Skip to content

Instantly share code, notes, and snippets.

@aliyome

aliyome/ubuntu1204.md

Last active July 22, 2018 06:22
Show Gist options
  • Save aliyome/216d6701ba395b3de6c5 to your computer and use it in GitHub Desktop.
Save aliyome/216d6701ba395b3de6c5 to your computer and use it in GitHub Desktop.
Download ZIP
ホスト初期設定 ※docker以前のlxc用設定なのでもう使わない
Raw
ubuntu1204.md
  1. network install
  2. shell
# setting backup dir
mkdir ~/backup

# root
sudo -s

# for download script
apt-get install -y curl

# 
# # start init script
# curl -L http://gist.github.com/aliyome/******* -o init.sh
# sh ./init.sh

# package install
apt-get install -y git curl wget python-software-properties

# # install latest lxc
# add-apt-repository -y ppa:ubuntu-lxc/daily
# apt-get update
# apt-get install -y lxc

# install docker
sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"
sh -c "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
apt-get update
apt-get install -y lxc-docker

# sshd port change
cp /etc/ssh/sshd_config ~/backup/sshd_config
sed -e "s/Port 22/Port 10022/" ~/backup/sshd_config > /etc/ssh/sshd_config


### lxc settings ####
# # nat
# cp /etc/ufw/before.rules ~/backup/before.rules
# sed -e "/# Don't delete these required lines, otherwise there will be errors/i\
# *nat\n\
# :PREROUTING ACCEPT [0:0]\n\
# :INPUT ACCEPT [0:0]\n\
# :OUTPUT ACCEPT [0:0]\n\
# :POSTROUTING ACCEPT [0:0]\n\
# -A PREROUTING -i eth0 -p tcp -m tcp --dport 20022 -j DNAT --to-destination 10.0.3.10:22\n\
# -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.3.10:80\n\
# -A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE\n\
# COMMIT\n\
# " ~/backup/before.rules > /etc/ufw/before.rules

# ### allow all on lxcbr0が改行されないかも
# cp /etc/ufw/before.rules ~/backup/before.rules
# sed -e "/-A ufw-before-output -o lo -j ACCEPT/a\
# # allow all on lxcbr0\n\
# -A ufw-before-input -i lxcbr0 -j ACCEPT\n\
# #-A ufw-before-output -o lxcbr0 -j ACCEPT\n\n\
# " ~/backup/before.rules > /etc/ufw/before.rules
#############


# # lxc web panel
# wget http://lxc-webpanel.github.io/tools/install.sh -O - | bash

# # lxc mirror settings change
# cp /usr/lib/lxc/templates/lxc-ubuntu ~/backup/lxc-ubuntu
# sed -e "s/archive.ubuntu.com\/ubuntu/ftp.riken.go.jp\/Linux\/ubuntu/" \
#     -e "s/security.ubuntu.com\/ubuntu/ftp.riken.go.jp\/Linux\/ubuntu/" \
#     ~/backup/lxc-ubuntu > /usr/lib/lxc/templates/lxc-ubuntu


# network filter
ufw default DENY
ufw allow 10022/tcp
ufw allow 80/tcp
ufw allow 53/udp
ufw allow 123/udp

# disable ipv6 filtering
cp -p /etc/ufw/ufw.conf ~/backup/ufw.conf_`date "+%Y%m%d"`
echo ipv6=no >> /etc/ufw/ufw.conf

cp /etc/default/ufw ~/backup/etc.default.ufw
sed -e "s/IPV6=yes/IPV6=no/" ~/backup/etc.default.ufw > /etc/default/ufw

# enable fowarding
cp /etc/default/ufw ~/backup/etc.default.ufw
sed -e 's/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/' ~/backup/etc.default.ufw > /etc/default/ufw

# enable firewall
ufw enable

# terminal setting
echo export VTE_CJK_WIDTH=1 >> /etc/bash.bashrc

# finished setting with root
exit

# user settings
byobu-enable

# all changes enable
sudo reboot

#######################

# run docker
docker run -i -t ubuntu /bin/bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment