Installing Docker CE on RHEL 7.x

Note: Docker CE is not officially supported by RHEL, however using Centos repos its possible to install Docker CE on RHEL

The following commands are needed to install Docker CE, its essential to install container-selinux before docker. You will have to install the latest version of container-selinux by referring this link  http://mirror.centos.org/centos/7/extras/x86_64/Packages. At the time of writing this article it was 2.107.3

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm
sudo yum install -y docker-ce

Create Custom Image with Image Builder

What is Image Builder

A packaging tool officially distributed by the OpenWrt Project. You can include or delete any opkg file from the beginning in the install image file for each model.


It is of course to exclude unnecessary pkg from the beginning, but by the initial install the pkg you can to reduce the flash memory usage than to install in opkg command later.

Unlike the SDK, to create an image by combining the compiled pkg file
does not have a problem with low-spec of the PC environment. Virtual machines such as VirtualBOX / VMware are also sufficient

Preparing Linux for work

Prepare Linux such as ubuntu, debian, CentOS. The architecture must be x86_64.
Install the packages required for build.
In the case of CentOS7, the following was required.

yum install git gawk gettext ncurses-devel zlib-devel openssl-devel libxslt wget 
yum -y groupinstall base "Development tools" --setopt = group_package_types = mandatory, default, optional

For ubuntu 18.04.2 the following was required:

apt-get install build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Obtaining and deploying an image builder

Image Builder is divided by target.
The imagebuilder link is displayed at the bottom of the hierarchy where the installation image is placed. Download and expand it.
When downloading the imagebuilder for “18.06.4” and “ramips” to the current directory while downloading, it will be as follows.

curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv

Basic operations of Image Builder

1) Display the included target. The model name displayed here is the PROFILE name.

make info

2) Delete the temporary generation file Delete the generated image and intermediate files and make it clean.

make clean

3) Generate image

make image

If no argument is given, an image of all models is generated.

make image PROFILE = "wsr-1166" 

If you specify PROFILE displayed by make info, an image of only that model will be generated.
Note that Web Builder’s luci and uhttpd are not included by default in Image Builder.

Custom image creation

You can increase or decrease the number of pkg files with the PACKAGES parameter of make image.

make image PACKAGES = "pkg1 -pkg2"

If so, add pkg1 and exclude pkg2.
Even if it is installed, it may generate a brick image.
Carefully consider the addition and exclusion of pkg, considering its meaning and capacity.

Example of creating an image that excludes USB and wireless drivers including Web-GUI for WSR-1166

make image PROFILE = "wsr-1166" PACKAGES = "kmod-mt7603 -kmod-rt2800-pci -wpad-mini -iwinfo -kmod-usb-core -kmod-usb-ledtrig-usbport -kmod-usb3 -kmod-cfg80211 -hostapd-common -kmod-mac80211 -kmod-mt7603 -wireless-regdb uhttpd luci "

The generated image is in bin / targets /.

The manifest file contains the name of the installed pkg including dependencies.

Use docker to prepare a imagebuilder environment for Open WRT

Docker can be used to prepare an fully functional operating environment, to work on openwrt image builder.

Preparing Docker

Install Docker CE on Windows or Linux or Mac OS

Host Side Preparation ( assuming Linux)

Prepare a working directory

mkdir /docker

Get Docker Image

docker pull ubuntu:18.04

Start Container

docker run -d -it --name IMAGEBUILDER -v `pwd` / mnt: / mnt -w / mnt ubuntu: 18.04 bash 

Run apt-get update

docker exec IMAGEBUILDER apt-get update 
docker exec IMAGEBUILDER apt-get install -y build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Download and deploy imagebuilder

docker exec IMAGEBUILDER bash -c "curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv -C / mnt "

Connect with shell in container

docker exec -it IMAGEBUILDER bash

cd to /mnt/openwrt-imagebuilder and run make to prepare openwrt image

Cleanup Container

Check docker container status and stop

docker ps -a 
docker stop IMAGEBUILDER
docker ps -a

Deleting a stopped docker container

docker ps -a 
docker rm IMAGEBUILDER docker ps -a

If the downloaded image is unnecessary, delete it

docker images 
docker rmi ubuntu: 18.04
docker images

Let’s Encrypt Setup on pfSense using ACME

This post will list the steps to configure Let’s Encrypt SSL certificate on a pfSense box

  • Use Cloudflare DNS and point the subdomains to their DNS servers.
  • Install the “acme” package using the “Package Manager” (System / Package Manager / Available Packages)
  • After installation check if Acme Certificates option exist under Services and Click on Acme Certificates
  • Go to the “Account keys” option and click on the “Add” button
  • Provide values for Name, email-address and click on Create New Account key. Click on “Register ACME account key” and then “Save”.
  • Choose “Certificate” and provide following values:
  • Name: abc.def.com
  • Description: pfSense Certificate
  • Status – Set as Active
  • Acme Account -> account name provided in the previous step
  • Private Key – 2046-bit RSA
  • OSCP Must Staple – leave unchecked
  • Domain SAN List
    • Choose Mode as Enabled
    • Domain Name – abc.def.com
    • Method – DNS-Cloudflare
    • Key – API key from cloudfare website
    • Email – API email address
    • Enable DNS alias mode – leave blank
    • Enable DNS domain alias – leave blank
  • Click on Save
  • Click on “Issue / Renew” button to create a new certificate
  • Choose “General Settings” and click on Cron Entry – then Save

Reconfigure session to use HTTPS

Go to System / Advanced / Admin Access and make following changes:

  • Protocol – HTTPS
  • SSL Certificate – Choose the Let’s Encrypt certificate created previously
  • Max Processes – 2
  • WebGUI redirect – blank ( unchecked)
  • HSTS – blank ( unchecked)
  • OCSP Must-Staple – blank ( unchecked)
  • WebGUI Login Autocomplete – Toggle On
  • WebGUI login messages – ( unchecked)
  • Anti-lockout – ( unchecked)
  • DNS Rebind Check – Toggle On
  • Alternate Hostnames – provide if any
  • Browser HTTP_REFERER enforcement – Toggle On
  • Browser tab text – blank
  • Secure Shell
    • Secure Shell Server – toggle on
    • SSHd Key Only – Password or Public Key
    • Allow Agent Forwarding – ( unchecked)
    • SSH port – default 22
  • Login Protection
    • Threshold -default 30
    • Blocktime – 120
    • Detection Time – 1800
    • Whitelist – blank
  • Serial Comm – default values
  • Console Options
    • Console meu – ( unchecked)