
+echo "############################# by Sthope ##################"
+echo "##########################################################"
+rm ./.bash_history

docker_portainer_stacks/portainer/setup-dockerapi-notls

@@ -0,0 +1,36 @@
+
+#!/bin/bash
+###################################
+############ by Sthope ############
+###################################
+
+#### USAGE
+# bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-notls)"
+#
+
+findRandomTcpPort(){
+	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
+	while :
+	do
+		(echo >/dev/tcp/localhost/$port) &>/dev/null &&  port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) || break
+	done
+	echo "$port"
+}
+
+mkdir -p /etc/systemd/system/docker.service.d/
+
+p=$(findRandomTcpPort)
+
+cat << EOF > /etc/systemd/system/docker.service.d/startup_options.conf
+# /etc/systemd/system/docker.service.d/override.conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:$p
+EOF
+
+systemctl daemon-reload;systemctl restart docker.service;clear
+
+echo "######################################################################"
+echo "############################# by Sthope ##############################"
+echo "######################################################################"
+echo "You can now connect Portainer to this host at port: $p"

docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+###################################
+############ by Sthope ############
+###################################
+
+#### USAGE
+# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls)"
+#
+mkdir -p /opt/certs
+
+openssl genrsa -out /opt/certs/key.pem 4096
+
+MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
+
+openssl req -subj "/CN=$MY_IP" -new -key /opt/certs/key.pem -out /opt/certs/client.csr
+
+echo extendedKeyUsage = clientAuth > /opt/certs/extfile-client.cnf
+
+openssl x509 -req -days 365 -sha256 -in /opt/certs/client.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
+  -CAcreateserial -out /opt/certs/cert.pem -extfile /opt/certs/extfile-client.cnf
+
+# chmod -v 0400 ca-key.pem key.pem server-key.pem
+# chmod -v 0444 ca.pem server-cert.pem cert.pem
+
+# cp ca.pem /certs/
+# cp server-cert.pem /certs/
+# cp server-key.pem /certs/
+
+p(){
+	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
+	while :
+	do
+		(echo >/dev/tcp/localhost/$port) &>/dev/null &&  port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) || break
+	done
+	echo "$port"
+}
+
+mkdir -p /etc/systemd/system/docker.service.d/
+
+cat << EOF > /etc/systemd/system/docker.service.d/startup_options.conf
+# /etc/systemd/system/docker.service.d/override.conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/opt/certs/ca.pem --tlscert=/opt/certs/server-cert.pem --tlskey=/opt/certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
+EOF
+
+systemctl daemon-reload
+systemctl restart docker.service
+
+echo "######################################################################"
+echo "############################# by Sthope ##############################"
+echo "######################################################################"
+echo "You can now connect Portainer to this host at ip: $MY_IP and port:"
+cat /etc/systemd/system/docker.service.d/startup_options.conf