how to install freeipa on ubuntu with docker

Introduction

What is Freeipa?

FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

Requirement :

  • Docker and Docker-compose 
  • Chrony
  • freeipa-client

Configuration

Freeipa Server: 192.168.100.54

Domain : example.local

Server Hostname : freeipa.example.local

Client IP : 192.168.100.53

You can Install Freeipa Based on Docker and here is the Docker-compose  that i provide

you  just need to do

docker-compose up -d

				
					---
version: '3.7'
services:
  freeipa:
    image: freeipa/freeipa-server:centos-8
    restart: unless-stopped
    hostname: freeipa.packops.local
    environment:
      IPA_SERVER_HOSTNAME: freeipa.packops.local
      TZ: "Asia/Tehran"
    tty: true
    stdin_open: true
    cap_add:
      - NET_ADMIN
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - freeipavol:/data
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
    security_opt:
      - "seccomp:unconfined"
    command:
      - -U
      - --domain=packops.local
      - --realm=packops.local
      - --http-pin=YOURPASSWORD
      - --dirsrv-pin=YOURPASSWORDe
      - --ds-password=YOURPASSWORD
      - --admin-password=YOURPASSWORD
      - --no-host-dns
      - --unattended
    ports:
  
      - "80:80"
      - "443:443"
      - "389:389"
      - "636:636"
      - "88:88"
      - "464:464"
      - "88:88/udp"
      - "464:464/udp"
      - "123:123/udp"
      - "7389:7389"
      - "9443:9443"
      - "9444:9444"
      - "9445:9445"

volumes:
  freeipavol:
				
			

Login

Access to Freeipa Server cording to these format

https://freeipa.example.local/ipa/ui/

Install Freeipa and  join it toYour Freeipa Server

				
					 apt-get install freeipa-client chrony -y
hostnamectl set-hostname node-02.example.local

ipa-client-install --hostname=`hostname -f` \
--mkhomedir \
--server=freeipa.example.local \
--domain example.local \
--realm EXAMPLE.LOCAL

				
			

Output should be something Like that :

				
					This program will set up FreeIPA client.
Version 4.8.6

WARNING: conflicting time&date synchronization service 'ntp' will be disa                                                                                                                                          bled in favor of chronyd

Autodiscovery of servers for failover cannot work with this configuration                                                                                                                                          .
If you proceed with the installation, services will be configured to alwa                                                                                                                                          ys access the discovered server for all operations and will not fail over                                                                                                                                           to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: "yes"
Do you want to configure chrony with NTP server or pool address? [no]: "no"
Client hostname: "node-02.example.local"
Realm: "EXAMPLE.LOCAL"
DNS Domain: "example.local"
IPA Server: "freeipa.example.local"
BaseDN: dc=mabnadp,dc=local


				
			
				
					Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was                                                                                                                                           provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.LOCAL:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=MABNADP.LOCAL
    Issuer:      CN=Certificate Authority,O=MABNADP.LOCAL
    Valid From:  2021-11-22 11:33:00
    Valid Until: 2041-11-22 11:33:00

Enrolled in IPA realm MABNADP.LOCAL
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm MABNADP.LOCAL
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring mabnadp.local as NIS domain.
Client configuration complete.

				
			

Conclution

You Can Cache Packages , Speed UP Downloading Packages and Also Not Accessing Your Servers To the Internet By Simply Using APT Cacher-NG

				
					kinit admin 
klist
				
			

Instaling Cow proxy on docker (ubuntu 20.4)

What is Cow Proxy ?

COW (Climb Over the Wall) proxy on Docker

Cow Proxy is a web proxy backed by tunnel technology. Like VPN, it hides your IP address and encrypt your traffic, but a lot easier to use.

 

 

Requirement

Configuration

Make a Dockerfile and Add these Variables

				
					FROM alpine
RUN apk update && apk add curl && apk add bash
#installing Cow Proxy
RUN curl -s -L git.io/cow | bash 

EXPOSE 7777/tcp

ENTRYPOINT ["/cow"]
				
			

3- Make a docker-compose.yml and Paste following Parameter :

				
					version: "3"
services:
  cowproxy:
    build: .
    image: cow-proxy:1
    ports:
      - "8585:7777"
    volumes:
      - "./config-file:/root/.cow/rc"
    restart: always

				
			

3- Make a Config File that includes your Proxy User nad password

				
					listen = http://0.0.0.0:7777

logFile = /dev/stderr

userPasswd = user:pass

				
			

Client Side Config

Proxy setting for  your Linux

For setting up proxy settinf for yor Current User You need just to Set these Enviornment (You can do it in Terminal to but that way is not Permanent)

vim ~/.bash_profile

				
					export http_proxy=user:pass@proxyhost.com:7777
export https_proxy=user:pass@proxyhost.com:7777
exprot no_proxy=localhost, 127.0.0.1, *.my.lan
				
			
You can Test your Proxy Functionality by Doing Curl with –proxy you need to receive 200 Response  code
				
					for ((i=1;i<=10;i++)); do curl -I https://cloud.google.com/ --proxy  http://user:password@YOUR_PROXY_IP:8585 -vv; done
				
			
You can Clone whole Project from my Github Repository

how to install docker on ubuntu

Introduction

In this Article we are going to  install docker-ce on Ubuntu 20 but before installation we should know about :

What is Docker ?

how to intall docker packops.dev installing docker on ununtu how to docker compose on ubuntu

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined

what is docker-compose ?

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. … Run docker compose up and the Docker compose command starts and runs your entire app.

 

Configuration

1- Setup Repository

				
					 sudo apt-get update

 sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
				
			

2- Add Docker’s official GPG key:

				
					 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
				
			

3- Add Docker’s official Repository :

				
					echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
				
			

4- Installing  Docker

				
					 sudo apt-get update

 sudo apt-get install docker-ce docker-ce-cli containerd.io
				
			

Installing Docker from Bash script

				
					wget -qO-  https://raw.githubusercontent.com/farshadnick/docker-installation-script/main/docker-install.sh | sh
				
			

Installing Docker-compose  from Bash script

				
					wget -qO-  https://raw.githubusercontent.com/farshadnick/docker-installation-script/main/docker-compose-install.sh | sh