In Previous article, I showed the bad points of the Dockerfile for building the l4d2 dedicated server created this time. Finally, I will leave two points (though trivial) that I stumbled upon in the process of creating the Dckerfile.
The environment I was using is Docker Toolbox (version 19.03.1), but when I do `docker build```, it shows that there is not enough disk space in docker` `no space left on device has come out. I tried to delete unnecessary container network image volumes at once with `` docker system prune -a --volumes` `` referring to Article on similar symptoms, but it still solved. did not.
The container image I'm trying to create is as large as 10GB as mentioned in the previous article, but since the default machine of Docker Toolbox has 20GB (disk.vmdk is 19.53GB), there is no problem with the disk capacity. I was convinced. However, (as you can imagine) the dedicated server occupies most of the capacity of this container, so if `` `docker build``` behaves like copying this in the image, I thought it might be out of disk space, so I deleted the default machine once to increase the disk space and recreated it.
#Delete default machine
$ docker-machine rm default
About to remove default
WARNING: This action will delete both local reference and remote instance.
Are you sure? (y/n): y
Successfully removed default
#Create defaultVM (50GB)
$ docker-machine create -d virtualbox --virtualbox-disk-size "50000" default
...
When I built it again on this, I was able to confirm that it works without problems. I was stumbling on the belief that I wasn't running out of disk space.
I think this is a specification of `nmap``` rather than a specification on the GCE side, but in order to check whether the port setting is done properly after setting the firewall, nmap``` is used. I used it to do a port scan. Then, the ports after 5 digits seemed to be excluded from the scan target, and I stumbled without noticing it. (At this time, even if I actually set the firewall, there was an event that I could not connect to the server, so I thought that I could not set the port without permission, but the reality is `` docker run It took me a while to notice this because I forgot to port forward UDP 27015 at the time of ``` ...)
Let's actually look at the above. For example, allow 22 (SSH), 443 (HTTPS), 8080, 9000, 10000, 11000, 27015 (default for l4d2 dedicated server), 27016 in the firewall settings, and add an option with `` `nmap```. If you scan without scanning, it will be as follows.
xxx@instance-1:~$ nmap 34.84.27.167
...
Not shown: 994 filtered ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp closed https
3389/tcp closed ms-wbt-server
8080/tcp closed http-proxy
9000/tcp closed cslistener
10000/tcp closed snet-sensor-mgmt
Nmap done: 1 IP address (1 host up) scanned in 4.60 seconds
Certainly it has not been scanned since 11000. I was confused because I misunderstood that I could not allow this after 10000 without permission. But (of course), for example, if you limit the ports to scan under the above conditions to 27015-27018, 27015 and 27016 will be closed (no applications are waiting to receive, but the probe has arrived) as shown below. (Of course, the probe has not reached 17 and 18), and you can see that it is working well.
xxx@instance-1:~$ nmap -p 27015-27018 34.84.27.167
PORT STATE SERVICE
27015/tcp closed unknown
27016/tcp closed unknown
27017/tcp filtered mongod
27018/tcp filtered mongod
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
It may not be a story to open the lid, but in fact I stumbled in such a place, so I will leave it for the future.
This concludes the series of stories "I made a Docker image for the left4dead2 server and tried it on GCE". In the future, I would like to continue studying and actively publish articles when an upgraded version of this case and other new outputs are available. Thank you for reading this time as well.
Recommended Posts