tecnativa / docker-whitelist Goto Github PK
View Code? Open in Web Editor NEWA socat service to whitelist network connections
License: Apache License 2.0
A socat service to whitelist network connections
License: Apache License 2.0
When using this in doodba-scaffolding and stopping socat sometimes uses 100% of the CPU:
top - 10:06:13 up 1:59, 4 users, load average: 3,31, 4,00, 4,01
Tasks: 530 total, 5 running, 393 sleeping, 0 stopped, 0 zombie
%Cpu(s): 4,8 us, 7,3 sy, 0,0 ni, 87,9 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem : 32937164 total, 9793444 free, 10869704 used, 12274016 buff/cache
KiB Swap: 33484796 total, 33483260 free, 1536 used. 20933540 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
26513 root 20 0 14584 360 0 R 100,0 0,0 10:40.81 socat tcp-listen:8069,fork,reuseaddr tcp-connect:odoo:8069
Currently the image is using socat version 1.7.3.1 (from 2016):
bigbear3001@wt-io-it-bigbear3001:~$ docker run tecnativa/whitelist socat -V
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.3.1 on Apr 29 2016 22:10:44
running on Linux version #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019, release 4.15.0-54-generic, machine x86_64
features:
...
It seems that 1.7.3.2 (from 2017) whould fix this issue: http://www.dest-unreach.org/socat/.
Would it be ok to have a patch where socat is installed from tar.gz instead of from the alpine repos? or upgrade to alpine 3.6 which would have this version i guess:
https://pkgs.alpinelinux.org/package/v3.6/main/ppc64le/socat
How does this solve the
Exposing ports from a container while still not letting the container access the WWW
usage listed in the README?
I see traefik used for that in the example instead
We deployed some staging servers without any issues, but suddenly our RDS (Postgres) won't answer throw the proxy anymore, it almost the same setup on all our amazon EC2 instances.
The globalwhitelist in our setup looks like this
It seems to "work" as i can ping and resolve the RDS host
$ cd /opt/odoo/docker ; docker-compose exec odoo bash
odoo@hobbii:/opt/odoo$ ping staging.amazon.rds
PING staging.amazon.rds (192.168.0.4) 56(84) bytes of data.
64 bytes from globalwhitelist_amazon_rds_stageing_1.globalwhitelist_shared (192.168.0.4): icmp_seq=1 ttl=64 time=0.036 ms
64 bytes from globalwhitelist_amazon_rds_stageing_1.globalwhitelist_shared (192.168.0.4): icmp_seq=2 ttl=64 time=0.024 ms
64 bytes from globalwhitelist_amazon_rds_stageing_1.globalwhitelist_shared (192.168.0.4): icmp_seq=3 ttl=64 time=0.022 ms
odoo@hobbii:/opt/odoo$ telnet staging.amazon.rds 5432
Trying 192.168.0.4...
Connected to staging.amazon.rds.
Escape character is '^]'.
But this fails..
odoo@hobbii:/opt/odoo$ echo $PGHOST
staging.amazon.rds
odoo@hobbii:/opt/odoo$ echo $PGUSER
odoo
odoo@hobbii:/opt/odoo$ echo $PGPASSWORD
********************
psql -h staging.amazon.rds -U odoo #Timeouts
in our docker instance (odoo) I get the following message
hjess@odoo-staging-v2:/opt/odoo/docker$ docker-compose logs -f
Attaching to docker_odoo_1, docker_smtp_1
odoo_1 | doodba INFO: Waiting until postgres is listening at staging.amazon.rds...
odoo_1 | doodba INFO: Waiting until postgres is listening at staging.amazon.rds...
But a connection never happens from our docker instance to the RDS..
Any thoughts on what could be happening here? - our setup normally is working whit this setup.
I inherited a project that uses this container. The setup looks as follows:
proxy_i_vimeocdn_com:
image: tecnativa/whitelist
environment:
TARGET: i.vimeocdn.com
PRE_RESOLVE: 1 # Otherwise it would resolve to localhost
networks:
e2e-test-suite-network:
aliases:
- i.vimeocdn.com
proxy_f_vimeocdn_com:
image: tecnativa/whitelist
environment:
TARGET: f.vimeocdn.com
PRE_RESOLVE: 1 # Otherwise it would resolve to localhost
networks:
e2e-test-suite-network:
aliases:
- f.vimeocdn.com
# More here (lots more)
I was wondering if there's a way to have TARGET
contain a CSV host list? ๐ค
Odoo image was built successfully but at the last step of the doodba set-up, when I perform a 'docker-compose up -d' I get the following error. Does anyone have found a workaround?
Digest: sha256:e6e1d1d41fb7087250176b38c73666c1205816e8b8d2d8f8f4a69ce23f7635b3
Status: Downloaded newer image for kozea/wdb:latest
Pulling cdnjs_cloudflare_proxy (tecnativa/whitelist:)...
latest: Pulling from tecnativa/whitelist
ERROR: no matching manifest for linux/arm64/v8 in the manifest list entries
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.