Containers, VPNs and Home Services

mwtb.png

"I been ridin on a wire just readin the sitch Keep my signal clean with my eye on the snitch Picking up the coins when I can on the roam All the time thinkin that there's no place like home"

-- Robbie Bones and the Differentials


At some point, we've all run into limits to what we can do or fit on whatever we're using in the field, and you want a server of your own. We've all been there. You're out and about, using someone else's network, and for whatever reason, you'd enjoy a bit of privacy. Running a server at home can be tricky. Not only is it another computer you have to power and maintain, but if you want to use it from outside of your home, you're going to have to balance security with exposing your computer to the world. Fortunately, you've got some options. Containers

Screen Shot 2020-02-01 at 2.35.49 PM.png

One tool we can use to help manage these issues is containers. Isolating different elements, to reduce the risk of a compromised service is nothing new. We were using chroots to do the same back in the 90s. What has changed is that things have gotten a lot more friendly, and there are frameworks that make it easy to adapt a service into a container.

Enter Docker

We'll be installing Docker, a container platform, which is the de-facto standard

for containerization under Linux (and MacOS and Windows). This buys us a

couple of things:

  • We get to reuse other people's work through resources like Docker Hub, where often the container is developed by the same team that writes the software.

  • We aren't limited to applications that are packaged for our operating system.

  • We can setup the service on one system, and deploy it easily on another. Sometimes on wildly different platforms. You could install and tweak things on your PC, but run it on a Raspberry Pi (as one example).

  • When the services you want outgrow one system (which will happen relatively quickly if you're serving from a SBC), you can spread out onto other computers painlessly.

Installation

Depending on the distribution running on your server, you've got a

couple of options. Most major distributions either have official

packages available from Docker, or ship with their own docker packages.

For distributions that don't, there is a convienence script available at

get.docker.com that'll work (we'll be using this for the RPi install).

Static binaries and installing from source are also options that are

beyond the scope of this article.

curl -fsL https://get.docker.com -o get-docker.sh

Just to explain what that's doing - curl is a client for urls. This

particular command is set to be silent (-s) even if it gets an error

(-f) and will follow server redirects. Whatever it gets, it'll output

(-o) it to a file named get-docker.sh. It's always a good idea to take a

look at any script you've downloaded before running it, in case there's

anything that looks suspcicous.

sh get-docker.sh

This'll add the appropriate repositories and install the docker

packages.

One more thing you need to do, is allow the username the ability to run

docker commands.

sudo adduser pi docker

Which will add the user named pi to the group docker (which is allowed

to run docker commands)

Logout and back in, and you're all set. Test docker by running the

following command

docker run --rm hello-world

That'll download the hello-world image, run it in a container, and then

remove (--rm) the i container.

While I'll be doing this on my RPi3b, it could be just about anything, some old laptops, or even a server hosted elsewhere, heck, I hear that Big Broogle has a free tier in their cloud hosting.

That's all for now choombas, next time, we'll get some actual services going. I'm thinking maybe a vpn and a pastebin. In the meantime, keep an eye out for Wilson!

I'll be over in this thread - https://www.cyberdeck.cafe/forum/software/discussion-containers-vpns-and-home-services if you've got any questions, or need any help.

(Credit) exedore6

Previous
Previous

CYBERPUNK 2.0.2.0. - Part 1

Next
Next

(Neo)Vim for the Uninitiated