Results 1 to 10 of 10

Thread: Simple MOHAA/SH Docker image

  1. #1
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    563

    Default Simple MOHAA/SH Docker image

    Hello guys,

    Since Leyok pushed me into Docker, i have created a simple MOHAA/SH docker image.
    The repository can be found here: https://hub.docker.com/r/appelpitje/mohaa-server

    How to use it:

    1. Pull the image:
    Code:
    docker pull appelpitje/mohaa-server:tag
    2. Run and create a container:
    Code:
    sudo docker run -t -p 12203:12203/udp -p 12203:12203/udp -d appelpitje/mohaa-server:latest
    3. Success! Setting up a SH server without any game panel was never so easy!
    Code:
    CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS                     PORTS                                                                                                    NAMES
    9f943cf39340        appelpitje/mohaa:tag   "/bin/sh -c './spear…"   11 days ago         Up 11 days                 0.0.0.0:12203->12203/tcp, 0.0.0.0:12203->12203/udp, 0.0.0.0:12300->12300/tcp, 0.0.0.0:12300->12300/udp   nervous_spence
    Last edited by Appelpitje; August 14th, 2020 at 01:42 AM.

  2. #2

    Default

    I heard a just a little about docker before. it looks like a very useful piece of software

    What I'm not sure to understand is:
    Are docker apps supposed to work on Linux, Windows and Mac, seamlessly? (install Docker -> setup the container and you are done?)
    or is this for Linux only?

    and correct me if I'm wrong or missing something, but AFAIK, moh servers don't use tcp ports (at least I never had to open them)

    btw, xcode tags supports dockerfile code: [xcode=docker] or [xcode=dockerfile]

  3. #3
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    563

    Default

    Quote Originally Posted by Zappa View Post
    What I'm not sure to understand is:
    Are docker apps supposed to work on Linux, Windows and Mac, seamlessly? (install Docker -> setup the container and you are done?)
    or is this for Linux only?
    Yes, it runs on all OSes, i developed it on Macos and run it on a Linux server. It should work on windows as well.

    Quote Originally Posted by Zappa View Post
    and correct me if I'm wrong or missing something, but AFAIK, moh servers don't use tcp ports (at least I never had to open them)
    Woops thats my bad will remove them

    Quote Originally Posted by Zappa View Post
    btw, xcode tags supports dockerfile code: [xcode=docker] or [xcode=dockerfile]
    Cool, i have edited the code block.

  4. #4

    Default

    Quote Originally Posted by Zappa View Post
    What I'm not sure to understand is:
    Are docker apps supposed to work on Linux, Windows and Mac, seamlessly? (install Docker -> setup the container and you are done?)
    or is this for Linux only?
    Hey Zappa. I use Docker a lot at work.

    Docker was originally a wrapper around Linux kernel namespace features. For instance, you can with modern Linux kernels just manually create an isolated process space so a process you run in it can't see other processes. The same applies for network to give it a restricted networking stack, etc. This fact that this is implemented in the kernel for specific use cases is a massive plus - you don't have the virtualization overhead of running a Virtual Machine, and you don't have the resource overhead either as applications run on the same kernel. Filesystems by default are also "overlay" filesystems. That is, they can "overlay" your current filesystem and changes you make in running containers are simply "overlayed" on top of the original image's filesystem. This reduces the overhead as every running container is basically a "diff" from the master copy. Very smart!

    Then Microsoft jumped on the bandwagon and created "Docker for Windows". Because the Windows kernel doesn't support the concept of namespaces, the paradigm is different - on Windows, every docker container relies on a virtualization layer. This has the following implications:

    - Docker containers for Windows cannot run on Linux.
    - Docker containers for Linux can run on Windows, but with the virtualization overhead. This negates all the performance benefits that namespaces provide on Linux, but it does mean you can deploy Linux-based containers on both Windows and Linux, and this interoperability/consistency may be more important to an organisation depending on their use case.
    Last edited by brixton; March 21st, 2020 at 06:41 AM.

  5. #5

  6. #6

    Default

    Quote Originally Posted by brixton View Post
    Then Microsoft jumped on the bandwagon and created "Docker for Windows". Because the Windows kernel doesn't support the concept of namespaces, the paradigm is different - on Windows, every docker container relies on a virtualization layer.
    Actually, Microsoft has implemented native support for Windows Containers called Silos, like Linux, Silos are super jobs objects, that contain various objects like Registry, Window Station, Desktop, Sessions, etc. and every objects inside those namespaces are isolated from other namespaces, not only this feature is faster than a regular Hyper-V isolation, but this has improved Windows startup time :

    However, the Windows Server performance team was on the case. They profiled, analyzed and worked with teams across Windows to make their services faster and reduce dependencies to improve parallelism. The result of this effort not only made container startup faster but actually improved Windows startup time, as well. (If your Xbox or Surface started booting faster last year, you can thank containers.)
    Source : https://docs.microsoft.com/en-us/arc...ver-containers

    Windows Containers :
    https://unit42.paloaltonetworks.com/...ws-containers/

  7. #7

    Default

    Quote Originally Posted by Ley0k View Post
    Actually, Microsoft has implemented native support for Windows Containers called Silos
    This is news to me since I last looked, very cool. I'm guessing only supported on Windows Server?

  8. #8
    Developer Todesengel's Avatar
    Join Date
    Dec 2013
    Location
    St. Louis, Missouri, USA
    Posts
    276

    Default

    my question would be - how good is the ability to ensure the code executing on the host can't reach in to the container and touch anything (ie load a hack).

  9. #9

    Default

    Quote Originally Posted by Todesengel View Post
    my question would be - how good is the ability to ensure the code executing on the host can't reach in to the container and touch anything (ie load a hack).
    On Linux at least, if you have root then you can touch any namespace (i.e., any running container). The main idea principle is that something running inside the container (e.g., a compromised web server) can't reach anything else on the host, even with root inside the container.

  10. #10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •