вторник, 23 апреля 2024 г.

Docker PHP/MSSQL/APACHE

 Nova days many systems and solutions based on Docker. Sometime main issue is collaborating several solutions into one docker-file for running it.

My situation was similar and required to deploy solution which us using SQL Server PHP and Apache, unusual case :) Thats why was decided to implement two docker containers where in first will be executed SQL Server and on second PHP/Apache.

Below you can find steps:

1) Install Docker in your linux system.

    yum install docker 

2) Install SQL Server container into your docker system

    sudo docker pull mcr.microsoft.com/mssql/server:2022-latest

 

3) Need to create docker-file (nano Dockerfile.base in /usr/src)

FROM php:8.2-apache-buster

RUN apt update && apt install -y unixodbc-dev gpg libzip-dev \
 && curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
 && curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list \
 && apt update \
 && ACCEPT_EULA=Y apt-get install -y msodbcsql18 \
 && pecl install sqlsrv \
 && pecl install pdo_sqlsrv \
 && docker-php-ext-install pdo opcache bcmath zip \
 && mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" \
 && echo 'extension=sqlsrv.so' >> "$PHP_INI_DIR/php.ini" \
 && echo 'extension=pdo_sqlsrv.so' >> "$PHP_INI_DIR/php.ini" \
 && a2enmod rewrite

 -------------------------------------------------------------------------------------

For building new container from your docker file need to use below command 

 docker build . -f Dockerfile.base -t 3cp-web 

 

воскресенье, 17 сентября 2023 г.

четверг, 18 июня 2020 г.

Backup to Network Drive

For backup to network drive user below command:

EXEC xp_cmdshell 'net use Z:  \\192.168.28.12\e$\PVGBACK P@yvand!@#45A /USER:Administrator /PERSISTENT:yes'
GO

After successfully executing go to backup settings (Maintenance - New - Backup) in destination field choose drive Z (configured through command before)


воскресенье, 20 января 2019 г.

Strognswan Mikrotik IPSec

Mikrotik

[admin@MikroTik] > /ip ipsec peer add address=StrongSWANIP/32 port=500 auth-method=pre-shared-key secret="PSK" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no  proposal-check=obey      hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5

[admin@MikroTik] > /ip ipsec  policy add src-address=Mikrotik Private IP/24 src-port=any dst-address=Swan Private IP/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=MikrotikPublicIP sa-dst-address=SwanPublicIP proposal=default priority=0

[admin@MikroTik] > /ip ipsec proposal set 0 auth-algorithms=sha1 enc-algorithms=3des lifetime=1h pfs-group=none


StrongSWAN

ipsec.conf

###Pv -Komils Home
conn tunnel 
   rightsendcert=never
    left=SWAN Public IP
    leftsubnet=SWAN Private IP/24
    right=Mikrotik Public IP
    rightsubnet=Mikrotik Private IP/24
    ike=aes256-sha1-modp1024!
    esp=3des-sha1!
    keyingtries=0
    ikelifetime=1h
    lifetime=8h
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    authby=secret
    auto=start
    keyexchange=ikev1
    type=tunnel

ipsec.secret

SWAN_IP Mikrotik_IP : PSK 'PSK'

пятница, 11 января 2019 г.

Firewalld open specific port for IP

I hope you can find many articles about installation and deployment, but I faced to issues during open specific ports for IP. Below my example

firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="10000-10100" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="4569" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="2727" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="5060-5061" accept'

Important to reload firewall after changes

firewall-cmd --reload

Hope will save life to someone :)

среда, 25 апреля 2018 г.

Lets Encrypt renew certificate

Thanks to Lets Encrypt for free certificates but certificates has feature of expiration and need to renew. Lets start, for renew certificate we need only one command:

certbot --authenticator standalone --installer apache -d domain.com -d www.domain.com --pre-hook "sudo systemctl stop httpd.service" --post-hook "sudo systemctl start httpd.service"

пятница, 29 декабря 2017 г.

Strongswan Cisco IPsec

 Приветствую,

Очень долго искал при поиске решений на облаке для подключения по IPsec и в итоге вот оно Strongwan, отличное решение на базе Линукс для такого рода задач. Ну в общем внизу хочу показать рабочий пример при подключении с моего сервера на Strongwan к роутеру Cisco 2801

- strongswan : wan ip : 185.105.229.61
                        lan ip: 192.168.29.0/24

- cisco             wan ip: 185.105.229.99
                       lan ip: 192.168.28.0/24



*** cisco side

!
crypto isakmp policy 15
 encr aes 256
 authentication pre-share
 group 2
!
crypto isakmp key mypassword address 185.105.229.61 no-xauth
crypto ipsec transform-set gw2 esp-aes 256 esp-sha-hmac

crypto ipsec df-bit clear

crypto map MAIN 14 ipsec-isakmp
 description GW2
 set peer 185.105.229.61
 set transform-set gw2
 match address gw2

ip route 192.168.29.1 255.255.255.255 185.105.229.61 permanent
ip route 192.168.29.7 255.255.255.255 185.105.229.61 permanent


ip access-list extended gw2
 permit ip 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
 permit icmp 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
 deny   ip any any

*** Strongswan side

config setup
charondebug="all"
        uniqueids=no
        strictcrlpolicy=no
conn %default
dpdaction=restart
        dpddelay=30
        ikelifetime=1440m
        keylife=60m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=secret
conn cisco
left=185.105.229.61             #strongswan outside address
        leftid=185.105.229.61        #IKEID sent by strongswan
        leftsubnet=192.168.29.0/32 #network behind strongswan
        leftfirewall=yes
        right=185.105.229.99    #CISCO outside address
        rightsubnet=192.168.28.0/24 #network behind CISCO

Конечно же не надо прописать в /etc/ipsec.secret PSK формат примерно такой:

Left IP (Your IP) Right IP (Partner IP) : PSK 'mypassword'



Общее·количество·просмотров·страницы