Install Docker on Vyos

At first, here is the shell script(link) which including all the following steps, so you can install Docker on your Vyos easier.

• Add Debian source to Vyos
  don’t forget to replace “buster” with your own Linux release codename, you can check it by “lsb_release -c”.

$sudo echo deb http://archive.debian.org/debian buster main >> /etc/apt/sources.list

• Update

$sudo apt-get update

• Install gpg key

$sudo apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common

$sudo curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –

• Add Docker source

$sudo echo deb [arch=amd64] https://download.docker.com/linux/debian buster stable > /etc/apt/sources.list.d/docker.list

• Update

$sudo apt-get update

• Install Docker

$sudo apt-get install -y docker-ce docker-ce-cli containerd.io

Advanced

• Install docker-compose

$sudo wget https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-Linux–x86_64 -P /var/lib/docker/

v2.2.2 is the version of docker-compose, you can check docker-compose released version here: Releases · docker/compose · GitHub
Linux is your os type, you can check by “uname -s”
x86_64 is your Linux architecture, you can check by “uname -m”

After download you can link docker-compose to a bin directory by

$sudo ln -s /var/lib/docker/docker-compose /usr/local/bin/docker-compose

• Using Vyos bridge interface instead of Docker network

There will be a default bridge(docker0) created by Docker, if you want to manage this bridge by Vyos, this part will help you.

Add bridge to Vyos

• Using Vyos route instead of  Docker iptables forward

1.Add Debian source to Vyos, don’t forget to replace “jessie” with your own Linux release codename, you can check it by “lsb_release -c”

/etc/apt/sources.list

deb http://deb.debian.org/debian jessie main contrib non-free

sudo apt update

sudo apt install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –

deb https://download.docker.com/linux/debian jessie stable

sudo apt update

sudo apt install -y docker-ce

set system login user vyos group docker

Docker and iptables | Docker Documentation

禁用Docker iptables

删掉默认docker0，使用br0

sudo ip link set docker0 down

brctl delbr docker0

删掉原有网络配置sudo rm /var/lib/docker/network –rf

sudo cat /etc/docker/daemon.json

{

“debug”: true,

“iptables”: false,

“bridge”: “br0”

}

安装docker compose

Releases · docker/compose · GitHub

/usr/local/bin/docker-compose

docker network create -o com.docker.network.bridge.name=br110 private

apt-get install iputils-ping

apt install iproute2

apt-get install net-tools

docker repo

Available snapshots

# vyos-1.3.0-rc6

• vyos-1.3.0-rc6-amd64.iso (vyos-1.3.0-rc6)
• vyos-1.3.0-rc6-amd64.iso.minisig (vyos-1.3.0-rc6)

# vyos-1.3.0-rc5

• vyos-1.3.0-rc5-amd64.iso (vyos-1.3.0-rc5)

# vyos-1.3.0-rc4

• vyos-1.3.0-rc4-amd64.iso (generic-iso)
• vyos-1.3.0-rc4-hyperv-amd64.vhdx (hyper-v)
• vyos-1.3.0-rc4-qemu.raw (openstack)
• vyos-1.3.0-rc4-qemu.qcow2 (qemu)
• vyos-1.3.0-rc4-vmware.ova (vmware)

# vyos-1.3.0-rc3

• vyos-1.3.0-rc3-amd64.iso (vyos-1.3.0-rc3)

# vyos-1.3.0-rc1

• vyos-1.3.0-rc1-amd64.iso (generic iso)
• vyos-1.3.0-rc1-hyperv-amd64.vhdx (hyper-v)
• vyos-1.3.0-rc1-qemu.qcow2 (qemu)
• vyos-1.3.0-rc1-vmware.ova (vmware)

From: VyOS Community

原文：https://wiki.ubuntu.com/Lighttpd%2BPHP

This is a how-to to on installing and setting up lighttpd and PHP on Maverick. Lighttpd or “lighty” is a webserver with a very low use of resources.

Install the packages we need: (this may not be all, but these two will automatically download the rest as dependencies)

sudo apt-get install lighttpd php5-cgi

Enable the fastcgi module and the php configuration with

sudo lighty-enable-mod fastcgi 
sudo lighty-enable-mod fastcgi-php

Reload the lighttpd daemon

sudo service lighttpd force-reload

To test if it’s working create the file /var/www/index.php with the following contents:

<?php phpinfo(); ?>

and check out http://localhost/index.php in your browser.

我的Vyatta运行一直很好，用ROS和Cisco做Tunnel连接到Vyatta跑OSPF用来翻墙，效果一直不错。可是当使用Windows连接vpn时，经常打开网页超时，但ping各处均正常，所以怀疑是MTU或MSS的问题。

经过几番周折，发现网页超时时，Vyatta日志内出现大量异常：

Jan 12 21:02:39 Xirang kernel: [4838172.516489] pptp2: ppp: compressor dropped pkt

然后学习了一下，出现这个问题是因为，Windows VPN客户端的MPPE（Microsoft point-to-point Encryption）加密需要占用4个字节长度，原始报文加上MPPE报文头开销会超过Linux服务端pptp接口MTU，最终导致报文过大被丢弃。

所以解决问题的本质就是增加Linux服务端pptp接口MTU。

解决办法有三种：

1. 编辑pptpd源码，增加MTU；
2. 使用脚本，在pptp接口连接up以后增加MTU；
3. 不使用MPPE加密；

第一种虽然从根本上解决了问题，但是由于水平问题放弃了；第三种由于取消了传输加密，心理上觉得不安全，也放弃了；

从网上找到了第二种解决办法，如下：

创建脚本（下载）：/etc/ppp/ip-up.d/mppefixmtu.sh

#!/bin/sh
CURRENT_MTU=”`ip link show $1 | grep -Po ‘(?<=mtu )([0-9]+)’`”
FIXED_MTU=”`expr $CURRENT_MTU + 4`”
ip link set $1 mtu $FIXED_MTU

确保脚本具有可执行权限

chmod 755 /etc/ppp/ip-up.d/mppefixmtu.sh

这样MTU加上4以后就可以兼容Windows的MPPE了。

参考原文：https://wiki.archlinux.org/index.php/PPTP_server