This is the RIPE Atlas software probe packaged as a Docker image.
- 1 CPU core (of course)
- 20MiB memory
- 100MiB HDD
- A Linux installation with Docker installed
- Internet access
The following prebuilt tags are available at Docker Hub. The latest
tag supports multi-arch, and should be used by default.
latest
: For all supported devices listed below (multi-arch)latest-arm64
: For arm64 (aarch64) deviceslatest-armv7l
: For armv7l (armhf) deviceslatest-i386
: For i386 deviceslatest-amd64
: For amd64 devices
First we start the container:
docker run --detach --restart=always \
--log-driver json-file --log-opt max-size=10m \
--cpus=1 --memory=64m --memory-reservation=64m \
--cap-drop=ALL --cap-add=CHOWN --cap-add=SETUID --cap-add=SETGID --cap-add=DAC_OVERRIDE --cap-add=NET_RAW \
-v /var/atlas-probe/etc:/var/atlas-probe/etc \
-v /var/atlas-probe/status:/var/atlas-probe/status \
-e RXTXRPT=yes \
-e ATLAS_UID=1000 `#optional to map the container's internal user to an user on the host machine. ` \
-e ATLAS_GID=1000 `#optional to map the container's internal group to a group on the host machine.` \
--name ripe-atlas --hostname "$(hostname --fqdn)" \
jamesits/ripe-atlas:latest
In this example we used ATLAS_UID=1000 and ATLAS_GID=1000, to find the id's of the user on your host use id user_you_want_to_use as below on your host
id user_you_want_to_use
The output will be like
uid=<id>(user_you_want_to_use) gid=<id>(user_you_want_to_use)
An example docker-compose.yaml
is provided.
git clone https://github.com/Jamesits/docker-ripe-atlas.git
cd docker-ripe-atlas
docker-compose pull
docker-compose up -d
Fetch the generated public key:
cat /var/atlas-probe/etc/probe_key.pub
Register the probe with your public key. After the registration being manually processed, you'll see your new probe in your account.
If you don't want to use the prebuilt image hosted on the Docker Hub, you can build your own image.
DOCKER_BUILDKIT=1 docker build -t ripe-atlas .
Optionally you can build the image with custom id's for the atlas user and/or group
DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_UID=1234" --build-arg="ATLAS_GID=1234" .
DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_UID=1234" .
DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_GID=1234" .
Note that building this container image requires BuildKit.
Docker does not enable IPv6 by default. If you want IPv6 support, some level of setup and a basic understanding of IPv6 is required. Swarm mode & some Kubernetes implementation supports IPv6 too with extra configuration.
If you happened to have a block of static IPv6 addresses routed to your host, you can directly assign one of the addresses to the container. Edit /etc/docker/daemon.json
and add native IPv6 address blocks, then restart the Docker daemon. An example:
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:a1a3::/48"
}
Notes:
- These config work on Docker for Linux only
- If
daemon.json
exists, merge the config lines instead of directly overwriting it; if it doesn't exist, create it manually - For more info, see the official doc
If your ISP does not conform to BCOP 690 (very common), and/or your router cannot route smaller blocks of IPv6 to one server even if it has been assigned a block of valid IPv6 addresses (also very common), the method above might not work for you. As a workaround, you can setup NAT with either Docker's builtin experimental IPv6 NAT support, robbertkl/docker-ipv6nat
or similar projects. Manual iptables/nftables NAT setup is also possible, but hanc marginis exiguitas non caperet.
Firstly, edit kernel parameters to enable IPv6 routing.
cat > /etc/sysctl.d/50-docker-ipv6.conf <<EOF
net.ipv6.conf.eth0.accept_ra=2
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
EOF
sysctl -p /etc/sysctl.d/50-docker-ipv6.conf
Notes:
- This potentially introduces more attack surface and might require you set up IPv6 firewall rules to make yourself safe
- This might break your network and your mileage may vary
- Swap
eth0
with your primary network adapter name - If you use static IPv6 assignment instead of SLAAC, change
accept_ra
to0
Secondly, create a IPv6 NAT enabled network.
docker network create --ipv6 --subnet=fd00:a1a3::/48 ripe-atlas-network
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro --cap-drop=ALL --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host --name=ipv6nat robbertkl/ipv6nat:latest
Finally, start the RIPE Atlas container with argument --net=ripe-atlas-network
.
Use this recipe for auto updating the docker container.
docker run --detach --restart=always -v /var/run/docker.sock:/var/run/docker.sock --name watchtower containrrr/watchtower --cleanup --label-enable
Then start the RIPE Atlas container with argument --label=com.centurylinklabs.watchtower.enable=true
.
All the config files are stored at /var/atlas-probe
. Just backup it.