Recommended Docker Images
iperf3
networkstatic/iperf3
iperf3 is a great container to leave running to do point to point bandwidth tests on a network
docker run -d --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -sThen from any other machine in the LAN you can max speed test to this one with:
iperf3 -c hostname.example.comAnd you will get results that look like:
[ 4] 0.00-10.00 sec 2.80 GBytes 2.40 Gbits/sec sender
OpenSpeedTest
Don’t want to have to install iperf3 on both the server and client-side to get speed results? OpenSpeedTest is an in-browser client that can get you download/upload speeds.
docker run --restart=unless-stopped --name=openspeedtest -d -p 7777:8080 openspeedtest/latest
Portainer
Portainer is a great web interface that lets you control docker
docker volume create portainer_data #otherwise you get some random named volume
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ceThen access it with http://localhost:9000
SMTP Relay to Amazon SES
Many services have trouble talking to well-secured SMTP servers like Amazon SES. A relay is a nice way to allow those devices or services to talk to a simpler server that will then forward it to SES.
docker run -d -p 25:25 --name smtp-to-ses-relay --restart=always -e SMTP_USERNAME=abcdefgh -e SMTP_PASSWORD=123abc -e AWS_REGION=us-west-2 building5/ses-relay:latest
version: "3.8"
services:
ses-relay:
image: building5/ses-relay:latest
environment:
SMTP_USERNAME: ABCD1EFGHI2JK3LMNOPQ
SMTP_PASSWORD: abcDefgHi1jK2aAAAAaAAAa3AaaAAAABCDefg3hij4K
AWS_REGION: us-west-2
ports:
- "25:25"OpenVPN-AS Access Server
https://hub.docker.com/r/linuxserver/openvpn-as
Runs a private vpn that will route all traffic through the server’s ip. This script assumes you are have Docker-Router already running to handle https certificate and vhost mapping.
CONTAINER_NAME=openvpn
IMAGE_NAME=linuxserver/openvpn-as
# If an old container exists, stop it, rename it and disable its restart policy
docker rm ${CONTAINER_NAME}-old || true
docker stop ${CONTAINER_NAME} || true
docker rename ${CONTAINER_NAME} ${CONTAINER_NAME}-old || true
docker update --restart=no ${CONTAINER_NAME}-old || true
# Get latest version
docker pull ${IMAGE_NAME}
# Startup new container
docker run --detach --name=${CONTAINER_NAME} --label=router.domain=vpn.example.com --label=router.port=943 --cap-add=NET_ADMIN -e PUID=1000 -e PGID=1000 -e TZ=America/Chicago -p 943:943 -p 9443:9443 -p 1194:1194/udp -v /home/ubuntu/openvpn-config:/config --restart unless-stopped ${IMAGE_NAME}http://localhost:943/admin then login with admin:password
You should create a new admin user and delete the default one as you can’t change its password.
If you are trying to ssh into the node running the vpn, you will need to add the private ip cidr of the EC2 node in the /admin/vpn_settings under Routing for Specify the private subnets to which all clients should be given access (one per line):
On amazon, it will look something like 172.31.48.0/20 depending on your VPC settings.
Splunk
https://github.com/splunk/docker-splunk
This is a great log analyzer that lets you load in any text logs and search for patterns or create dashboards.
By default, when you create a Splunk Docker container, it will enable a Splunk Trial license which is good for 30 days from the start of your instance.
- 500MB/day log ingest
- Allowed 3 license violations in last 30 days (you can ingest any amount of data in 24h)
- 30 Day Trial, can register to get to Splunk Free license
- no alerting/monitoring
- no users
- no report clustering
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=<password>" --name splunk splunk/splunk:latestPrivatebin
https://hub.docker.com/r/privatebin/nginx-fpm-alpine
PrivateBin is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser using 256bit AES in Galois Counter mode.
version: '3'
services:
app:
image: 'privatebin/nginx-fpm-alpine:latest'
read_only: true #for security
ports:
- '8080:8080'
volumes:
- /mnt/content-ebs/privatebin/data:/srv/data
- /mnt/content-ebs/privatebin/conf.php:/srv/cfg/conf.phpCopy a config from https://raw.githubusercontent.com/PrivateBin/PrivateBin/master/cfg/conf.sample.php as conf.php
PHP
Is a pain. The default docker images are too bare bones with the expectation you will build your own. Apache+PHP is much easier to build but nginx+PHP-FPM is still doable. I like to avoid all HTTPS/SSL in this container and instead use something like docker-router to handle certificate generation. I recommend using a major version tag instead of :latest as going from PHP 7 to 8 can be a bump as I expect PHP 9 will be.
<project-folder>/Dockerfile
FROM php:8-apache
RUN docker-php-ext-install mysqli
RUN apt-get update && apt-get install -y zlib1g-dev libpng-dev libzip-dev libwebp-dev libjpeg-dev libfreetype6-dev exiftool
RUN docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg && docker-php-ext-install gd
RUN docker-php-ext-install exif
RUN a2enmod rewrite Optionally, I like making a build.sh to get a nice image name and normalize versioning and updating the latest tags.
TODAY=`date -u +"%Y%m%d"`
IMAGE_NAME=PROJECT-webserver
MAJOR_VERSION=1
docker build -t ${IMAGE_NAME}:${MAJOR_VERSION}.${TODAY} .
docker tag ${IMAGE_NAME}:${MAJOR_VERSION}.${TODAY} ${IMAGE_NAME}:latestYou can try to use the stock php
docker run -d --name lan-links -v /mnt/lan-links:/var/www/html -p80:80 php:7-apacheversion: '3'
services:
web:
image: php:7-apache
hostname: "docker-php"
restart: "no"
ports:
- 80:80
volumes:
- /mnt/docker-swarm-volumes-nfs/test-nginx:/var/www/html
# this pushes the container onto your actual LAN, but needs the macvlan network setup already, just leave this out if it isn't setup
networks:
default:
external:
name: on-lan-networkdozzle
https://dozzle.dev/ – realtime docker log viewer
docker run --detach --volume=/var/run/docker.sock:/var/run/docker.sock -p 8080:8080 amir20/dozzle
calibre-web ebook library
docker run -d \
--name=calibre-web \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=America/Chicago \
-e DOCKER_MODS=linuxserver/calibre-web:calibre \
-p 8083:8083 \
-v /mnt/calibre-web/config:/config \
-v /mnt/calibre-web/books:/books \
--restart unless-stopped \
ghcr.io/linuxserver/calibre-webOn the first run, it will complain about a missing database, you have to run this to manually create the file or load in a pre-existing one.
cd /app/calibre/bin && ./calibredb restore_database --really-do-it --with-library /books chmod 777 metadata.db
Default user is admin and password is admin123
I'm a 33 year old UIUC Computer Engineer building mobile apps, websites and hardware integrations with an interest in 3D printing, biotechnology and Arduinos.
https://github.com/statping/statping