Installing Docker CE on RHEL 7.x

Note: Docker CE is not officially supported by RHEL, however using Centos repos its possible to install Docker CE on RHEL

The following commands are needed to install Docker CE, its essential to install container-selinux before docker. You will have to install the latest version of container-selinux by referring this link  http://mirror.centos.org/centos/7/extras/x86_64/Packages. At the time of writing this article it was 2.107.3

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm
sudo yum install -y docker-ce

Create Custom Image with Image Builder

What is Image Builder

A packaging tool officially distributed by the OpenWrt Project. You can include or delete any opkg file from the beginning in the install image file for each model.


It is of course to exclude unnecessary pkg from the beginning, but by the initial install the pkg you can to reduce the flash memory usage than to install in opkg command later.

Unlike the SDK, to create an image by combining the compiled pkg file
does not have a problem with low-spec of the PC environment. Virtual machines such as VirtualBOX / VMware are also sufficient

Preparing Linux for work

Prepare Linux such as ubuntu, debian, CentOS. The architecture must be x86_64.
Install the packages required for build.
In the case of CentOS7, the following was required.

yum install git gawk gettext ncurses-devel zlib-devel openssl-devel libxslt wget 
yum -y groupinstall base "Development tools" --setopt = group_package_types = mandatory, default, optional

For ubuntu 18.04.2 the following was required:

apt-get install build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Obtaining and deploying an image builder

Image Builder is divided by target.
The imagebuilder link is displayed at the bottom of the hierarchy where the installation image is placed. Download and expand it.
When downloading the imagebuilder for “18.06.4” and “ramips” to the current directory while downloading, it will be as follows.

curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv

Basic operations of Image Builder

1) Display the included target. The model name displayed here is the PROFILE name.

make info

2) Delete the temporary generation file Delete the generated image and intermediate files and make it clean.

make clean

3) Generate image

make image

If no argument is given, an image of all models is generated.

make image PROFILE = "wsr-1166" 

If you specify PROFILE displayed by make info, an image of only that model will be generated.
Note that Web Builder’s luci and uhttpd are not included by default in Image Builder.

Custom image creation

You can increase or decrease the number of pkg files with the PACKAGES parameter of make image.

make image PACKAGES = "pkg1 -pkg2"

If so, add pkg1 and exclude pkg2.
Even if it is installed, it may generate a brick image.
Carefully consider the addition and exclusion of pkg, considering its meaning and capacity.

Example of creating an image that excludes USB and wireless drivers including Web-GUI for WSR-1166

make image PROFILE = "wsr-1166" PACKAGES = "kmod-mt7603 -kmod-rt2800-pci -wpad-mini -iwinfo -kmod-usb-core -kmod-usb-ledtrig-usbport -kmod-usb3 -kmod-cfg80211 -hostapd-common -kmod-mac80211 -kmod-mt7603 -wireless-regdb uhttpd luci "

The generated image is in bin / targets /.

The manifest file contains the name of the installed pkg including dependencies.

Use docker to prepare a imagebuilder environment for Open WRT

Docker can be used to prepare an fully functional operating environment, to work on openwrt image builder.

Preparing Docker

Install Docker CE on Windows or Linux or Mac OS

Host Side Preparation ( assuming Linux)

Prepare a working directory

mkdir /docker

Get Docker Image

docker pull ubuntu:18.04

Start Container

docker run -d -it --name IMAGEBUILDER -v `pwd` / mnt: / mnt -w / mnt ubuntu: 18.04 bash 

Run apt-get update

docker exec IMAGEBUILDER apt-get update 
docker exec IMAGEBUILDER apt-get install -y build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Download and deploy imagebuilder

docker exec IMAGEBUILDER bash -c "curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv -C / mnt "

Connect with shell in container

docker exec -it IMAGEBUILDER bash

cd to /mnt/openwrt-imagebuilder and run make to prepare openwrt image

Cleanup Container

Check docker container status and stop

docker ps -a 
docker stop IMAGEBUILDER
docker ps -a

Deleting a stopped docker container

docker ps -a 
docker rm IMAGEBUILDER docker ps -a

If the downloaded image is unnecessary, delete it

docker images 
docker rmi ubuntu: 18.04
docker images

Let’s Encrypt Setup on pfSense using ACME

This post will list the steps to configure Let’s Encrypt SSL certificate on a pfSense box

  • Use Cloudflare DNS and point the subdomains to their DNS servers.
  • Install the “acme” package using the “Package Manager” (System / Package Manager / Available Packages)
  • After installation check if Acme Certificates option exist under Services and Click on Acme Certificates
  • Go to the “Account keys” option and click on the “Add” button
  • Provide values for Name, email-address and click on Create New Account key. Click on “Register ACME account key” and then “Save”.
  • Choose “Certificate” and provide following values:
  • Name: abc.def.com
  • Description: pfSense Certificate
  • Status – Set as Active
  • Acme Account -> account name provided in the previous step
  • Private Key – 2046-bit RSA
  • OSCP Must Staple – leave unchecked
  • Domain SAN List
    • Choose Mode as Enabled
    • Domain Name – abc.def.com
    • Method – DNS-Cloudflare
    • Key – API key from cloudfare website
    • Email – API email address
    • Enable DNS alias mode – leave blank
    • Enable DNS domain alias – leave blank
  • Click on Save
  • Click on “Issue / Renew” button to create a new certificate
  • Choose “General Settings” and click on Cron Entry – then Save

Reconfigure session to use HTTPS

Go to System / Advanced / Admin Access and make following changes:

  • Protocol – HTTPS
  • SSL Certificate – Choose the Let’s Encrypt certificate created previously
  • Max Processes – 2
  • WebGUI redirect – blank ( unchecked)
  • HSTS – blank ( unchecked)
  • OCSP Must-Staple – blank ( unchecked)
  • WebGUI Login Autocomplete – Toggle On
  • WebGUI login messages – ( unchecked)
  • Anti-lockout – ( unchecked)
  • DNS Rebind Check – Toggle On
  • Alternate Hostnames – provide if any
  • Browser HTTP_REFERER enforcement – Toggle On
  • Browser tab text – blank
  • Secure Shell
    • Secure Shell Server – toggle on
    • SSHd Key Only – Password or Public Key
    • Allow Agent Forwarding – ( unchecked)
    • SSH port – default 22
  • Login Protection
    • Threshold -default 30
    • Blocktime – 120
    • Detection Time – 1800
    • Whitelist – blank
  • Serial Comm – default values
  • Console Options
    • Console meu – ( unchecked)

Tip: Make your server appear as Xserve in Finder

Open /etc/avahi/services/afpd.service for editing

sudo vi /etc/avahi/services/afpd.service

Copy and paste the following XML

<?xml version=”1.0″ standalone=”no”?>
<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
<service-group>
<name replace-wildcards=”yes”>%h</name>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

Restart avahi daemon

sudo service avahi-daemon restart

Use Free Let’Encrypt SSL certificate in Webmin

For the purpose of demonstrating this tutorial I will be using Ubuntu 18.04 LTS.

Step1. Check Webmin version

Webmin can now request SSL certificates from Let’s Encrypt from within the UI. However to use this you will have to be at least on v 1.78

Step 2. Install Let’s Encrypt Client

Ubuntu 18.04

sudo apt-get install letsencrypt

Step3 – Configure Webmin

Goto Webmin –> Webmin Configuration

Click on the gear icon on the top left corner called the “Module Config”

Fill in the Full path to Let’s Encrypt client command field with the absolute path of letsencrypt

/usr/bin/letsencrypt

Goto Webmin –> Webmin Configuration and client on the box “SSL Encryption”

Click on the “Let’s Encrypt” Tab.

Click on the “Request Certificate” button

Step 4 – Completed

Refresh the Webmin interface and the site would now appear properly secured via HTTPS.

HOWTO: Setup a Time Machine Server on Ubuntu Server 14.04, 16.04, 18.04 & Debian

In this post lets look at the steps to quickly reconfigure a Ubuntu / Debian server to function as a Time Machine server. TM backup tested with OSX Mountain Lion , Mavericks, Yosemite and El Capitan.

  • Install following packages

sudo apt-get install netatalk avahi-daemon

  • Create a new folder which will contain the TM backup.

mkdir -R /data/TimeMachineBackup

  • Create a new user and grant access to the folder created in previous step

sudo adduser tux-networks

sudo chown -R tux-networks:tux-networks /data/TimeMachinebacku

  • Backup the default configuration file installed by apt-get

sudo mv /etc/netatalk/AppleVolumes.default /etc/netatalk/AppleVolumes.default.back

  • Create a new configuration file and edit using vi or other text editors

sudo vi /etc/netatalk/AppleVolumes.default

the following lines exist by default on my machine (this is default setting for all shares)

:DEFAULT: options:upriv,usedots

  • Add the new folder that was created earlier

/data/TimeMachineBackup “Tux Networks’s TM Backup” options:tm volsizelimit:500000 allow:tux-networks
options:tm –> timemachine
volsizelimit –> 500GB of space available for Time Machine
allow –> user id having access to this folder

  • Restart netatalk

sudo service netatalk restart

  • Connect to ubuntu server using Finder on your Mac in the “Go” menu, click “Connect to server…”. In the server address field type afp://192.168.x.x/ then click “Connect”, you will be asked to input a login and password which is the user created in step 3.
  • After connected, type Time Machine in search to open Time Machine app and click “Select Disk…” and select the new Ubuntu Time Machine server under “Available Disks”.
  • Provide login credentials if asked again.


Buffalo Linkstation ACP Commander GUI

ACP Commander GUI is a Graphical User Interface using acp_commander developed by Georg from NAS-Central. ACP Commander GUI is based on the code of acp_commander with some modifications for better integration into the GUI.

Original link: http://www.gry.ch/Java/styled/

Thanks to Georg for his nice work!

ACP Commander GUI can be used to remotely control your arm9-based LS Pro/LS Live/Tera Pro v2/Tera Live devices. I only tested it with an LS Live, but the others should work to.

I am keeping a copy of the files for my future reference, as I noticed NAS-Central is down since Aug’18.

Features:

  • Automatically detects LinkStations™ available in your network, just select the desired one from the pulldown box.
  • Execute Linux commands directly on the LinkStation™ and get the output in the log window.
  • Set the door password of the LinkStation™.
  • Enable SSH (sshd). It will also add a startup entry so that SSH is also available after each reboot.
  • Tested on Firmware versions 1.560 and 1.570.

Simply enter the admin password in the “Admin password” field and you are done. That is the one you do also use to login to the Web Interface of the LinkStation™. After that, simply click on one of the buttons to execute the desired action.

For more LinkStation™ information visit Buffalo Technology.

Note: The data that can be returned from the LinkStation™ is limited by the protocol. That means if you manually execute a command (like “ls”) on the device it could be possible that you don’t get the full result back. Just keep that in mind.

Warning: This is experimental software that might damage your LinkStation™.

Version History:

  • 1.5.6 (08.04.2012)
    Initial release.

Archive include the following:

acp_commander_gui

  • acp_commander.jar
  • acp_commander_gui_156.jar
  • acp_commander_gui_156.zip

How to remove password from PDF files with Google Chrome

Typically statements from Banks or Securities Brokers are password protected PDF files as these contain personal information.

In this article we can see how to remove password and archive the PDF files.

PDF file password can be removed using Google Chrome by following the steps outlined here:

1. Open the PDF file in chrome by drag and drop the PDF file on chrome browser.

2. Provide password and open the PDF file.

3. From file menu choose Print ( or press Ctl P on Windows or command + p on MAC). Choose the destination printer as “Safe as PDF” and click on save button.

4. Google Chrome will save the PDF file to your desktop without any password protection.