Background
There is a good laptop, Dell Latitude E6410 (Early 2010) i7, laying around and doing nothing at home. I started a project this weekend to breathe some new air into the sleeping laptop. It is my perfect machine for using as home server because it uses very low electricity - around 10W when idle, as much as lighting a 60W equal LED light bulb. Full throttle costs 30W extra, home server sitting idle most of the time anyway.
Intended Application
- File Server
- Running Crashplan cloud backup
- Running elasticsearch
- Running redis
Setup Server
Download Ubuntu Server then burn the iso to CD or DVD.
Minimal Install
- SSHd for remote access
Update packages to latest
$ sudo apt-get update && sudo apt-get upgrade
Enable github
Generate SSH key for github
Setup reverse ssh tunnel connection
If your home volume is encrypted, cron cannot access to the volume without password login at least once. So an unencrypted worker account is needed.
sudo adduser worker
Login to the worker account after it is created.
Setup environment variables
Edit .pam_environment
System-wide environment variables at /etc/environment
System-wide environment variables at /etc/environment
SSH_SOCKS_PORT=12380
SSH_REDIR_PORT=12322
Setup reverse ssh tunnel
Generate a key set WITHOUT passphrase, for corn job to connect to the cloud server.
ssh-keygen -t rsa -b 4096 -f cloud_sshd
Setup ~/.ssh/config
HOST cloud_sshd
HostName sshd.atcloud.com
Port 22
User receptionist
IdentityFile ~/.ssh/cloud_sshd.key
Save the script in worker home, crontab -e under worker user account
chmod 700 start_rssh_tunnel.sh
Setup postfix for cron to log error
sudo apt-get install postfix
Error log deliver to /var/mail/worker
Enable key only ssh authorization
-
How do I force SSH to only allow uses with a key to log in?
edit /etc/ssh/sshd_config, set PassowrdAuthentication no
-
Adding SSH Keys to Authorized_Keys
ssh-keygen -t rsa -b 4096 -f keyfile
cat keyfile.pub >> /etc/ssh/%u/authorized_keys
See Troubleshooting - Encrypted Home Directory section of Ubuntu SSH/OpenSSH/Keys
Install CIFS (Optional)
sudo apt-get install cifs-utils
Install Docker
Docker Ubuntu Doc
Follow the Docker-maintained Package Installation, which install the latest version. For people who is as lazy as me, I used the shortcut.
Follow the Docker-maintained Package Installation, which install the latest version. For people who is as lazy as me, I used the shortcut.
$ curl -sSL https://get.docker.com/ubuntu/ | sudo sh
DONE!
Pull Images to local repository
$ sudo docker pull ubuntu:latest
$ sudo docker pull phusion/baseimage
$ sudo docker pull redis
$ sudo docker pull dockerfile/elasticsearch
$ sudo docker pull golang
Install dnsmasq
Ubuntu Official Dnsmasq
Restart the service
$ sudo apt-get install dnsmasq
$ sudo vim /etc/dnsmasq.conf
- Don't need to uncomment (x) #listen-address= to listen-address=127.0.0.1, if dnsmasq listen on all address binding.
- Uncomment (x) conf-dir=/etc/dnsmasq.d, create a file docker_$name.conf. After starting a container, write the container host record to the file in this format: host-record=$name,$ip
$ sudo vim /etc/dhcp/dhclient.conf
Uncomment (x) prepend domain-name-servers 127.0.0.1;
Restart the service
$ sudo service dnsmasq restart
Testing DNSmasq
- Start a ubuntu instance with interactive bash session
where 172.17.42.1 is the default ip of host docker0 network interface$ sudo docker run -t -i --dns 172.17.42.1 --name test ubuntu:latest /bin/bash
- grep the container ip address
$ sudo docker inspect test | grep IPAddress
- Copy the ip address
- Add entry to /etc/dnsmasq.d/docker_test.conf
host-record=test,172.17.0.2
- Restart dnsmasq
sudo service dnsmasq restart
- Lookup the name
dig test
Container startup script
#!/bin/bash
container=$1
#echo "$container"
ip=$(docker inspect $container | grep IPAddress | cut -f4 -d'"')
#echo "$ip"
echo "host-record=$container,$ip" > /etc/dnsmasq.d/docker_$container.conf
#reset to the next argument to be processed
OPTIND=2
while getopts "r" opt; do
case $opt in
r)
service dnsmasq restart
;;
\?)
echo "Invalid option: -$OPTARG" >&2
;;
esac
done
Usage:
sudo ./regdock.sh $container_name -r
No comments:
Post a Comment