Docker
Docker is a virtualization platform using containers.
Official Docker Samples are located at https://github.com/dockersamples
Installing Docker
- Set up Docker's apt repository https://docs.docker.com/engine/install/debian
- Add Docker's official GPG key
sudo apt updatesudo apt install ca-certificates curl gnupgsudo install -m 0755 -d /etc/apt/keyringscurl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpgchmod a+r /etc/apt/keyrings/docker.gpg - Add the repository to Apt sources:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt update - Install the Docker packages.
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-pluginVerify that the installation is successful by running the hello-world image:
sudo docker run hello-worldThis command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits. You have now successfully installed and started Docker Engine.
Post-Installation Docker Configuration
There are a few steps that can be advantageous after installing docker. https://docs.docker.com/engine/install/linux-postinstall
To manage Docker as a non-root user
- Create the docker group.
sudo groupadd docker - Add your user to the docker group
sudo usermod -aG docker $USER - Log out and log back in so that your group membership is re-evaluated
- Verify that you can run docker commands without sudo
docker run hello-worldThis command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Configure Docker to start on boot with systemd
Many modern Linux distributions use systemd to manage which services start when the system boots. On Debian and Ubuntu, the Docker service starts on boot by default. To automatically start Docker and containerd on boot for other Linux distributions using systemd, run the following commands
sudo systemctl enable docker.service
sudo systemctl containerd.serviceTo stop this behavior, use disable instead.
sudo systemctl disable docker.service
sudo systemctl disable containerd.serviceConfigure the Docker daemon
https://docs.docker.com/reference/cli/dockerd
The configuration file is located at /etc/docker/daemon.json
Start Containers Automatically
Text to be added.
https://docs.docker.com/config/containers/start-containers-automatically
Packet Filtering and Firewalls
To be added.
https://docs.docker.com/network/packet-filtering-firewalls/\#docker-and-ufw
Container Backups
Docker Troubleshooting
To attach to a docker container
docker exec -it mycontainer sh
To check the status or to stop/start the docker daemon
systemctl status docker.service systemctl enable docker.service systemctl start docker.service systemctl stop docker.service
Logs
Configure logging drivers\footnote
https://docs.docker.com/engine/logging/configure
Modify /etc/docker/daemon.json
The docker service needs to be restarted after modifying the file.
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}also review etc logrotate.conf
Disk Full
- To check disk usage
du -h $(docker inspect --format='{{.LogPath}}' $(docker ps -qa)) - without total:
sudo du -h $(docker inspect --format='{{.LogPath}}' $(docker ps -qa)) | sort -h - with total:
sudo du -ch $(docker inspect --format='{{.LogPath}}' $(docker ps -qa)) | sort -h - human-readable:
sudo du -ch $(docker inspect --format='{{.LogPath}}' $(docker ps -qa)) | tail -n1 - in Mbytes (suitable for monitoring scripts):
sudo du -cm $(docker inspect --format='{{.LogPath}}' $(docker ps -qa)) | tail -n1
Docker Rootless
apt install uidmap
apt install dbus-user-session (may already be installed)
slirp4netns --version greater than v0.4.0 (
If the system-wide Docker daemon is already running, consider disabling it:
docker stop container1 container2 ...
sudo systemctl disable --now docker.service docker.socket
sudo rm /var/run/docker.sock
as normal / docker user
curl -fsSL https://get.docker.com/rootless | sh
export PATH=/home/testuser/bin:$PATH export DOCKER_HOST=unix:///run/user/1000/docker.sock