dbab within Alpine Linux container - suntong/dbab-packer GitHub Wiki

What is dbab-alpine

A turn key solution as a central LAN server, wrapped in a small docker container.

• Provides DNS, DHCP, ads filtering, and optionally local caching services for machines on the LAN
• All configuration for all aforementioned services are done almost automatic
• Only less than 50M in image size (49.2MB as we speak)
• Compressed size is only less than 20MB if uploaded to docker hub (17.36 MB as we speak)

Test it using gitpod

Open this project in gitpod workspace

• Register a free account on gitpod if you haven't already
• Open this project on gitpod by visiting the url of
  https://gitpod.io/#https://github.com/suntong/dbab-packer

Add necessary tools to gitpod workspace

Should have been done automatically, check with:

packer version
nfpm -v

dig cnn.com | grep SERVER:

Else, do in terminal:

sudo apt update
sudo apt install -y packer bind9-dnsutils
packer version

Provide 2nd IP

sudo ip a add 10.0.5.5/30 dev eth0

Build-alpine base docker container

cd build-alpine
docker build -t sys/dbab-alpine:base .

Get dbab alpine apk

OPtion 1: Get the latest dbab alpine apk release

curl -JLO https://github.com/suntong/dbab/releases/download/1.6.0/dbab_1.6.0-1_all.apk
ln -vsf dbab_1.6.0-1_all.apk dbab.apk

OPtion 2: Build dbab alpine apk from git with nfpm

cd /workspace

curl -JLO https://github.com/goreleaser/nfpm/releases/download/v2.30.1/nfpm_2.30.1_amd64.deb
sudo apt install -y ./nfpm_2.30.1_amd64.deb
nfpm -v

git clone https://github.com/suntong/dbab.git
cd /workspace/dbab

# optionally
git checkout IPv6

nfpm -v
nfpm pkg -f .github/dbab.yaml -p apk

Build-alpine work docker container

cd /workspace/dbab-packer/build-alpine

domainname=googleusercontent.com
server_ip_r=`hostname -I | awk '{print $1}'`
server_ip_v=`hostname -I | awk '{print $2}'`
server_ip_6=`ip -6 addr show scope global | sed -n '/^.*inet6 /{s///; s/\/64 scope .*$//; p; q; }'`
echo % $server_ip_6 %

  # for any cloud VM including gitpod (change device name `end0` if necessary)
  sudo ip -6 addr add fec0::6/64 dev end0
  ping -c1 fec0::5
  server_ip_6=fec0::5

docker rm dbab-alpine -f
packer build -on-error=ask -var server_domain=$domainname -var server_hostname_v=tyrian -var server_hostname_r=$HOSTNAME -var server_ip_r=$server_ip_r -var server_ip_v=$server_ip_v -var server_ip_6=$server_ip_6 dbab-docker.json

Run the alpine work docker container

docker run -d --net=host --cap-add=NET_ADMIN --volume=/var/lib/misc:/var/lib/misc --name dbab-alpine --hostname dbab-alpine --restart=always sys/dbab-alpine:latest
docker exec -it dbab-alpine /bin/sh -c 'ls -l /var/lib/misc /etc/dnsmasq.d/; tail -3 /etc/dnsmasq.d/dbab-map.adblock.conf; head /etc/dbab/dbab.*'

Check

echo $server_ip_v

dig @$server_ip_v +short 101com.com doubleclick.net ads.yahoo.com s0.2mdn.net example.com
10.0.5.5
10.0.5.5
10.0.5.5
10.0.5.5
93.184.216.34

Change nameserver

echo $server_ip_v
echo nameserver $server_ip_v | sudo tee /etc/resolv.conf

$ host 101order.com
101order.com has address 10.0.5.5
101order.com has IPv6 address fec0::5
101order.com mail is handled by 10 mail.rwgusa.net.

Verify dbab pixel server

curl -s --head $server_ip_v/any/path/abc.png

$ curl -v6 --head https://101order.com/
*   Trying fec0::5:443...
* connect to fec0::5 port 443 failed: Connection refused
* Failed to connect to 101order.com port 443 after 0 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 101order.com port 443 after 0 ms: Connection refused

$ curl -v6 --head http://101order.com/
*   Trying fec0::5:80...
* Connected to 101order.com (fec0::5) port 80 (#0)
> HEAD / HTTP/1.1
> Host: 101order.com
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Server: dbab/v1.5
Server: dbab/v1.5
< Connection: close
Connection: close
< Cache-Control: public, max-age=31536000
Cache-Control: public, max-age=31536000
< Content-type: image/gif
Content-type: image/gif
< Content-length: 43
Content-length: 43

$ curl -s6 --head http://s0.2mdn.net/
HTTP/1.0 200 OK
Server: dbab/v1.5
Connection: close
Cache-Control: public, max-age=31536000
Content-type: image/gif
Content-length: 43

Old method (for reference)

How to build

Having

• setup a static IP and a second IP (theoretically single IP and docker using host networking could also work, but for max protection, separated IP is better), and
• disabled router's DHCP and DNS services (may also do afterwards)

then run

docker build -t sys/dbab-alpine:base .

packer build -on-error=ask -var server_domain=mine.org -var server_hostname=my-dmz -var server_ip=192.168.0.100 -var target_name=sys/dbab-alpine dbab-docker.json

on a host with mine.org as domain name, and 192.168.0.100 as the second IP, whose host-name will be assigned as my-dmz. It will build into a docker image called sys/dbab-alpine:latest.

The latest dbab.apk, which is required for above build, can be downloaded from dbab release page, like dbab_1.5.0-1_all.apk.

How to run

docker run -d --restart=always --net=host --cap-add=NET_ADMIN --name dbab-docker --hostname my-dmz sys/dbab-alpine:latest

after having disabled host machine's local DNS resolution service. E.g.,

sudo systemctl stop systemd-resolved.service