Tob1as/docker-tools

Tools collection - Docker Images for amd64, arm64, arm (Raspberry Pi)

GITHUB

Tools

Tools collection

All Images are Multiarch (AMD64, ARM64 and ARM) builds and in the following Container Registries:

• ghcr.io/tob1as/docker-tools:<TAG>
• tobi312/tools:<TAG>
• quay.io/tobi312/tools:<TAG>

Tools/Tags:

• adminer
• autossh
• azcopy
• c-mqtt-forwarder
• dnsmasq
• easy-rsa
• figlet
• htpasswd
• irc-exporter
• keepalived
• kiwiirc
• mqtt-board
• mqtt-client
• mqtt-forwarder
• postgres-exporter
• prometheus-mosquitto-exporter
• prometheus-mqtt-transport
• squid
• ToolBox:
  • toolbox
  • toolbox-extended
• Deprecated:
  • pgadmin4

figlet

FIGlet is a computer program that generates text banners.

This Docker Image is based on latest AlpineLinux, see Dockerfile for more details.

Example

docker run --rm --name figlet -it tobi312/tools:figlet 'Hello :D'

Output:

 _   _      _ _           ____
| | | | ___| | | ___    _|  _ \
| |_| |/ _ \ | |/ _ \  (_) | | |
|  _  |  __/ | | (_) |  _| |_| |
|_| |_|\___|_|_|\___/  (_)____/

htpasswd

htpasswd create username password information of a web server.

This Docker Image is based on latest AlpineLinux, see Dockerfile for more details.

Example

docker run --rm -it tobi312/tools:htpasswd -bn username passw0rd

Output:

username:$apr1$Sk1pFYwB$ivgO9asJe4WkalyC7L5TV0

ToolBox

Toolbox with git, wget, curl, nano, netcat and more.

This Docker Image is based on latest AlpineLinux, see Dockerfile and Dockerfile (extended) for more details.

Example for Docker

# start
docker run --rm --name toolbox -d tobi312/tools:toolbox
# exec
docker exec -it toolbox sh
# use (example: check port is open)
nc -zv -w 3 <HOST> <PORT>

Example for Docker-Compose

Create file `toolbox.yml` with this content: (click)

version: '2.4'
services:

  toolbox:
    image: tobi312/tools:toolbox
    #image: tobi312/tools:toolbox-extended
    container_name: toolbox
    restart: unless-stopped
    #user: "1000:1000"  # format: "${UID}:${GID}"
    #entrypoint: [ "/bin/sh", "-c", "--" ]
    #command: [ "while true; do sleep 60; done;" ] 

and then:

# start
docker-compose -f toolbox.yml up -d
# exec (you can use sh or bash)
docker-compose -f toolbox.yml exec toolbox sh
# or
docker exec -it toolbox sh
# use (example: check port is open)
nc -zv -w 3 <HOST> <PORT>

Example for Kubernetes

Create file `toolbox.yaml` with this content: (click)

apiVersion: v1
kind: Pod
metadata:
  name: toolbox
  namespace: default
spec:
  containers:
  - name: toolbox
    image: tobi312/tools:toolbox
    resources:
      requests:
        memory: "128Mi"
        cpu: "0.1"
      limits:
        memory: "512Mi"
        cpu: "0.5"

and then:

# start
kubectl apply -f toolbox.yaml
# exec
kubectl exec -it pod/toolbox -- sh
# use (example: check port is open)
nc -zv -w 3 <HOST> <PORT>

Or example for Deployment.

pgAdmin4

pgAdmin4 is a Open Source graphical management tool for PostgreSQL.

This Docker Image is build from offical GitHub Repo.

For configuration see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html!

Example for Docker-Compose

Create a file `docker-compose.yml` with this content: (click)

version: "2.4"
services:

  pgadmin4:
    image: tobi312/pgadmin4:latest
    container_name: pgadmin4
    volumes:
      - ./pgadmin:/var/lib/pgadmin
    environment:
      - PGADMIN_DEFAULT_EMAIL=admin@email.local
      - PGADMIN_DEFAULT_PASSWORD=passw0rd
      - PGADMIN_LISTEN_PORT=5050
      - SCRIPT_NAME=/pgadmin
      # INFO: use PGADMIN_CONFIG_ prefix for any variable name from config.py
      - PGADMIN_CONFIG_LOGIN_BANNER='Multiarch pgAdmin4 :-)'
      - PGADMIN_CONFIG_CONSOLE_LOG_LEVEL=10
    restart: unless-stopped
    ports:
      - 5050:5050
    healthcheck:
      test:  wget --quiet --tries=1 --spider --no-check-certificate http://localhost:5050/pgadmin/misc/ping || exit 1
      start_period: 30s
      interval: 60s
      timeout: 5s
      retries: 5

URL: http://HOSTNAME:5050/pgadmin

other Example

Example for Kubernetes

Create a file `pgadmin4.yaml` with this content: (click)

apiVersion: v1
kind: ConfigMap
metadata:
  name: pgadmin4-env-config
  namespace: default
  labels:
    app: pgadmin4
data:
  PGADMIN_LISTEN_PORT: "5050"
  SCRIPT_NAME: "/pgadmin"
  # INFO: use PGADMIN_CONFIG_ prefix for any variable name from config.py
  PGADMIN_CONFIG_LOGIN_BANNER: "\"Multiarch pgAdmin4 :-)\""
  PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "10"
---
# secret - variable in base64: "echo -n 'value' | base64"
apiVersion: v1
kind: Secret
metadata:
  name: pgadmin4-env-secret
  namespace: default
  labels:
    app: pgadmin4
data:
  PGADMIN_DEFAULT_EMAIL: YWRtaW5AZW1haWwubG9jYWw=  # admin@email.local
  PGADMIN_DEFAULT_PASSWORD: cGFzc3cwcmQ=           # passw0rd
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin4
  namespace: default
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: pgadmin4
  template:
    metadata:
      labels:
        app: pgadmin4
    spec:
      containers:
        - name: pgadmin4
          image: tobi312/pgadmin4:latest # dpage/pgadmin4:latest
          imagePullPolicy: Always
          envFrom:
          - configMapRef:
              name: pgadmin4-env-config
          - secretRef:
              name: pgadmin4-env-secret
          ports:
            - containerPort: 5050
          resources:
            requests:
              memory: "128Mi"
              cpu: "0.1"
            limits:
              memory: "512Mi"
              cpu: "0.5"
          volumeMounts:
            - mountPath: /var/lib/pgadmin
              name: pgadmin-data
      initContainers:
        - name: volume-mount-chmod
          image: busybox
          command: ["sh", "-c", "mkdir -p /var/lib/pgadmin; chmod 777 /var/lib/pgadmin; exit"]
          volumeMounts:
            - mountPath: /var/lib/pgadmin
              name: pgadmin-data
          resources:
            requests:
              memory: "64Mi"
              cpu: "0.1"
            limits:
              memory: "256Mi"
              cpu: "0.5"
      restartPolicy: Always
      volumes:
        - name: pgadmin-data
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin4
  namespace: default
spec:
  ports:
    - name: pgadmin4
      protocol: TCP
      port: 5050
      targetPort: 5050
  selector:
    app: pgadmin4
---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pgadmin4
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    #cert-manager.io/cluster-issuer: ingress-tls-secret
    #cert-manager.io/acme-challenge-type: http01
spec:
  #tls:
  #- hosts:
  #  - tools.example.com
  #  secretName: ingress-tls-secret
  rules:
  - host: tools.example.com
    http:
      paths:
      - path: /pgadmin
        pathType: ImplementationSpecific
        backend:
          service:
            name: pgadmin4
            port:
              #name: pgadmin4
              number: 5050

URL: http://HOSTNAME:5050/pgadmin

dnsmasq

dnsmasq is a lightweight dns and dhcp server.

Example for Docker-Compose

Create file `docker-compose.yml` with this content: (click)

version: "2.4"
services:

  dnsmasq:
    image: tobi312/tools:dnsmasq
    container_name: dnsmasq
    restart: unless-stopped
    ports:
      - 53:53/tcp # DNS
      - 53:53/udp # DNS
      - 67:67/udp # DHCP Server
      #- 68:68/udp # DHCP Client
      #- 69:69/udp # TFTP
    volumes:
      - ./dnsmasq/:/etc/dnsmasq.d/:rw  # add your config files in this folder
    #network_mode: host
    cap_add:
      - 'NET_ADMIN'

easy-rsa

easy-rsa is a CLI utility to build and manage a PKI CA.

• offical Docs
• Dockerfile

Example(s)

# help
docker run --rm --name easy-rsa -it tobi312/tools:easy-rsa-3.1.7 help

Example (1) - root-ca & certs: (click)

# Preparation
mkdir ~/data_easyrsa
# IMPORANT: Execute all Command from this/next Folder !!
cd ~/data_easyrsa

# root-ca
# init pki
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki
# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ./pki/vars
# now EDIT "vars"-File in ./pki
# and then build ca:
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca

# Server Cert (repeat this steps for other domains)
# create server cert request
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 --subject-alt-name="DNS:example.com,DNS:*.example.com,IP:192.168.1.100" gen-req example-com nopass
# sign server cert
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req server example-com
# check cert
openssl verify -verbose -CAfile ${PWD}/pki/ca.crt ${PWD}/pki/issued/example-com.crt
openssl x509 -noout -text -in ${PWD}/pki/issued/example-com.crt

Example (2) - root-ca, intermediate-ca & certs: (click)

Preparation:

mkdir ~/data_easyrsa
# IMPORANT: Execute all Command from this/next Folder !!
cd ~/data_easyrsa

root-ca:

# init pki (need "soft" to write in mounted volume subpath "/easyrsa/root-ca" instead "/easyrsa/pki")
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki soft
# ASK: Confirm removal: yes

# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ${PWD}/root-ca/vars
# now EDIT "vars"-File in ./root-ca
# and then build ca:
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca
# ASK: Enter New CA Key Passphrase:
# ASK: Common Name (eg: your user, host, or server name) [Easy-RSA CA]: My Organization CA

# check/show content of root-ca "ca.crt" file
openssl x509 -noout -text -in ${PWD}/root-ca/ca.crt

intermediate-ca = subca:

# init pki (need "soft" to write in mounted volume subpath "/easyrsa/intermediate-ca" instead "/easyrsa/pki")
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki soft
# ASK: Confirm removal: yes

# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ${PWD}/intermediate-ca/vars
# now EDIT "vars"-File in ./intermediate-ca
# and then build subca:
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca subca
# ASK: Enter New CA Key Passphrase:
# ASK: Common Name (eg: your user, host, or server name) [Easy-RSA CA]: My Organization Sub-CA

# import subca in ca (Note: switch to root-ca):
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 import-req /easyrsa/intermediate-ca/reqs/ca.req intermediate-ca

# sign subca with ca (Note: switch to root-ca)
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req ca intermediate-ca
# ASK: Confirm request details: yes
# ASK: Enter pass phrase for /easyrsa/root-ca/private/ca.key:

# copy sign subca from root-ca to intermediate-ca folder
docker run --rm --name easy-rsa --entrypoint="" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 cp /easyrsa/root-ca/issued/intermediate-ca.crt /easyrsa/intermediate-ca/ca.crt
# or
cp ${PWD}/root-ca/issued/intermediate-ca.crt ${PWD}/intermediate-ca/ca.crt

# verify subca from ca
openssl verify -verbose -CAfile ${PWD}/root-ca/ca.crt ${PWD}/intermediate-ca/ca.crt
# check/show content of intermediate-ca "ca.crt" file
openssl x509 -noout -text -in ${PWD}/intermediate-ca/ca.crt


# copy subca and ca in one file called fullca.crt
cat ${PWD}/intermediate-ca/ca.crt ${PWD}/root-ca/ca.crt > ${PWD}/fullca.crt

Server Cert ... for Domain example.com:

# create server cert request
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 --subject-alt-name="DNS:example.com,DNS:*.example.com,IP:192.168.1.100" gen-req example-com nopass
# ASK: Common Name (eg: your user, host, or server name) [example-com]:example.com

# sign server cert
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req server example-com
# ASK: Confirm request details: yes
# ASK: Enter pass phrase for /easyrsa/intermediate-ca/private/ca.key:

# verify cert from subca and ca
openssl verify -verbose -CAfile ${PWD}/fullca.crt ${PWD}/intermediate-ca/issued/example-com.crt
# check/show content of cert file
openssl x509 -noout -text -in ${PWD}/intermediate-ca/issued/example-com.crt

# repeat this steps for other domains

Notes

Notes ...: (click)

• instead -e EASYRSA_PKI="/easyrsa/root-ca" you can use in command --pki-dir=/easyrsa/root-ca
• Backup: execute tar cvpzf backup_easyrsa_$(date '+%Y%m%d-%H%M').tar.gz . in data_easyrsa-Folder!
• docker run --rm --name easy-rsa --entrypoint="" -it tobi312/tools:easy-rsa-3.1.7 bash
• linux: copy ca-certs into /usr/local/share/ca-certificates/ and execute dpkg-reconfigure -f noninteractive ca-certificates
• crlDistributionPoints: OpenVPN/easy-rsa#71 & OpenVPN/easy-rsa#472 & OpenVPN/easy-rsa#15 & "/usr/share/easy-rsa/x509-types/COMMON
• more help: OpenVPN/easy-rsa#190 (comment) & https://documentation.abas.cloud/en/abas-installer/Zertifikate_en/index.html