[qubes-users] Re: Playing with docker in an app-vm
Le jeudi 24 novembre 2016 14:05:30 UTC+1, Opal Raava a écrit : > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great. Hello Opal Raava. Thanks for this post. I am newbie in Qubes OS. I'd like to create an appVM having an HTTPS (Port 443) website running in docker. When i start the docker container i set the following option : -p 2443:443 But, i failed with configurating sys-firewall, and my browser refuses to access to the https website. Did you met this case ? Thanks for you ideas around the sys-firewall/https forward. Regards Mac -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc3afeec-3d49-42c2-bd6e-e2ecd107beac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
10.137.2.0/24 is a network specification of all hosts, a way of saying 10.137.2.*, i dont think the ip number of the sys-firewall comes into it. Its probably got an ip of 10.137.2.1 orso -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58e0d248-43ec-47f4-8ff7-a1f12e478790%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
On Thursday, November 24, 2016 at 5:30:52 PM UTC+1, Grzesiek Chodzicki wrote: > W dniu czwartek, 24 listopada 2016 14:05:30 UTC+1 użytkownik Opal Raava > napisał: > > Hi all, > > > > I've not seen many docker posts, but for the heck of it I'd like to report > > on how I made an app-vm that has a website running in docker and reachable > > by everything connected to sys-firewall. > > > > 1) install docker in fedora-24, dnf install docker > > > > 2) create the new appvm, I called it 'docker' > > > > 3) in that app-vm in /rw/config/rc.local, i put: > > > > rm -rf /var/lib/docker > > ln -s /home/user/docker /var/lib/docker > > systemctl start docker > > > > , and I made the dir in /home/user/docker > > now as root i can use 'docker ps' and everything. > > > > > > 4) networking, making 'docker' visible: > >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > > > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > > > Ok, that's all i have on docker, and it works great. > > 10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm > trying to apply a similar configuration to my qubes instance. Yea, it's the network provided by sys-firewall. I look at the ip number of an appvm using sys-firewall to figure out my net(mask) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1406c9e-521f-4fc2-9075-5b1965a31c60%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
W dniu czwartek, 24 listopada 2016 14:05:30 UTC+1 użytkownik Opal Raava napisał: > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great. 10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm trying to apply a similar configuration to my qubes instance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cfac8d0-7129-4efb-9a0e-0ee4683909ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Playing with docker in an app-vm
On Thursday, November 24, 2016 at 2:05:30 PM UTC+1, Opal Raava wrote: > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: >on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > >on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great. Edit: your network is perhaps different from 10.137.2.0/24, sorry -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ea4f819-2a9c-42b3-9b03-cc37c95d4eea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.