Alpine Linux container with networking tools and more.
7.1K
This is an Alpine Linux based Docker image with installed networking tools: curl, dig, nslookup.
It also includes the functionality for easily adding packages and applying predefined configurations — called 'features'.
For example, to start an SSH server configured for SOCKS tunneling, run:
docker run -e FEATURE=ssh_tunnel \
-p 22:22 ... \
200ms/alpinenet_dev2
This image is a 'Swiss Army knife' for handling development and testing tasks. Below is a list of implemented features:
Package related:
python - installs Python, Pip amd creates venv.update2gnu - replaces 'busybox' tools with a GNU fully flagged versions.System features:
dev2fs - adds Dev2FS, it is a filesystem for automatic uid:gid remapping, useful while sharing volumes: see at GitHub.repath - automatically updates '$PATH' variable to include non-standard locations.sudo - adds selected commands to sudoers configuration.Networking:
net_insight - adds 'tcpdump' configured to pipe captured traffic to a file pipe for use with Wireshark. Useful for sniffing network traffic.ssh_tunnel - sets up a SOCKS proxy, useful for accessing Docker's sandboxed network from the host.You can also use feat -h to get command line help.
A feature/features can be added to a new container during its creation using the FEATURE variable (or its short alias: FEAT). Features can also be added and launched within an existing container using the feat command. See the usage cases below:
# Create container with feature/features:
docker run -e FEATURE='<feature list>' ... 200ms/alpinenet_dev2
# or, add to an existing container:
docker exec ... <cont. name> feat setup <feature list>
docker exec ... <cont. name> feat start <feature list>
Installed features are brought up automatically at container startup. The feat start command is only necessary just after a manual feat setup.
If a feature requires extra parameters, they are set using a feature-specific variable, e.g. $SUDOERS for sudo feature.
Below features add a set of useful packages with just 'one command'.
Specific variables: NONE
Install current versions of Python and Pip. It automatically creates venv for all available users — including root.
Specific variables: NONE
Alpine Linux comes with BusyBox that is a light-weight alternative for GNU fully flagged tools (such as find, diff, nc). If full compatibility with GNU is required, BusyBox can be replaced by adding this feature.
Below features can be used to add a practical functions to Docker container.
Specific variables:
DEV2FS_SOURCE — source path, optional variable
Source path: directory where files are located.
DEV2FS_TARGET — target path
Target path: directory where re-mapped uid:gid files are — to be accessed by application.
Dev2FS was developed to automate UID:GID remapping. The issue with containers is that when a containerized application runs with a default UID, shared files become practically inaccessible to the host user. For example, a web server typically runs as www-data:www-data (33:33). If the files used by this server are shared with the host, their UID:GID will not match the host user's typical ID of 1000:1000. As a result, the web server encounters difficulties accessing files for reading or writing. Manually switching to root for every modification is neither practical nor efficient. To address this, Dev2FS was designed to handle UID:GID remapping seamlessly.
mkdir ~/my.nginx.share
docker run -it --cap-add=SYS_ADMIN --device /dev/fuse \
-v ~/my.nginx.share:/mnt \
-e PKGS_ADD=nginx \
-e FEATURE=dev2fs \
-e DEV2FS_SOURCE=/mnt \
-e DEV2FS_TARGET=/var/www/localhost/htdocs \
-p 80:80 \
200ms/alpinenet_dev2
Notice, Dev2FS uses Linux FUSE, therefore host must have fuse module loaded, /dev/fuse must be shared with container that has to have elevated privileges (--cap-add=SYS_ADMIN --device /dev/fuse).
The target directory is a mount point, and all files within this location will automatically inherit the ownership of the target directory. For example, if /var/www/localhost/htdocs has an ownership of 0:82, any files within this directory mounted with Dev2FS will also have 0:82, regardless of the permissions in the source directory.
Tip: DEV2FS_SOURCE is optional. If not specified, the container will automatically detect the first shared host directory and use it as the source. Thus, if the configuration requires only one shared volume, setting DEV2FS_SOURCE is not necessary.
Specific variables: NONE
Re-path feature automatically updates $PATH variable with shared volumes locations if executable file has been found, e.g.:
# running potencially 'dangerous' project:
docker run --detach --name exec_jail \
-e FEATURE='repath' \
-v path/to/dangerous/project:/opt/dangerous \
200ms/alpinenet_dev2
docker exec -it exec_jail sh -l -c 'run-project.sh'
This feature was developed to simplify launching various projects inside a container.
Specific variables:
SUDOERS — list of commands to be added to 'sudo'
sudo feature adds commands from \$SUDOERS variable into sudoers configuration — letting on launching them as regular user. Feature adds automatically user user. Example of usage of sudo feature:
docker run --detach --name sudoers_container
-e FEATURE='sudo' \
-e SUDOERS='ls rpm' \
-e PKGS_ADD='rpm'
200ms/alpinenet_dev2
docker exec -u user sudoers_container sh -l -c 'sudo ls /root'
These features add network insight capabilities.
Specific variables:
MYROLE — short name to indicate 'role', default is a 'client', it might be set to server, router, etc. If not defined default is used.
net_insight launches 'tcpdump' to listen on all interfaces. 'tcpdump' is configured to capture and forward packets to a pipe file, which is created inside /tmp.pipes. By sharing this directory with the host, the user can access the data via Wireshark or other tools to analyze the traffic. Below is an example:
mkdir /tmp/net.sniff
docker run -it --name net_sniffing \
-v /tmp/net.sniff:/tmp.pipes \
-e FEATURES=net_insight \
-e MYROLE=sniffer \
200ms/alpinenet_dev2
The container will create a pipe called 'sniffer', which can be accessed via /tmp/net.sniff/sniffer. At the start, container prints a short memo explaining the parameters to be used to launch Wireshark.
Specific variables: NONE
It can be used as a 'gateway' for accessing Docker bridged network from a web browser (via SOCKS proxy). Useful for testing web configurations.
To use this feature run:
docker run -it --name ssh_service \
-e FEATURES=ssh_tunnel \
-p 127.0.0.1:2222:22 \
200ms/alpinenet_dev2
This will launch docker with SSH server configured for expecting password-less connections from user user (therefore, it's a good practice to limit port to 127.0.0.1).
To test connection:
ssh user@localhost -p 2222
To bind port for SOCK proxy issue:
ssh user@localhost -p 2222 -ND localhost:1080
PKGS_ADD variableIf you need to install specific Alpine packages during container creation, the list of packages can be defined in the PKGS_ADD variable.
Don't add hostkey to known_hosts for SSH - superuser.com
Content type
Image
Digest
sha256:9f0a2f4a0…
Size
75 MB
Last updated
8 months ago
docker pull 200ms/alpinenet_dev2:testing