root@rpi-iot-jsho-2FA-01:~# curl -sSL https://get.docker.com | sh # Executing docker install script, commit: 93d2499759296ac1f9c510605fef85052a2c32be + sh -c apt-get update -qq >/dev/null + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null + sh -c curl -fsSL „https://download.docker.com/linux/raspbian/gpg“ | gpg –dearmor –yes -o /usr/share/keyrings/docker-archive-keyring.gpg + sh -c echo „deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian bullseye stable“ > /etc/apt/sources.list.d/docker.list + sh -c apt-get update -qq >/dev/null + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq –no-install-recommends docker-ce-cli docker-ce >/dev/null + version_gte 20.10 + [ -z ] + return 0 + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras >/dev/null + sh -c docker version Client: Docker Engine – Community Version: 20.10.12 API version: 1.41 Go version: go1.16.12 Git commit: e91ed57 Built: Mon Dec 13 11:45:28 2021 OS/Arch: linux/arm Context: default Experimental: true
Server: Docker Engine – Community Engine: Version: 20.10.12 API version: 1.41 (minimum version 1.12) Go version: go1.16.12 Git commit: 459d0df Built: Mon Dec 13 11:43:45 2021 OS/Arch: linux/arm Experimental: false containerd: Version: 1.4.12 GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc: Version: 1.0.2 GitCommit: v1.0.2-0-g52b36a2 docker-init: Version: 0.19.0 GitCommit: de40ad0
===============================================
To run Docker as a non-privileged user, consider setting up the Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the ‚Docker daemon attack surface‘ documentation for details: https://docs.docker.com/go/attack-surface/
root@rpi-iot-jsho-2FA-01:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d82bfe696e54 portainer/portainer-ce:linux-arm „/portainer“ 13 seconds ago Up 10 seconds 8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp exciting_antonelli
root@rpi-iot-jsho-2FA-01:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d82bfe696e54 portainer/portainer-ce:linux-arm „/portainer“ 33 seconds ago Up 29 seconds 8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp exciting_antonelli
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-20.jpg` (versionId=e076f7e7-0a3e-4026-84ad-f0345be0769a, modTime=2022-01-04 15:04:00.74 +0000 UTC). Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-21.jpg` (versionId=2a7c2ee3-b46a-4d5c-8375-556743e8c404, modTime=2022-01-04 15:04:00.669 +0000 UTC). Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-22.jpg` (versionId=500b4e3a-2138-4a0a-bd08-778e816cef70, modTime=2022-01-04 15:04:00.733 +0000 UTC). mc: <ERROR> Failed to remove `/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-22.jpg`. Object is WORM protected and cannot be overwritten
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# date Wed 12 Jan 2022 12:04:08 PM CET
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# ./mc rb –force myminio/worm-with-versioning-and-retention5d mc: <ERROR> Failed to remove `myminio/worm-with-versioning-and-retention5d`. Object is WORM protected and cannot be overwritten.
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# ./mc du –versions myminio/worm-with-versioning-and-retention5d 332MiB worm-with-versioning-and-retention5d
root@bpi-iot-jsho-minio-03:~# certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA? – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Select the appropriate number [1-2] then [enter] (press ‚c‘ to cancel): 1 Plugins selected: Authenticator standalone, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter ‚c‘ to cancel): bpi-iot-jsho-minio-03.ddnss.eu Requesting a certificate for bpi-iot-jsho-minio-03.ddnss.eu Performing the following challenges: http-01 challenge for bpi-iot-jsho-minio-03.ddnss.eu Waiting for verification… Cleaning up challenges Subscribe to the EFF mailing list (email: josef.schuster@dpsolution.de).
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/privkey.pem Your certificate will expire on 2022-03-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run „certbot renew“ – If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
If your TLS certificates do not have the IP SAN for the MinIO server host the MinIO Console may fail to validate the connection to the server use the MINIO_SERVER_URL environment variable and specify the proxy-accessible hostname of the MinIO server to allow the Console to use the MinIO server API using the TLS certificate
root@bpi-iot-jsho-minio-03:/# MINIO_SERVER_URL=“https://bpi-iot-jsho-minio-03.ddnss.eu:9000″ MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=<password> ./minio server –console-address „:9001“ /data/data{0…3}
https://bpi-iot-jsho-minio-03.ddnss.eu:9001
root@bpi-iot-jsho-minio-02:~# ./mc alias set myminio https://bpi-iot-jsho-minio-03.ddnss.eu:9000 admin <password> Added `myminio` successfully.
root@bpi-iot-jsho-minio-02:~#
root@bpi-iot-jsho-minio-02:~# ./mc –version myminio mc version RELEASE.2021-12-20T23-43-34Z
root@bpi-iot-jsho-minio-02:~# ./mc admin update myminio Server `myminio` updated successfully from 2021-12-20T22:07:16Z to 2021-12-29T06-49-06Z
# mc mb play/mybucket # mc cp <path-to-archive>.tar play/mybucket –disable-multipart –attr „X-Amz-Meta-Snowball-Auto-Extract=true“ # mc ls play/mybucket
root@bpi-iot-jsho-minio-03:~# cd .minio/certs root@bpi-iot-jsho-minio-03:~/.minio/certs# openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out public.crt -keyout private.key Generating a RSA private key ……………………………………………..++++ ……………………………………………..++++ writing new private key to ‚private.key‘ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‚.‘, the field will be left blank. —– Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Bavarian Locality Name (eg, city) []:St.Wolfgang Organization Name (eg, company) [Internet Widgits Pty Ltd]:JSHO Organizational Unit Name (eg, section) []:JSHO Common Name (e.g. server FQDN or YOUR name) []:bpi-iot-jsho-minio-03.fritz.box Email Address []:josef.schuster@dpsolution.de
Docker Apache Guacamole – using this image will require an existing running Docker container with the guacd image and another Docker container providing either a PostgreSQL or MySQL database image
