helper.sh
Auto
English
English 日本語 简体中文 繁體中文

Docker router lab

install_bleachwrt_docker_centos7.sh

A conservative one-shot installer derived from a local BleachWrt Docker repository. It installs or starts Docker, creates a macvlan network, persists /etc/config, and intentionally avoids proxy, VPN bypass, and traffic circumvention configuration.

One-liner

curl -fsSL helper.sh/install_bleachwrt_docker_centos7.sh | sudo bash -s -- --yes
curl -fsSL helper.sh/install_bleachwrt_docker_centos7.sh -o install_bleachwrt_docker_centos7.sh && sudo IFACE=enp2s0 CONTAINER_IP=192.168.30.11 SUBNET=192.168.30.0/24 GATEWAY=192.168.30.1 bash install_bleachwrt_docker_centos7.sh --yes

Raw file

Raw script

Derived from local repository

Requirements

  • CentOS 7 host with root access
  • A trusted LAN where macvlan is appropriate
  • A free static IP for the container
  • Outbound access to Docker image registry when Docker or the image must be installed

Best for

  • Run an OpenWrt-compatible container as a local LAN lab router
  • Reproduce a CentOS 7 macvlan deployment without publishing private configs
  • Keep the container lifecycle under systemd for handoff and recovery

Highlights

  • Auto-detects the default network interface unless IFACE is supplied
  • Creates a Docker macvlan network and a macvlan-shim route for host access
  • Persists OpenWrt configuration under /opt/bleachwrt/openwrt-config by default
  • Documents the LAN-only ports to allow: 80/tcp for web management, 443/tcp if HTTPS is enabled, 22/tcp if SSH is enabled, and 53/67/68 only when DNS or DHCP is intentionally used
  • Excludes proxy, VPN bypass, and circumvention configuration by design

Recommended procedure

  1. Review the target LAN subnet, gateway, and free container IP.
  2. Run the script with --yes, or omit --yes to require an explicit confirmation prompt.
  3. Let the script install or start Docker, create the macvlan network, and start bleachwrt.service.
  4. Open the LAN management URL and change the OpenWrt root password immediately.

Safety notes

  • Do not expose the OpenWrt management interface to the public internet.
  • Because the container has its own macvlan LAN IP, open firewall rules toward the container IP only; the script does not map Docker ports on the host.
  • The script creates /opt/bleachwrt, /opt/bleachwrt/env, /opt/bleachwrt/openwrt-config, /opt/bleachwrt/openwrt-config/network, and /etc/systemd/system/bleachwrt.service.
  • Do not import third-party proxy, VPN bypass, or circumvention configs unless your local policy and law clearly allow it.
  • A wrong macvlan subnet, gateway, or IP can interrupt LAN access; test during a maintenance window.
  • CentOS 7 is end-of-life, so use this as a controlled legacy-host helper rather than a new production baseline.

Related topics

Docker base services for application hosts

Use helper.sh scripts to standardize containerized Nginx, MySQL, Redis, PHP, and Workerman services on long-lived hosts.

Open topic