tobi312/tools

yml
version: '2.4'
services:

  toolbox:
    image: tobi312/tools:toolbox
    #image: tobi312/tools:toolbox-extended
    container_name: toolbox
    restart: unless-stopped
    #user: "1000:1000"  # format: "${UID}:${GID}"
    #entrypoint: [ "/bin/sh", "-c", "--" ]
    #command: [ "while true; do sleep 60; done;" ] 

and then:

sh
# start
docker-compose -f toolbox.yml up -d
# exec (you can use sh or bash)
docker-compose -f toolbox.yml exec toolbox sh
# or
docker exec -it toolbox sh
# use (example: check port is open)
nc -zv -w 3 <HOST> <PORT>

yaml
apiVersion: v1
kind: Pod
metadata:
  name: toolbox
  namespace: default
spec:
  containers:
  - name: toolbox
    image: tobi312/tools:toolbox
    resources:
      requests:
        memory: "128Mi"
        cpu: "0.1"
      limits:
        memory: "512Mi"
        cpu: "0.5"

and then:

sh
# start
kubectl apply -f toolbox.yaml
# exec
kubectl exec -it pod/toolbox -- sh
# use (example: check port is open)
nc -zv -w 3 <HOST> <PORT>

Or https://github.com/Tob1as/docker-kubernetes-collection/blob/master/examples_k8s/toolbox.yaml for Deployment.

yaml
version: "2.4"
services:

  dnsmasq:
    image: tobi312/tools:dnsmasq
    container_name: dnsmasq
    restart: unless-stopped
    ports:
      - 53:53/tcp # DNS
      - 53:53/udp # DNS
      - 67:67/udp # DHCP Server
      #- 68:68/udp # DHCP Client
      #- 69:69/udp # TFTP
    volumes:
      - ./dnsmasq/:/etc/dnsmasq.d/:rw  # add your config files in this folder
    #network_mode: host
    cap_add:
      - 'NET_ADMIN'

sh
# Preparation
mkdir ~/data_easyrsa
# IMPORANT: Execute all Command from this/next Folder !!
cd ~/data_easyrsa

# root-ca
# init pki
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki
# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ./pki/vars
# now EDIT "vars"-File in ./pki
# and then build ca:
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca

# Server Cert (repeat this steps for other domains)
# create server cert request
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 --subject-alt-name="DNS:example.com,DNS:*.example.com,IP:192.168.1.100" gen-req example-com nopass
# sign server cert
docker run --rm --name easy-rsa -v ${PWD}:/easyrsa:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req server example-com
# check cert
openssl verify -verbose -CAfile ${PWD}/pki/ca.crt ${PWD}/pki/issued/example-com.crt
openssl x509 -noout -text -in ${PWD}/pki/issued/example-com.crt

Preparation:

sh
mkdir ~/data_easyrsa
# IMPORANT: Execute all Command from this/next Folder !!
cd ~/data_easyrsa

root-ca:

sh
# init pki (need "soft" to write in mounted volume subpath "/easyrsa/root-ca" instead "/easyrsa/pki")
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki soft
# ASK: Confirm removal: yes

# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ${PWD}/root-ca/vars
# now EDIT "vars"-File in ./root-ca
# and then build ca:
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca
# ASK: Enter New CA Key Passphrase:
# ASK: Common Name (eg: your user, host, or server name) [Easy-RSA CA]: My Organization CA

# check/show content of root-ca "ca.crt" file
openssl x509 -noout -text -in ${PWD}/root-ca/ca.crt

intermediate-ca = subca:

sh
# init pki (need "soft" to write in mounted volume subpath "/easyrsa/intermediate-ca" instead "/easyrsa/pki")
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 init-pki soft
# ASK: Confirm removal: yes

# download "vars"-File
curl -sL https://github.com/OpenVPN/easy-rsa/raw/master/easyrsa3/vars.example -o ${PWD}/intermediate-ca/vars
# now EDIT "vars"-File in ./intermediate-ca
# and then build subca:
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 build-ca subca
# ASK: Enter New CA Key Passphrase:
# ASK: Common Name (eg: your user, host, or server name) [Easy-RSA CA]: My Organization Sub-CA

# import subca in ca (Note: switch to root-ca):
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 import-req /easyrsa/intermediate-ca/reqs/ca.req intermediate-ca

# sign subca with ca (Note: switch to root-ca)
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/root-ca" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req ca intermediate-ca
# ASK: Confirm request details: yes
# ASK: Enter pass phrase for /easyrsa/root-ca/private/ca.key:

# copy sign subca from root-ca to intermediate-ca folder
docker run --rm --name easy-rsa --entrypoint="" -v ${PWD}/root-ca/:/easyrsa/root-ca:rw -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 cp /easyrsa/root-ca/issued/intermediate-ca.crt /easyrsa/intermediate-ca/ca.crt
# or
cp ${PWD}/root-ca/issued/intermediate-ca.crt ${PWD}/intermediate-ca/ca.crt

# verify subca from ca
openssl verify -verbose -CAfile ${PWD}/root-ca/ca.crt ${PWD}/intermediate-ca/ca.crt
# check/show content of intermediate-ca "ca.crt" file
openssl x509 -noout -text -in ${PWD}/intermediate-ca/ca.crt


# copy subca and ca in one file called fullca.crt
cat ${PWD}/intermediate-ca/ca.crt ${PWD}/root-ca/ca.crt > ${PWD}/fullca.crt

Server Cert ... for Domain example.com:

sh
# create server cert request
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 --subject-alt-name="DNS:example.com,DNS:*.example.com,IP:192.168.1.100" gen-req example-com nopass
# ASK: Common Name (eg: your user, host, or server name) [example-com]:example.com

# sign server cert
docker run --rm --name easy-rsa -e EASYRSA_PKI="/easyrsa/intermediate-ca" -v ${PWD}/intermediate-ca/:/easyrsa/intermediate-ca:rw -it tobi312/tools:easy-rsa-3.1.7 sign-req server example-com
# ASK: Confirm request details: yes
# ASK: Enter pass phrase for /easyrsa/intermediate-ca/private/ca.key:

# verify cert from subca and ca
openssl verify -verbose -CAfile ${PWD}/fullca.crt ${PWD}/intermediate-ca/issued/example-com.crt
# check/show content of cert file
openssl x509 -noout -text -in ${PWD}/intermediate-ca/issued/example-com.crt

# repeat this steps for other domains

• instead -e EASYRSA_PKI="/easyrsa/root-ca" you can use in command --pki-dir=/easyrsa/root-ca
• Backup: execute tar cvpzf backup_easyrsa_$(date '+%Y%m%d-%H%M').tar.gz . in data_easyrsa-Folder!
• docker run --rm --name easy-rsa --entrypoint="" -it tobi312/tools:easy-rsa-3.1.7 bash
• linux: copy ca-certs into /usr/local/share/ca-certificates/ and execute dpkg-reconfigure -f noninteractive ca-certificates
• crlDistributionPoints: https://github.com/Open***/easy-rsa/issues/71 & https://github.com/Open***/easy-rsa/issues/472 & https://github.com/Open***/easy-rsa/pull/15 & "/usr/share/easy-rsa/x509-types/COMMON
• more help: https://github.com/Open***/easy-rsa/issues/190#issuecomment-6786936427 & [***]