docker – Grafana local CORS bypass using nginx

I’m trying to work with a grafana server in an environment I can’t change.

I need CORS to be enabled to develop locally. I’m trying to start a local docker nginx server to solve it when developing locally

My nginx.conf:

server {
        listen 5000;
        server_name localhost;

        add_header 'Access-Control-Allow-Origin' $http_origin;
        add_header 'Access-Control-Allow-Methods' 'GET, POST';
        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
        add_header 'Access-Control-Allow-Credentials' 'true';

        location / {
            proxy_pass                 http://10.53.162.9;
            proxy_set_header           X-Real-IP   $remote_addr;
            proxy_set_header           X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header           X-Forwarded-Proto  $scheme;
            proxy_set_header           X-Forwarded-Server  $host;
            proxy_set_header           X-Forwarded-Host  $host;
            proxy_set_header           Host  $host;
        
            if ($request_method = 'OPTIONS' ) {
                # if request method is options we immediately return with 200 OK.
                return 200;
            }
        }                       
}        

In nginx I’m getting:

*1 upstream prematurely closed connection while reading response header from upstream, client: 172.17.0.1, server: localhost

In the browser when trying to load a path:

Access to XMLHttpRequest at ‘http://localhost:5000/grafana/path’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Tried everything I can think of but the request is still getting blocked. Where am I going wrong?

network – How to use ansible playbook to add new rules to snort docker container?

I have a snort docker container running on my network to detect attacks and i would like to use ansible to run a playbook to add a new rule to snort . I have installed ansible security ids rule on the host (Centos 7) and created a playbook designed to add a new rule to snort, howver why i do try to run the playbook i get the following error :

The error appears to have been in '/etc/ansible/roles/ansible_security.ids_rule/tasks/main.yml': line 26, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: include ids_provider tasks*
  ^ here    "

How do I use get ansible playbook to run on snort container?

distributed computing – How to simulate a fault tolerant system with kubernetes + docker?

I am trying to create a fault-tolerant system and test out some principles of distributed systems

Is it possible to do this with a combination kubernetes + docker desktop? I’d prefer not using any PaaS such a GKE.

I would love some starter suggestions or pointers on how I could go about this – thank you!

Ruta de windows para el mountpoint de un volumen (Docker)

He visto en este video https://www.youtube.com/watch?v=jTeDNXLFYjE&feature=emb_logo que el mountpoint de los volúmenes puede tener una dirección dentro del sistema de archivos de Windows.

Mi problema es que por mas que yo intente cambiar cosas, la ruta del mountpoint es siempre la misma, una ruta de Linux.
Captura mountpoint

Yo instale Docker usando DockerDesktop y al momento de instalarlo tenia WSL2, más tarde instale el Hyper-V de Windows.

Mi sospecha es que la configuración predeterminada ya dicta que los volúmenes se guarden en Linux pero cuando ejecuto WSL desde la consola no puedo encontrar esa ruta.
Captura WSL

Necesito configurar Docker para que por defecto cree los volumenes en una ruta dentro de Windows.

linux – How do I get snort to detect traffic going to metasploitable docker container?

I have setup Snort and I have metasploitable 2 running in a docker container on Centos 7 host. I am trying to get snort to detect traffic traveling to the Metasploitable 2 container. I’ve tried pinging the metasploitable2 container from my host but snort doesn’t detect it. It doesn’t detect when i ping my host from my metasploitable container.

However Snort detects my pings whenever i ping google.com or other websites from my host. It

How do I get Snort to detect traffic traveling to a docker container?

Docker Compose ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

I have docker running on a centOS VM.

All of a sudden my docker stopped working.

When running docker-compose up, I get the following error every time:

Creating network “nginx-php” with the default driver ERROR: could not
find an available, non-overlapping IPv4 address pool among the
defaults to assign to the network

I tried uninstalling Docker and reinstalling it, but that didn’t help.

docker network ls

NETWORK ID          NAME                DRIVER              SCOPE
ab8bed8d0def        bridge              bridge              local
eaf1f1928b69        host                host                local
a1e3c9baf283        none                null                local

Is Docker Desktop safe to use on a unsecured network?

I use Docker Desktop for Windows. I noticed it adds to my OS’s host file <ip> host.docker.internal, where <ip> is the private machine IP for the connected local network. (This DNS name is used to communicate from containers to the host machine.) What are the implications of this? Does this mean that a machine connected to the same network can access Docker on my machine? Is Docker safe to use on a unsecured network?

docker – How to configure Wireguard to allow Internet access?

I have an Ubuntu 20.04.1 LTS to host a linuxserver/wireguard Docker container. Clients can successfully connect to the Wireguard server, but I’m unable browse Internet websites on the clients while they’re connected. How do I configure my Wireguard server to achieve this?

My internal network is 192.168.0.0/24 with the gateway at 192.168.0.1 and the Ubuntu server at 192.168.0.2.

My docker-compose.yml

version: "3.6"
services:

  portainer:
    image: portainer/portainer-ce
    container_name: portainer
    restart: always
    command: -H unix:///var/run/docker.sock
    ports:
      - "9000:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${USERDIR}/docker/portainer/data:/data
      - ${USERDIR}/docker/shared:/shared
    environment:
      - TZ='America/Chicago'

  watchtower:
    container_name: watchtower
    restart: always
    image: v2tec/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command: --schedule "0 0 4 * * *" --cleanup

  plexms:
    container_name: plexms
    restart: unless-stopped
    image: plexinc/pms-docker
    volumes:
      - ${USERDIR}/docker/plexms:/config
      - ${USERDIR}/Downloads/plex_tmp:/transcode
      - /srv/media:/srv/media
      - ${USERDIR}/docker/shared:/shared
    network_mode: host
    environment:
      - TZ=${TZ}
      - HOSTNAME="Docker Plex"
      - PLEX_CLAIM=<redacted>
      - PLEX_UID=${PUID}
      - PLEX_GID=${PGID}
      - ADVERTISE_IP="http://192.168.0.2:32400/"

  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - SERVERURL=<redacted> #optional
      - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=8.8.8.8 #optional
      # - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0, ::/0 #optional
    volumes:
      - ${USERDIR}/docker/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

asp.net – alpine docker image with dotnet doesn’t see my app

I’m trying to run my dotnet 5 single file app with Alpine Linux docker image.
This is my Dockerfile

FROM mcr.microsoft.com/dotnet/aspnet:5.0-alpine    
WORKDIR /app
COPY ["Service.Translations", "/app/Service.Translations"]

CMD ["dotnet", "/app/Service.Translations", "--urls", "http://0.0.0.0:5000"]

This was framework-dependent app. Also tried with self-contained and result is the same:
not found. Dotnet doesn’t see my file and sh doesn’t see too.

Is it problem because I built my app on Windows? All tutorials with alpine compile app inside image. If I change Alpine to Ubuntu or smth else – everything is ok.

Docker host from container and vice versa via default bridge

Problem description

Docker bridge is not working as per expectation

Host not reachable from docker container and vice versa

Steps to reproduce

docker network ls

NETWORK ID          NAME                DRIVER              SCOPE
e83fc4ed421c        bridge              bridge              local
7a85d027a7f6        host                host                local
09b1dcfaa497        none                null                local

brctl show

bridge name     bridge id               STP enabled     interfaces
docker0         8000.000000000000       no

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:a8:b3:b5 brd ff:ff:ff:ff:ff:ff
    inet 172.24.91.47/24 brd 172.24.91.255 scope global eno16777984
       valid_lft forever preferred_lft forever
83: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:ce:69:0a:60 brd ff:ff:ff:ff:ff:ff
    inet 172.26.0.1/16 brd 172.26.255.255 scope global docker0
       valid_lft forever preferred_lft forever

docker run -dt ubuntu sleep infinity

fef2c3aaf64ccacc21a16de6029d22e1ba7ff8de770c9c14532f8d659d0d694d

brctl show

bridge name     bridge id               STP enabled     interfaces
docker0         8000.000000000000       no              veth38adad5

docker network inspect bridge

"Containers": {
            "fef2c3aaf64ccacc21a16de6029d22e1ba7ff8de770c9c14532f8d659d0d694d": {
                "Name": "objective_aryabhata",
                "EndpointID": "84e7836885750933a76d1fe0ac4fc86d020eb453ca45f62c1e2fb3e27afd7e9c",
                "MacAddress": "02:42:ac:1a:00:02",
                "IPv4Address": "172.26.0.2/16",
                "IPv6Address": ""
            }
        }

Host to container ping ping 172.17.0.2
Expected : Ping should work
Actual : (Not working )

Container to host ping docker run busybox ping 172.24.91.47
Expected : Ping should work
Actual : (Not working )

Container to internet ping docker run busybox ping 8.8.8.8
Expected : Ping should work
Actual : (Not working )

Additional information

uname -a

Linux teleblnk9147 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

docker -v

Docker version 19.03.8, build afacb8b

sudo iptables-save

# Generated by iptables-save v1.4.21 on Tue Nov 24 16:50:20 2020
*filter
:INPUT ACCEPT (387891:46446579)
:FORWARD ACCEPT (0:0)
:OUTPUT ACCEPT (341373:46544705)
:DOCKER - (0:0)
:DOCKER-ISOLATION-STAGE-1 - (0:0)
:DOCKER-ISOLATION-STAGE-2 - (0:0)
:DOCKER-USER - (0:0)
-A INPUT -i docker0 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Tue Nov 24 16:50:20 2020
# Generated by iptables-save v1.4.21 on Tue Nov 24 16:50:20 2020
*nat
:PREROUTING ACCEPT (3399:203940)
:INPUT ACCEPT (3399:203940)
:OUTPUT ACCEPT (2430:149091)
:POSTROUTING ACCEPT (2430:149091)
:DOCKER - (0:0)
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.26.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Tue Nov 24 16:50:20 2020

service iptables status

Redirecting to /bin/systemctl status  iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Mon 2020-11-23 16:13:06 IST; 24h ago
 Main PID: 85593 (code=exited, status=0/SUCCESS)
   Memory: 0B
   CGroup: /system.slice/iptables.service