200ms/alpinenet_dev2

By 200ms

Updated 8 months ago

Alpine Linux container with networking tools and more.

Image
Networking
Operating systems
0

7.1K

200ms/alpinenet_dev2 repository overview

Alpine Linux with networking tools and more

This is an Alpine Linux based Docker image with installed networking tools: curl, dig, nslookup.

It also includes the functionality for easily adding packages and applying predefined configurations — called 'features'.

For example, to start an SSH server configured for SOCKS tunneling, run:

docker run  -e FEATURE=ssh_tunnel \
            -p 22:22 ... \
            200ms/alpinenet_dev2

Available features

This image is a 'Swiss Army knife' for handling development and testing tasks. Below is a list of implemented features:

Package related:

  • python - installs Python, Pip amd creates venv.
  • update2gnu - replaces 'busybox' tools with a GNU fully flagged versions.

System features:

  • dev2fs - adds Dev2FS, it is a filesystem for automatic uid:gid remapping, useful while sharing volumes: see at GitHub.
  • repath - automatically updates '$PATH' variable to include non-standard locations.
  • sudo - adds selected commands to sudoers configuration.

Networking:

  • net_insight - adds 'tcpdump' configured to pipe captured traffic to a file pipe for use with Wireshark. Useful for sniffing network traffic.
  • ssh_tunnel - sets up a SOCKS proxy, useful for accessing Docker's sandboxed network from the host.

You can also use feat -h to get command line help.

Usage

A feature/features can be added to a new container during its creation using the FEATURE variable (or its short alias: FEAT). Features can also be added and launched within an existing container using the feat command. See the usage cases below:

# Create container with feature/features: 
docker run -e FEATURE='<feature list>' ... 200ms/alpinenet_dev2

# or, add to an existing container: 
docker exec ... <cont. name> feat setup <feature list>
docker exec ... <cont. name> feat start <feature list>

Installed features are brought up automatically at container startup. The feat start command is only necessary just after a manual feat setup.

If a feature requires extra parameters, they are set using a feature-specific variable, e.g. $SUDOERS for sudo feature.

Below features add a set of useful packages with just 'one command'.

python

Specific variables: NONE

Description

Install current versions of Python and Pip. It automatically creates venv for all available users — including root.

update2gnu

Specific variables: NONE

Description

Alpine Linux comes with BusyBox that is a light-weight alternative for GNU fully flagged tools (such as find, diff, nc). If full compatibility with GNU is required, BusyBox can be replaced by adding this feature.

System features

Below features can be used to add a practical functions to Docker container.

dev2fs

Specific variables:

DEV2FS_SOURCE — source path, optional variable

Source path: directory where files are located.

DEV2FS_TARGET — target path

Target path: directory where re-mapped uid:gid files are — to be accessed by application.

Description

Dev2FS was developed to automate UID:GID remapping. The issue with containers is that when a containerized application runs with a default UID, shared files become practically inaccessible to the host user. For example, a web server typically runs as www-data:www-data (33:33). If the files used by this server are shared with the host, their UID:GID will not match the host user's typical ID of 1000:1000. As a result, the web server encounters difficulties accessing files for reading or writing. Manually switching to root for every modification is neither practical nor efficient. To address this, Dev2FS was designed to handle UID:GID remapping seamlessly.

mkdir ~/my.nginx.share

docker run -it --cap-add=SYS_ADMIN --device /dev/fuse \
    -v ~/my.nginx.share:/mnt \
    -e PKGS_ADD=nginx \
    -e FEATURE=dev2fs \
    -e DEV2FS_SOURCE=/mnt \
    -e DEV2FS_TARGET=/var/www/localhost/htdocs \
    -p 80:80 \
    200ms/alpinenet_dev2

Notice, Dev2FS uses Linux FUSE, therefore host must have fuse module loaded, /dev/fuse must be shared with container that has to have elevated privileges (--cap-add=SYS_ADMIN --device /dev/fuse).

The target directory is a mount point, and all files within this location will automatically inherit the ownership of the target directory. For example, if /var/www/localhost/htdocs has an ownership of 0:82, any files within this directory mounted with Dev2FS will also have 0:82, regardless of the permissions in the source directory.

Tip: DEV2FS_SOURCE is optional. If not specified, the container will automatically detect the first shared host directory and use it as the source. Thus, if the configuration requires only one shared volume, setting DEV2FS_SOURCE is not necessary.

repath

Specific variables: NONE

Description

Re-path feature automatically updates $PATH variable with shared volumes locations if executable file has been found, e.g.:

# running potencially 'dangerous' project: 
docker run --detach --name exec_jail \
        -e FEATURE='repath' \
        -v path/to/dangerous/project:/opt/dangerous \
        200ms/alpinenet_dev2

docker exec -it exec_jail sh -l -c 'run-project.sh'

This feature was developed to simplify launching various projects inside a container.

sudo

Specific variables:

SUDOERS — list of commands to be added to 'sudo'

Description

sudo feature adds commands from \$SUDOERS variable into sudoers configuration — letting on launching them as regular user. Feature adds automatically user user. Example of usage of sudo feature:

docker run --detach --name sudoers_container
        -e FEATURE='sudo' \
        -e SUDOERS='ls rpm' \
        -e PKGS_ADD='rpm'
        200ms/alpinenet_dev2

docker exec -u user sudoers_container sh -l -c 'sudo ls /root'
Networking

These features add network insight capabilities.

net_insight

Specific variables:

MYROLE — short name to indicate 'role', default is a 'client', it might be set to server, router, etc. If not defined default is used.

Description

net_insight launches 'tcpdump' to listen on all interfaces. 'tcpdump' is configured to capture and forward packets to a pipe file, which is created inside /tmp.pipes. By sharing this directory with the host, the user can access the data via Wireshark or other tools to analyze the traffic. Below is an example:

mkdir /tmp/net.sniff

docker run -it --name net_sniffing \
        -v /tmp/net.sniff:/tmp.pipes \
        -e FEATURES=net_insight \
        -e MYROLE=sniffer \
        200ms/alpinenet_dev2

The container will create a pipe called 'sniffer', which can be accessed via /tmp/net.sniff/sniffer. At the start, container prints a short memo explaining the parameters to be used to launch Wireshark.

ssh_tunnel

Specific variables: NONE

Description

It can be used as a 'gateway' for accessing Docker bridged network from a web browser (via SOCKS proxy). Useful for testing web configurations.

To use this feature run:

docker run -it --name ssh_service \
        -e FEATURES=ssh_tunnel \
        -p 127.0.0.1:2222:22 \
        200ms/alpinenet_dev2

This will launch docker with SSH server configured for expecting password-less connections from user user (therefore, it's a good practice to limit port to 127.0.0.1).

To test connection:

ssh user@localhost -p 2222

To bind port for SOCK proxy issue:

ssh user@localhost -p 2222 -ND localhost:1080

PKGS_ADD variable

If you need to install specific Alpine packages during container creation, the list of packages can be defined in the PKGS_ADD variable.

References

Don't add hostkey to known_hosts for SSH - superuser.com

Disabling search in the address bar

Setting up a Docker container as a DHCP server

Tag summary

Content type

Image

Digest

sha256:9f0a2f4a0

Size

75 MB

Last updated

8 months ago

docker pull 200ms/alpinenet_dev2:testing