Запуск Windows-контейнеров под Linux и MacOS

Если на компьютере под Linux нужно быстренько запустить Windows или MacOS, самый простой и быстрый способ сделать это — ввести команду для скачивания и загрузки докер-контейнера с этой ОС. В маркетплейсе RuVDS много готовых образов с установленными операционными системами. Там разные дистрибутивы Linux, Windows Server и CentOS. Но нет контейнеров с операционными системами. Операционная система в докер-контейнере (в QEMU) не требует ручной инсталляции ОС. Всего одна команда в консоли — и контейнер Windows скачивается и запускается.

https://habr.com/ru/companies/ruvds/articles/901004/

#Windows #Docker #Dockur #Samba_SMB #Dnsmasq #strfry #Nostr #lemmy #CasaOS #statping #Wine #виртуализация #KVM #Kernelbased_Virtual_Machine #Intel_VTx #VTd #AMD_SVM #VNC #Virtual_Network_Computing #удалённый_доступ #RDP #QEMU #ruvds_статьи

Mein Nameserver ist kaputt, oder?
Mal abgesehen vom augenscheinlichen Quatsch sind öffentliche Gelder bei US- Milliardären mäßig gut aufgehoben.
#ipv6 #dns #dnsmasq

#Dnsmasq 2.91 has been released (#DNS / #AAAA / #CNAME / #PTR / #DNSSEC / #DHCP / #DHCPv4 / #DHCPv6 / #BOOTP / #TFTP / #PXE) https://thekelleys.org.uk/dnsmasq/doc.html

Is there a way to tell dnsmasq to forward queries for a particular domain, _except_ for a particular subdomain?

I want to explicitly forward '*.example.com' to another DNS server, but queries for '*.internal.example.com' should not be forwarded, and should be answered from the DHCP leases table.

#dnsmasq

Simon Kelley released #Dnsmasq version 2.91. http://www.thekelleys.org.uk/dnsmasq/doc.html

Ok, #Pihole version 6 update needed me to undertake 3 manual interventions:
- #dnsmasq
is disabled now (by default), so I transferred the config in /etc/dnsmasq.d (conditional/reverse resolvers) to Pihole itself
- #ACME #certbot needed to produce a single combined certificate file for pihole web UI which needed a script configured as a ‘deploy-hook’ to facilitate this
-lastly the purging of php and lighttpd was a manual thing as well

That was three hours well spent 😅

At home, I have a Linux router with #dnsmasq where DHCP leases are in /etc/ethers and /etc/hosts.

My new #FLX1 is based on Android, and keeps changing the MAC address it advertises to DHCP servers. But I don't want this at home: there are no privacy issues there.

Fix:

nmcli con modify $NETWORK_NAME wifi.cloned-mac-address 00:11:22:33:44:55

Home Network: konsep membuat Live Video Streaming Server dengan Owncast.
#homenetwork
#vmwareplayer
#almalinux
#wireguard
#haproxy
#dnsmasq
#apache
#owncast

Home Network: konsep membuat Mail Server dengan iRedMail.
#homenetwork
#vmwareplayer
#almalinux
#wireguard
#haproxy
#dnsmasq
#iredmail

Home Network: sebuah konsep, tapi sudah diimplementasikan
#homenetwork
#wireguard
#haproxy
#dnsmasq

A fun little project making my #NextCloud server a bit more performant from the local LAN. Using #Linux based #Docker, #dnsmasq and #nginx reverse proxying to set up a second reverse proxy onto a NextCloud AIO instance already proxied via Clourflare Tunnel.

Thanks @BigG for convincing me to go NextCloud.

https://thekrugers.com/nextcloud-with-two-reverse-proxies/

@DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉

What's the easiest way to set up (e.g. using a nice script or other program) a local #DNS on a range of platforms, and configure it to handle wildcard subdomains on #localhost?

😆

A quick search shows #dnsmasq can be used on Linux and Windows at least, but I wonder if anyone has faced this problem before and made a neat cross-platform solution?

I want <anything>.localhost to resolve to localhost and be handled by a server which runs on the local device (ideally Win, Mac, Linux and Android).

ICYMI: Ali Imran Nagori looks at the automatic installation method rolled out with Ubuntu 22.04, which borrows some tools from the cloud configuration toolbox
https://www.linux-magazine.com/Issues/2024/288/Ubuntu-autoinstall-with-cloud-init
#Ubuntu #cloud #YAML #TFTP #OpenSource #dnsmasq #DNS #DHCP #FOSS

Some days it's the little things, like fixing #dnsmasq on the new server after it surprised you by not restarting properly. #Ubuntu 24.04.01

It's a minor issue that we had with Dnsmasq, but we've run into this issue and documented it, so you don't have to 😉

"Dnsmasq does not start because port 53 is busy"

https://blog.zero-iee.com/en/posts/dnsmasq-startup-error-with-systemd-resolved/

#dnsmasq #linux #ubuntu #server #dhcp #dns #resolved #systemdResolved

As I am passionate about self-hosting, I have been setting up various services in my homelab, in addition to those on my cloud servers. I have also been using Tailscale to access my devices and services while not at home. So I have wanted to have a seamless way to access the services, irrespective of whether I am on my home local area network (LAN) or connected to it via Tailscale. Below are my requirements for such a setup.

• All the devices/services should be accessible using a fully-qualified domain name (FQDN), under a domain that I own and control. This rules out the auto-generated Tailscale subdomains.
• I have a LinuxServer.io SWAG reverse proxy in front of all the services in my homelab, and it provides TLS termination. So I would like to access the existing services using TLS at all times.
• While I could set up a Tailscale subnet router that allows access to my LAN, I do not want to allow the devices on my Tailnet full access to my LAN. And I do not want to redo my home LAN setup to isolate things to be able to do this.
• The FQDNs of the exposed services should resolve to a LAN IP address when I am in my home LAN and to a Tailnet-specific address when I am not at home and connected to my Tailnet.
• It should be possible to expose more services using this setup in the future, even if they are not behind the SWAG reverse proxy.
• The base domain that I want to use for this should not have any publicly accessible DNS records pointing to private IP addresses for this setup to work.
• The resulting setup should integrate into my existing docker-compose configuration.

The Tailscale docker documentation illustrates a way to expose LAN services on a Tailnet, but the example on that page causes the service(s) to be accessibly only over the Tailnet. So it doesn’t work for me.

To start, I added a Tailscale docker container to my compose.yaml file using a configuration like

  tailscale:    image: tailscale/tailscale    container_name: tailscale    hostname: <tailnet device name>    environment:      - TS_ACCEPT_DNS=true      - TS_AUTHKEY=<authkey or OAuth2 client secret>      - TS_EXTRA_ARGS=--advertise-tags=tag:docker      - TS_ROUTES=172.21.0.0/24    volumes:      - ./config/tailscale/state:/var/lib/tailscale      - /dev/net/tun:/dev/net/tun    cap_add:      - net_admin      - sys_module    networks:      tailnet-subnet:        ipv4_address: 172.21.0.11    restart: unless-stoppednetworks:  tailnet-subnet:    ipam:      config:        - subnet: 172.21.0.0/24

For this to work, I had to define a tag named docker and add it to my Tailscale ACLs. I also added an ACL to auto-approve the routes advertised by this container.

{    // other configuration"tagOwners": {"tag:docker": ["autogroup:admin"],},    "autoApprovers": {"routes": {"172.21.0.0/24": ["tag:docker"],},},    // other configuration}

With this, all the containers that get added to the tailnet-subnet network and have an IP address in the 172.21.0.0/24 subnet will be accessible over my Tailnet. So I updated the configuration of the swag container to add it to the tailnet-subnet network.

  swag:    image: lscr.io/linuxserver/swag    container_name: swag    cap_add:      - NET_ADMIN    environment:      - var1=value1      - var2=value2    volumes:      - ./config/swag:/config    ports:      - 443:443      - 80:80    networks:      tailnet-subnet:        ipv4_address: 172.21.0.12      default:    restart: unless-stopped

In the above snippet, I added the tailnet-subnet network to the networks key and assigned it a static IP address in its subnet, 172.21.0.12. Since the default network was implicitly included before and adding a different network will remove the implicit inclusion, I have also explicitly added the default network.

With these configuration changes, the swag container was accessible at the 172.21.0.12 IP address over my Tailnet. But I still needed to set up DNS to access the services by domain name.

Tailscale provides a way to add a restricted nameserver for a specific domain using split DNS. So I needed a DNS server that resolved the domains of the services hosted on the swag container to its Tailnet subnet IP address, 172.21.0.12.

For this, I took inspiration from jpillora/dnsmasq and created a custom Dockerfile that set up a dnsmasq resolver.

FROM alpine:latestLABEL maintainer="email@domain.tld"RUN apk update \    && apk --no-cache add dnsmasqRUN mkdir -p /etc/default \    && echo -e "ENABLED=1\nIGNORE_RESOLVCONF=yes" > /etc/default/dnsmasqCOPY dnsmasq.conf /etc/dnsmasq.confEXPOSE 53/udpENTRYPOINT ["dnsmasq", "--no-daemon"]

Then I created a dnsmasq.conf configuration file that looks like the following snippet.

log-queriesno-resolvaddress=/domain1.fqdn/172.21.0.12address=/domain2.fqdn/172.21.0.12

Then I added the following snippet to my compose.yaml file to add the dnsmasq container.

  dnsmasq:    build: "./build/dnsmasq"    container_name: dnsmasq    restart: unless-stopped    volumes:      - ./config/dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf    networks:      tailnet-subnet:        ipv4_address: 172.21.0.3

Then I ran docker compose build to build the container, and docker compose up -d dnsmasq to start it. With that, I had a DNS resolver to resolve my domain names in the Tailnet.

You might notice error messages in the dnsmasq container’s logs that look like dnsmasq: config error is REFUSED (EDE: not ready). This happens because we have not defined any upstream servers that dnsmasq can use. But since we want this dnsmasq instance to resolve only our domain names, this is okay and the error can be ignored.

Then on my Tailscale admin dashboard, I added a custom nameserver for my domain name and configured 172.21.0.3, the IP address of the dnsmasq container, as the address of the server to use. Now, all the devices on my Tailnet could access the services on my swag container by domain name.

I have an existing DNS setup on my home LAN that resolves the same domain names to the LAN IP addresses. So now, with this setup for Tailscale, my devices can seamlessly access the private services on my LAN and Tailnet.

If I want to add a new service to this setup, it is as easy as adding the tailscale-subnet network to it, and adding the DNS records to dnsmasq docker container’s configuration file and the resolver in my home LAN.

https://www.lguruprasad.in/blog/2024/09/04/seamlessly-access-local-services-on-lan-and-tailnet/

#dnsmasq #Docker #dockerCompose #Tailnet #Tailscale

#Unifi has improved their #UDM DNS implementation significantly. There is DoT/DoH upstreaming and ad blocking.

I decided to give it a try and see how it compares to Pi-Hole.

It has an extensive blocklist by default, but just for tinkering's sake I changed to a custom blocklist following https://frankgroenewoud.nl/oisd-ads-blocking-on-ucg-54b34233ed34 .

It needed some more tweaking with boot scripts:
- Add ipv6 ULA address to LAN interface, so that internal network has a fixed internal address to their ipv6 DNS.
- Add DNS conditional forwarding to internal Windows domain controllers.
- Add a delay to DHCP responses so it acts only as a backup for Winserver DHCPs.
- Inject blocklist updating to cron.

With https://github.com/unifi-utilities/unifios-utilities/tree/main/nspawn-container the customizations survive reboots. This is #UnifiOS v4, so the old boot scripts based on Podman do not work.

So, it's almost comparable to Pi-Hole. UDM can't do regex filtering. There is no support for internal DNS, although it can be added with boot scripts.
#homelab #DNS #DNSMasq #DHCP

I'm trying to figure out why dnsmasq is being denied by AppArmor when trying to use it with libvirt stuff and not allowing Virt-Manager to show an IP address in the VM config but nothing shows up. Already tried disabling the dnsmasq profile.

#AppArmor #Linux #dnsmasq #virtualization #libvirt #VirtManager

Recently I have to increase the FTL's query Rate-Limit on my pi hole, because I got this warring a lot lately "Maximum number of concurrent DNS queries reached (max: 150)" on my pi hole's dashboard admin interface under Pi-hole diagnosis. In the settings of my pi hole's the rate-limit was the default setting of 1000 queries in 60 seconds, I decided to increase the number of queries to 100000, but I left the seconds as it was by default.

#pihole #piholeftl #dnsmasq #ratelimit #queries