Steak Wiki - User contributions [en]

Docker

2021-09-13T16:26:08Z

Adminguy: /* Installing Docker-compose from pip or github binary not Debian */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only. (exception: if you make custom Dockerfiles).

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

===Set IP Address on docker-compose===
<pre>
mariadb:
image: mariadb:10
container_name: mariadb
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
environment:
- MYSQL_ROOT_PASSWORD=admin
- MARIADB_DATABASE=guy
- MARIADB_USER=user
- MARIADB_PASSWORD=passwd
volumes:
- ./mariadb/appdata:/var/lib/mysql
- ./mariadb/config:/etc/mysql
networks:
somenamefornetwork:
ipv4_address: 192.168.12.11
ports:
- "10055:3306"

networks:
somenamefornetwork:
ipam:
driver: default
config:
- subnet: "192.168.12.0/24"
</pre>
Add the networks section to each container.

===Store /var/lib/docker somewhere else===
i.e. instead of /var/lib/docker put them on external storage...
Ubuntu/Debian: edit your /etc/default/docker file with the -g option:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4 -g /mnt"
ref: https://forums.docker.com/t/how-do-i-change-the-docker-image-installation-directory/1169

then
stop docker compose
stop docker service
start docker service
start docker compose

the above guide also mentions using a symlink. (that's) A different approach. either should work. This is useful e.g. if you are on a VPS/SBC with limited storage (but have external storage).

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

===Root on Alpine Images===
Alpine images: can't su to root.
su: must be suid to work properly
use the flag --user root when entering the container.

docker exec -it --user root mycontainername bash

And alpine images don't have telnet. It's hard to find. it's in:
/app # apk add busybox-extras

Remember when in a docker, that you (should) always be able to install
whatever troubleshooting items you need, to replicate a normal bare metal
install, and then ts from there. e.g. telnet, tcpdump, etc...

e.g.: i tried to connect to an smtp email server (465,587) from VPS but was blocked.
Either the VPS was blocking outgoing, or the email servers were blocking incoming.
Since i tried three email servers which were blocked, it looked like the VPS. But I didn't
want to be a nuisance customer, so I did a reasonable amount of research before contacting
support.

It turned out the VPS provider was blocking packets. It was a bit of a phantom block
as they would go outbound from each VPS but then just vanish. Even within a private network where they weren't headed for the WAN, but from VPS to VPS. Ugh. Two hours. Now I know...

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-09-11T14:03:05Z

Adminguy: /* ARM is SOL */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only. (exception: if you make custom Dockerfiles).

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

===Set IP Address on docker-compose===
<pre>
mariadb:
image: mariadb:10
container_name: mariadb
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
environment:
- MYSQL_ROOT_PASSWORD=admin
- MARIADB_DATABASE=guy
- MARIADB_USER=user
- MARIADB_PASSWORD=passwd
volumes:
- ./mariadb/appdata:/var/lib/mysql
- ./mariadb/config:/etc/mysql
networks:
somenamefornetwork:
ipv4_address: 192.168.12.11
ports:
- "10055:3306"

networks:
somenamefornetwork:
ipam:
driver: default
config:
- subnet: "192.168.12.0/24"
</pre>
Add the networks section to each container.

===Store /var/lib/docker somewhere else===
i.e. instead of /var/lib/docker put them on external storage...
Ubuntu/Debian: edit your /etc/default/docker file with the -g option:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4 -g /mnt"
ref: https://forums.docker.com/t/how-do-i-change-the-docker-image-installation-directory/1169

then
stop docker compose
stop docker service
start docker service
start docker compose

the above guide also mentions using a symlink. (that's) A different approach. either should work. This is useful e.g. if you are on a VPS/SBC with limited storage (but have external storage).

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-09-11T14:02:16Z

Adminguy: /* Store /var/lib/docker somewhere else */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

===Set IP Address on docker-compose===
<pre>
mariadb:
image: mariadb:10
container_name: mariadb
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
environment:
- MYSQL_ROOT_PASSWORD=admin
- MARIADB_DATABASE=guy
- MARIADB_USER=user
- MARIADB_PASSWORD=passwd
volumes:
- ./mariadb/appdata:/var/lib/mysql
- ./mariadb/config:/etc/mysql
networks:
somenamefornetwork:
ipv4_address: 192.168.12.11
ports:
- "10055:3306"

networks:
somenamefornetwork:
ipam:
driver: default
config:
- subnet: "192.168.12.0/24"
</pre>
Add the networks section to each container.

===Store /var/lib/docker somewhere else===
i.e. instead of /var/lib/docker put them on external storage...
Ubuntu/Debian: edit your /etc/default/docker file with the -g option:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4 -g /mnt"
ref: https://forums.docker.com/t/how-do-i-change-the-docker-image-installation-directory/1169

then
stop docker compose
stop docker service
start docker service
start docker compose

the above guide also mentions using a symlink. (that's) A different approach. either should work. This is useful e.g. if you are on a VPS/SBC with limited storage (but have external storage).

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-09-11T14:01:08Z

Adminguy: /* Set IP Address on docker-compose */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

===Set IP Address on docker-compose===
<pre>
mariadb:
image: mariadb:10
container_name: mariadb
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
environment:
- MYSQL_ROOT_PASSWORD=admin
- MARIADB_DATABASE=guy
- MARIADB_USER=user
- MARIADB_PASSWORD=passwd
volumes:
- ./mariadb/appdata:/var/lib/mysql
- ./mariadb/config:/etc/mysql
networks:
somenamefornetwork:
ipv4_address: 192.168.12.11
ports:
- "10055:3306"

networks:
somenamefornetwork:
ipam:
driver: default
config:
- subnet: "192.168.12.0/24"
</pre>
Add the networks section to each container.

===Store /var/lib/docker somewhere else===
i.e. instead of /var/lib/docker put them on external storage...
Ubuntu/Debian: edit your /etc/default/docker file with the -g option:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4 -g /mnt"
ref: https://forums.docker.com/t/how-do-i-change-the-docker-image-installation-directory/1169

then
stop docker compose
stop docker service
start docker service
start docker compose

the above guide also mentions using a symlink. (that's) A different approach. either should work.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-09-09T16:11:02Z

Adminguy: /* Docker Commands */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

===Set IP Address on docker-compose===
<pre>
mariadb:
image: mariadb:10
container_name: mariadb
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
environment:
- MYSQL_ROOT_PASSWORD=admin
- MARIADB_DATABASE=guy
- MARIADB_USER=user
- MARIADB_PASSWORD=passwd
volumes:
- ./mariadb/appdata:/var/lib/mysql
- ./mariadb/config:/etc/mysql
networks:
somenamefornetwork:
ipv4_address: 192.168.12.11
ports:
- "10055:3306"

networks:
somenamefornetwork:
ipam:
driver: default
config:
- subnet: "192.168.12.0/24"
</pre>
Add the networks section to each container.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Computing Fails

2021-08-31T14:47:10Z

Adminguy: /* Attack of the Javascript and White Space 2010's web devs! */

==Mumbo Jumbo==
Programs that are full of junk or otherwise misleading. With wget, we have too much info. This example isn't specific to wget, but is a common sight. Less is more.
===sane/usable wget===
<pre>
$ wget -h
wget: unrecognized option: h
BusyBox v1.31.1 () multi-call binary.

Usage: wget [-c|--continue] [--spider] [-q|--quiet]
[-O|--output-document FILE]
[-o|--output-file FILE] [--header 'header: value'] [-Y|--proxy on/off]
[-P DIR] [-S|--server-response] [-U|--user-agent AGENT] [-T SEC] URL...

Retrieve files via HTTP or FTP

--spider Only check URL existence: $? is 0 if exists
-c Continue retrieval of aborted transfer
-q Quiet
-P DIR Save to DIR (default .)
-S Show server response
-T SEC Network read timeout is SEC seconds
-O FILE Save to FILE ('-' for stdout)
-o FILE Log messages to FILE
-U STR Use STR for User-Agent header
-Y on/off Use proxy
</pre>

===insane/unusable wget===
<pre>
$ wget -h
GNU Wget 1.20.1, a non-interactive network retriever.
Usage: wget [OPTION]... [URL]...

Mandatory arguments to long options are mandatory for short options too.

Startup:
-V, --version display the version of Wget and exit
-h, --help print this help
-b, --background go to background after startup
-e, --execute=COMMAND execute a `.wgetrc'-style command

Logging and input file:
-o, --output-file=FILE log messages to FILE
-a, --append-output=FILE append messages to FILE
-d, --debug print lots of debugging information
-q, --quiet quiet (no output)
-v, --verbose be verbose (this is the default)
-nv, --no-verbose turn off verboseness, without being quiet
--report-speed=TYPE output bandwidth as TYPE. TYPE can be bits
-i, --input-file=FILE download URLs found in local or external FILE
-F, --force-html treat input file as HTML
-B, --base=URL resolves HTML input-file links (-i -F)
relative to URL
--config=FILE specify config file to use
--no-config do not read any config file
--rejected-log=FILE log reasons for URL rejection to FILE

Download:
-t, --tries=NUMBER set number of retries to NUMBER (0 unlimits)
--retry-connrefused retry even if connection is refused
--retry-on-http-error=ERRORS comma-separated list of HTTP errors to retry
-O, --output-document=FILE write documents to FILE
-nc, --no-clobber skip downloads that would download to
existing files (overwriting them)
--no-netrc don't try to obtain credentials from .netrc
-c, --continue resume getting a partially-downloaded file
--start-pos=OFFSET start downloading from zero-based position OFFSET
--progress=TYPE select progress gauge type
--show-progress display the progress bar in any verbosity mode
-N, --timestamping don't re-retrieve files unless newer than
local
--no-if-modified-since don't use conditional if-modified-since get
requests in timestamping mode
--no-use-server-timestamps don't set the local file's timestamp by
the one on the server
-S, --server-response print server response
--spider don't download anything
-T, --timeout=SECONDS set all timeout values to SECONDS
--dns-timeout=SECS set the DNS lookup timeout to SECS
--connect-timeout=SECS set the connect timeout to SECS
--read-timeout=SECS set the read timeout to SECS
-w, --wait=SECONDS wait SECONDS between retrievals
--waitretry=SECONDS wait 1..SECONDS between retries of a retrieval
--random-wait wait from 0.5*WAIT...1.5*WAIT secs between retrievals
--no-proxy explicitly turn off proxy
-Q, --quota=NUMBER set retrieval quota to NUMBER
--bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host
--limit-rate=RATE limit download rate to RATE
--no-dns-cache disable caching DNS lookups
--restrict-file-names=OS restrict chars in file names to ones OS allows
--ignore-case ignore case when matching files/directories
-4, --inet4-only connect only to IPv4 addresses
-6, --inet6-only connect only to IPv6 addresses
--prefer-family=FAMILY connect first to addresses of specified family,
one of IPv6, IPv4, or none
--user=USER set both ftp and http user to USER
--password=PASS set both ftp and http password to PASS
--ask-password prompt for passwords
--use-askpass=COMMAND specify credential handler for requesting
username and password. If no COMMAND is
specified the WGET_ASKPASS or the SSH_ASKPASS
environment variable is used.
--no-iri turn off IRI support
--local-encoding=ENC use ENC as the local encoding for IRIs
--remote-encoding=ENC use ENC as the default remote encoding
--unlink remove file before clobber
--xattr turn on storage of metadata in extended file attributes
Directories:
-nd, --no-directories don't create directories
-x, --force-directories force creation of directories
-nH, --no-host-directories don't create host directories
--protocol-directories use protocol name in directories
-P, --directory-prefix=PREFIX save files to PREFIX/..
--cut-dirs=NUMBER ignore NUMBER remote directory components

HTTP options:
--http-user=USER set http user to USER
--http-password=PASS set http password to PASS
--no-cache disallow server-cached data
--default-page=NAME change the default page name (normally
this is 'index.html'.)
-E, --adjust-extension save HTML/CSS documents with proper extensions
--ignore-length ignore 'Content-Length' header field
--header=STRING insert STRING among the headers
--compression=TYPE choose compression, one of auto, gzip and none. (default: none)
--max-redirect maximum redirections allowed per page
--proxy-user=USER set USER as proxy username
--proxy-password=PASS set PASS as proxy password
--referer=URL include 'Referer: URL' header in HTTP request
--save-headers save the HTTP headers to file
-U, --user-agent=AGENT identify as AGENT instead of Wget/VERSION
--no-http-keep-alive disable HTTP keep-alive (persistent connections)
--no-cookies don't use cookies
--load-cookies=FILE load cookies from FILE before session
--save-cookies=FILE save cookies to FILE after session
--keep-session-cookies load and save session (non-permanent) cookies
--post-data=STRING use the POST method; send STRING as the data
--post-file=FILE use the POST method; send contents of FILE
--method=HTTPMethod use method "HTTPMethod" in the request
--body-data=STRING send STRING as data. --method MUST be set
--body-file=FILE send contents of FILE. --method MUST be set
--content-disposition honor the Content-Disposition header when
choosing local file names (EXPERIMENTAL)
--content-on-error output the received content on server errors
--auth-no-challenge send Basic HTTP authentication information
without first waiting for the server's
challenge

HTTPS (SSL/TLS) options:
--secure-protocol=PR choose secure protocol, one of auto, SSLv2,
SSLv3, TLSv1, TLSv1_1, TLSv1_2 and PFS
--https-only only follow secure HTTPS links
--no-check-certificate don't validate the server's certificate
--certificate=FILE client certificate file
--certificate-type=TYPE client certificate type, PEM or DER
--private-key=FILE private key file
--private-key-type=TYPE private key type, PEM or DER
--ca-certificate=FILE file with the bundle of CAs
--ca-directory=DIR directory where hash list of CAs is stored
--crl-file=FILE file with bundle of CRLs
--pinnedpubkey=FILE/HASHES Public key (PEM/DER) file, or any number
of base64 encoded sha256 hashes preceded by
'sha256//' and separated by ';', to verify
peer against

--ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly.
Use with care. This option overrides --secure-protocol.
The format and syntax of this string depend on the specific SSL/TLS engine.
HSTS options:
--no-hsts disable HSTS
--hsts-file path of HSTS database (will override default)
FTP options:
--ftp-user=USER set ftp user to USER
--ftp-password=PASS set ftp password to PASS
--no-remove-listing don't remove '.listing' files
--no-glob turn off FTP file name globbing
--no-passive-ftp disable the "passive" transfer mode
--preserve-permissions preserve remote file permissions
--retr-symlinks when recursing, get linked-to files (not dir)

FTPS options:
--ftps-implicit use implicit FTPS (default port is 990)
--ftps-resume-ssl resume the SSL/TLS session started in the control connection when
opening a data connection
--ftps-clear-data-connection cipher the control channel only; all the data will be in plaintext
--ftps-fallback-to-ftp fall back to FTP if FTPS is not supported in the target server
WARC options:
--warc-file=FILENAME save request/response data to a .warc.gz file
--warc-header=STRING insert STRING into the warcinfo record
--warc-max-size=NUMBER set maximum size of WARC files to NUMBER
--warc-cdx write CDX index files
--warc-dedup=FILENAME do not store records listed in this CDX file
--no-warc-compression do not compress WARC files with GZIP
--no-warc-digests do not calculate SHA1 digests
--no-warc-keep-log do not store the log file in a WARC record
--warc-tempdir=DIRECTORY location for temporary files created by the
WARC writer
Recursive download:
-r, --recursive specify recursive download
-l, --level=NUMBER maximum recursion depth (inf or 0 for infinite)
--delete-after delete files locally after downloading them
-k, --convert-links make links in downloaded HTML or CSS point to
local files
--convert-file-only convert the file part of the URLs only (usually known as the basename)
--backups=N before writing file X, rotate up to N backup files
-K, --backup-converted before converting file X, back up as X.orig
-m, --mirror shortcut for -N -r -l inf --no-remove-listing
-p, --page-requisites get all images, etc. needed to display HTML page
--strict-comments turn on strict (SGML) handling of HTML comments
Recursive accept/reject:
-A, --accept=LIST comma-separated list of accepted extensions
-R, --reject=LIST comma-separated list of rejected extensions
--accept-regex=REGEX regex matching accepted URLs
--reject-regex=REGEX regex matching rejected URLs
--regex-type=TYPE regex type (posix|pcre)
-D, --domains=LIST comma-separated list of accepted domains
--exclude-domains=LIST comma-separated list of rejected domains
--follow-ftp follow FTP links from HTML documents
--follow-tags=LIST comma-separated list of followed HTML tags
--ignore-tags=LIST comma-separated list of ignored HTML tags
-H, --span-hosts go to foreign hosts when recursive
-L, --relative follow relative links only
-I, --include-directories=LIST list of allowed directories
--trust-server-names use the name specified by the redirection
URL's last component
-X, --exclude-directories=LIST list of excluded directories
-np, --no-parent don't ascend to the parent directory

Email bug reports, questions, discussions to <bug-wget@gnu.org>
and/or open issues at https://savannah.gnu.org/bugs/?func=additem&group=wget.

</pre>
===Conclusion===
No human being can digest all the information in the latter. It's
insane. Perhaps another flag can be used for the verbose help information, but
for average daily usage, busybox wins here.

==Attack of Javascript and White Space 2010's web devs!==
Discourse. I hate it so much. It's as if someone who had never used a forum before thought about designing forums. They then looked at all the reasonable spacing and coherent navigation offered by php forums from the 2000's, and said: "No, I must have more white space, and a font size that is 3 times as big. I must also make it slower, by adding superfluous javascript libraries.". Thus, discourse was created: To deter people from actually using forums effectively.

==IPv6 Is Badly Designed==
IPv6. It was supposed to take over IPv4 over 20 years ago (yes, people were talking about IPv6 in the year 2000). In 2020, it still hasn't. Why? Because it's crap, and everyone knows it. However, the amount of corporate money invested into it, means that it may eventually get shoved down people's throats. It's not even easy to find criticisms of the technology these days. It's all being astroturfed by shills. It's like a bad movie or video game sequel. It's worse than the original. But you can't avoid it.

Ref: https://web.archive.org/web/20070707080506/http://tech.hellyeah.com/display_doc.phtml?id=28

<pre>
To begin with, IPv6 will use a 128 bit address space, as compared to
IPv4's 32 bits. This 128 bit address is the biggest reason for IPv6. It
is supposed to give us plenty of IP addresses to last us well into the
future. However, 128 bits is overkill. Sixty-four should be more than
enough.

Let's put it in terms that are easier to comprehend. We'll assume that
there are 15 billion people on the planet. (currently, there are only
6.1 billion, and the largest estimates for the next fifty years project
12 billion). With 128 bits per IP address, each person could have
2.26e28 IP addresses to themselves. If we reduce it to 64 bits, each
person would still have 1.2 billion addresses.

What about the people who want to put IP addresses on every light pole,
mailbox, stop light and street sign? Well, there are about 148 million
square kilometers of land on the Earth (not including ocean). With 128
bits, we have almost 2.3e20 addresses per square centimeter. If we
reduce that to 64 bits, each square centimeter would still have about
12.5 IP addresses -- more than enough.

...(Sections Omitted)

Part of IPv4's immense success was due to its
simplicity and rigid structure. It does the job it was meant to do
quickly and effectively. IPv6 adds all sorts of bells and whistles that
are unneccesary and even detrimental. With all the wasted space and
privacy issues, I'd rather have the IETF go back to the drawing board
and come back with IPv7

</pre>
Less is more. The answer isn't "add more people". The answer isn't "add more ip addresses". Things can't expand exponentially forever. There has to be limits in place. Just as humans will destroy themselves on Earth, so too will they screw up the internet.

==Hidden Files==
alias ls='ls -a'
Hidden files are evil. Either clean up your files and move to a directory or don't fill up directories with config crap. All ls should be ls -a. They will bite you as often as pcb makers get bitten by incorrect footprints. Its bad design. It will never go away. There's no thinking that you
should've been smarter. Lies. Its the human factor. It will always, always bite you someday.
Hidden files are fundamentally flawed. They will always cause trouble.

==Duplication of Work==
There are dozens of companies and individuals doing source code management tools. Meta-coding. The duplication of work can't ever have been this bad, and the duplication here isn't even an actual tool: it's a tool for a tool. Go ahead and search for source code / git hosting. Prepare yourself, there are way too many options. It's to the point of hyperbole.

Western cultures need to take a lesson from china. One of china's strengths, is not necessarily cutting corners, but in not doing more than is needed to complete a task. It's about efficiency. And it is possibly a sin to indulge in things that aren't necessary. Time and Life is short. Time management is critical.

Windows Desktop Screenshot Monitoring

2021-08-31T14:46:26Z

Adminguy:

{{Template:ProprietarySoftware}}

Here are notes on setting up desktop screen monitoring for Windows 10 (02/2020).

The intention is for this to be a way to monitor users computers, in case they get a virus or do something stupid (or someone unauthorized uses the computer). It is for security and is 0.2 FPS (yes, that's 1 picture every 5 seconds). It is not intended to be a video stream of the user working.

EDIT: 08/2021, just use Zoneminder 1.36 or 1.38 (when released). See this post which has some tips on setup:
https://forums.zoneminder.com/viewtopic.php?f=42&t=30581&p=120570

==tl;dr Win10 Solution for taking Desktop Screenshots and Serving over LAN==
Use this powershell script
<pre>
[cmdletbinding()]
param(
[string]$Width,
[string]$Height,
[String]$FileName = "Screenshot" ,
[string]$path2 = "c:\LOCATIONTOSAVE\"

)
#Function to take screenshot. This function takes the width and height of the screen that # #has
#to be captured

function Take-Screenshot{
[cmdletbinding()]
param(
[Drawing.Rectangle]$bounds,
[string]$path
)
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
$graphics = [Drawing.Graphics]::FromImage($bmp)
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
$bmp.Save($path)
$graphics.Dispose()
$bmp.Dispose()
}

#Function to get the primary monitor resolution.
#This code is sourced from
# https://techibee.com/powershell/powershell-script-to-get-desktop-screen-resolution/1615

function Get-ScreenResolution {
$Screens = [system.windows.forms.screen]::AllScreens
foreach ($Screen in $Screens) {
$DeviceName = $Screen.DeviceName
$Width = $Screen.Bounds.Width
$Height = $Screen.Bounds.Height
$IsPrimary = $Screen.Primary
$OutputObj = New-Object -TypeName PSobject
$OutputObj | Add-Member -MemberType NoteProperty -Name DeviceName -Value $DeviceName
$OutputObj | Add-Member -MemberType NoteProperty -Name Width -Value $Width
$OutputObj | Add-Member -MemberType NoteProperty -Name Height -Value $Height
$OutputObj | Add-Member -MemberType NoteProperty -Name IsPrimaryMonitor -Value $IsPrimary
$OutputObj
}
}

#Main script begins

#By default captured screenshot will be saved in %temp% folder
#You can override it here if you want
#orig
#$Filepath = join-path $env:temp $FileName
#edit
$Filepath = join-path $path2 $FileName

[void] [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [Reflection.Assembly]::LoadWithPartialName("System.Drawing")

if(!($width -and $height)) {

$screen = Get-ScreenResolution | ? {$_.IsPrimaryMonitor -eq $true}
$Width = $screen.Width
$Height = $screen.height
}

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, $Screen.Width, $Screen.Height)

Take-Screenshot -Bounds $bounds -Path "$Filepath.png"
#Now you have the screenshot
</pre>

Call it every 1 minute in task scheduler with this .vbs script (must use vbs to be quiet, and not open a cmd window)
<pre>
Dim index, count
count = 11
For index = 1 To count
command = "powershell.exe -nologo -command C:\SCRIPTHERE"
set shell = CreateObject("WScript.Shell")
shell.Run command,0
'this is in milliseconds
WScript.Sleep 5000
Next
</pre>

In order for this type of script to take a screenshot, it must run as the user "only when he is logged in" per the task scheduler settings. Do not run this in task scheduler as SYSTEM, or whether or not the user is logged in. See details below.

===Grab Images via SMB===
At this point, you have an updating file which is a screenshot. You can now grab this however you want. If you use something like Zoneminder (which can read an image file as a video stream) or Blue Iris (not sure if that can, but probably), you will have a video stream.

Map the SMB drive to the recording server to grab the file without installing anything. Another option is to use apache w/authentication (or without).

==Details==
===VLC works in Win7 Only===
In Windows 7 (I think) you can simply use VLC from the command line.
ref: https://www.axis.com/files/tech_notes/Desktop_MJPEG_Screen_Capture.pdf
"C:\Program Files\VideoLAN\VLC\vlc.exe" -I --dummy-quiet screen:// --screen-fps=3 :sout=#transcode{vcodec=MJPG,venc=ffmpeg{qmin=0,qmax=10},vb=800,width=320, height=240,acodec=none}:http{mux=mpjpeg,dst=:8088} :sout-keep

This was tested to work in 2008 server. (NOTE: Doesn't work in win10, without opening a video screen. see below.)

NOTE: make sure to open port in firewall.

test first in localhost on server.

then test remotely.

firewall needs port opened for remote access.

Let's look at other options.

https://github.com/aviloria/ScreenCaptureServer/releases

https://github.com/rdp/screen-capture-recorder-to-video-windows-free
this just looks like a mess. popular, though. doesn't mean anything.

===Manual JPEG screen capture and server over HTTP for Win10===

After all that, I decided the best solution is to do this manually.
Almost future proof.

Some apache server, with a program that just takes screenshots and puts them in the local dir. You can bypass the apache server by using SMB, also. That avoids the need to install apache.

Then Zoneminder, Blueiris, etc... server reads the file.

I tried autoscreen (sourceforge)
av gives warnings on autoscreen, which must be wrong.

It doesn't really work because, it saves to a new file all the time. I gave up at this point. Didn't look into this.

====Powershell Get Screenshot====
I tried a few things, before finding one that worked.

You may to need to allow scripts (or pass the allow to the script in the
powershell, i.e. bypassing the execution policy), so:
* https://www.tenforums.com/tutorials/54585-change-powershell-script-execution-policy-windows-10-a.html
explains it well

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force

EDIT: Don't set -Scope current user or you will have to disable it later.
It's an entangled set of sub-permissions and if you enable some of them, you can't change the main ones. The scope is sub permissions, RemoteSigned
being one of the main permissions.

Keep in mind when saving png, that you may have to write somewhere other than c: which often doesn't have write permissions anymore.

that didn't work
trying a different one...
<pre>
[cmdletbinding()]
param(
[string]$Width,
[string]$Height,
[String]$FileName = "Screenshot" ,
[string]$path2 = "c:\LOCATIONTOSAVE\"

)
#Function to take screenshot. This function takes the width and height of the screen that # #has
#to be captured

function Take-Screenshot{
[cmdletbinding()]
param(
[Drawing.Rectangle]$bounds,
[string]$path
)
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
$graphics = [Drawing.Graphics]::FromImage($bmp)
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
$bmp.Save($path)
$graphics.Dispose()
$bmp.Dispose()
}

#Function to get the primary monitor resolution.
#This code is sourced from
# https://techibee.com/powershell/powershell-script-to-get-desktop-screen-resolution/1615

function Get-ScreenResolution {
$Screens = [system.windows.forms.screen]::AllScreens
foreach ($Screen in $Screens) {
$DeviceName = $Screen.DeviceName
$Width = $Screen.Bounds.Width
$Height = $Screen.Bounds.Height
$IsPrimary = $Screen.Primary
$OutputObj = New-Object -TypeName PSobject
$OutputObj | Add-Member -MemberType NoteProperty -Name DeviceName -Value $DeviceName
$OutputObj | Add-Member -MemberType NoteProperty -Name Width -Value $Width
$OutputObj | Add-Member -MemberType NoteProperty -Name Height -Value $Height
$OutputObj | Add-Member -MemberType NoteProperty -Name IsPrimaryMonitor -Value $IsPrimary
$OutputObj
}
}

#Main script begins

#By default captured screenshot will be saved in %temp% folder
#You can override it here if you want
#orig
#$Filepath = join-path $env:temp $FileName
#edit
$Filepath = join-path $path2 $FileName

[void] [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [Reflection.Assembly]::LoadWithPartialName("System.Drawing")

if(!($width -and $height)) {

$screen = Get-ScreenResolution | ? {$_.IsPrimaryMonitor -eq $true}
$Width = $screen.Width
$Height = $screen.height
}

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, $Screen.Width, $Screen.Height)

Take-Screenshot -Bounds $bounds -Path "$Filepath.png"
#Now you have the screenshot
</pre>
from: https://techibee.com/powershell/powershell-script-to-take-a-screenshot-of-your-desktop/1626

That works, but has some load on a 4 core PC from 2010.
Not bad, but not great. I wouldn't run it more than every 10 seconds
or so.

A Windows Task Scheduler trigger cannot repeat more often than every 1 minute, but you can set up multiple triggers. To run a task every 10 seconds, add six Triggers. Each one should run the task Daily, and Repeat task every 1 minute. Their start times should be 12:00:00 AM, 12:00:10 AM, 12:00:20 AM, 12:00:30 AM, 12:00:40 AM, and 12:00:50 AM.

from: https://superuser.com/questions/293445/windows-task-scheduler-schedule-task-to-run-once-every-10-seconds

But it's easier to just use a for loop in a script with a delay.

It ends up that the script that calls this in task scheduler must be vbs
as it must be quiet. Powershell and cmd, both open boxes, the user will see. This is because the script MUST run as the USER, when they are LOGGED IN. You can't run as system, or another admin. We are taking a screenshot of their desktop, and that env must be setup.

The vbs script that calls the above ps1 powershell might look something like
<pre>
Dim index, count
count = 11
For index = 1 To count
command = "powershell.exe -nologo -command C:\SCRIPTHERE"
set shell = CreateObject("WScript.Shell")
shell.Run command,0
'this is in milliseconds
WScript.Sleep 5000
Next
</pre>

So it runs every 5 seconds for a minute. Then you set it to run in Task Scheduler. Just call it directly, no need to do anything else. Test in cmd line.

You can adjust the PixelFormat to get smaller PNG files in the above ps1 script. I used
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height, Format16bppRgb555

==Improvements==
* Lower Resource Usage
* Higher FPS
* Encode to H264 and serve low res stream over RTSP (too bad VLC doesn't work anymore)

Loops

2021-08-12T04:24:50Z

Adminguy: /* read file into command line by line */

This is a basic (bash) loop to operate on files.

Examples are given for 7z and video conversion.
<pre>
#!/bin/bash -x
#for i in *.webm;
for i in *.7z
do name=`echo $i | cut -d'.' -f1`;
echo $name;

#for h264
# ffmpeg -i $i -s 1280x720 -c:a copy $name.mp4;

#for webm

#-map_metadata -1 is to remove metadata, at least try to remove some. (need to verify)
#ffmpeg -i $i -map_metadata -1 -c:v libvpx -crf 10 -b:v 1M -c:a libvorbis $name.webm
7z e -o"$name" ./"$i"
done
</pre>
Basically, trim off extension of i, put into name. Use both for extractions/conversion.

===Batch Edit Photos===
<pre>
#!/bin/bash
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$i
done
</pre>

Add date:
<pre>
#!/bin/bash
DATE=$(date "+%Y_%m_%d")
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$DATE$i
done
</pre>

===Interactive Range Loop===
<pre>
#!/bin/bash
for i in {1..254};
do
some program that stalls goes here;
done
</pre>
this will stop at the program, if it doesn't immediately complete
so do this:
ctrl - \

that will skip to the next range loop (i increments). note its not ctrl - c
which will exit script.
you can hold ctrl and depress \

What is CTRL - \?
https://en.wikipedia.org/wiki/Signal_(IPC)
One of the other options besides ctrl - c.

* https://hackaday.com/2020/06/12/binary-math-tricks-shifting-to-divide-by-ten-aint-easy/

===read file into command line by line===
<pre>#!/bin/bash
input="text_file.txt"
while IFS= read -r line
do
wget $line
done < "$input"</pre>
Obviously here, wget is the command being used. This example downloads from a text file with a list of URLs.

Loops

2021-08-12T04:23:43Z

Adminguy: /* Interactive Range Loop */

This is a basic (bash) loop to operate on files.

Examples are given for 7z and video conversion.
<pre>
#!/bin/bash -x
#for i in *.webm;
for i in *.7z
do name=`echo $i | cut -d'.' -f1`;
echo $name;

#for h264
# ffmpeg -i $i -s 1280x720 -c:a copy $name.mp4;

#for webm

#-map_metadata -1 is to remove metadata, at least try to remove some. (need to verify)
#ffmpeg -i $i -map_metadata -1 -c:v libvpx -crf 10 -b:v 1M -c:a libvorbis $name.webm
7z e -o"$name" ./"$i"
done
</pre>
Basically, trim off extension of i, put into name. Use both for extractions/conversion.

===Batch Edit Photos===
<pre>
#!/bin/bash
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$i
done
</pre>

Add date:
<pre>
#!/bin/bash
DATE=$(date "+%Y_%m_%d")
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$DATE$i
done
</pre>

===Interactive Range Loop===
<pre>
#!/bin/bash
for i in {1..254};
do
some program that stalls goes here;
done
</pre>
this will stop at the program, if it doesn't immediately complete
so do this:
ctrl - \

that will skip to the next range loop (i increments). note its not ctrl - c
which will exit script.
you can hold ctrl and depress \

What is CTRL - \?
https://en.wikipedia.org/wiki/Signal_(IPC)
One of the other options besides ctrl - c.

* https://hackaday.com/2020/06/12/binary-math-tricks-shifting-to-divide-by-ten-aint-easy/

===read file into command line by line===
<pre>#!/bin/bash
input="text_file.txt"
while IFS= read -r line
do
wget $line
done < "$input"</pre>
Obviously here, wget is the command being used. Such an example being to download from a list of URLs delimited by newline.

Loops

2021-08-12T04:23:22Z

Adminguy:

This is a basic (bash) loop to operate on files.

Examples are given for 7z and video conversion.
<pre>
#!/bin/bash -x
#for i in *.webm;
for i in *.7z
do name=`echo $i | cut -d'.' -f1`;
echo $name;

#for h264
# ffmpeg -i $i -s 1280x720 -c:a copy $name.mp4;

#for webm

#-map_metadata -1 is to remove metadata, at least try to remove some. (need to verify)
#ffmpeg -i $i -map_metadata -1 -c:v libvpx -crf 10 -b:v 1M -c:a libvorbis $name.webm
7z e -o"$name" ./"$i"
done
</pre>
Basically, trim off extension of i, put into name. Use both for extractions/conversion.

===Batch Edit Photos===
<pre>
#!/bin/bash
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$i
done
</pre>

Add date:
<pre>
#!/bin/bash
DATE=$(date "+%Y_%m_%d")
for i in *.JPG
do
#delete exif data
mogrify -strip $i
#test convert size in gimp first to get ratio right
convert -resize 1080x810 $i ~/Desktop/photofolder/$DATE$i
done
</pre>

===Interactive Range Loop===
<pre>
#!/bin/bash
for i in {1..254};
do
some program that stalls goes here;
done
</pre>
this will stop at the program, if it doesn't immediately complete
so do this:
ctrl - \

that will skip to the next range loop (i increments). note its not ctrl - c
which will exit script.
you can hold ctrl and depress \

What is CTRL - \?
https://en.wikipedia.org/wiki/Signal_(IPC)
One of the other options besides ctrl - c.

* https://hackaday.com/2020/06/12/binary-math-tricks-shifting-to-divide-by-ten-aint-easy/

+==read file into command line by line==
<pre>#!/bin/bash
input="text_file.txt"
while IFS= read -r line
do
wget $line
done < "$input"</pre>
Obviously here, wget is the command being used. Such an example being to download from a list of URLs delimited by newline.

Alpine

2021-05-24T04:56:53Z

Adminguy: /* Search for who owns a certain file */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE
</pre>
===apk Update Between Versions===
* A couple releases are supported for a while. So even if a new one is out, the older one may still have updates.
* Follow directions on Wiki for upgrade.
* If you run out of space in boot (as I did) just back up or delete the old kernel and initramfs (they will be in a folder, e.g. 202012) then mkinitfs and grub-mkimage again. should boot.
* If you get errors on apk, there is an apk fix. This might also run mkinitfs and grub again.

===Misc===

/etc/local.d
Allows for boot / shutdown scripts

/etc/apk/world
Lists all packages installed.

'''text files''':

Alpine uses a lot of text files for configuration. Text files are holy because they are accessible, editable, and in plain sight. DBs, hidden files, and registries are evil (when used for program flags/switches). Text files (in Alpine) are also minimal, and obvious where they are located. This makes editing / customization accessible to the novice user.

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs

https://ariadne.space/2021/04/25/why-apk-tools-is-different-than-other-package-managers/

https://wiki.alpinelinux.org/w/index.php?title=Mailing_lists



{{GNU\Linux}}

Alpine

2021-05-24T04:55:34Z

Adminguy: /* Search for who owns a certain file */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE

===apk Update Between Versions===
* Follow directions on Wiki for upgrade.
* If you run out of space in boot (as I did) just back up or delete the old kernel and initramfs (they will be in a folder, e.g. 202012) then mkinitfs and grub-mkimage again. should boot.
* If you get errors on apk, there is an apk fix. This might also run mkinitfs and grub again.

</pre>

===Misc===

/etc/local.d
Allows for boot / shutdown scripts

/etc/apk/world
Lists all packages installed.

'''text files''':

Alpine uses a lot of text files for configuration. Text files are holy because they are accessible, editable, and in plain sight. DBs, hidden files, and registries are evil (when used for program flags/switches). Text files (in Alpine) are also minimal, and obvious where they are located. This makes editing / customization accessible to the novice user.

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs

https://ariadne.space/2021/04/25/why-apk-tools-is-different-than-other-package-managers/

https://wiki.alpinelinux.org/w/index.php?title=Mailing_lists



{{GNU\Linux}}

Alpine

2021-05-06T05:14:12Z

Adminguy: /* Misc */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE
</pre>

===Misc===

/etc/local.d
Allows for boot / shutdown scripts

/etc/apk/world
Lists all packages installed.

'''text files''':

Alpine uses a lot of text files for configuration. Text files are holy because they are accessible, editable, and in plain sight. DBs, hidden files, and registries are evil (when used for program flags/switches). Text files (in Alpine) are also minimal, and obvious where they are located. This makes editing / customization accessible to the novice user.

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs

https://ariadne.space/2021/04/25/why-apk-tools-is-different-than-other-package-managers/

https://wiki.alpinelinux.org/w/index.php?title=Mailing_lists



{{GNU\Linux}}

Alpine

2021-05-06T05:13:09Z

Adminguy: /* Search for who owns a certain file */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE
</pre>

===Misc===

/etc/local.d
Allows for boot / shutdown scripts

/etc/apk/world
Lists all packages installed.

Alpine uses a lot of text files for configuration. Text files are holy because they are accessible, editable, and in plain sight. DBs, hidden files, and registries are evil (when used for program flags/switches). Text files are also minimal, and obvious where they are located. This makes editing / customization accessible to the novice user.

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs

https://ariadne.space/2021/04/25/why-apk-tools-is-different-than-other-package-managers/

https://wiki.alpinelinux.org/w/index.php?title=Mailing_lists



{{GNU\Linux}}

Alpine

2021-05-06T05:09:47Z

Adminguy: /* Links */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE
</pre>

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs

https://ariadne.space/2021/04/25/why-apk-tools-is-different-than-other-package-managers/

https://wiki.alpinelinux.org/w/index.php?title=Mailing_lists



{{GNU\Linux}}

Openwrt

2021-05-04T18:23:20Z

Adminguy: /* misc */

==Recommended Router==
Current:

high traffic: x86 PC

low traffic: ARM / MIPS with the following:
* uboot bootloader
* doesn't require multiple hoops to install (i.e. no 'two different' serial speeds on the same UART. moron ubiquiti...)
* promotes FOSS and is ok with LEDE/openwrt

Still evaluating them, but it looks like gl.inet is the way to go.

OLD:
* https://openwrt.org/toh/mikrotik/rb2011

I used to use these as they are rack mount, but the bootloader is proprietary and i had two of them brick themselves for no reason during the 2nd sysupgrade. Proprietary software. Not Even Once.

High-end companies can look at https://www.opencompute.org/products

===Recommended wireless AP===
Open mesh in Oregon was good. But they were bought out. They are now doomed. China has gl.inet which is basically the same as open mesh, although they specialize in small travel routers. Only buy wifi APs that support openwrt.

==Tips==

===port forwarding===
Port forwarding is two steps:
# redirect port from outside to internal (NAT)
# allow access from outside to inside via this port (firewall)

{{cat|/etc/config/firewall|config redirect
option name 'PassthroughformyServer'
option src 'wan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.100'
option dest_port '80'
option target 'DNAT'
option dest 'lan'

config rule
option src 'wan'
option proto 'tcp'
option dest_port '80'
option target 'ACCEPT'

}}
Note: Proto can be 'tcp' OR 'tcpudp' OR 'udp'

===reserved ip / static lease===
{{cat|/etc/config/dhcp|config host
option ip 192.168.1.122
option mac c2:44:32:18:cd:ab
option name reservedipcomputer}}
ref: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#static_leases

I tried to add this to the wiki, but someone (https://openwrt.org/docs/guide-user/base-system/dhcp_configuration?rev=1596434574) decided to replace my simple solution with an obfuscated one that requires uci commands. So instead, it will remain here.
EDIT: I added it back. See how long that lasts...

===openvpn===
<code>opkg install openvpn-openssl</code>

{{cat|/etc/config/openvpn| config openvpn 'custom_config'
option config '/etc/openvpn/myconfigfile.ovpn'
}}
And your .ovpn in /etc/openvpn/.

===aliases===
Put in /etc/profile. e.g.
<pre>export TERM=xterm
alias vpnme= 'openvpn --config /etc/openvpn/myconfigfile.ovpn & ./script.sh &'</pre>

===mwan3===

Mwan3 can be tricky. The wiki lacks a quick start*. The following files get edited:
/etc/config/network
/etc/config/mwan3
/etc/config/firewall

Tips Page: [[Mwan3_On_Openwrt]]

If you add a new WAN interface, (e.g. wanb or wan2) you must add wanb to the existing wan firewall zone for outgoing comms. How this is handled differs from 17 to 19.*2

Balanced policies can have issues with connections jumping from one wan to another.

* the current mwan3 page is a lengthy multi-page behemoth (which has grown over time) that expects no less of you than to understand all functional and architectural details of how the failover works. It's a lot for someone that just wants to setup backup internet. But mwan3 can and does work.
*2 ctrl-f for firewall comes up with half a dozen mentions of firewall masking (something done automatically) and one easily missable note, for GUI setup only, about adding the new wan2 to the firewall zone. An absolutely required step.

===iptables vs fw3===
In the firewall:
iptables -L
will list current rules, but the iptables rule generator is fw3.
fw3 print
Will display iptables commands that make up the firewall. fw3 script is described in firewall pages on official wiki. Please review that.

===less with / search===
The stock 'less' command does not include '/' search.
opkg install less
To get forward slash search
https://dev.archive.openwrt.org/ticket/7132

===remove poweroff command===
cd /sbin/
rm ./poweroff
Now to power off, you must type
busybox poweroff
This will keep you from accidentally shutting down a router.

===misc===
start wifi
wifi up
wifi status

transfer files using nc / scp on lean embedded devices

===Logging===

display (RAM based) logs (note that this is not in /var/log/messages...)
logread
https://openwrt.org/docs/guide-user/perf_and_log/start
e.g.
https://openwrt.org/docs/guide-user/perf_and_log/statistic.custom
and
https://openwrt.org/docs/guide-user/perf_and_log/log.messages

===Blink LEDs===
If you poke around the Linux Kernel you will come across core Netfilter configuration. It's
not in an obvious place, but in 5.4 here:
<pre>
Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ -> Network packet filtering framework (Netfilter) (NETFILTER [=y]) │
│ -> Core Netfilter Configuration │
│ -> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])

</pre>
Why am I poking around xtables support? Wireguard needs it for <5.6. But, in this page, you will find some familiar sights: REDIRECT,MASQUERADE,DROP,LOG, etc... All parameters for iptables. Here you will learn what the difference between REDIRECT and MASQUERADE is (one is input, one is output)(which is interesting, because it might be a thing people commonly get wrong, on online tips for using iptables, or if you don't know which does what, you won't know what to look for). Forget about that, there's one named LED. Hey that sounds interesting. That means I can control a LED from the firewall?

Does this work with Openwrt? No idea, but from here I went to the official owrt docs
https://openwrt.org/docs/guide-user/base-system/led_configuration
And you may already know the leds are there, but here's how to configure them. Some of them require modules. e.g.
<pre>
The LED flashes with link status and/or send and receive activity on the configured interface. If not installed already, install it with:
opkg install kmod-ledtrig-netdev
</pre>
will enable netdev, which will enable led activity on any NIC. so it requires that module and some configuration...
e.g.
<pre>
#:/sys/devices/platform/leds/leds/:green:wan# ls
brightness device_name link rx trigger uevent
device interval max_brightness subsystem tx
#:/sys/devices/platform/leds/leds/:green:wan# cat *
0
cat: read error: Is a directory
eth0.2
50
0
255
1
cat: read error: Is a directory
none switch0 timer default-on [netdev] phy0rx phy0tx phy0assoc phy0radio phy0tpt
0
OF_NAME=wan
OF_FULLNAME=/leds/wan
OF_COMPATIBLE_N=0
</pre>
I had to set rx or tx to 1 (only 1 of them). and also needed to set device_name (not device like docs say) to eth0.2

Just set a ping, then tweak the knobs; should start blinking.

"But what if I want to blink more LEDs from userspace?" See [[Arduino]] for ulisp.

===various links i found interesting===

* https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm - speed test, and traffic shaping to speed up a 'slow' network. protip: use x86 instead of arm if openwrt is slow.

* https://openwrt.org/docs/guide-user/services/nas/netatalk_configuration - apple time machine backup server

* https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 - failover for wan. i have used this before, and it worked well.

* https://openwrt.org/tag/faq - FAQs

* https://openwrt.org/docs/techref/flash.layout - Partitions on <s>HDD</s> flash. And overlay fs.

* https://openwrt.org/docs/techref/start - Technical Reference. Has some informative dives into various aspects of low power routers. As an example see this link on flash: https://openwrt.org/docs/techref/flash IME, flash is built in obsolescence. usb drives, sd cards, and onboard flash tend to last much less than advertised. not recommended. SD and SSDs are a trap. from this: even 'reading' flash can cause bad blocks. that's right, even reading. therefore flash is guaranteed to fail. tech companies love it.

* https://openwrt.org/docs/guide-developer/security


{{GNU\Linux}}

Postgres

2021-04-15T21:20:51Z

Adminguy: /* Usage */

==Usage==

Most commands are found by \?
e.g.
\dt - list tables
\l - list databases
\c - connect to db
Since PostgreSQL 10, psql has \gx which is equal to mysql \G
select * from sometable \gx
ref:stackex

==Backup / Restore DB==
===backup===
This will run the dump as the postgres user via su, and avoids some of the permissions errors that can creep up.
# cd /tmp
(just need a writeable directory, aka 777)
# su -c 'pg_dump mydb >> mydb_dump_2020.sql' postgres
assuming you have a postgres admin user, with all rights, this will backup the db. If you are remote, you might need something similar to (localhost/ip, ports, etc specified):
pg_dump -U username -h localhost databasename >> sqlfile.sql
ref: https://stackoverflow.com/questions/37984733/postgresql-database-export-to-sql-file
===restore===
Create the new db:
su - postgres
psql
create database bbbtest;
grant all privileges on database bbbtest to mypguser;
ALTER DATABASE bbbtest OWNER TO mypguser;
and postgres permissions are a disaster online for getting info on (unforunately, there is nothing like mysql's ''mysql -uroot -p -e "grant all on db.* to 'user'@localhost identified by 'pass';"''). But what does work is permissions for specific tables need to be enabled for the user, so:
GRANT ALL ON sometableindb TO mypguser;
\quit
exit
Now, with that file
# su -c 'psql -d newdbname --set ON_ERROR_STOP=on -f ./mydb_dump_2020.sql' postgres

If you get errors, adjust data as needed or remove the ON_ERROR_STOP (some can be ignored,
some can not - use discretion). At least in some cases, you can move data without worrying about postgres versions. I executed a pg_dump from 11.# and imported to 9.6 without issue. Devuan Beowulf to Ascii.

TIP: if you don't specify -d, then the data will get uploaded to one of the preexisting DB. Not good.

Another approach:
<pre>
-- su - postgres
-- -- psql
-- -- -- create database bbbtest;
-- -- -- grant all privileges on database bbbtest to root;
-- -- -- \quit
-- -- exit
-- psql bbbtest < dbmake.sql
-- -- select * from A1;
</pre>

====Verify user permissions and upload was correct====
<pre>
su - mypguser
psql
select * from sometable;
</pre>
See notes about table permissions above.

==Create a user==
* https://wiki.debian.org/PostgreSql

Note that if you have an existing db, you might want to add ownership to this user, or r/w
permissions.

Postgres

2021-04-15T16:40:10Z

Adminguy: /* Usage */

==Usage==

Most commands are found by \?
e.g.
\dt - list tables
\l - list databases
\c - connect to db
Since PostgreSQL 10, psql has \gx which is the exact equivalent of mysql's \G
select * from sometable \gx
ref:stackex

==Backup / Restore DB==
===backup===
This will run the dump as the postgres user via su, and avoids some of the permissions errors that can creep up.
# cd /tmp
(just need a writeable directory, aka 777)
# su -c 'pg_dump mydb >> mydb_dump_2020.sql' postgres
assuming you have a postgres admin user, with all rights, this will backup the db. If you are remote, you might need something similar to (localhost/ip, ports, etc specified):
pg_dump -U username -h localhost databasename >> sqlfile.sql
ref: https://stackoverflow.com/questions/37984733/postgresql-database-export-to-sql-file
===restore===
Create the new db:
su - postgres
psql
create database bbbtest;
grant all privileges on database bbbtest to mypguser;
ALTER DATABASE bbbtest OWNER TO mypguser;
and postgres permissions are a disaster online for getting info on (unforunately, there is nothing like mysql's ''mysql -uroot -p -e "grant all on db.* to 'user'@localhost identified by 'pass';"''). But what does work is permissions for specific tables need to be enabled for the user, so:
GRANT ALL ON sometableindb TO mypguser;
\quit
exit
Now, with that file
# su -c 'psql -d newdbname --set ON_ERROR_STOP=on -f ./mydb_dump_2020.sql' postgres

If you get errors, adjust data as needed or remove the ON_ERROR_STOP (some can be ignored,
some can not - use discretion). At least in some cases, you can move data without worrying about postgres versions. I executed a pg_dump from 11.# and imported to 9.6 without issue. Devuan Beowulf to Ascii.

TIP: if you don't specify -d, then the data will get uploaded to one of the preexisting DB. Not good.

Another approach:
<pre>
-- su - postgres
-- -- psql
-- -- -- create database bbbtest;
-- -- -- grant all privileges on database bbbtest to root;
-- -- -- \quit
-- -- exit
-- psql bbbtest < dbmake.sql
-- -- select * from A1;
</pre>

====Verify user permissions and upload was correct====
<pre>
su - mypguser
psql
select * from sometable;
</pre>
See notes about table permissions above.

==Create a user==
* https://wiki.debian.org/PostgreSql

Note that if you have an existing db, you might want to add ownership to this user, or r/w
permissions.

Postgres

2021-04-15T16:39:23Z

Adminguy:

==Usage==

Since PostgreSQL 10, psql has \gx which is the exact equivalent of mysql's \G
select * from sometable \gx
ref:stackex

==Backup / Restore DB==
===backup===
This will run the dump as the postgres user via su, and avoids some of the permissions errors that can creep up.
# cd /tmp
(just need a writeable directory, aka 777)
# su -c 'pg_dump mydb >> mydb_dump_2020.sql' postgres
assuming you have a postgres admin user, with all rights, this will backup the db. If you are remote, you might need something similar to (localhost/ip, ports, etc specified):
pg_dump -U username -h localhost databasename >> sqlfile.sql
ref: https://stackoverflow.com/questions/37984733/postgresql-database-export-to-sql-file
===restore===
Create the new db:
su - postgres
psql
create database bbbtest;
grant all privileges on database bbbtest to mypguser;
ALTER DATABASE bbbtest OWNER TO mypguser;
and postgres permissions are a disaster online for getting info on (unforunately, there is nothing like mysql's ''mysql -uroot -p -e "grant all on db.* to 'user'@localhost identified by 'pass';"''). But what does work is permissions for specific tables need to be enabled for the user, so:
GRANT ALL ON sometableindb TO mypguser;
\quit
exit
Now, with that file
# su -c 'psql -d newdbname --set ON_ERROR_STOP=on -f ./mydb_dump_2020.sql' postgres

If you get errors, adjust data as needed or remove the ON_ERROR_STOP (some can be ignored,
some can not - use discretion). At least in some cases, you can move data without worrying about postgres versions. I executed a pg_dump from 11.# and imported to 9.6 without issue. Devuan Beowulf to Ascii.

TIP: if you don't specify -d, then the data will get uploaded to one of the preexisting DB. Not good.

Another approach:
<pre>
-- su - postgres
-- -- psql
-- -- -- create database bbbtest;
-- -- -- grant all privileges on database bbbtest to root;
-- -- -- \quit
-- -- exit
-- psql bbbtest < dbmake.sql
-- -- select * from A1;
</pre>

====Verify user permissions and upload was correct====
<pre>
su - mypguser
psql
select * from sometable;
</pre>
See notes about table permissions above.

==Create a user==
* https://wiki.debian.org/PostgreSql

Note that if you have an existing db, you might want to add ownership to this user, or r/w
permissions.

Zencart docker compose

2021-03-16T08:20:57Z

Adminguy:

This was adapted from someone else online. I forget now who. Their example wasn't 100% working.

I'll put this on my git as well.
http://git.steakelectronics.com/adminguy/Zencart_Docker_Compose

Here we go:
Readme:
<pre>
# zencart on docker

Release 1.57c
Debian 10
MariaDB 10.5
php7.3

5+ hours of work.
Maybe should've just used a turnkey appliance. Maybe... Maybe not.

# tips
docker exec -it zencart /bin/bash
</pre>
Dockerfile:
<pre>
FROM debian:10

RUN apt-get update && apt-get install -y \
libapache2-mod-php7.3 \
curl \
unzip \
apt-utils \
zlib1g-dev \
libpng-dev \
libmcrypt-dev \
libzip-dev \
zip

RUN apt-get install -y \
php7.3-mysql \
php-zip \
php7.3-gd \
php7.3-dev \
php7.3-opcache \
php7.3-curl \
&& pecl install mcrypt-1.0.2

RUN a2enmod rewrite
RUN a2enmod ssl

ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE /var/run/apache2.pid
ENV APACHE_RUN_DIR /var/www/html/
ENV APACHE_LOCK_DIR /var/lock/apache2

WORKDIR /tmp
RUN curl -LO https://sourceforge.net/projects/zencart/files/CURRENT%20-%20Zen%20Cart%201.5.x%20Series/zen-cart-v1.5.7c-03052021.zip/download \
&& unzip /tmp/download \
&& mv /tmp/zen-cart*/* /var/www/html/. \
&& cd /var/www/html \
&& cp includes/dist-configure.php includes/configure.php \
&& cp admin/includes/dist-configure.php admin/includes/configure.php \
&& chown -R www-data:www-data /var/www/html

RUN echo '[Date]' > /etc/php/7.3/apache2/conf.d/timezone.ini \
&& echo 'date.timezone = "America/New_York"' >> /etc/php/7.3/apache2/conf.d/timezone.ini

RUN ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

COPY ./newapache2conf /etc/apache2/apache2.conf

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
</pre>
New apache2 conf (see dockerfile for where this goes).
<pre>
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default

#
# The directory where shm and other runtime files will be stored.
#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

</pre>
docker-compose.yml:
<pre>
version: '3'
services:
z157:
build: ./app/
container_name: zencart_157c
ports:
- "80:80"
- "443:443"
depends_on:
- datab
datab:
image: mariadb:10.5
container_name: db_zencart2
volumes:
- ./dbdata:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ROOTPW
MYSQL_USER: user
MYSQL_PASSWORD: pass
MYSQL_DATABASE: zencart
ports:
- "3306:3306"
#volumes:
# db-volume:
</pre>

Zencart docker compose

2021-03-16T08:05:32Z

Adminguy:

This was adapted from someone else online. I forget now who. Their example wasn't 100% working.

I'll put this on my git as well.

Here we go:
Readme:
<pre>
# zencart on docker

Release 1.57c
Debian 10
MariaDB 10.5
php7.3

5+ hours of work.
Maybe should've just used a turnkey appliance. Maybe... Maybe not.

# tips
docker exec -it zencart /bin/bash
</pre>
Dockerfile:
<pre>
FROM debian:10

RUN apt-get update && apt-get install -y \
libapache2-mod-php7.3 \
curl \
unzip \
apt-utils \
zlib1g-dev \
libpng-dev \
libmcrypt-dev \
libzip-dev \
zip

RUN apt-get install -y \
php7.3-mysql \
php-zip \
php7.3-gd \
php7.3-dev \
php7.3-opcache \
php7.3-curl \
&& pecl install mcrypt-1.0.2

RUN a2enmod rewrite
RUN a2enmod ssl

ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE /var/run/apache2.pid
ENV APACHE_RUN_DIR /var/www/html/
ENV APACHE_LOCK_DIR /var/lock/apache2

WORKDIR /tmp
RUN curl -LO https://sourceforge.net/projects/zencart/files/CURRENT%20-%20Zen%20Cart%201.5.x%20Series/zen-cart-v1.5.7c-03052021.zip/download \
&& unzip /tmp/download \
&& mv /tmp/zen-cart*/* /var/www/html/. \
&& cd /var/www/html \
&& cp includes/dist-configure.php includes/configure.php \
&& cp admin/includes/dist-configure.php admin/includes/configure.php \
&& chown -R www-data:www-data /var/www/html

RUN echo '[Date]' > /etc/php/7.3/apache2/conf.d/timezone.ini \
&& echo 'date.timezone = "America/New_York"' >> /etc/php/7.3/apache2/conf.d/timezone.ini

RUN ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

COPY ./newapache2conf /etc/apache2/apache2.conf

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
</pre>
New apache2 conf (see dockerfile for where this goes).
<pre>
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default

#
# The directory where shm and other runtime files will be stored.
#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

</pre>
docker-compose.yml:
<pre>
version: '3'
services:
z157:
build: ./app/
container_name: zencart_157c
ports:
- "80:80"
- "443:443"
depends_on:
- datab
datab:
image: mariadb:10.5
container_name: db_zencart2
volumes:
- ./dbdata:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ROOTPW
MYSQL_USER: user
MYSQL_PASSWORD: pass
MYSQL_DATABASE: zencart
ports:
- "3306:3306"
#volumes:
# db-volume:
</pre>

Zencart docker compose

2021-03-16T08:04:49Z

Adminguy:

This was adapted from someone else online. I forget now who. Their example wasn't 100% working.

Here we go:
Readme:
<pre>
# zencart on docker

Release 1.57c
Debian 10
MariaDB 10.5
php7.3

5+ hours of work.
Maybe should've just used a turnkey appliance. Maybe... Maybe not.

# tips
docker exec -it zencart /bin/bash
</pre>
Dockerfile:
<pre>
FROM debian:10

RUN apt-get update && apt-get install -y \
libapache2-mod-php7.3 \
curl \
unzip \
apt-utils \
zlib1g-dev \
libpng-dev \
libmcrypt-dev \
libzip-dev \
zip

RUN apt-get install -y \
php7.3-mysql \
php-zip \
php7.3-gd \
php7.3-dev \
php7.3-opcache \
php7.3-curl \
&& pecl install mcrypt-1.0.2

RUN a2enmod rewrite
RUN a2enmod ssl

ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE /var/run/apache2.pid
ENV APACHE_RUN_DIR /var/www/html/
ENV APACHE_LOCK_DIR /var/lock/apache2

WORKDIR /tmp
RUN curl -LO https://sourceforge.net/projects/zencart/files/CURRENT%20-%20Zen%20Cart%201.5.x%20Series/zen-cart-v1.5.7c-03052021.zip/download \
&& unzip /tmp/download \
&& mv /tmp/zen-cart*/* /var/www/html/. \
&& cd /var/www/html \
&& cp includes/dist-configure.php includes/configure.php \
&& cp admin/includes/dist-configure.php admin/includes/configure.php \
&& chown -R www-data:www-data /var/www/html

RUN echo '[Date]' > /etc/php/7.3/apache2/conf.d/timezone.ini \
&& echo 'date.timezone = "America/New_York"' >> /etc/php/7.3/apache2/conf.d/timezone.ini

RUN ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

COPY ./newapache2conf /etc/apache2/apache2.conf

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
</pre>
New apache2 conf (see dockerfile for where this goes).
<pre>
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default

#
# The directory where shm and other runtime files will be stored.
#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

</pre>
docker-compose.yml:
<pre>
version: '3'
services:
z157:
build: ./app/
container_name: zencart_157c
ports:
- "80:80"
- "443:443"
depends_on:
- datab
datab:
image: mariadb:10.5
container_name: db_zencart2
volumes:
- ./dbdata:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ROOTPW
MYSQL_USER: user
MYSQL_PASSWORD: pass
MYSQL_DATABASE: zencart
ports:
- "3306:3306"
#volumes:
# db-volume:
</pre>

Zencart docker compose

2021-03-16T08:04:35Z

Adminguy:

This was adapted from someone else online. I forget now who. Their example wasn't 100% working.

Here we go:
<pre>
# zencart on docker

Release 1.57c
Debian 10
MariaDB 10.5
php7.3

5+ hours of work.
Maybe should've just used a turnkey appliance. Maybe... Maybe not.

# tips
docker exec -it zencart /bin/bash
</pre>
Dockerfile:
<pre>
FROM debian:10

RUN apt-get update && apt-get install -y \
libapache2-mod-php7.3 \
curl \
unzip \
apt-utils \
zlib1g-dev \
libpng-dev \
libmcrypt-dev \
libzip-dev \
zip

RUN apt-get install -y \
php7.3-mysql \
php-zip \
php7.3-gd \
php7.3-dev \
php7.3-opcache \
php7.3-curl \
&& pecl install mcrypt-1.0.2

RUN a2enmod rewrite
RUN a2enmod ssl

ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE /var/run/apache2.pid
ENV APACHE_RUN_DIR /var/www/html/
ENV APACHE_LOCK_DIR /var/lock/apache2

WORKDIR /tmp
RUN curl -LO https://sourceforge.net/projects/zencart/files/CURRENT%20-%20Zen%20Cart%201.5.x%20Series/zen-cart-v1.5.7c-03052021.zip/download \
&& unzip /tmp/download \
&& mv /tmp/zen-cart*/* /var/www/html/. \
&& cd /var/www/html \
&& cp includes/dist-configure.php includes/configure.php \
&& cp admin/includes/dist-configure.php admin/includes/configure.php \
&& chown -R www-data:www-data /var/www/html

RUN echo '[Date]' > /etc/php/7.3/apache2/conf.d/timezone.ini \
&& echo 'date.timezone = "America/New_York"' >> /etc/php/7.3/apache2/conf.d/timezone.ini

RUN ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

COPY ./newapache2conf /etc/apache2/apache2.conf

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
</pre>
New apache2 conf (see dockerfile for where this goes).
<pre>
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default

#
# The directory where shm and other runtime files will be stored.
#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

</pre>
docker-compose.yml:
<pre>
version: '3'
services:
z157:
build: ./app/
container_name: zencart_157c
ports:
- "80:80"
- "443:443"
depends_on:
- datab
datab:
image: mariadb:10.5
container_name: db_zencart2
volumes:
- ./dbdata:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ROOTPW
MYSQL_USER: user
MYSQL_PASSWORD: pass
MYSQL_DATABASE: zencart
ports:
- "3306:3306"
#volumes:
# db-volume:
</pre>

Zencart docker compose

2021-03-16T08:02:47Z

Adminguy: Created page with "This was adapted from someone else online. I forget now who. Their example wasn't 100% working. Here we go: <pre> # zencart on docker Release 1.57c Debian 10 MariaDB 10.5 ph..."

Docker

2021-03-16T08:01:24Z

Adminguy: /* See Also */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]
* [[zencart_docker_compose]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Irssi

2021-03-15T10:51:22Z

Adminguy: /* Other */

Because discord and slack are proprietary.

I've tried a few times to get into irssi, but realized the only way I'd be able to use it is with a long term running VPS, and documenting my steps here.

==Usage==
Login to VPS. Start tmux with
tmux new -s irssi irssi
If you later logout, you can re attach with:
tmux attach -t irssi
or alternatively, if you only have one tmux window open:
tmux attach
NOTE: You can close the window (I have a kill shortcut on F12) or ctrl-b d
to detach from tmux.

Add IRC server if not already saved.
/server add -auto -network Freenode irc.freenode.net 6667
Connect to server.
/connect freenode
Can alternatively do
/connect irc.freenode.net
Add your name to freenode, if not already saved (this is a benefit of saving the server)
/network add -nick <your-nick> Freenode
When you login, you will want to register, if you haven't already. Then follow the server's
instructions for the password. The server's output often displays on a different window than your
default. So
CTRL-N
to switch to the next IRSSI window.

===Windows===
If you want a new window:
/window new
If you want to get rid of the split window
/window hide #
You might have to turn off the "sticky" window. It will prompt you if necessary, for example if you hit CTRL-N

====Freenode Search====
Servers manage search differently. You can always /list, but that is too many to read. For freenode:
/msg alis LIST * -topic electronics
There are more instructions here: https://freenode.net/kb/answer/findingchannels
But the help doc is outdated, and at least one of the examples doesn't work (2019/10). So just use above.

After you search, scroll up pages in irssi default setup with:
PageUp
Just the page up key. Much easier than screen which requires changing modes.

====Logs====
mkdir ~/irclogs
in irssi
/SET autolog ON
login to server. quit irssi. verify that log was created.
ref: https://irssi.org/documentation/startup/#logging

====Ignore parts, joins, quits====
<pre>/ignore * joins parts quits nicks
/save</pre>
ref: https://www.rosipov.com/blog/irssi-ignore-all-from-everyone/

===Other===
https://github.com/irssi/irssi/blob/master/docs/manual.txt

From:
https://gist.github.com/tasdikrahman/ec4e46a42cbf38c73ef3af863680c786

"The most important thing to know about navigating between windows is
that alt + a sends you to the window with the most recent, most
important activity. Pressing it consecutively will first lead you
through all windows that are pink in your activity bar, then all
windows that are white, and then the rest. This is not entirely
correct, but if you are able to correct me on this, you don’t need
this article in the first place :-)

Then there are alt + 1, alt + 2 , and so on. These take you directly
to the window with that number. By default, the top 2 lines of your
(qwerty) keyboard are bound that way, all the way up to alt + o, which
takes you to window 19.

Going to the next or previous window can be done by pressing ctrl + p
or ctrl + n, or via alt + arrow left or alt + arrow right."

==GNU Screen==

scroll up
ctrl-a ESC
pgup / pgdn
output current screen buffer to file
ctrl-a :
hardcopy output.file (type this)
output whole screen buffer to file
ctrl-a :
hardcopy -h output.file
Note: if file seems blank at the top, scroll down.
connect w/serial
# screen /dev/ttyS0 115200

==Tmux==

===Two ttys / logins with r/w to same terminal===
There is some misleading info about this online. If you search tmux multiple users, they will say not possible. Well maybe multiple users is wrong semantics. I want multiple logins to access the same terminal. They can be the same account. Therefore:

in first terminal

tmux new-session -s shared

Then in the second terminal attach to the shared session.
tmux list-sessions
tmux attach -t shared
key here is -t must be used by the 2nd tmux.
ref: https://www.howtoforge.com/sharing-terminal-sessions-with-tmux-and-screen
and
ref: https://bbs.archlinux.org/viewtopic.php?id=213229

'''why would you do this'''

If you have a TFT on an RPI or [[Beaglebone]], you can edit the tft tty without logging in to it directly. Have the tft auto load a tmux session after a delay, and then connect into it from another acct.

==Security on IRC==
Don't use your home internet connection, use a VPS. You can get VPS for extremely cheap ($10-15/yr) which are perfect for IRC.

==IRC Gabbers (Politics)==
IRC support chats are not for socializing. No one has time to read your hugbox. Keep it simple, and to the point. Life is short.

Irssi

2021-03-15T10:51:09Z

Adminguy: /* Other */

Because discord and slack are proprietary.

I've tried a few times to get into irssi, but realized the only way I'd be able to use it is with a long term running VPS, and documenting my steps here.

==Usage==
Login to VPS. Start tmux with
tmux new -s irssi irssi
If you later logout, you can re attach with:
tmux attach -t irssi
or alternatively, if you only have one tmux window open:
tmux attach
NOTE: You can close the window (I have a kill shortcut on F12) or ctrl-b d
to detach from tmux.

Add IRC server if not already saved.
/server add -auto -network Freenode irc.freenode.net 6667
Connect to server.
/connect freenode
Can alternatively do
/connect irc.freenode.net
Add your name to freenode, if not already saved (this is a benefit of saving the server)
/network add -nick <your-nick> Freenode
When you login, you will want to register, if you haven't already. Then follow the server's
instructions for the password. The server's output often displays on a different window than your
default. So
CTRL-N
to switch to the next IRSSI window.

===Windows===
If you want a new window:
/window new
If you want to get rid of the split window
/window hide #
You might have to turn off the "sticky" window. It will prompt you if necessary, for example if you hit CTRL-N

====Freenode Search====
Servers manage search differently. You can always /list, but that is too many to read. For freenode:
/msg alis LIST * -topic electronics
There are more instructions here: https://freenode.net/kb/answer/findingchannels
But the help doc is outdated, and at least one of the examples doesn't work (2019/10). So just use above.

After you search, scroll up pages in irssi default setup with:
PageUp
Just the page up key. Much easier than screen which requires changing modes.

====Logs====
mkdir ~/irclogs
in irssi
/SET autolog ON
login to server. quit irssi. verify that log was created.
ref: https://irssi.org/documentation/startup/#logging

====Ignore parts, joins, quits====
<pre>/ignore * joins parts quits nicks
/save</pre>
ref: https://www.rosipov.com/blog/irssi-ignore-all-from-everyone/

===Other===
https://github.com/irssi/irssi/blob/master/docs/manual.txt

The below is from:
https://gist.github.com/tasdikrahman/ec4e46a42cbf38c73ef3af863680c786

"The most important thing to know about navigating between windows is
that alt + a sends you to the window with the most recent, most
important activity. Pressing it consecutively will first lead you
through all windows that are pink in your activity bar, then all
windows that are white, and then the rest. This is not entirely
correct, but if you are able to correct me on this, you don’t need
this article in the first place :-)

Then there are alt + 1, alt + 2 , and so on. These take you directly
to the window with that number. By default, the top 2 lines of your
(qwerty) keyboard are bound that way, all the way up to alt + o, which
takes you to window 19.

Going to the next or previous window can be done by pressing ctrl + p
or ctrl + n, or via alt + arrow left or alt + arrow right."

==GNU Screen==

scroll up
ctrl-a ESC
pgup / pgdn
output current screen buffer to file
ctrl-a :
hardcopy output.file (type this)
output whole screen buffer to file
ctrl-a :
hardcopy -h output.file
Note: if file seems blank at the top, scroll down.
connect w/serial
# screen /dev/ttyS0 115200

==Tmux==

===Two ttys / logins with r/w to same terminal===
There is some misleading info about this online. If you search tmux multiple users, they will say not possible. Well maybe multiple users is wrong semantics. I want multiple logins to access the same terminal. They can be the same account. Therefore:

in first terminal

tmux new-session -s shared

Then in the second terminal attach to the shared session.
tmux list-sessions
tmux attach -t shared
key here is -t must be used by the 2nd tmux.
ref: https://www.howtoforge.com/sharing-terminal-sessions-with-tmux-and-screen
and
ref: https://bbs.archlinux.org/viewtopic.php?id=213229

'''why would you do this'''

If you have a TFT on an RPI or [[Beaglebone]], you can edit the tft tty without logging in to it directly. Have the tft auto load a tmux session after a delay, and then connect into it from another acct.

==Security on IRC==
Don't use your home internet connection, use a VPS. You can get VPS for extremely cheap ($10-15/yr) which are perfect for IRC.

==IRC Gabbers (Politics)==
IRC support chats are not for socializing. No one has time to read your hugbox. Keep it simple, and to the point. Life is short.

Irssi

2021-03-15T10:50:04Z

Adminguy: /* Windows */

Because discord and slack are proprietary.

I've tried a few times to get into irssi, but realized the only way I'd be able to use it is with a long term running VPS, and documenting my steps here.

==Usage==
Login to VPS. Start tmux with
tmux new -s irssi irssi
If you later logout, you can re attach with:
tmux attach -t irssi
or alternatively, if you only have one tmux window open:
tmux attach
NOTE: You can close the window (I have a kill shortcut on F12) or ctrl-b d
to detach from tmux.

Add IRC server if not already saved.
/server add -auto -network Freenode irc.freenode.net 6667
Connect to server.
/connect freenode
Can alternatively do
/connect irc.freenode.net
Add your name to freenode, if not already saved (this is a benefit of saving the server)
/network add -nick <your-nick> Freenode
When you login, you will want to register, if you haven't already. Then follow the server's
instructions for the password. The server's output often displays on a different window than your
default. So
CTRL-N
to switch to the next IRSSI window.

===Windows===
If you want a new window:
/window new
If you want to get rid of the split window
/window hide #
You might have to turn off the "sticky" window. It will prompt you if necessary, for example if you hit CTRL-N

====Freenode Search====
Servers manage search differently. You can always /list, but that is too many to read. For freenode:
/msg alis LIST * -topic electronics
There are more instructions here: https://freenode.net/kb/answer/findingchannels
But the help doc is outdated, and at least one of the examples doesn't work (2019/10). So just use above.

After you search, scroll up pages in irssi default setup with:
PageUp
Just the page up key. Much easier than screen which requires changing modes.

====Logs====
mkdir ~/irclogs
in irssi
/SET autolog ON
login to server. quit irssi. verify that log was created.
ref: https://irssi.org/documentation/startup/#logging

====Ignore parts, joins, quits====
<pre>/ignore * joins parts quits nicks
/save</pre>
ref: https://www.rosipov.com/blog/irssi-ignore-all-from-everyone/

===Other===
https://github.com/irssi/irssi/blob/master/docs/manual.txt

ref:
https://gist.github.com/tasdikrahman/ec4e46a42cbf38c73ef3af863680c786

The most important thing to know about navigating between windows is
that alt + a sends you to the window with the most recent, most
important activity. Pressing it consecutively will first lead you
through all windows that are pink in your activity bar, then all
windows that are white, and then the rest. This is not entirely
correct, but if you are able to correct me on this, you don’t need
this article in the first place :-)

Then there are alt + 1, alt + 2 , and so on. These take you directly
to the window with that number. By default, the top 2 lines of your
(qwerty) keyboard are bound that way, all the way up to alt + o, which
takes you to window 19.

Going to the next or previous window can be done by pressing ctrl + p
or ctrl + n, or via alt + arrow left or alt + arrow right.

==GNU Screen==

scroll up
ctrl-a ESC
pgup / pgdn
output current screen buffer to file
ctrl-a :
hardcopy output.file (type this)
output whole screen buffer to file
ctrl-a :
hardcopy -h output.file
Note: if file seems blank at the top, scroll down.
connect w/serial
# screen /dev/ttyS0 115200

==Tmux==

===Two ttys / logins with r/w to same terminal===
There is some misleading info about this online. If you search tmux multiple users, they will say not possible. Well maybe multiple users is wrong semantics. I want multiple logins to access the same terminal. They can be the same account. Therefore:

in first terminal

tmux new-session -s shared

Then in the second terminal attach to the shared session.
tmux list-sessions
tmux attach -t shared
key here is -t must be used by the 2nd tmux.
ref: https://www.howtoforge.com/sharing-terminal-sessions-with-tmux-and-screen
and
ref: https://bbs.archlinux.org/viewtopic.php?id=213229

'''why would you do this'''

If you have a TFT on an RPI or [[Beaglebone]], you can edit the tft tty without logging in to it directly. Have the tft auto load a tmux session after a delay, and then connect into it from another acct.

==Security on IRC==
Don't use your home internet connection, use a VPS. You can get VPS for extremely cheap ($10-15/yr) which are perfect for IRC.

==IRC Gabbers (Politics)==
IRC support chats are not for socializing. No one has time to read your hugbox. Keep it simple, and to the point. Life is short.

Alpine

2021-03-03T10:22:30Z

Adminguy: /* Search for library */

==General Tips==
===Building a package in Alpine===

https://wiki.alpinelinux.org/wiki/Category_talk:Developer_Documentation#Building_from_source_and_creating_packages

https://wiki.alpinelinux.org/wiki/Custom_Kernel

===Xorg video playback stutters upon suspend / resume===

I added the following configuration to xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "uxa"
EndSection

This seems to resolve video playback issues. What happens is that the video will not play, though audio will. Only the first frame or so is visible. Video seems to be unable to display. This is a documented fix. The important part is AccelMethod.
https://wiki.archlinux.org/index.php/Intel_Graphics
Also documented in forums that I can't seem to find at the moment.

===Python3 Script Won't Run===
$ ztdl
env: can't execute python
solution:
python3 /usr/local/bin/ztdl

===Cloning HDD===

When cloning a hdd, do the
following:
*clonezilla or otherwise rsync partitions and recreate partitions to similar boundaries
by default clonezilla might fail, due to -C not being set. There is an icds option for restore, but it can either be edited into /usr/sbin/ocs-onthefly for partclone or just rsync then:
*edit etc fstab uuids
*edit (boot partition) grub/grub.cfg root=uuid=whatever to root=/dev/sda3
*can also be in /dev/sda1 - extlinux.conf
NOTE: normal editing of extlinux.conf can also be done with the extlinux in /etc/

===Kernel, Initramfs recovery===
If upgrade fails halfway through for any reason (hdd failing, system in a broken state), you may be left with a unbootable machine. Keep an extra /boot/vmlinuz-lts and /boot/initramfs-lts and also a copy of that kernels /lib/modules/<kernelvers> around in case. I keep mine in a folder named /boot/recovery. Backup hdds help here. If you have a corrupt initramfs, or kernel, move the old files back over to /boot from another machine. Now, from the alpine machine (not from a different dist chroot, which didn't work for me btw), boot up, and run mkinitfs again. The command is easy to mess up, so here's the correct one (as of 3.12)
mkinitfs -c /etc/mkinitfs/mkinitfs.conf -b / <kernelvers>

The kernel vers for the new kernel can be found from /lib/modules. It should also have a folder, as the script will load modules into the initramfs
ref:
https://wiki.alpinelinux.org/wiki/Running_Alpine_in_a_Docker_Container

https://wiki.alpinelinux.org/wiki/NVME

https://wiki.alpinelinux.org/wiki/Bootloaders

https://wiki.alpinelinux.org/wiki/Setting_up_a_software_RAID_array

===UTF-8 Characters===
If you see certain foreign language characters not showing up correctly, you can try installing different fonts.
apk search ttf
But I found that changing in FF opensans to sans-serif fixed some of them for me. opensans had partial support for international characters.

===History File Size===
Alpine uses ash, not bash.
printenv
Histfilesize / histsize should be set correctly.

===Search for package===
There's obv
apk search <packagename>
but, there is also
apk search -v --description 'something descriptive'
e.g.
apk search -v --description 'browser'

===Search for who owns a certain file===
apk info -W ./somefile.so
Some info options (omitted a few):<pre>
Info options:
-L, --contents List contents of the PACKAGE
-e, --installed Check if PACKAGE is installed
-W, --who-owns Print the package owning the specified file
-R, --depends List packages that the PACKAGE depends on
-r, --rdepends List all packages depending on PACKAGE
--replaces List packages whom files PACKAGE might replace
-w, --webpage Show URL for more information about PACKAGE
-s, --size Show installed size of PACKAGE
-d, --description Print description for PACKAGE
-a, --all Print all information about PACKAGE
</pre>

==Links==
https://wiki.alpinelinux.org/wiki/Configure_Wake-on-LAN Configure_Wake-on-LAN

gcompat - way to run glibc programs

https://wiki.alpinelinux.org/wiki/Running_glibc_programs



{{GNU\Linux}}

Alpine

2021-03-03T10:15:26Z

Adminguy: /* Search for library */

Alpine

2021-03-03T10:14:51Z

Adminguy: /* Search for package */

Unix Commands

2021-02-25T22:27:49Z

Adminguy:

some years of gnulinux, commands i have found easy to understand, yet still useful

find . -print | grep <somefile>
find . -printf '$TY-%Tm-%Td %p\n' | grep 2020-12-29
stat /files/* | grep -A5 <somenameoffile> | awk 'xor(/File/,/Modify/)' > /tmp/dates
sed -e 's/original/new/g' -i editfileinplace.txt
grep 'one|two|three' -search multiple items (may want to add -i to ignore case)

edit .bashrc
alias hs="history"

===Useful but less intuitive commands===
To get file counts for all directories (say you want to know how bloated / lean a software project is)
du -a | cut -d/ -f2 | sort | uniq -c | sort -nr

Resources: Unix Power Tools 1993

Docker

2021-02-25T22:13:35Z

Adminguy: /* Creating a docker-compose with a stable or latest tag */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you should link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-02-25T22:13:13Z

Adminguy: /* Fails */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Poor Design==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you must link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-02-25T22:05:02Z

Adminguy: /* Dockerfile */

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

Basic usage is:
* Docker-compose builds container from dockerfile (say you start with alpine, and install some programs)
* that container you built is used from thence on.
* if you want to change dockerfile, make changes and you must call docker-compose up --build otherwise, it will use the old container

For a basic apache server, you might call the following in a cmd at the end of the dockerfile:
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
When in doubt, work off of existing examples.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Fails==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you must link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Docker

2021-02-24T07:12:37Z

Adminguy:

Docker is a type of virtualization for Gnu\Linux that allows programs to run and share similar resources, without having a full OS for each image, but while still isolating each 'vm'.

==General Tips==
It helps to read a book, and then keep it as a Reference. Here Using Docker By Adrian Mouat is a decent book. In fact, you should be reading books on any subject that interests you. Physical paper books, too.

Docker is x86_64. ARM has a separate build. There is no i386.

You will want 'some' RAM. I had 1GB on a P4 machine, and that was not enough. 4GB was enough.

You should always use docker compose. Docker is possible to run on the command line, but with a compose file, you can write everything down in a much simpler fashion. Use compose. It's a separate install, currently. Install it. ''Seriously, just ignore the docker command lines. I consider them useless. More of a red herring for rookies.''

===ARM is SOL===
I tried to use Docker on ARM, and while you might be able to install docker, you will find that images for your applications may not be there. e.g. you will find Nginx, but you won't find Gitlab. This means that docker is pretty much x86-64 only.

==Docker Commands==
Here are commands you need to know. Just the necessary ones.
{{cmd| docker-compose up -d}}

Starts the containers in the docker compose file, if they aren't already started. the -d detaches from the stdout logging. You don't need to use stdout logging, you can use docker logs, but its there if you want it.
{{cmd| docker ps }}
Lists containers running. If one fails to start, you'll see it missing from here
{{cmd|docker logs <containername> }}
Gives you some logging output from the container. Often enough to troubleshoot. (also see tips below).
{{cmd|docker exec -it <containername> /bin/bash}}
This will get you in a shell in the docker container. From here you can do what you need to. Most are debian, and need apt-get install less nano or whatever program you are missing. Ping is missing from possibly all containers, so if you want to test via ping, you'll have to apt-get it.
{{cmd|docker-compose restart }}
This will restart all containers. However, I don't recommend it. Initting containers can get corrupted this way, and also its much easier to restart a single faulty container via...
{{cmd|docker restart <containername> }}
This will restart one single container.
{{cmd|docker cp <containername>:/dir/to/file dest }}
You can copy files from local machine to docker, or vice versa with this. Extremely useful.

===Deleting Containers===
Less often, you might want to know
{{cmd|
#!/bin/bash
docker rm $(docker ps -a -q)
docker rmi $(docker images -q) --force}}

This starts over from scratch. This is how easy it is to reboot a docker from square one. note: below command (rmi), only needed if you want to remove base images. Needed when updating a stable. Not needed when changing other parameters not related to base image. Also, this deletes all containers, which maybe you don't want to do, if you either A) only want to delete certain images you are testing B) have some containers with custom changes saved, and not backed up elsewhere.

===Updating===
docker images
(shows out of date image)
docker pull mysql
(downloads new image)
docker images
(shows two versions of mysql. old and new)
docker stop some_container_name
docker rmi -f cjklfs23404
(where cjklfs23404 is the old container alias under docker images)
docker-compose up -d mysql

====Containers don't all Restart?!====
Make sure to have in your docker compose for each container a '''restart:always'''
Otherwise, a container won't necessarily start when docker is restarted.

===Search for images===
docker search <imagename>
====Search for Versions of an image====
What if you want to see what versions are available for a given image? Say you want php, but don't know which to get. hub.docker.com is broken. Requires js, slow, and bad. You can't get a list of images on it easily.

Solution:
<pre>
#!/bin/bash
#https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
#$1 means
#first parameter you pass to this script will be searched
#e.g. working: debian
#note: some have multiple layers
#e.g. gitea/gitea is literally entered as $1 == gitea/gitea (teste, working)
# while debian is just debian. so be aware.

wget -q https://registry.hub.docker.com/v1/repositories/$1/tags -O - \
| sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
</pre>
Ref: https://stackoverflow.com/questions/54418542/dockerhub-listing-all-available-versions-of-a-given-image

https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry

===Save Changes to Docker Image===
docker commit
See official documentation.

==Dockerfile==
Dockerfiles and compose are slightly confusing. Sometimes you see images run an entrypoint script, sometimes not. In any case, Dockerfiles are fundamental to reproducible builds.

==Volumes==
Volumes can be handled at least two ways. The simplest is to store files in a local directory which is then mapped to the remote drive.

e.g. docker-compose:
<pre>
nginx:
image: nginx:####
container_name: mynginxserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./local_dir/:/var/www/html/
- ./local_logs/:/var/log/nginx/
ports:
- 80:80
- 443:443
restart: always
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
</pre>
Here, in the local dir where docker-compose is run, the ./local_dir/ or ./local_logs will store the containers html or logs respectively. Simple.

However, if you just have a volume, without a local directory, then it will save in /var/ somewhere (unintuitive... bad).
e.g. from Dolibarr:
<pre>
The Dolibarr installation and all data beyond what lives in the database
(file uploads, etc) are stored in the unnamed docker volume volume
/var/www/html and /var/www/documents. The docker daemon will store
that data within the docker directory /var/lib/docker/volumes/....
That means your data is saved even if the container crashes, is stopped
or deleted.
</pre>

==Specific Tips==
===YAML is space sensitive===
When you edit the .yml file for docker-compose, you have to hit spaces in a certain pattern (tabs not allowed). This is absurd, but just be aware. The errors are cryptic, and its often just because the spacing doesn't stick to what it expects.
===If you restart a containers namesake process, it will probably restart / reset the container===
So if you are troubleshooting an apache container, you edit some files, then /etc/init.d/apache2 restart, uh oh... You just undid all the edits you made, if they aren't in a permanent volume. You can shell in, make edits, and then exit the shell, but a service restart often resets the container.
===Consider a single reverse proxy, to handle multiple websites===
There are many ways to do this. I use an nginx proxy from scratch. You can also use some containers that are built for this purpose (I personally think it's bloated but a lot of people use Jason Wilder's proxy)
https://web.archive.org/web/https://github.com/jwilder/nginx-proxy - A lot of people swear by this, but I think it's straying too far to the high level.
===If you use a single reverse proxy, Lets Encrypt can be done easy===
In this case scenario you would have certbot on the host and a local volume that the proxy has access to which is the webroot of the Lets Encrypt scripts. The nginx proxy entry look something like this:
<pre>
location ^~ /.well-known {
alias /var/www/html/.well-known/;
autoindex on;
}
</pre>
And this is put in every server declaration of nginx.conf. Real simple, real easy. The docker compose of the nginx proxy is something like:

{{cat|docker-compose.yml|
nginx:
image: nginx:latest
container_name: custom_name_for_my_proxy
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- ./webroot/:/var/www/html/
}}

The volumes section is extremely simple, don't be scared. There are two entries. Local and remote. You specify what folder will be the local directory which will be cloned to the host at the remote path you specify. So, the host runs certbot at /etc/letsencrypt, and this folder is cloned to the nginx proxy container, at the same location. Finally, webroot must be set in certbot, but it prompts you for this. And if you forget or get it wrong, it can be configured somewhere in /etc/letsencrypt. it's a one liner text entry).

===Give every Container a Containername===
This makes it easier to refer to them later. All you need to do in the compose file is include container\_name: something. Much better than the gibberish they give these names if you don't include it.
===Beware of Interrupting Initting Containers===
When you first build a container, it might take 30-60 or more seconds to do whatever it needs to do. If, before then, you restart it... It may get corrupted. This has happened to me more than once. When you are testing a new container, and it doesn't seem to work for some inexplicable reason, create a container with a new name (it will create a new one), or delete the first one, and start it again.
===Put Apache or Program logs from the Container in a volume that is locally accessible===
This means you want a volume something like ./containerA\_files/logs:/var/www/log/apache2/ so that you can monitor the logs from your host machine easily. docker logs doesn't have everything.
===Only Restart Containers you need to Restart===
You can restart everything with docker-compose restart, but it's faster, and less prone to break initting containers, if you docker restart containername. Do the latter.
===Volumes Mounting Over Existing Directories===
As discussed here: https://web.archive.org/web/https://github.com/moby/moby/issues/4361, if you add a volume to an existing container, it will seem to delete the folder's contents. I've seen mixed behaviour with this. Sometimes it deletes it even if you start a new container with the folder... Other times it has not. In any case, just docker cp the files to the folder, then add the volume mount. This may not be the most graceful solution for upgrades, but it will work. Best practices would be here (See: dbxt commented Dec 14, 2014): https://web.archive.org/web/https://github.com/docker-library/wordpress/issues/10
===If you edit a docker-compose file you must restart the container with Docker-compose===
If you make a change in docker compose, you must docker stop service, then docker-compose up -d service. Otherwise the changes will not take effect. The mistake here, would be thinking that you could just docker stop service, then docker start service... That doesn't work.
===Keep verbose logging off your HDD with RAM only logging===
If you have e.g. apache/nginx write to your HDD with every website visit, it will quickly wear out your HDD (esp. SSD). Put verbose logging in the RAM only with a tmpfs mount. https://docs.docker.com/storage/tmpfs/

e.g. (ref: https://stackoverflow.com/questions/41902930/docker-compose-tmpfs-not-working)
<pre>
services:
ubuntu:
image: ubuntu
command: "bash -c 'mount'"
volumes:
- cache_vol:/var/cache
- run_vol:/run

volumes:
run_vol:
driver_opts:
type: tmpfs
device: tmpfs
cache_vol:
driver_opts:
type: tmpfs
device: tmpfs
</pre>

This also allows you to share the tmpfs mounts if needed.

Access it from host via:
docker exec -it nginx_server tail -F /run/shm/access.log
Note that you might think you can do
docker container run my_nginx_server tail -F /run/shm/access.log
But that will only work on container base images, not running containers. To 'execute' a command on a running or existing container, the command you want is exec. (Also used to interactively start bash shell above)

EDIT: Use with discretion. Active data in RAM may use power.

===Mysql Backup / Restore===
<pre>
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql

# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
</pre>
ref: https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb
May not need to do this, if you keep the DB (ibdata files) in a local directory/volume via docker-compose.yml
e.g.
mydb:
image: mysql:9999
volumes:
- ./db_files:/var/lib/mysql
restart: always

===Limit docker logs===
Docker will keep lots of logs if you don't manage it.
https://github.com/docker/compose/issues/1083
https://docs.docker.com/compose/compose-file/#logging
https://stackoverflow.com/questions/31829587/docker-container-logs-taking-all-my-disk-space
view (all) logs with
docker-compose logs
To limit a service's logs in docker-compose do the following:
* find a containers/services entry
* append to the end (watch the white space & no tabs)
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
The rule with logs, is nothing - unless you need it. Then everything. Any unnecessary logging is taxing the CPU / HDD.
Which leads me to...

===view details about container===
To view paths, configuration settings, etc...
See
docker inspect <name or id>
It's easier to grep these. the search in less wasn't working for me to find .LogPath for example.
docker inspect mycontainer | grep log
Will show where the log files are located.

===Installing Docker-compose from pip or github binary not Debian===
Subject. See official docker documentation which states the URL of
github.com/docker/compose/releases or pip.

Pip is probably better.
apt-get install python3-pip
pip3 install docker-compose

==Troubleshooting==
===Cannot start container: [0] Id already in use #20570===
* https://github.com/moby/moby/issues/20570
After update, unable to start container. Solution was found to be:
docker-compose down -v then docker-compose up -d
Container was viewable with
docker ps -a (not just docker ps)
==Fails==
===Creating a docker-compose with a stable or latest tag===
If you make a docker-compose file, you must link it to a marked version. You can later edit it, to use stable or latest, but one of the strengths of Docker is version control. If you create a docker-compose, always test on a specific version, should you need to roll back in the future. Otherwise, your scripts will fail in 2-20-200 years when the conf files are not supported anymore.

e.g. https://github.com/nucreativa/frontaccounting-docker (6th commit)
Here, the nginx config is no longer supported in vhosts, it must be in server_blocks. This would've been avoided by denoting a fixed nginx release instead of tag:latest.

==See Also==

* [[samba_docker_by_dlandon]]

==External Links==
* https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/docker.sh Information dense cheatsheet (unfortunately github)
* https://gist.github.com/spalladino/6d981f7b33f6e0afe6bb A million idiots type "thanks". Also the source for the mysql backup command.

{{GNU\Linux}}

Alpine

2021-02-19T05:36:02Z

Adminguy: /* Links */

Alpine

2021-02-19T05:35:50Z

Adminguy: /* Links */

Parallax Propeller on Linux w/SimpleIDE

2021-02-19T05:29:10Z

Adminguy:

I recently got an issue of Nuts and Volts Electronics magazine to find the first article mentioning the Parallax Propeller 2. What is the Propeller, and why would I want it? The propeller is like a microcontroller/Arduino, and it is like an FPGA. It has 8 cores (P2) which can operate independently. In a perfect world, this means you have 8 microcontrollers on one chip.

==Propeller and Linux Traps==
So, you come from the RPI world, or run FOSS, and want to use the P2 on Linux. Great. But, a warning: There are a lot of dead ends in Propeller world. The quick answer to get it working is do the following:
# Use Debian Buster (possibly stretch or jessie)
# Use the PropellerGCC website here: https://www.sites.google.com/site/propellergcc/ http://web.archive.org/web/20201009074325/https://sites.google.com/site/propellergcc/downloads/linux-downloads
# Download the .deb package. (backup: https://archive.org/details/simpleide-0.9.66-amd64-debian-linux)
# Install with gdebi (if you don't know what that is, look it up)
# Load simpleide, and expand the 2nd / 3rd panes by clicking the icon on the bottom left
# Choose generic board
# Connect to the board with an FTDI - USB adapter, or the propeller prop (I used a standard FTDI cable, and it worked)
# At least on the Mini, RX and TX are swapped. I shit you not. RX on the FTDI goes to RX on the Mini. Don't ask me why this was done.
# DTS on FTDI connects to RESET on mini. Mini is powered by 6.5-12V+. FTDI RX/TX is 3.3V.
# Should "just work"

That's the tl;dr. Now for what did NOT work for me.

===2020/12 - Recent SimpleIDE does not work easily===
SimpleIDE as of 2020 does not ship .deb packages. You must compile. Instant red flag. If you examine the install instructions for Linux, you will find that it refers to a non-existent .deb file. The documentation is outdated. Red flag no. 2.

Even the official website tells you its supported, which is false. The install instructions in the git are out of date, and reference a non existent .deb. Ref: http://web.archive.org/web/20200805021922/http://learn.parallax.com/tutorials/language/propeller-c/propeller-c-set-simpleide/linux
http://web.archive.org/web/20200929084400/https://learn.parallax.com/tutorials/language/propeller-c/propeller-c-set-simpleide/raspberry-pi

===PropWare - Dead Links fixed===
Go to the forums for most up to date instructions. There is a reasonable thread on Linux support here: https://forums.parallax.com/discussion/166656/simpleide-on-linux
Link: https://david.zemon.name/PropWare/#/about
Links were dead, but 'should' be fixed now.

He has a github here: https://github.com/parallaxinc/PropWare which lacks current releases. So you are stuck using his website for recent releases.

PropWare, currently replaces your packages (deb) cmake, which means if you use cmake, you may later get confused. There is a ticket, and I imagine it's a WIP. I tried compiling v2.1.0 for PropWare without luck.

===2020/12 - Catalina: Source Build Required===
Catalina is another option, but for Linux you are shoehorned into source build only. That would be ok, if the dependencies were reasonable, but after trying all of the above for 2-3 hours, then getting here, I was not in the mood for another rabbit hole.

The only difficult dependency of Catalina appears to be wxGTK, which is advised in the install instructions are requiring a build from source.

===Conclusion===
Upon first glance, you will see that Propeller is OSHW, and fully released. You might assume that favor towards OSHW would extend to FOSS. Yes and no. Yes, it can work on Linux, but no the company is not necessarily as gung-ho about FOSS as it is OSHW.

It's walking a tightrope walk to get the propeller to work on GNULinux machines. But, it does and can work. Just be aware that there are a lot of unmaintained dead ends, if you tread down this path.

==Todo==
Get together the parallax data sheets and application notes and make a book.

IT Obfuscation

2021-02-17T07:03:06Z

Adminguy: /* Spam Filtering Services based on MX records */

===device cals vs user cals===
5 User Cals:
5 users (i.e. alice, bob, accounting, office, shipping)
These 5 users can connect from any computer in the office, but it must be those
users.

5 Computer Cals: (they call this device cals, but computer cals is more intuitive. it's a
bit of obfuscation.)
There are 5 computers (Workstation1, WS2, WS3, WS4, WS5)
and any amount of user accounts can connect to the server, but they must be on one of these
five computers.

The simple act of calling it device cals vs computer cals. Subtle changes make a big difference.
Is there even a difference between a device and a computer? Yes. Not all devices
are computers, but all computers are devices. Unless I can assign a CAL to
my toaster. That is an appliance aka a device. My power drill is a device. Heck, a device
can be nearly anything:

device definition (https://dictionary.cambridge.org/dictionary/english/device): 1. an object
or machine that has been invented for a particular purpose: 2. a machine

A hammer is an object invented with a particular purpose.
Therefore, I would like to assign a CAL to my hammer.

Change the term device to computer, and it makes just a little bit more sense. But making sense
was not the goal. Sales was the goal. Obfuscation was the tool used
to achieve that goal. They don't want business owners to understand what
is going on. The key to being successful in ruthless business, is to have an uneducated
customer. The less informed your customers are, the more likely they are to make bad decisions.
this is important when you have a monopoly. because there may be better options, but the
company behind the monopoly doesn't want you to know that.

And making bad decisions is what you are doing, when you use Windows in a corporate environment. Thus ms is the driving force behind the covid lockdowns and the vaccinations. Because vax are an effective method of inserting potentially damaging foreign substances into the human body, especially when its gubermint sponsored. Folks end up brainwashed, and brainwashed folks don't make good decisions. the corps moves are quite transparent. Historically purchases have been to squander any potential threats to their hegemony. Hotmail (communication), Skype (communication), Nokia (aka AT&T, aka Bell Labs)... They bought github to monitor the foss folks. tracking of projects, and to see who needs to be targeted - who is a threat to their business model. what projects need to be stamped out. next they helped institute the lockdowns and promoted the vaccinations, because people are getting too smart, and vax are an effective method to control the population (to dumb them down).

A funny aside, is that ideally they would like to shut github down (long term goal). But that simply isn't possible. The amount of people in software that would move to something else (many already have) is so great, that this inertia can't be stopped. Open/Free source software will win.*

*Note: I can't make any guarantees for humans on planet earth winning/surviving though.


=== Spam Filtering Services based on MX records ===

There is a product which will do spam filtering on your email for you. You pay a subscription
and then point your mx records at the spam filter service. The spam filter service then
vets all incoming email, before forwarding the email to your servers. It's standard
stuff.

So where's the bullshit?

These solutions are geared towards MSP, aka IT companies (yes, MSP is a buzzword for IT
guy, and any IT guy/girl that refers to himself as an MSP, is full of it) which
means they obfuscate what they do. It's hard to find a straightforward example that
basically says:
"you point mx at us, we (try to) remove spam, then we forward to your email server. "
That's basic caveman / layman explanation, and it's all you need. Instead, you get
bullshit. Loads. There will be a 'How it works" section that literally says
nothing, zero, about how it works. No mention of mx, no mention of mitm. Nothing.
There will be fluffy words like cloud, and antispam, antivirus, email gateway, targeted
threat protection. It's something the PR department thought up. Nowhere is
"you point mx at us, we (try to) remove spam, then we forward to your email server. "
It's collusion, and I am not joking, because the great majority of these services
all advertise like this. It's a secret handshake, a wink-wink-nod-nod between the software
company and it guys. A mafia system. This isn't unique to IT industry (for example some electronics chips will have data sheets that basically expect you to understand how to use the chip before reading the data sheet. The instructional information might sort of be in there, but it's so devoid of substance that it really wouldn't be able to teach anyone without external resources. It's more there just for the sake of something being there. Again, not limited to electronics data sheets. All kinds of trades play this game.), but it deserves to
be pointed out.

Some at least, try to explain.
https://mxmailfilter.com/
Although this one doesn't explicitly say it's an MX mitm, but it's more obvious.
Is it that the smaller players are trying to explain, while the big guys sit on their
laurels and obfuscate?

I did find one that explained what they do, but I had to hunt, had to click down
through two levels from the homepage to get to it). Anyways, I'm not just
being silly here. The MX email filtering services really seem to all agree, that the
homepage will NOT tell you what it does in below terms. What a joke. Man I hate the
IT industry. And why shouldn't I? They are primarily proprietary software goons.
Like attracts like. And the proprietary software attracts proprietary software.
The IT industry however, is a topic for another article, and while I have more to
say about it, it won't be here.
ref: https://www.mxguarddog.com/faq.technical/
<pre>In simple language, how does MX Guarddog work?
Our email security service (including anti-spam and anti-virus) use the MX records for your
domain to direct email to MX Guarddog's distributed network of servers. Our servers scan
incoming mail for email-borne threats and place bad mail into quarantine before reaching
your server.

Messages that are clean are passed to your server where they are delivered to the inbox. </pre>

search term to find this product is

email filtering service mx
*note that I don't recommend any of these services necessarily.
So there is at least product that explains it, but that's one out of 6, and only
if you know what you are looking for... The average
business owner is not going to find this. And that's the point. Uneducated users
are more valuable for crooked businesses. Uneducated users will accept the bullshit.
Proprietary software loves uneducated users.

Power to the corporations.

One might make the argument that: "These pages are geared towards IT guys because business owners are stupid and need their hands held OR don't allow for markup, and are too much effort to support." That doesn't justify obfuscation. They could still explain what the product does. Whether they sell to end users or contractors is a separate matter.

IT Obfuscation

2021-02-17T06:58:21Z

Adminguy:

Freecad

2021-02-10T04:35:10Z

Adminguy:

Freecad is a mechanical design tool. It can be used in
* additive / subtraction mode
* sketching / constraint mode

==0.18==
0.18 is the stable release for Devuan Beowulf.
===Adding Engraved Text to Shape===
This is tricky. It seems that it always is (to add engraved text).

Make sure to extrude the text before adjusting x,y,z on the 3d plane. Otherwise the extrusion will be offset by the earlier placement.

See freecad wiki tutorial (0.17). you can skip the sketcher part.

For 0.18, some guides say to use shapestring to trimex. That didn't work for me. Trimex would fail.

However, shapestring, to then PART workbench (not part design)(its bad design they are named
similarly is it not? Endlessly confusing.), To then part extrude worked. You must select a font for
the text. By default, it won't choose one for you. Not all work.

Ugh. 30 minutes of my life

difference between trimex and part extrude is explained here:
https://wiki.freecadweb.org/Manual:Traditional_2D_drafting

===Spreadsheets of values===
These are useful, but then if you duplicate a part, it makes a new spreadsheet.

===External Geometry===
When adding external geometry (0.18) you must have a near brandy new sketch.
click external geometry, select outside sketch, then draw the rectangle.
if you already have a rectangle, it will work. if you already have the rectangle,
then add a constraint, then delete that constraint... well it didnt work for me that time.
shift - select for Openinventor mouse.

basic example sketch to get used to external geometry tool:
# start new body, then new sketch
# make square, horizontal cons. 20mm, vertical 20mm
# make new sketch (must be a new sketch, make sure it doesn't add this circle to the old sketch)
in new sketch (but still in same body, can't be new body)
# make circle.
# give it radius const. 4mm
# external geometry on top and side lines of rectange. when selected they should turn magenta
# Now, select two CORNER points, and then click horizontal constraint.
do not select the line (that will give you a blue line/constraint. not what we want)
done this way, it should work as expected.

EDIT: just did this again today, and for the last step (click horizontal constraint) instead I chose the constrain distance tool (diagonal arrows) (see top menu bar - sketcher - sketcher constraints menu) and chose between two lines. One line of the external rectangle, one of the new rectangle.

===Sketches freezing up.===
when adding a constraint, if you get it wrong, you get to a point where you can't delete a constraint
just close the sketch (not file just sketch) then reopen and delete.

===Symmetry constraint===
Note: if you want to define a symmetry constraint with respect to a point, the order of the selection is important, depending on if you select the tool at the beginning or at the end.

If you click the tool first: select the first point, then the symmetry reference point, and finally the second point.
If you click the tool last: select the first point, then the second point, and finally the symmetry reference point
Note: above taken verbatim from freecad wiki.

So to get center constraint, do the former, and choose opposite points.

===Offset item from center lines===
Offset square from center point. instead of symmetrical contraint, or vertical
or horizontal, choose the diagnoal line one. then enter an offset, based on a point, and the
middle lines. you may have to drag and drop it, to get it on one side or the other.

===Addon Manager Fix for 0.18===
The bad news is that Addon Manager is broken on 0.18. Backwards compatibility is very important. This is one thing that made windows successful. Bad show on the freecad devs part. In their defense, it's a new feature, so this is somewhat acceptable. Good news, is that two small changes in 0.18 (debian 10) will fix it. It's python, so no re-compiling needed.

Two fixes. One for macros, one for Workbenches.

https://github.com/FreeCAD/FreeCAD/commit/258f9f1577e71e30f8696b266458df23042eefa5

https://forum.freecadweb.org/viewtopic.php?f=3&t=51160

tested in devuan beowulf.

===Different Preferences Menus Show Depending on Which Workbench You Are In===
Subject. Edit -> preferences.

===External Links===
* https://forum.freecadweb.org/viewtopic.php?f=3&t=38274&p=324418#p324418 - construction items (blue) and building items (white)

{{GNU\Linux}}

Assortment Kits

2021-02-10T04:08:18Z

Adminguy:

Search auction sites for 'assortment kits' and you will find plastic boxes full of a variety of hardware and other equipment.

List of useful assortment kits from local or chinese manufacturers
* stand offs (m3 seems like a good start. m2 is likely a bit small)
* crimp connectors
* automotive connectors
* wire nuts (a kit is the only way to go with these. you never know what size you will need)
* nuts and bolts (cheap but good for quick stuff)
* washers (i like the huge washers, they are called fender washers) (these are not cheap), also lock washers (not spring washers which even nasa does not like according to https://en.wikipedia.org/wiki/Washer_(hardware))
* Heat shrink tubing (clear is great, but 3:1 type, not 2:1, is the high end type).
* 1000Pcs Micro Screws Nut Electronics Assortment Kit for Glasses Watch Cellphones
* Threaded Inserts

Just search for "assortment kit". don't ever buy the kits that are in the shape of a circle. those won't stack well in the cabinet.

Keep in mind, some items may be of poor quality. The idea is that these are cheap and ready for quick work. Not to be used in production items.

Harbor Freight stocks a few of these assortment kits. They may be scattered across the store.

== Assortment Kit Wishlist ==
Hm...

Assortment Kits

2021-02-10T04:07:09Z

Adminguy:

Search auction sites for 'assortment kits' and you will find plastic boxes full of a variety of hardware and other equipment.

List of useful assortment kits from local or chinese manufacturers
* stand offs (m3 seems like a good start. m2 is likely a bit small)
* crimp connectors
* automotive connectors
* wire nuts (a kit is the only way to go with these. you never know what size you will need)
* nuts and bolts (cheap but good for quick stuff)
* washers (i like the huge washers, they are called fender washers) (these are not cheap), also lock washers (not spring washers which even nasa does not like according to https://en.wikipedia.org/wiki/Washer_(hardware))
* Heat shrink tubing (clear is great, but 3:1 type, not 2:1, is the high end type).
* 1000Pcs Micro Screws Nut Electronics Assortment Kit for Glasses Watch Cellphones
* Threaded Insert

Just search for "assortment kit". don't ever buy the kits that are in the shape of a circle. those won't stack well in the cabinet.

Keep in mind, some items may be of poor quality. The idea is that these are cheap and ready for quick work. Not to be used in production items.

Harbor Freight stocks a few of these assortment kits. They may be scattered across the store.

== Assortment Kit Wishlist ==
Hm...

Assortment Kits

2021-02-10T04:06:09Z

Adminguy:

Search auction sites for 'assortment kits' and you will find plastic boxes full of a variety of hardware and other equipment.

List of useful assortment kits from local or chinese manufacturers
* stand offs (m3 seems like a good start. m2 is likely a bit small)
* crimp connectors
* automotive connectors
* wire nuts (a kit is the only way to go with these. you never know what size you will need)
* nuts and bolts (cheap but good for quick stuff)
* washers (i like the huge washers, they are called fender washers) (these are not cheap), also lock washers (not spring washers which even nasa does not like according to https://en.wikipedia.org/wiki/Washer_(hardware))
* Heat shrink tubing (clear is great, but 3:1 type, not 2:1, is the high end type).
* 1000Pcs Micro Screws Nut Electronics Assortment Kit for Glasses Watch Cellphones
* Threaded Insert

Just search for "assortment kit". don't ever buy the kits that are in the shape of a circle. those won't stack well in the cabinet.

Keep in mind, some items may be of poor quality. The idea is that these are cheap and ready for quick work. Not to be used in production items.

Harbor Freight stocks a few of these assortment kits. They may be scattered across the store.

Assortment Kits

2021-02-10T04:05:51Z

Adminguy:

Search auction sites for 'assortment kits' and you will find plastic boxes full of a variety of hardware and other equipment.

List of useful assortment kits from local or chinese manufacturers
* stand offs (m3 seems like a good start. m2 is likely a bit small)
* crimp connectors
* automotive connectors
* wire nuts (a kit is the only way to go with these. you never know what size you will need)
* nuts and bolts (cheap but good for quick stuff)
* washers (i like the huge washers, they are called fender washers) (these are not cheap), also lock washers (not spring washers which even nasa does not like according to https://en.wikipedia.org/wiki/Washer_(hardware))
* Heat shrink tubing (clear is great, but 3:1 type, not 2:1, is the high end type).
* 1000Pcs Micro Screws Nut Electronics Assortment Kit for Glasses Watch Cellphones
* Threaded Insert assortment kit

Just search for "assortment kit". don't ever buy the kits that are in the shape of a circle. those won't stack well in the cabinet.

Keep in mind, some items may be of poor quality. The idea is that these are cheap and ready for quick work. Not to be used in production items.

Harbor Freight stocks a few of these assortment kits. They may be scattered across the store.

Freecad

2021-02-07T23:07:28Z

Adminguy: /* Addon Manager Fix for 0.18 */

Freecad

2021-02-07T22:58:37Z

Adminguy: /* Addon Manager Fix for 0.18 */

Freecad

2021-02-07T22:57:46Z

Adminguy:

Freecad is a mechanical design tool. It can be used in
* additive / subtraction mode
* sketching / constraint mode

==0.18==
0.18 is the stable release for Devuan Beowulf.
===Adding Engraved Text to Shape===
This is tricky. It seems that it always is (to add engraved text).

Make sure to extrude the text before adjusting x,y,z on the 3d plane. Otherwise the extrusion will be offset by the earlier placement.

See freecad wiki tutorial (0.17). you can skip the sketcher part.

For 0.18, some guides say to use shapestring to trimex. That didn't work for me. Trimex would fail.

However, shapestring, to then PART workbench (not part design)(its bad design they are named
similarly is it not? Endlessly confusing.), To then part extrude worked. You must select a font for
the text. By default, it won't choose one for you. Not all work.

Ugh. 30 minutes of my life

difference between trimex and part extrude is explained here:
https://wiki.freecadweb.org/Manual:Traditional_2D_drafting

===Spreadsheets of values===
These are useful, but then if you duplicate a part, it makes a new spreadsheet.

===External Geometry===
When adding external geometry (0.18) you must have a near brandy new sketch.
click external geometry, select outside sketch, then draw the rectangle.
if you already have a rectangle, it will work. if you already have the rectangle,
then add a constraint, then delete that constraint... well it didnt work for me that time.
shift - select for Openinventor mouse.

basic example sketch to get used to external geometry tool:
# start new body, then new sketch
# make square, horizontal cons. 20mm, vertical 20mm
# make new sketch (must be a new sketch, make sure it doesn't add this circle to the old sketch)
in new sketch (but still in same body, can't be new body)
# make circle.
# give it radius const. 4mm
# external geometry on top and side lines of rectange. when selected they should turn magenta
# Now, select two CORNER points, and then click horizontal constraint.
do not select the line (that will give you a blue line/constraint. not what we want)
done this way, it should work as expected.

EDIT: just did this again today, and for the last step (click horizontal constraint) instead I chose the constrain distance tool (diagonal arrows) (see top menu bar - sketcher - sketcher constraints menu) and chose between two lines. One line of the external rectangle, one of the new rectangle.

===Sketches freezing up.===
when adding a constraint, if you get it wrong, you get to a point where you can't delete a constraint
just close the sketch (not file just sketch) then reopen and delete.

===Symmetry constraint===
Note: if you want to define a symmetry constraint with respect to a point, the order of the selection is important, depending on if you select the tool at the beginning or at the end.

If you click the tool first: select the first point, then the symmetry reference point, and finally the second point.
If you click the tool last: select the first point, then the second point, and finally the symmetry reference point
Note: above taken verbatim from freecad wiki.

So to get center constraint, do the former, and choose opposite points.

===Offset item from center lines===
Offset square from center point. instead of symmetrical contraint, or vertical
or horizontal, choose the diagnoal line one. then enter an offset, based on a point, and the
middle lines. you may have to drag and drop it, to get it on one side or the other.

===Addon Manager Fix for 0.18===
The bad news is that Addon Manager is broken on 0.18. Backwards compatibility is very important. This is one thing that made windows successful. Bad show on the freecad devs part. In their defense, it's a new feature, so this is somewhat acceptable. Good news, is that two small changes in 0.18 (debian 10) will fix it. It's python, so no re-compiling needed.

Two fixes. One for macros, one for Workbenches.

https://github.com/FreeCAD/FreeCAD/commit/258f9f1577e71e30f8696b266458df23042eefa5
https://forum.freecadweb.org/viewtopic.php?f=3&t=51160

tested in devuan beowulf.

{{GNU\Linux}}

Regressions Of GNU\Linux

2021-02-05T21:09:27Z

Adminguy: /* Raspberry Pi OS Sells Out Users to Proprietary Software via Telemetry */

Change is not always for the better. This page chronicles bull*$&! that has come down the Linux pipeline.

http://web.archive.org/web/http://www.ariel.com.au/jokes/The\_Evolution\_of\_a\_Programmer.html

== Debian ==

===Predictable Network Interface Names===
Someone has controversially decided that it is better for systems to have obtuse and confusing ethernet and wireless interface abbreviations such as enp0s25 instead of eth0. Remember this makes things simpler, and easier for people (but who?).

In reality, most people get the shaft, and perhaps 10% (a small proportion) of users benefit. This raises the bar for entry level people to get started. Adding unnecessary complexity to Linux.

=== Apt instead of Apt-get ===
This is a tentative, based on whether they remove support for apt-get. If that is the end goal, then this will be a valid regression,
until then, they live side by side. I don't need apt, when apt-get does the job. Needless changes. There must be something more important to do than this.

=== Debian 10: iptables has been replaced with nftables, after nearly 20 years ===
"Those are some great firewall rules you've configured there. It would be a shame if someone was to make them obsolete."

It started with Ipchains in 1998. In 2000, there was the last stable release of ipchains, which means if not by then, shortly after iptables took over. It's been 19, 19 years since then. Suddenly now, a new firewall is needed. Is this necessary for most people? That is the question.

From Wikipedia https://en.m.wikipedia.org/wiki/Nftables

A command to drop any packets with the destination IP address 1.2.3.4:

iptables was:
iptables -A OUTPUT -d 1.2.3.4 -j DROP

nftables now is:
nft add rule ip filter output ip daddr 1.2.3.4 drop

More complex. Fail.
EDIT: in hindsight, It's come to my attention that most common nft commands will have the format of "nft add rule" something something, so essentially, you are only memorizing everything after "nft add rule". That makes it a bit better, but still a hurdle, that average folks will have to get over. An initial look at the long string of nft commands is bound to cause people to lock up, and not be able to process anything further. Smoke and mirrors. Regardless, the accurate comparison is then:
"cmd" -A OUTPUT -d 1.2.3.4 -j DROP
and
"cmd" ip filter output ip daddr 1.2.3.4 drop
It's apparent that the firewall has tried to become more self describing, which can be a good thing. Perhaps a more self describing nature will elucidate people on the actual workings of the firewall better. That would be the ideal. I haven't used it yet enough to say.


With one fell swoop, thousands of iptables scripts and programs that use iptables were broken.
Note: technically iptables-legacy can be used. At least for now. Woe is the day support is removed for that.

As an example, in 2020/10 This has bitten me with https://github.com/fail2ban/fail2ban/issues/2741

<pre>
Fail2ban don't attempt to execute nft file. I tried to add full path to nft in config file. No luck...

Please be aware that due to ipv6 support (see #1742) fail2ban executes actionstart on demand (by first ban, family dependent). So by design you'd not see nft called unless first ban occurs.
</pre>

Existing fail2ban functionality (when fail2ban started, new table f2b-sshd or f2b-whatever was created. Now apparently it's not created until the first account is added to the banlist.) has been changed. This leads the admin to think fail2ban isn't working when the table doesn't exist. This results in lost time.

=== ifconfig replaced with ip ===
ifconfig, is simpler to use, and easier to view (more symmetrical than ip addr) for basic nic information, or setting an ip (ifconfig eth# 192.168.1.2 netmask 255.255.255.0). ip is unnecessary complexity for most use cases. This raises the bar for entry level people to get started. Adding unnecessary complexity to Linux.

ifconfig remains in /sbin/ifconfig, and requires root but the effort has been made to obsolete it. Don't change, what doesn't need to change.

=== /etc/resolv.conf depreciated ===
All you should need for DNS is a one line text file that points to a DNS server. Put that in /etc/resolv.conf. The simplicity of that is a threat to more obtuse OS, therefore there will be an effort to complicate it. This raises the bar for entry level people to get started. Adding unnecessary complexity to Linux.

=== Aptitude Descriptions ===
<pre>
debian 8:

aptitude show openssl
Package: openssl
State: installed
Automatically installed: no
Version: 1.0.2k-1~bpo8+1
Priority: optional
Section: utils
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Architecture: amd64
Uncompressed Size: 1,090 k
Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.2~beta3)
Suggests: ca-certificates
Description: Secure Sockets Layer toolkit - cryptographic utility
This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for
secure communication over the Internet.

It contains the general-purpose command line binary /usr/bin/openssl, useful for cryptographic operations such
as:
* creating RSA, DH, and DSA key parameters;
* creating X.509 certificates, CSRs, and CRLs;
* calculating message digests;
* encrypting and decrypting with ciphers;
* testing SSL/TLS clients and servers;
* handling S/MIME signed or encrypted mail.

debian 10:

aptitude show openssl
Package: openssl
Version: 1.1.1d-0+deb10u3
State: installed
Automatically installed: no
Multi-Arch: foreign
Priority: optional
Section: utils
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Architecture: amd64
Uncompressed Size: 1,495 k
Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.1)
Suggests: ca-certificates
Description: Secure Sockets Layer toolkit - cryptographic utility

Homepage: https://www.openssl.org/
Tags: implemented-in::c, interface::commandline, protocol::ssl, role::program, scope::utility, security::cryptography,
security::integrity, use::checking

</pre>

==Ubuntu==

=== Dropping Support for i386 ===
Some distributions are dropping intel 32-bit support. With one fell swoop, hundreds of thousands of laptops and desktops made before 2006 and 2007 lost the ability to use modern OS. EDIT: this was taken back, temporarily. It stands, that some OS must support 32 bit i386, otherwise a lot of devices will be headed to landfills.

=== Setting up Networking has become more complicated ===
What was (/etc/networking/interfaces):
<pre>
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1
</pre>
Example taken direct from http://web.archive.org/web/20150916101112/https://help.ubuntu.com/lts/serverguide/network-configuration.html For DNS, a one liner in /etc/resolv.conf will suffice.

Now is (w/netplan.io)
<pre>
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.10.10.2/24
gateway4: 10.10.10.1
nameservers:
search: [mydomain, otherdomain]
addresses: [10.10.10.1, 1.1.1.1]
</pre>
Example direct from http://web.archive.org/web/20190905160853/https://help.ubuntu.com/lts/serverguide/network-configuration.html

===A better solution===
A solution is:
* whatever is used must be as simple, or simpler than before, as long as everything needed is included
* aim to keep interfaces similar when possible, as familiarity will increase efficiency
Look what ifupdown-ng did:
https://github.com/ifupdown-ng/ifupdown-ng/blob/master/doc/ADMIN-GUIDE.md
Their network interfaces is not more complex like netplan, but actually simpler. Yet it retains a lot of previous functionality, which means admins won't have to relearn everything. The new example:
<pre>
auto eth0
iface eth0
use dhcp
auto eth1
iface eth1
address 203.0.113.2/24
gateway 203.0.113.1
</pre>
So here static is implied (which is either good or bad, depending on how you view it, and dhcp
is explicitly mentioned. Yet the term inet has been dropped (what does that even mean?). To be
honest it's mostly the same. A better comparison for what netplan.io should've been would be like comparing openvpn to wireguard. There is a great leap. The latter is extremely simple, yet doesn't omit anything required. Configuration is kept at a minimum. It's a tool that gets out of your way and lets you create the VPN without worrying about how to use the tool itself. Netplan.io adds bulk and bloat that makes it a difficult tool to use. If only for its verbose config files. The more switches you have to change, the more complex the tool.

But is a new interfaces file even necessary? Is it change for the sake of change?

===SystemD fail===
Once upon a time there were many different GNULinux distributions. All of them had their own init system and kernel and programs. But that was too difficult for the gubermints to break into. So they devised a plan: "What if we made a single program that ran on every computer, so it would be easy for us to break in?". Thus the Intel ME was designed. Oh, and systemd too. They're basically the same idea. If every computer is the same, it makes the three letter agencies jobs easier.

That's one angle. For other angles, see without-systemd.org

====Reboot fail====
[[File:Systemd_Unable_To_Reboot.webm|thumb|A demonstration of Ubuntu and Systemd being unable to reboot the computer within a reasonable amount of time. It takes 5-10 minutes for reboot to occur. Keep in mind, that this init has been on this distribution for years now (from 16.04, so 2016-2020). Sysvinit does not have this problem, and reboots within 10-20 seconds. Note that this is a remote ssh session.]]

In Ubuntu 19.04, reboot can take upwards of 5-10 minutes to actually reboot the computer. Note that this occurs in only SystemD based distributions. A similar Debian (9 or 10) w/sysvinit reboots within 10-15 seconds.

I thought I would test systemd, so I installed Zoneminder on Ubuntu 19.04, and it demonstrates this problem. After witnessing the lifeforce of my computer being ripped out by this init, I threw the towel in and installed Devuan.

For the record, I also noticed the system to run noticeably slower. CCTV is a good benchmark for a server, as it involves a lot of CPU usage, unlike many file servers, or db servers.

====Example Error when Trying to Reboot====
<pre>
user@host:~$ systemctl reboot
Error getting authority: Error initializing authority: Error sending credentials: Error sending message: Broken pipe (g-io-error-quark, 44)
Failed to set wall message, ignoring: Failed to activate service 'org.freedesktop.login1': timed out (service_start_timeout=25000ms)
Failed to reboot system via logind: Connection timed out
Failed to start reboot.target: Connection timed out
See system logs and 'systemctl status reboot.target' for details.
It is possible to perform action directly, see discussion of --force --force in man:systemctl(1).
user@host:~$
</pre>
And it will now take my machine 5-10 minutes to reboot.

====External Links====
* [https://www.youtube.com/watch?v=RDKaFJmB254 LinuxCNC FAIL]: LinuxCNC broken because systemd can't do NTP right. In 2019/2020: Years after it is the default init...
* [https://nosystemd.org Nosystemd.org]: More details on why this init is bad.

=== Udev requires reboots after Ubuntu 14 ===
When I started using Linux distributions one of the things I noticed was how well updates were handled, compared to proprietary software. No forced reboots, no update screens that leave the user waiting. You can use your computer while it's updating. This statement ("Linux never needs to reboot when it updates") changed with udev requiring a reboot in Debian 8 or 9 occasionally (However, it's still extremely rare).

==Misc==
=== GIMP 2.10 Icons and Theme Disaster ===
For reference see:
https://www.gimp.org/release-notes/gimp-2.10.html

A light grey thread with colourful icons that transmit information quickly has been turned to a dark grey (read: hard to see) theme with a mass of all-looking-the-same grey icons that not only reinvent how you find the tool you wanted, it also fails to transmit information as effectively. If color tv is good, black and white is better?

I consider this software on watch. As of now you can revert to the legacy (they call it 'legacy' instead of classic. Interesting word choice. Legacy implies depreciation. Classic implies value) so its ok, for now. But if these all-looking-the-same monochrome icons become default, it will be a regression.

=== Mozilla Shuts Down IRC ===
https://wiki.mozilla.org/IRC
Would you like some support for your mozilla? Just use your social media acct to login to our great matrix (whatever the hell that is) server.

=== Device Tree Bindings ===
ARM. Sounds like a good idea, except you need a different ISO for each single ARM CPU. Unlike the intel i386 which you can use one single ISO for ANY desktop/laptop.

ARM is fail. DTB is busy work, and fail.

This is one reason why Android is a failure.

It looks like unfortunately that RISCV will also follow this path.
https://forums.sifive.com/t/will-riscv-avoid-the-linux-mainlining-mess-that-arm-had/1615

https://unix.stackexchange.com/questions/399619/why-do-embedded-systems-need-device-tree-while-pcs-dont

https://github.com/riscv/riscv-device-tree-doc

EOMA68 devs have abandoned RISCV in favor of IBM's power CPU. Perhaps this is the right choice. RISCV may end up being not-worth-the-effort.

quote
<pre>
Many embedded systems use less fancy buses that don't support enumeration. This was true on PC up to the mid-1990s, before PCI overtook ISA. Most ARM systems, in particular, have buses that don't support enumeration. This is also the case with some embedded x86 systems that don't follow the PC architecture. Without enumeration, the operating system has to be told what devices are present and how to access them. The device tree is a standard format to represent this information.

The main reason PC buses support discovery is that they're designed to allow a modular architecture where devices can be added and removed, e.g. adding an extension card into a PC or connecting a cable on an external port. Embedded systems typically have a fixed set of devices¹, and an operating system that's pre-loaded by the manufacturer and doesn't get replaced, so enumeration is not necessary.
</pre>
Well guess what - It's necessary now.

===Raspberry Pi OS Sells Out Users to Proprietary Software via Telemetry===

In 02/2021, Raspberry Pi OS (silently, and without warning) added an MS repo to APT, the package manager. Now each apt-get update will ping this demon corporation, letting them know that there is an RPI user at that IP address. The community is upset. The shills do damage control. Money corrupts.

Shame.

Ref: https://www.cyberciti.biz/linux-news/heads-up-microsoft-repo-secretly-installed-on-all-raspberry-pis-linux-os/

{{GNU\Linux}}