pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

docker -> k8s

master
Paul Walko 2020-11-02 22:32:40 -05:00
parent 06bfaebf5e
commit 96723d3ffb
21 changed files with 682 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fogcutter/docker/airsonic/launch.sh
View File

@ -1,19 +0,0 @@
#!/bin/bash
# Assumes pew-net exists
# Make config dir (as non-root) before launching
docker run \
--name airsonic \
--detach \
--restart unless-stopped \
--env PUID=1000 \
--env PGID=1000 \
--env TZ=US/Eastern \
--volume $PWD/airsonic-config:/config \
--volume /bigdata/media/music:/media/music:ro \
--volume /bigdata/media/playlists:/media/playlists:rw \
--volume /bigdata/media/podcasts:/media/podcasts:rw \
--volume /media-vtluug:/media/media-vtluug:ro \
--network pew-net \
linuxserver/airsonic:v10.6.1-ls59

15
fogcutter/docker/minecraft/launch.sh
View File

@ -1,15 +0,0 @@
#!/bin/bash
# Make data dir (as non-root) before launching
docker run \
--name minecraft \
--detach \
--restart unless-stopped \
--env EULA=TRUE \
--env MAX_MEMORY=8G \
--env VERSION=1.15.2 \
--volume $PWD/minecraft-data:/data \
--publish 10.42.0.203:25565:25565 \
--publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:25565:25565 \
itzg/minecraft-server:latest

62
fogcutter/docker/monitoring/launch.sh
View File

@ -1,62 +0,0 @@
#!/bin/bash
# Assumes pew-net exists
# Assumes mounted dirs are created as non-root user
# Prometheus + Node Exporter + cAdvisor + Grafana
docker network create pew-monitoring-net
# grafana-cli plugins install grafana-piechart-panel
sudo chown 472:472 $PWD/grafana/{grafana-data,provisioning} \
&& \
docker run \
--name monitoring_grafana \
--detach \
--restart unless-stopped \
--env GF_SERVER_DOMAIN="seaturtle.pw" \
--env GF_SERVER_ROOT_URL="%(protocol)s://%(domain)s/grafana/" \
--user 472 \
--volume $PWD/grafana/grafana-data:/var/lib/grafana:rw \
--volume $PWD/grafana/provisioning:/etc/grafana/provisioning:rw \
--network pew-monitoring-net \
grafana/grafana:6.7.3 \
&& \
docker network connect pew-net monitoring_grafana
sudo chown nobody:nogroup $PWD/prometheus/prometheus-data \
&& \
docker run \
--name monitoring_prometheus \
--detach \
--restart unless-stopped \
--volume $PWD/prometheus/prometheus-data:/prometheus:rw \
--volume $PWD/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro \
--volume $PWD/prometheus/alert.rules:/etc/prometheus/alert.rules:ro \
--network pew-monitoring-net \
prom/prometheus:v2.17.2 --config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/prometheus \
--storage.tsdb.retention.size=200GB
docker run \
--name monitoring_node-exporter \
--detach \
--restart unless-stopped \
--cap-add SYS_TIME \
--pid host \
--volume /:/host:ro,rslave \
--network pew-monitoring-net \
quay.io/prometheus/node-exporter:v0.18.1 --path.rootfs=/host
docker run \
--name monitoring_cadvisor \
--detach \
--restart unless-stopped \
--volume /:/rootfs:ro \
--volume /var/run:/var/run:ro \
--volume /sys:/sys:ro \
--volume /var/lib/docker:/var/lib/docker:ro \
--volume /dev/disk:/dev/disk:ro \
--network pew-monitoring-net \
google/cadvisor:v0.33.0
# alert manager

0
fogcutter/docker/monitoring/prometheus/alert.rules
View File

24
fogcutter/docker/monitoring/prometheus/prometheus.yml
View File

@ -1,24 +0,0 @@
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ['monitoring_prometheus:9090']
- job_name: cadvisor
static_configs:
- targets: ['monitoring_cadvisor:8080']
- job_name: node-exporter
static_configs:
- targets: ['monitoring_node-exporter:9100']
#alerting:
# alertmanagers:
# - static_configs:
# - targets: ['alertmanager:9093']
#
#rule_files:
#- 'alert.rules'

1
fogcutter/docker/nginx/README.md
View File

@ -1 +0,0 @@
Mostly stolen from https://github.com/vtluug/docker-manifests/tree/master/sczi/nginx

25
fogcutter/docker/nginx/launch.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
# Assumes pew-net exists
docker run \
--name nginx \
--detach \
--restart unless-stopped \
--env PUID=1000 \
--env PGID=1000 \
--env EMAIL=sysadmin@seaturtle.pw \
--env URL=seaturtle.pw \
--env SUBDOMAINS=airsonic,plex,www \
--env VALIDATION=html \
--env TZ=US/Eastern \
--volume $PWD/nginx-config:/config:rw \
--volume $PWD/nginx.conf:/config/nginx/nginx.conf:ro \
--volume $PWD/site-confs:/config/nginx/site-confs:ro \
--volume /bigdata/files:/files-docker:ro \
--publish 10.42.0.203:80:80 \
--publish 10.42.0.203:443:443 \
--publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:80:80 \
--publish [2601:5c0:c100:6e65:96c6:91ff:feab:69e3]:443:443 \
--network pew-net \
linuxserver/letsencrypt:1.3.0-ls110

63
fogcutter/docker/nginx/nginx.conf
View File

@ -1,63 +0,0 @@
## Version 2018/04/07 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf
user abc;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 0;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /config/log/nginx/access.log;
error_log /config/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /config/nginx/site-confs/default;
include /config/nginx/site-confs/*.enabled;
}
daemon off;

29
fogcutter/docker/nginx/site-confs/airsonic.seaturtle.pw.enabled
View File

@ -1,29 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name airsonic.seaturtle.pw;
return 301 https://airsonic.seaturtle.pw$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name airsonic.seaturtle.pw;
# ssl conf
include /config/nginx/ssl.conf;
# Proxy airsonic
# https://airsonic.github.io/docs/proxy/nginx/
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
proxy_pass http://airsonic:4040;
proxy_redirect http:// https://;
}
}

29
fogcutter/docker/nginx/site-confs/default
View File

@ -1,29 +0,0 @@
## Based on version below; but heavily modified for LUUG
## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
# This is the main file that will be pe present no matter what
# Individual sites are specified in /config/nginx/sites/*.enabled
# Redirect unknown HTTP traffic to https://seaturtle.pw
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://seaturtle.pw;
}
# Redirect unknown HTTPS traffic to https://seaturtle.pw
# If we don't have a cert for the site the client get an error but that's fine
server {
listen 443 default_server;
listen [::]:443 default_server;
server_name _;
# ssl conf
include /config/nginx/ssl.conf;
return 301 https://seaturtle.pw;
}
# Enabled sites are included in /config/nginx/nginx.conf

29
fogcutter/docker/nginx/site-confs/plex.seaturtle.pw.enabled
View File

@ -1,29 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name plex.seaturtle.pw;
return 301 https://plex.seaturtle.pw$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.seaturtle.pw;
# ssl conf
include /config/nginx/ssl.conf;
# Proxy plex
# https://old.reddit.com/r/PleX/comments/3xz4ph/plex_behind_a_ssl_nginx_reverse_proxy/
# Use IP of docker interface on docker host since plex runs in host mode
location / {
proxy_pass http://172.17.0.1:32400;
proxy_read_timeout 240;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

45
fogcutter/docker/nginx/site-confs/seaturtle.pw.enabled
View File

@ -1,45 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name seaturtle.pw www.seaturtle.pw;
return 301 https://seaturtle.pw$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.seaturtle.pw;
# ssl conf
include /config/nginx/ssl.conf;
return 301 https://seaturtle.pw$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name seaturtle.pw;
# ssl conf
include /config/nginx/ssl.conf;
client_max_body_size 1M;
# Proxy main site
location / {
proxy_pass https://paulwalko.github.io;
}
# Proxy grafana
location /grafana/ {
proxy_pass http://monitoring_grafana:3000/;
}
# Serve misc files
location /files {
alias /files-docker;
autoindex on;
}
}

18
fogcutter/docker/plex/launch.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# Assumes pew-net exists
# Make config dir (as non-root) before launching
docker run \
--name plex \
--detach \
--restart unless-stopped \
--env PUID=1000 \
--env PGID=1000 \
--env VERSION=docker \
--volume $PWD/plex-config:/config:rw \
--volume /bigdata/media/movies:/media/movies:ro \
--volume /bigdata/media/music:/media/music:ro \
--volume /media-vtluug:/media/media-vtluug:ro \
--network host \
linuxserver/plex:1.19.1.2701-6327e27bf-ls90

10
fogcutter/docker/ut04/launch.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
docker run -d \
--name ut2004 \
-p 10.42.0.203:5000:80 \
-p 10.42.0.203:7777:7777 \
-p 10.42.0.203:7778:7778 \
-e "CONFIG_1=[Engine.AccessControl];AdminPassword=password123;[UWeb.WebServer];bEnabled=True" \
-e "UT2004_CMD=CTF-FACECLASSIC?game=XGame.xCTFGame" \
reflectivecode/ut2004

79
fogcutter/k8s/airsonic.yml Normal file
View File

@ -0,0 +1,79 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: airsonic
name: airsonic
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: airsonic
template:
metadata:
labels:
run: airsonic
spec:
containers:
- name: airsonic
image: linuxserver/airsonic
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "US/Eastern"
volumeMounts:
- mountPath: /config
name: airsonic-config
readOnly: false
- mountPath: /media/music
name: bigdata-music
readOnly: true
- mountPath: /media/playlists
name: bigdata-playlists
readOnly: true
- mountPath: /media/podcasts
name: bigdata-podcasts
readOnly: true
- mountPath: /media/media-vtluug
name: vtluug-media
readOnly: true
ports:
- name: http
containerPort: 4040
volumes:
- name: airsonic-config
hostPath:
path: /bigdata/k8s-config/airsonic/config
- name: bigdata-music
hostPath:
path: /bigdata/media/music
- name: bigdata-playlists
hostPath:
path: /bigdata/media/playlists
- name: bigdata-podcasts
hostPath:
path: /bigdata/media/podcasts
- name: vtluug-media
hostPath:
path: /media-vtluug
---
apiVersion: v1
kind: Service
metadata:
labels:
run: airsonic
name: airsonic
namespace: pew
spec:
selector:
run: airsonic
ports:
- name: http
port: 4040
protocol: TCP

2
fogcutter/k8s/cloud.txt Normal file
View File

@ -0,0 +1,2 @@
# cert-manager
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.yaml

97
fogcutter/k8s/gitea.yml Normal file
View File

@ -0,0 +1,97 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: gitea
name: gitea
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: gitea
template:
metadata:
labels:
run: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.12.5
env:
- name: RUN_MODE
value: "prod"
- name: DOMAIN
value: "git.seaturtle.pw"
- name: SSH_DOMAIN
value: "git.seaturtle.pw"
- name: SSH_PORT
value: "2223"
- name: ROOT_URL
value: "https://git.seaturtle.pw/"
- name: LFS_START
value: "true"
- name: DISABLE_REGISTRATION
value: "true"
- name: REQUIRED_SIGNIN_VIEW
value: "true"
- name: USER_UID
value: "1000"
- name: USER_GUID
value: "1000"
volumeMounts:
- mountPath: /data
name: gitea-data
readOnly: false
- mountPath: /etc/timezone
subPath: timezone
name: gitea-config
readOnly: true
- mountPath: /etc/localtime
name: gitea-localtime
readOnly: true
ports:
- name: http
containerPort: 3000
- name: ssh
containerPort: 22
volumes:
- name: gitea-data
hostPath:
path: /bigdata/k8s-config/gitea/data
- name: gitea-config
configMap:
name: gitea-config
- name: gitea-localtime
hostPath:
path: /usr/share/zoneinfo/America/New_York
---
apiVersion: v1
kind: Service
metadata:
labels:
run: gitea
name: gitea
namespace: pew
spec:
selector:
run: gitea
ports:
- name: http
port: 3000
protocol: TCP
- name: ssh
port: 2223
protocol: TCP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: pew
data:
timezone: |
America/New_York

242
fogcutter/k8s/haproxy.yml Normal file
View File

@ -0,0 +1,242 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: pew
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: haproxy-ingress-service-account
namespace: pew
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: haproxy-ingress-cluster-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- services
- namespaces
- events
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
- ingresses/status
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- patch
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: haproxy-ingress-cluster-role-binding
namespace: pew
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: haproxy-ingress-cluster-role
subjects:
- kind: ServiceAccount
name: haproxy-ingress-service-account
namespace: pew
---
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy
namespace: pew
data:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcpservices
namespace: pew
data:
2223:
pew/gitea:2223
25565:
pew/minecraft:25565
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: haproxy-ingress
name: haproxy-ingress
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: haproxy-ingress
template:
metadata:
labels:
run: haproxy-ingress
spec:
serviceAccountName: haproxy-ingress-service-account
containers:
- name: haproxy-ingress
image: haproxytech/kubernetes-ingress
args:
- --configmap=pew/haproxy
- --configmap-tcp-services=pew/tcpservices
- --default-backend-service=pew/ingress-default-backend
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 2223
- name: minecraft
containerPort: 25565
---
apiVersion: v1
kind: Service
metadata:
labels:
run: haproxy-ingress
name: haproxy-ingress
namespace: pew
spec:
selector:
run: haproxy-ingress
ports:
- name: http
port: 80
protocol: TCP
- name: https
port: 443
protocol: TCP
- name: ssh
port: 2223
protocol: TCP
- name: minecraft
port: 25565
protocol: TCP
externalIPs:
- 10.42.0.203
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# set to false if doing letsencrypt validation
ingress.kubernetes.io/ssl-redirect: "false"
cert-manager.io/cluster-issuer: letsencrypt-prod
name: haproxy-ingress
namespace: pew
spec:
rules:
- host: seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- path: /files
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- path: /grafana
pathType: "Exact"
backend:
service:
name: grafana
port:
number: 3000
- host: airsonic.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: airsonic
port:
number: 4040
- host: git.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: gitea
port:
number: 3000
- host: plex.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: plex
port:
number: 32400
tls:
- secretName: pew-cert
hosts:
- seaturtle.pw
- airsonic.seaturtle.pw
- git.seaturtle.pw
- plex.seaturtle.pw
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: paulsw.pw@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: pew-account-key
# Add a ACME HTTP01 challenge solver
solvers:
- http01:
ingress: {}

55
fogcutter/k8s/minecraft.yml Normal file
View File

@ -0,0 +1,55 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: minecraft
name: minecraft
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: minecraft
template:
metadata:
labels:
run: minecraft
spec:
containers:
- name: minecraft
image: itzg/minecraft-server
env:
- name: EULA
value: "TRUE"
- name: MAX_MEMORY
value: "8G"
- name: VERSION
value: "1.15.2"
volumeMounts:
- mountPath: /data
name: minecraft-data
readOnly: false
ports:
- name: minecraft
containerPort: 25565
volumes:
- name: minecraft-data
hostPath:
path: /bigdata/k8s-config/minecraft/data
---
apiVersion: v1
kind: Service
metadata:
labels:
run: minecraft
name: minecraft
namespace: pew
spec:
selector:
run: minecraft
ports:
- name: minecraft
port: 25565
protocol: TCP

134
fogcutter/k8s/nginx.yml Normal file
View File

@ -0,0 +1,134 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nginx
name: nginx
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: nginx
template:
metadata:
labels:
run: nginx
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: nginx-config
readOnly: true
- mountPath: /files
name: nginx-files
readOnly: true
ports:
- name: http
containerPort: 80
volumes:
- name: nginx-config
configMap:
name: nginx-config
- name: nginx-files
hostPath:
path: /bigdata/files
---
apiVersion: v1
kind: Service
metadata:
labels:
run: nginx
name: nginx
namespace: pew
spec:
selector:
run: nginx
ports:
- name: http
port: 80
protocol: TCP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: pew
data:
nginx.conf: |
user nginx;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 0;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
#access_log /config/log/nginx/access.log;
#error_log /config/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
#gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
server {
listen 80;
server_name _;
root /;
location / {
proxy_pass http://paulwalko.github.io/;
}
location /files {
autoindex on;
}
}
#include /etc/nginx/conf.d/*.conf;
#include /config/nginx/site-confs/default;
#include /config/nginx/site-confs/*.enabled;
}

73
fogcutter/k8s/plex.yml Normal file
View File

@ -0,0 +1,73 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: plex
name: plex
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: plex
template:
metadata:
labels:
run: plex
spec:
containers:
- name: plex
image: linuxserver/plex
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: VERSION
value: "docker"
volumeMounts:
- mountPath: /config
name: plex-config
readOnly: false
- mountPath: /media/movies
name: bigdata-movies
readOnly: true
- mountPath: /media/music
name: bigdata-music
readOnly: true
- mountPath: /media/media-vtluug
name: vtluug-media
readOnly: true
ports:
- name: http
containerPort: 32400
volumes:
- name: plex-config
hostPath:
path: /bigdata/k8s-config/plex/config
- name: bigdata-movies
hostPath:
path: /bigdata/media/movies
- name: bigdata-music
hostPath:
path: /bigdata/media/music
- name: vtluug-media
hostPath:
path: /media-vtluug
---
apiVersion: v1
kind: Service
metadata:
labels:
run: plex
name: plex
namespace: pew
spec:
selector:
run: plex
ports:
- name: http
port: 32400
protocol: TCP