Dockerfile Basic, custom nginx

1. mkdir /root/hello-world-darin; cd /root/hello-world-darin
2. echo "hello world from darin" > index.html
3. echo "[email protected]" > contact.html
4. cat > dockerfile

FROM nginx:latest
RUN apt update
COPY --chown=nginx:nginx index.html /usr/share/nginx/html/
ADD --chown=nginx:nginx contact.html /usr/share/nginx/html/

LABEL version="1.0"
LABEL description="hello world from darin"
EXPOSE 8080/tcp
CMD ["nginx", "-g", "daemon off;"]

5. cd /root
6. docker build hello-world-darin -t custom-nginx:1.0

    [+] Building 2.6s (10/10) FINISHED                                                                                                                           
     => [internal] load build definition from Dockerfile                                                                                                    0.0s 
     => => transferring dockerfile: 296B                                                                                                                    0.0s 
     => [internal] load .dockerignore                                                                                                                       0.0s 
     => => transferring context: 2B                                                                                                                         0.0s 
     => [internal] load metadata for docker.io/library/nginx:latest                                                                                         2.5s 
     => [auth] library/nginx:pull token for registry-1.docker.io                                                                                            0.0s 
     => [1/4] FROM docker.io/library/nginx:[email protected]:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef                                   0.0s 
     => [internal] load build context                                                                                                                       0.0s 
     => => transferring context: 62B                                                                                                                        0.0s 
     => CACHED [2/4] RUN apt update                                                                                                                         0.0s 
     => CACHED [3/4] COPY --chown=nginx:nginx index.html /usr/share/nginx/html/                                                                             0.0s 
     => CACHED [4/4] ADD --chown=nginx:nginx contact.html /usr/share/nginx/html/                                                                            0.0s 
     => exporting to image                                                                                                                                  0.0s 
     => => exporting layers                                                                                                                                 0.0s 
     => => writing image sha256:eba54d897bb3a9570deca075d56fc6fe660653077ac365ca9b6cc5f8443b2d3d                                                            0.0s 
     => => naming to docker.io/library/custom-nginx:1.0                                                                                                     0.0s 

 7. docker image ls
     REPOSITORY                    TAG       IMAGE ID       CREATED             SIZE
     custom-nginx                  1.0       eba54d897bb3   50 minutes ago      143MB

 8. docker tag custom-nginx:1.0 darinquel/custom-nginx:1.0
 9. docker image push darinquel/custom-nginx:1.0
 10. docker container run -idt -h webserver --name webserver -p 80:80 custom-nginx:1.0
 11. docker ps -a
     CONTAINER ID   IMAGE              COMMAND                  CREATED         STATUS         PORTS                               NAMES
     460b859f8f42   custom-nginx:1.0   "/docker-entrypoint.…"   4 minutes ago   Up 4 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   webserver

Docker hello-world-darin

    echo "hello world from darin" > index.html
    docker login 
    docker container run -idt --hostname webserver --name hello-world-darin -p 80:80 nginx
    docker container cp index.html hello-world-darin:/usr/share/nginx/html/
    docker commit -a darinquel -m "first commit" hello-world-darin darinquel/hello-world-darin
    -a : author
    -m : commit message
    -darinquel : repository name
    -hello-world-darin : image name

    docker image ls
    docker push darinquel/hello-world-darin

    then check on your dockerhub repository 

Docker Cheatsheet

docker overview 
    docker version 
    docker info
    docker system info
    docker events

docker image management
    docker login
    docker image ls
    docker search [image-name]
    docker image pull [image-name]
    docker image push [image-name]
    docker image rename [old] [new]
    docker image rm [image-id]
    docker image prune #remove unused image

docker object operations
    docker start|stop|restart|rm|kill|rename

docker create VM container
    docker container run -idt -h PRODVM --name PRODVM ubuntu
    -d : run in background
    -h : hostname
    -i : interactive
    -t : allocate tty, so we can execute
    -m : memory limit in bytes

docker execute command
    docker exec -it [container-id] [command]
    docker exec -it [container-id] bash #login to container

docker object monitoring
    docker ps -a
    docker stats [container-id]
    docker inspect [container-id]
    docker diff [container-id]

docker copyfile
    docker container cp [sourcefile] [containerid]:/path #upload
    docker container cp [container-id]:/path-to-file . #download

docker container web server
    docker container run -idt --name without_pm nginx
    docker container run -idt --name automatic_pm -P nginx
    docker container run -idt --name manual_pm -p 1234:80 nginx

Fast check which ip can be pinging within a subnet

for i in {1..254} ;do (ping 10.1.2.$i -c 1 -w 5  >/dev/null && echo "10.1.2.$i" &) ;done

nmap -T5 -sP 10.1.2.200-254 
-T : set timing, higher mean faster
-sP : ping scan

Handling container error/crashloopback after rebooting master node

https://stackoverflow.com/questions/57816255/kubernetes-cluster-does-not-run-after-reboot

Kubeadm reset (clean up messed up k8s preparation)

kubeadm reset
rm -rf /etc/cni /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/*
iptables -F && iptables -X
iptables -t nat -F && iptables -t nat -X
iptables -t raw -F && iptables -t raw -X
iptables -t mangle -F && iptables -t mangle -X
systemctl restart docker
IPTables
yum -y install iptables-services
modified the rules in /etc/sysconfig/iptables
  e.g, allowing specific port :
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

systemctl restart iptables; systemctl status iptables
List Plesk Mail Account
 /usr/local/psa/admin/bin/mail_auth_view
Analyzing Postfix Log Script
http://adminlogs.info/2012/07/22/how-to-get-mail-statistics-from-your-postfix-mail-logs/
MySQL Plesk

How to list databases with their subscription/domain

mysql -uadmin -p `cat /etc/psa/.psa.shadow`

use psa;
select db.name as "Database",d.name as "Subscription",c.pname as "Owner",-
c.login as "Customer Username" from data_bases db,-
domains d,clients c where d.cl_id=c.id and db.dom_id=d.id INTO OUTFILE '/tmp/dblist.txt';

Highest mysql-connection

mysql -usa -p`cat /etc/.mysql.shadow` -e "show processlist" -
| awk '{print $2}' | sort | uniq -c |sort -k1n | less | tail -n20

Change admin password

Changing the administrator password in Plesk panel does not change,
The [email protected] database password.
In order to update the [email protected] DB user password to NEWPASSWORD:

1) Login to database
# plesk db

2) Run this SQL command:
UPDATE mysql.user SET Password=PASSWORD('BeatlesOther'), plugin='', authentication_string='' WHERE User='admin';

3) Replace the password listed in /etc/psa/.psa.shadow with NEWPASSWORD.
Do not encrypt the new password, just replace the existing line with the new password.
Details: https://support.plesk.com/hc/en-us/articles/213364309

In order to update the administrator password of Plesk panel:
# /usr/local/psa/bin/init_conf -u -passwd NewPassword
Details : https://support.plesk.com/hc/en-us/...-or-reset-password-for-admin-account-in-Plesk
Force redirect to https via .htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.tld/$1 [R,L]
Highest request and concurrent visitor
awk '{ print $1}' <web-server_access_log> | sort | uniq -c | sort -nr | head -n 10
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Minimize leverage browser (GTMetrix)
#Add this scripts to .htaccess file

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access plus 1 year”
ExpiresByType image/jpeg “access plus 1 year”
ExpiresByType image/gif “access plus 1 year”
ExpiresByType image/png “access plus 1 year”
ExpiresByType text/css “access plus 1 month”
ExpiresByType application/pdf “access plus 1 month”
ExpiresByType text/x-javascript “access plus 1 month”
ExpiresByType application/x-shockwave-flash “access plus 1 month”
ExpiresByType image/x-icon “access plus 1 year”
ExpiresDefault “access plus 2 days”
ExpiresByType text/javascript “access plus 1 month”
ExpiresByType text/x-javascript “access plus 1 month”
ExpiresByType application/javascript “access plus 1 month”
ExpiresByType application/x-javascript “access plus 1 month”
</IfModule>
## EXPIRES CACHING ##
Activate Gzip Compression (GTMetrix)
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Generating dummy file of any sizes
fallocate -l 1G dummy.file
dd if=/dev/zero of=dummy.file bs=1G count=1
- if defines the input file
- of defines the output file
- bs defines bytes in a block
- count defines the number of blocks to be copied
- /dev/zero is a character special device, which returns the zero byte (\0).
- Megabyte (1024 KB) = M
- Gigabyte (1024 MB) = G
Find out UUID of interface
uuidgen [interface-name]</br>
uuidgen ifcfg-eth0
Rename all items in cwd to lowercase or uppercase
for i in *; do mv "$i" "${i,,}"; done
for i in *; do mv "$i" "${i^^}"; done
Find out external IP using dig
dig +short myip.opendns.com @resolver1.opendns.com
Generate 16 random character for password
tr -dc '[email protected]#$%^&*_()+}{?></";.,[]=-' < /dev/urandom | fold -w 16 | head -n 1
View a file with line numbers
grep -n ^ /path/to/file | less
Looping in one-liners
#Forever with while
while true; do foo; sleep x; done
while true; do curl --head https://darin.web.id; sleep 1;  done
while true; do nc -z -v darin.web.id 80; sleep 1;  done

#Do action per each line in file
while read LINE; do COMMAND; done < FILE

#For statement
for ((i=0; i<5; i++)); do echo $i done
for i in {a..z}; do echo $i; done
for i in {1..5}; do echo "$i hello, world"; sleep 1; done
for i in /etc/*.conf; do cp $i /backup; done
Check IOPS speed with FIO
#Read, write, read and write
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=random_read_write.fio --iodepth=64 --size=100M --readwrite=randread
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=random_read_write.fio --iodepth=64 --size=100M --readwrite=randwrite
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=random_read_write.fio --iodepth=64 --size=100M --readwrite=randrw
Listing failed login ssh ip-address
lastb | awk '{if ($3 ~ /([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/)a[$3] = a[$3]+1} END {for (i in a){print i " : " a[i]}}' | sort -nk 3
Querying DNS Record
while true; do for i in `whois domain| grep -i "Name Server" | awk -F ':' '{print $2}'`;do dig @$i domain +short; done; echo "===QUERY RESULT==="; done;
Listing all services on CentOS
systemctl -t service -a 
Bash cheatsheet
https://devhints.io/bash
https://wiki.bash-hackers.org
Disk perfomance testing
# Sequential Read
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.read --bs=4k --iodepth=64 --size=4G --readwrite=read
# Sequential Write
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.write --bs=4k --iodepth=64 --size=4G --readwrite=write
# Sequential Read Write
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.rw --bs=4k --iodepth=64 --size=4G --readwrite=rw --rwmixread=50
# Random Read
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.randread --bs=4k --iodepth=64 --size=4G --readwrite=randread
# Random Write
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.randwrite --bs=4k --iodepth=64 --size=4G --readwrite=randwrite
# Random Read Write
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test.randrw --bs=4k --iodepth=64 --size=4G --readwrite=randrw --rwmixread=50
Check Common Name of SSL
nmap --script ssl-cert -p 443 domain.tld
Upgrading Ubuntu Version
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get dist-upgrade -y
reboot
sudo do-release-upgrade -y