amix Posted June 17 Share Posted June 17 Hi, I want to install the port-knocking demon 'knockd'. Since I want to use it to control an outside connection to my server, I need to install it on operating system level. There is a Slackware package for it on https://slackbuilds.org/. Slackbuilds does not serve binaries, however, so all I would get is the Slackbuild, that configures the build of the original source archive for use in Slack. unRAID does not have a development environment (gcc, etc.) installed and I don't want that, either. Currently, I have also no other computer as my smartphone. What can I do? Anyone, who knows of a compatible binary distribution of 'knockd'? Wouldn't it make sense for @limetech to inlcude 'knockd' as default? Thanks, Andreas Quote Link to comment
Mainfrezzer Posted June 17 Share Posted June 17 Im curious as to why the decline of the docker container exists. Quote Link to comment
amix Posted June 17 Author Share Posted June 17 6 minutes ago, Mainfrezzer said: Im curious as to why the decline of the docker container exists. I don't understand what you are saying. Could you explain further? Quote Link to comment
Mainfrezzer Posted June 17 Share Posted June 17 Since you only stated that you want to control an outside connection to the server, you can easily do that by running the docker container in host mode, since it has access to all interfaces. So, that wouldnt be the issue as to why your title states "no Docker" Quote Link to comment
JorgeB Posted June 17 Share Posted June 17 You can always make a feature request. Quote Link to comment
amix Posted June 17 Author Share Posted June 17 Just now, Mainfrezzer said: Since you only stated that you want to control an outside connection to the server, you can easily do that by running the docker container in host mode, since it has access to all interfaces. So, that wouldnt be the issue as to why your title states "no Docker" I see. But why would I add so many layers of complexity? As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source. I would need to set up a docker. Which would also mean for me, that I'd need to learn much more about Docker, than I am currently interested in. One of the reasons for me to purchase an unRAID license was to plug'N'play as much as possible, since I just don't have the time anymore for deep-level system administration and constant up-to-datism with the developments. Not knowing Docker internals I can only guess, but so far, each image I installed came with over a 100 MB of data, where the 'knock' package stays below 200 KB when installed from a binary package direct-to-host. Adding another software-layer to something as security-sensitive/critical and simple like 'kockd' escapes me. Quote Link to comment
Solution ich777 Posted June 20 Solution Share Posted June 20 On 6/17/2024 at 4:46 PM, amix said: As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source. Have you yet seen @SpaceInvaderOne's container where you can easily build from source in a Docker container: 1 Quote Link to comment
primeval_god Posted June 20 Share Posted June 20 On 6/17/2024 at 10:46 AM, amix said: As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source. How so? It looks to me like one of the links in your initial post shows how to build a knockd container based on alpine without any compilation. On 6/17/2024 at 10:46 AM, amix said: I would need to set up a docker. Which would also mean for me, that I'd need to learn much more about Docker, than I am currently interested in. One of the reasons for me to purchase an unRAID license was to plug'N'play as much as possible, since I just don't have the time anymore for deep-level system administration and constant up-to-datism with the developments. I understand the hassle of staying up to date with the latest system admin stuff, but in unRAID docker by and large is the most plug'N'play solution. Installing packages directly in the host os is considered the deep-level system administration solution and is generally not the recommended path. On 6/17/2024 at 10:46 AM, amix said: Not knowing Docker internals I can only guess, but so far, each image I installed came with over a 100 MB of data, where the 'knock' package stays below 200 KB when installed from a binary package direct-to-host. Containers can be smaller than that depending on the base image and included application but a 100MB container is pretty reasonable. On 6/17/2024 at 10:46 AM, amix said: Adding another software-layer to something as security-sensitive/critical and simple like 'kockd' escapes me. The general idea is to isolate user programs from the unRAID host os. Knockd is pretty low level though so depending on what your doing with it containerizing might not be a good. Speaking of which if the idea is to use knockd to make the unRAID webui or ssh server available remotely, dont. The unRAID host os should never be exposed directly to the internet. A VPN is a much better solution. Quote Link to comment
amix Posted June 26 Author Share Posted June 26 On 6/20/2024 at 3:45 PM, ich777 said: Have you yet seen @SpaceInvaderOne's container where you can easily build from source in a Docker container: Now, that's interesting... Thanks for the pointer! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.