Migrate mongodb native to docker

At first you need Backup of your Database.

You can do that with mongodump:

mongodump --db nodebb -u nodebb -p password --gzip --archive=/root/nodebb-backup/mongodb-nodebb-`date +"%d-%m-%y"`.gz 

than we create a folder and copy yml to file

mkdir mongodb nodebb-backup

vi /root/mongodb/docker-compose.yml

services:
  mongo:
    image: 'mongo:4.4'
    restart: unless-stopped
    ports:
      - '27017:27017'
#    environment:
#     MONGO_INITDB_ROOT_USERNAME: nodebb
#     MONGO_INITDB_ROOT_PASSWORD: password
#     MONGO_INITDB_DATABASE: nodebb
    volumes:
      - mongo-data:/data/db
      - /root/nodebb-backup:/root

volumes:
  mongo-data:

Then we start docker Container with your already installed docker and docker-compose file.

docker-compose up -d

Then we have mongo container running without authentication.
We can now import the database backup you made earlier with:

docker exec -ti $(docker ps -qf name=mongodb-mongo-1) mongorestore --db nodebb --gzip --archive=/root/mongodb-nodebb-02-04-25_v4-4.gz

Now you can live with no authentication or you need to add root and user to the Database

you need add following to mongodb

docker exec -ti $(docker ps -qf name=mongodb-mongo-1) bash
mongo
use admin
db.getSiblingDB('admin').createUser(
{
 user:"root",
 pwd:"password",
 roles: ["root"]
})
use nodebb
db.createUser(
  {
    user: "nodebb2",
    pwd: "password",  // or cleartext password
    roles: [
       { role: "readWrite", db:"nodebb" }
    ]
  }
)
exit

Now you can enable authentication with enabling it in yml file

services:
  mongo:
    image: 'mongo:4.4'
    restart: unless-stopped
    ports:
      - '27018:27017'
    environment:
      MONGO_INITDB_ROOT_USERNAME: nodebb
      MONGO_INITDB_ROOT_PASSWORD: password
      MONGO_INITDB_DATABASE: nodebb
    volumes:
      - mongo-data:/data/db
      - /root/nodebb-backup:/root

volumes:
  mongo-data:

Then do docker-compose up -d

docker exec -ti $(docker ps -qf name=mongodb-mongo-1) bash
mongo
use nodebb
db.auth('nodebb2','password');

If everything is working correctly you see an ok statement here.

Greetings

I wan to write an Articlle about this Topic because I havent found one what is including all I want and have to Figure it Out by myself.

At first wen need a Folder and get our Docker Compose File running

mkdir fail2ban
cd fail2ban
vi docker-compose.yml

Paste the following text into the editor:

version: "3"

services:
  fail2ban:
    container_name: fail2ban
    hostname: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TZ=Europe/Berlin
      - F2B_DB_PURGE_AGE=14d
      - SSMTP_HOST=<your-mail-server>
      - SSMTP_PORT=25
      - SSMTP_HOSTNAME=<hostname-of-your-container>
    image: crazymax/fail2ban:latest
    network_mode: host
    restart: unless-stopped
    volumes:
      - /root/fail2ban/data:/data
      - /root/ngix-proxy-manager/data/logs:/var/log/npm
      - /var/log:/var/log/varlog

Save the file and start the Container with

docker-compose up -d

The Fail2ban Container will be loaded and is starting. There should be a data dir now with 4 folders

action.d
db
filter.d
jail.d

The db Folder can be ignored, now we need to create a jail.local in jail.d

vi jail.d/jail.local

Paste the following in there.:

[DEFAULT]
# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
bantime.increment = true

# "bantime.rndtime" is the max number of seconds using for mixing with random time
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
bantime.rndtime = 2048

# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
bantime.multipliers = 1 5 30 60 300 720 1440 2880

#Ban without sending E-Mail
#action = %(action_)s

#Ban and send E-Mail
action = %(action_mw)s

destemail = <dest email>
sender = <from email>
mta = sendmail

[npm]
# bots that trigger too many 403 or 404
# logs are comming from reverse proxy "nginx proxy manager"
enabled = true
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16
filter = npm-filter
chain = DOCKER-USER
logpath = /var/log/npm/proxy-host-*_access.log
maxretry = 5
findtime = 60
bantime = 600

[sshd]

enabled = true
port    = ssh
filter  = sshd
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.27.0.0/16 192.168.0.0/16
chain = INPUT
logpath = /var/log/varlog/auth.log
findtime = 10m
maxretry = 5
bantime = -1

we Monitor the NPM and the Systems sshd here, thats why we mapped the Volume from local logs into the fail2ban container.

Next Step is to add filter Rules in filter.d for our NPM

vi filter.d/npm-filter.conf

[INCLUDES]

[Definition]

failregex = ^.+ (405|404|403|401|\-) (405|404|403|401) - .+ [Client <HOST>] [Length .+] .+ [Sent-to <F-CONTAINER>.+</F-CONTAINER>] <F-USERAGENT>".+"</F-USERAGENT> .+$

ignoreregex = ^.+ (404|\-) (404) - .+".+(\.png|\.txt|\.jpg|\.ico|\.js|\.css)[/]" [Client <HOST>] [Length .+] ".+" .+$

Now we have everything set up and we can restart the container with

docker-compose restart

Now we want to see what fail2ban is doing. We can check the logs by doing docker ps to show the running containers and docker logs <container-id> --follow

Thats it, feel Free to ask if you have problems with this Setup

Hi,

wer das Forum auch als Blog benutzen möchte, kann sich gerne bei mir melden. Würde dann eine eigene Kategorie anlegen.

Viele Grüße

Saphira

Wenn der DRBD mal im Split Brain hängen bleibt muss mana uf dem Secondary forgende Befehle ausführen.

drbdadm disconnect squid
drbdadm secondary squid
drbdadm connect --discard-my-data squid

Hier ein Start Script was auch funktioniert, muss unter Ubuntu in die
/lib/systemd/system

[Unit]
Description=ITS-Forum
After=mongodb.service

[Service]
User=root
Group=root
Environment=NODE_ENV=production
WorkingDirectory=/root/nodebb
ExecStart=/root/.nvm/versions/node/v17.9.0/bin/node loader.js --no-daemon --no-silent
Restart=always

[Install]
WantedBy=multi-user.target
Alias=nodebb.service