From e6d39be83f872c98a22ec5a2016ef957687e4c14 Mon Sep 17 00:00:00 2001
From: Nick <xor-g@arrowlab.ru>
Date: Fri, 25 Oct 2024 15:50:02 +0300
Subject: [PATCH] Refactor docker-compose.yml & Dockerfile; Add
 Dockerfile_Ngx_template

---
 Dockerfile                | 10 ++++++---
 Dockerfile_Ngx_Template   |  7 +++++++
 ctl.sh                    | 28 +++++++++++++++++++++++++
 docker-compose.yml        | 43 +++++++++++++++++++++++++++++++--------
 scripts/knocking_setup.sh |  5 ++++-
 5 files changed, 80 insertions(+), 13 deletions(-)
 create mode 100644 Dockerfile_Ngx_Template
 create mode 100755 ctl.sh

diff --git a/Dockerfile b/Dockerfile
index 9de9cc5..de97528 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,18 @@
-FROM nginx:latest
+# from custom image
+FROM ngx-template:latest
 
 ARG NET_NAME=kek
 ARG CONTAINER_NAME=lol
 ARG STATIC_FILE=/usr/share/nginx/html/index.html
 
-COPY ./scripts/knocking_setup.sh /root/scripts/knocking_setup.sh
-
+# change default nginx index.html
 RUN sed -i '13,21d' $STATIC_FILE && \
     sed -i "13i <table>\
     <tr><th>NETWORK</th><th>CONTAINER</th></tr>\
     <tr><td>$NET_NAME</td><td>$CONTAINER_NAME</td></tr>\
     </table>" $STATIC_FILE
 
+# commented lines don't work
+CMD /root/scripts/knocking_setup.sh \
+    && nginx && knockd -d && sleep infinity
+
diff --git a/Dockerfile_Ngx_Template b/Dockerfile_Ngx_Template
new file mode 100644
index 0000000..728973e
--- /dev/null
+++ b/Dockerfile_Ngx_Template
@@ -0,0 +1,7 @@
+FROM nginx:latest
+
+COPY ./scripts/knocking_setup.sh /root/scripts/knocking_setup.sh
+
+RUN apt update \
+      && apt install knockd htop iptables iproute2 vim curl -y
+
diff --git a/ctl.sh b/ctl.sh
new file mode 100755
index 0000000..240b36f
--- /dev/null
+++ b/ctl.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+case "${1}" in
+    start ) 
+        docker-compose up -d;
+        ;;
+
+    stop ) 
+        yes | docker-compose rm --stop; 
+        ;;
+
+    restart )  
+        yes | docker-compose rm --stop; 
+        docker rmi $(docker images | grep "docker_and_networks" | awk '{print $1}');
+        docker rmi $(docker images | grep "ngx-template" | awk '{print $1}');
+        docker-compose up -d;
+        ;;
+
+    watch )
+        watch "docker-compose ps"
+        ;;
+
+    * ) 
+        echo "Invalid command! :O" 
+        exit
+        ;;
+esac
+
diff --git a/docker-compose.yml b/docker-compose.yml
index b2379ac..6485f94 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,64 +1,86 @@
 version: "3"
 
 services:
+# ----------------------------------------------
+# Reference image (for fast building)
+  ngx-template:
+    container_name: ngx-template
+    image: ngx-template
+    command: /bin/true
+    build: 
+      context: .
+      dockerfile: Dockerfile_Ngx_Template
+
 # ----------------------------------------------
   ngx1-net1:
     container_name: ngx1_net1
     build: 
       context: .
+      dockerfile: Dockerfile
       args:
         NET_NAME: net_1
         CONTAINER_NAME: container_1
+    # for visible containers in net_3
+    environment:
+      - KNOCKING_STATUS=true
     ports:
       - "8081:80"
-    command: >
-      bash -c "apt update
-      && apt install knockd iptables iproute2 vim curl -y
-      && /root/scripts/knocking_setup.sh && nginx && knockd -d && sleep infinity"
     networks:
       - net_1
       - net_3
+    # for iptables working
     cap_add:
       - NET_ADMIN
+
   ngx2-net1:
     container_name: ngx2_net1
     build: 
       context: .
+      dockerfile: Dockerfile
       args:
         NET_NAME: net_1
         CONTAINER_NAME: container_2
     networks:
       - net_1
+    cap_add:
+      - NET_ADMIN
+
 # ----------------------------------------------
   ngx1-net2:
     container_name: ngx1_net2
     build:
       context: .
+      dockerfile: Dockerfile
       args:
         NET_NAME: net_2
         CONTAINER_NAME: container_1
+    environment:
+      - KNOCKING_STATUS=true
     ports:
       - "8082:80"
-    command: >
-      bash -c "apt update
-      && apt install knockd iptables iproute2 vim curl -y
-      && /root/scripts/knocking_setup.sh && nginx && knockd -d && sleep infinity"
     networks:
       - net_2
       - net_3
     cap_add:
       - NET_ADMIN
+
   ngx2-net2:
     container_name: ngx2_net2
     build:
       context: .
+      dockerfile: Dockerfile
       args:
         NET_NAME: net_2
         CONTAINER_NAME: container_2
-    restart: on-failure
     networks:
       - net_2
+    cap_add:
+      - NET_ADMIN
+
 # ----------------------------------------------
+# visor - container for watching 
+# availability nginx servers ngx1_net1 and ngx1_net2
+
   visor:
     container_name: visor
     image: ubuntu:latest
@@ -69,13 +91,16 @@ services:
     networks:
       - net_3
 
+# ----------------------------------------------
 networks:
   net_1:
   net_2:
   net_3:
+    # custom subnet for setup port knocking via script
     driver: bridge
     ipam:
       driver: default
       config:
         - subnet: "172.28.0.0/16"
           gateway: "172.28.0.1"
+
diff --git a/scripts/knocking_setup.sh b/scripts/knocking_setup.sh
index ef37499..89f7af8 100755
--- a/scripts/knocking_setup.sh
+++ b/scripts/knocking_setup.sh
@@ -1,9 +1,12 @@
 #!/bin/bash
 
+[[ -n $KNOCKING_STATUS ]] && 
+    INTERFACE=$(ip -br a | grep -E "172.28" | awk '{print $1}') || \
+    INTERFACE=$(ip -br a | grep -E "^eth" | awk '{print $1}')
 
 echo -E "
 [options]
-Interface = eth1
+Interface = ${INTERFACE%@*}
 
 [openNGINX]
 sequence    = 8100, 7200, 13000