Avoid using python2 for certbot as it has deprecated.
cd /etc/letsencrypt/
virtualenv -p python3 venv3
source venv3/bin/activate
certbot certonly --standalone -d your-domain.com
# renew ssl certificates
/etc/letsencrypt/venv3/bin/certbot renew
Refer to: github info
Comments: 0
Sep 01, 2020 | 1216 views
1. Build a centos7-systemd docker base image refer to official centos on docker hub
Dockerfile for systemd base image
FROM centos:7.8.2003
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
Build your base image
$ docker build --rm -t local/centos7-systemd .
2. Build image with sshd service based upon above base image
Dockerfile of centos7-systemd-sshd
FROM local/centos7-systemd
RUN yum -y install openssh-server openssh-clients; systemctl enable sshd.service;
CMD ["/usr/sbin/init"]
Build image
docker build --rm -t local/centos7-systemd-sshd .
3. Run a container of centos7-systemd-sshd refer to stackflow
docker run -it -d --name node2 --privileged -e container=docker \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro local/centos7-systemd-sshd /usr/sbin/init
Enter into container's terminal:
docker exec -it node2 bash
End
Comments: 0
Refer to An Introduction to Firewalld
Add a Port for TCP or UDP
You do have to specify TCP or UDP and to open a port for both. You will need to add rules for each protocol.
firewall-cmd --permanent --add-port=443/tcp
Saving Firewall Rules
After you have completed all the additions and subtraction of rules, you need to reload the firewall rules to make them active. To do this, you again use the firewall-cmd tool but using the option –reload.
firewall-cmd --reload
Config to accept all traffic between the nodes:
[root@mgt ~]$ firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 192.168.x.xxx -j ACCEPT
success
[root@mgt ~]$ firewall-cmd --reload
success
Refer to add rule to firewalld in Centos7 to allow all traffic from a server
Comments: 0