recentpopularlog in

ezequiel : docker   96

« earlier  
Docker-compose.yml and custom script after entrypoint (before command) · Issue #205 · docker-library/wordpress
Q: I have fairly simple need, and have been struggling with this many hours now. I want to run some script after entrypoint, and before command. I've tried running it as a command but no luck. [...]
2017  configuration  docker  tool  tips  issue  workaround  github  example  howto 
6 weeks ago by ezequiel
Execute a command after run · Issue #1809 · docker/compose · GitHub
Q: It will be very helpful to have something like "onrun" in the YAML to be able to run commands after the run. Similar to moby/moby#8860 [...]
2015  github  issue  workaround  scripting  example  cli  configuration  docker  tips  sysadmin  automation  forumthread  tool 
6 weeks ago by ezequiel
How to access docker container from another machine on local network - Open Source Projects / Docker Toolbox - Docker Forums
If I read the docs right all you need to do is this:

$ docker run --network=host …

host network should piggy back on the host computers connection rather than just machine that the container is running on.
docker  sysadmin  configuration  networking  cli  howto  tips  example  forumthread  2016  linux  links 
7 weeks ago by ezequiel
Four ways to connect a docker container to a local network · The Odd Bit
Update (2018-03-22) Since I wrote this document back in 2014, Docker has developed the macvlan network driver. That gives you a supported mechanism for direct connectivity to a local layer 2 network. I've written an article about working with the macvlan driver.
fedora  linux  docker  sysadmin  cli  tool  example  tips  networking  firewall  configuration  howto  blogpost  2018 
7 weeks ago by ezequiel
End-of-life announcement for CoreOS Container Linux
On May 26, 2020, CoreOS Container Linux will reach its end of life and will no longer receive updates. We strongly recommend that users begin migrating their workloads to another operating system as soon as possible.
coreos  docker  releaserelated  news  support  security  2020  fedora  distro  linux.containers 
7 weeks ago by ezequiel
Customizing Docker | Container Linux Docker | CoreOS
The Docker systemd unit can be customized by overriding the unit that ships with the default Container Linux settings. Common use-cases for doing this are covered below.
2019  documentation  coreos  linux  configuration  example  tips  sysadmin  docker  systemd  remote  howto  guide  tcpip  releaserelated 
10 weeks ago by ezequiel
CoreOS: containers not restarting after reboot · Issue #3241 · docker/compose
A: This was indeed a configuration change within CoreOS. For the benefit of others, the solution was to enable the Docker service in systemd:

# systemctl enable docker.service
# systemctl start docker.service
coreos  docker  booting  issue  workaround  cli  example  tips  2016  forumthread  github 
10 weeks ago by ezequiel
Removed Container Still Attached to Network · Issue #33156 · moby/moby
Q: I've got a removed container tying up an endpoint name in the bridged network, and I can't remove the container from the network since the container no longer exists.

The issue could most likely be resolved by clearing everything out and starting it up again but due to #32613 that would result in data loss so I'm avoiding that. Using a different name for the container allows it to be started but this is not ideal.

A: [...] Have you tried the -f / --force option on docker network disconnect? docker network disconnect <network> <endpoint-id>, so in your case; [...]
issue  docker  networking  configuration  workaround  forumthread  2017  linux  sysadmin  tips  example  github 
10 weeks ago by ezequiel
How to allocate 50% CPU resource to docker container via `docker run`? - Stack Overflow
A: cpu-shares is a 'relative weight', relative to the default setting of 1024, so if you had two containers running on the same core, you could give them the CPU 50-50 or 80-20 or whatever you wanted by adjusting the numbers. It is an integer.

You cannot give an overall limit, as you want to, using this flag, but you can restrict the set of CPUs that the container runs on using --cpuset mentioned here.

The number 1024 is in the Cgroups docs.

This blog post from Marek Goldmann explains resource management in Docker. [...]
2014  2019  forumthread  stackexchange  docker  cpu  performance  configuration  example  tips  sysadmin  links  kernel  linux 
10 weeks ago by ezequiel
Configure Docker to use a proxy server | Docker Documentation
If your container needs to use an HTTP, HTTPS, or FTP proxy server, you can configure it in different ways: [...]
docker  proxy  configuration  tips  howto  sysadmin  linux  example  documentation  reference  guide 
10 weeks ago by ezequiel
Docker run reference | Docker Documentation
Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.

This page details how to use the docker run command to define the container’s resources at runtime.
docker  docker.container  reference  cli  tool  documentation  example  unix  linux  sysadmin  performance  memory  virtualisation  security  configuration 
11 weeks ago by ezequiel
Customizing Docker | Container Linux Docker | CoreOS
The Docker systemd unit can be customized by overriding the unit that ships with the default Container Linux settings. Common use-cases for doing this are covered below.
docker  remote  configuration  example  tips  tcpip  sockets  sysadmin  coreos  linux  systemd  security  tls  ssl  proxy  http  howto  memory 
11 weeks ago by ezequiel
How to specify Memory & CPU limit in docker compose version 3 - Stack Overflow
Q: I am unable to specify CPU & memory for services specified in version 3.

With version 2 it works fine with "mem_limit" & "cpu_shares" parameters under the services . But it fails while using version 3 , putting them under deploy section doesn't seem worthy unless i am using swarm mode.

Can somebody help?
docker  fileformats  tool  howto  tips  example  issue  workaround  cpu  memory  virtualisation  security  sysadmin  cli  links  forumthread  stackexchange 
11 weeks ago by ezequiel
Docker and IPtables - sysadmin stuff
TL;DR; By default, docker daemon appends iptables rules for forwarding. For this, it uses a filter chain named DOCKER.
2015  blogpost  firewall  sysadmin  docker  compatibility  issue  workaround  cli  example  tips  networking  linux  iptables 
11 weeks ago by ezequiel
How to fix the Docker and UFW security flaw - TechRepublic
It has been discovered the Docker doesn't always honor UFW rules. Jack Wallen demonstrates and shows how to configure Docker so that it will.

If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). If that's the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. This means all those UFW rules you have set won't apply to Docker containers.

Let me demonstrate this.

I'm going to set up UFW (running on Ubuntu Server 16.04), so that the only thing it will allow through is SSH traffic. To do this, I open a terminal and issue the following commands: [...]
2018  blogpost  firewall  sysadmin  ufw  docker  compatibility  issue  workaround  cli  example  tips  networking  linux  iptables 
11 weeks ago by ezequiel
How To Remove Docker Containers, Images, Volumes, and Networks | Linuxize
Docker allows you to quickly build, test, and deploy applications as portable, self-sufficient containers that can run virtually anywhere.
docker  sysadmin  cli  example  tips  scripting  linux  unix  blogpost  2019 
12 weeks ago by ezequiel
Debugging node issues using CoreOS toolbox  |  Container-Optimized OS  |  Google Cloud
You might need to install additional packages or tools on Container-Optimized OS for certain tasks, such as debugging. Although Container-Optimized OS does not include a package manager, you can use the pre-installed CoreOS Toolbox utility to install any additional packages or tools you require. Using /usr/bin/toolbox is the preferred method for installing and running one-off debugging tools.
2019  article  howto  guide  coreos  docker  tool  cli  packages  distro  linux  debug  tips  example  configuration 
12 weeks ago by ezequiel
python - How to execute host's Docker command from container? - Stack Overflow
Q: I want to write Docker containers management script in Python. However, since I use CoreOS, Python is not included as standard command. So, I am thinking of using Python Docker container ( to execute my script. However, in that case the script will be executed in container's VM which doesn't have access to the host's Docker CLI.

Is there a way to use Python (or other programming languages not packaged in CoreOS), to manage host environment without installing it on the host machine? [...]
python  docker  coreos  howto  tips  example  forumthread  2015  unix  linux  docker.container  sysadmin  cli 
12 weeks ago by ezequiel
how to install any software in coreos ? - Google Groups
A: On CoreOS everything is done inside of a container. For your use case, the easiest would probably be to use a systemd-nspawn container (the easiest way to do this for beginners is just to run the script "").

As an alternative you can also use the Gentoo stage 3 which includes the GCC, Make, and all of the other development tools you would expect.
2015  forumthread  coreos  software  installation  howto  linux  docker  cli  tips  issue  workaround  gentoo  sysadmin 
12 weeks ago by ezequiel
coreos/toolbox: bring your tools with you
toolbox - bring your tools with you

toolbox is a small script that launches a container to let you bring in your favorite debugging or admin tools.

There are currently two scripts that live within this repository:

* toolbox: designed for Container Linux, uses rkt and systemd-nspawn
* rhcos-toolbox: designed for Red Hat CoreOS, uses podman
license.apache  opensource  github  cli  coreos  tool  sysadmin  docker  example  source  tips  distro  configuration 
12 weeks ago by ezequiel
Container Linux Quick Start | Container Linux by CoreOS
If you don't have a Container Linux machine running, check out the guides on running Container Linux on most cloud providers (EC2, Rackspace, GCE), virtualization platforms (Vagrant, VMware, OpenStack, QEMU/KVM) and bare metal servers (PXE, iPXE, ISO, Installer). With any of these guides you will have machines up and running in a few minutes.
coreos  docker  documentation  tips  example  sysadmin  vagrant  links  distro  linux 
12 weeks ago by ezequiel
Can anyone explain docker.sock - Stack Overflow
Q: I am trying to understand the actual reason for mounting docker.sock in docker-compose.yml file. Is it for auto-discovery?

- /var/run/docker.sock:/var/run/docker.sock

A: docker.sock is the UNIX socket that Docker daemon is listening to. It's the main entry point for Docker API. It also can be TCP socket but by default for security reasons Docker defaults to use UNIX socket.

Docker cli client uses this socket to execute docker commands by default. You can override these settings as well. [...]
2016  forumthread  stackexchange  docker  configuration  sockets  daemon  info  cli  example 
january 2020 by ezequiel
dockerd | Docker Documentation
dockerd is the persistent process that manages containers. Docker uses different binaries for the daemon and client. To run the daemon you type dockerd.

To run the daemon with debug output, use dockerd -D or add "debug": true to the daemon.json file. [...]
docker  documentation  dae  daemon  reference  cli  tool  virtualisation  configuration  sysadmin  unix  linux  environment  example 
january 2020 by ezequiel
Get Docker Engine - Community for Fedora | Docker Documentation
To get started with Docker Engine - Community on Fedora, make sure you meet the prerequisites, then install Docker.
docker  installation  howto  tips  sysadmin  repository  software  cli  virtualisation  linux  fedora  links  example  tool  guide  reference 
january 2020 by ezequiel
Declare default environment variables in file | Docker Documentation
Compose supports declaring default environment variables in an environment file named .env placed in the folder where the docker-compose command is executed (current working directory).
docker  documentation  configuration  tips  example  reference  environment  online  cli  tool 
january 2020 by ezequiel
Environment variables in Compose | Docker Documentation
There are multiple parts of Compose that deal with environment variables in one sense or another. This page should help you find the information you need.
docker  documentation  configuration  tips  example  reference  environment  online 
january 2020 by ezequiel
jnovack/autossh - Docker Hub
jnovack/autossh is a small lightweight (~15MB) image that attempts to provide a secure way to establish an SSH Tunnel without including your keys in the image itself or linking to the host.

There are thousands of autossh docker containers, why use this one? I hope you find it easier to use. It is smaller, more customizable, an automated build, easy to use, and I hope you learn something. I tried to follow standards and established conventions where I could to make it easier to understand and copy and paste lines from this project to others to grow your knowledge!
docker.container  ssh  automation  remote  security  firewall  sysadmin  docker  tips 
december 2019 by ezequiel
Overview of docker-compose CLI | Docker Documentation
This page provides the usage information for the docker-compose Command.

Command options overview and help: You can also see this information by running docker-compose --help from the command line.
cli  docker  tool  reference  documentation  online  links  example  configuration  environment  automation  scripting 
december 2019 by ezequiel
Compose file version 2 reference | Docker Documentation
Reference and guidelines:

These topics describe version 2 of the Compose file format.
Compose and Docker compatibility matrix

There are several versions of the Compose file format – 1, 2, 2.x, and 3.x The table below is a quick look. For full details on what each version includes and how to upgrade, see About versions and upgrading.

This table shows which Compose file versions support specific Docker releases. [...]
docker  documentation  reference  comparison  releaserelated  tips  example  configuration  sysadmin  tool  oldversion 
december 2019 by ezequiel
Compose file version 3 reference | Docker Documentation
Reference and guidelines:

These topics describe version 3 of the Compose file format. This is the newest version.
Compose and Docker compatibility matrix

There are several versions of the Compose file format – 1, 2, 2.x, and 3.x. The table below is a quick look. For full details on what each version includes and how to upgrade, see About versions and upgrading.

This table shows which Compose file versions support specific Docker releases. [...]
docker  documentation  reference  comparison  releaserelated  tips  example  configuration  sysadmin  tool  fileformats  yaml 
december 2019 by ezequiel
dannydirect/tinyproxy - Docker Hub
A quick and easy to use Dockerised Tinyproxy with configurable ACL.
proxy  docker  virtualisation  networking  security  privacy  http  docker.container 
december 2019 by ezequiel
Start containers automatically | Docker Documentation
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
docker  documentation  reference  guide  example  tips  sysadmin  linux  cli  systemd  links  booting  online 
december 2019 by ezequiel
How to Start Docker Containers Automatically - codeburst
When running Docker containers in production ensuring high availability can be challenge. Unlike VMs which run untouched for months or even years, containers are meant to be used for a very short lifespan — typically a few hours or a few days at most. With this constant church, you need a way to ensure that containers that are outdated, vulnerable, or malfunctioning are retired and replaced with new containers. But doing this manually is not scalable, and is prone to human error. The better way is to automate container creation and restarts. There are a few ways you can do this. Before you dive in, take a look at this wiki page with quite a few resources on how to start Docker containers.
docker  blogpost  2018  configuration  booting  sysadmin  tips  example  links  automation  systemd  linux 
december 2019 by ezequiel
Re: [squid-users] ipcCreate: fork: (12) Cannot allocate memory from Amos Jeffries on 2011-03-21 (squid-users)
>>> Squid has started to NOT come back up after log rotate. Here is
>>> snippett from cache.log.
>>> Machine has 1G ram and cache_mem is set to 500MB,
>> Squid uses fork() instead of vfork() to spawn helpers, on some OS the
>> fork() implementation prevents extremely huge amounts of virtual
>> memory being "allocated" (even though it is neither allocated nor used).
> I think you mean that on some OS the form implementation 'results in'
> rather than 'prevents'
> on linux this is the 'overcommit' option, on by default in the kernel,
> but many people think it makes their systems more reliable to disable it.
2011  squid  memory  issue  mailinglistpost  kernel  docker  sysadmin  configuration  linux  proxy 
december 2019 by ezequiel
Control Docker with systemd | Docker Documentation
Many Linux distributions use systemd to start the Docker daemon. This document shows a few examples of how to customize Docker’s settings.
docker  systemd  configuration  sysadmin  example  tips  reference  documentation  guide  howto  booting 
october 2019 by ezequiel
Linux Containers and Docker pstree - fREW Schmidt's Foolish Manifesto
Once in a while I find myself wanting to see the state of a container from a bird’s eye view. My favorite way to do this is with a special tool I wrote called docker-pstree. Here is how it works. (Stay tuned for angst at the end.) [...]
blogpost  docker  tool  cli  example  linux  kernel  links 
october 2019 by ezequiel
How to see tree view of docker images? - Stack Overflow
Q: I know docker has deprecated --tree flag from docker images command. But I could not find any handy command to get same output like docker images --tree. I found dockviz. But it seems to be another container to run. Is there any built in cli command to see tree view of images without using dockviz [...]
2015  forumthread  stackexchange  docker  fileformats  tool  textui  links  linux  unix  github  software  sysadmin  virtualisation  cli 
october 2019 by ezequiel
How to mount a host directory in a Docker container - Stack Overflow
Q: I am trying to mount a host directory into a Docker container so that any updates done on the host is reflected into the Docker containers. [...]
2014  docker  forumthread  stackexchange  linux  windows  configuration  cli  example  tips  mount 
october 2019 by ezequiel
CoreOS Container Linux Documentation
Container Linux redefines the operating system as a smaller, more compact Linux distribution. Traditional distros package unused software that leads to dependency conflicts and needlessly increases the attack surface. Submit changes to these docs via GitHub. For more in-depth support, jump into #coreos on IRC, email the dev list or file a bug.
coreos  linux  distro  cloudcomputing  documentation  reference  guide  links  online  debug  tips  howto  docker 
october 2019 by ezequiel
VirtualBox | Container Linux on Oracle VM VirtualBox | CoreOS
These instructions will walk you through running Container Linux on Oracle VM VirtualBox.

* Building the virtual disk: There is a script that simplifies building the VDI image. It downloads a bare-metal image, verifies it with GPG, and converts that image to a VDI image. [...]
coreos  virtualbox  virtualisation  scripts  example  tips  sysadmin  configuration  howto  guide  installation  docker  links  article  documentation 
october 2019 by ezequiel
Linux Distributions Optimized for Hosting Docker ·
You can run Docker containers on any modern Linux distribution. But some specialized Linux-based operating systems are designed specifically for running Docker. If you want to host containers, these Linux platforms may be a better fit than an all-purpose Linux distribution.
2017  blogpost  distro  comparison  links  linux  docker  sysadmin  virtualisation  tips  performance 
october 2019 by ezequiel
Run multiple services in a container | Docker Documentation
A container’s main running process is the ENTRYPOINT and/or CMD at the end of the Dockerfile. It is generally recommended that you separate areas of concern by using one service per container. That service may fork into multiple processes (for example, Apache web server starts multiple worker processes). It’s ok to have multiple processes, but to get the most benefit out of Docker, avoid one container being responsible for multiple aspects of your overall application. You can connect multiple containers using user-defined networks and shared volumes.
If you need to run more than one service within a container, you can accomplish this in a few different ways.
linux.containers  docker  documentation  howto  tips  sysadmin  performance  configuration  reference  article 
october 2019 by ezequiel
Docker run reference | Docker Documentation
Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.

This page details how to use the docker run command to define the container’s resources at runtime.
docker  linux.containers  documentation  reference  examples  howto  sysadmin  virtualisation  linux 
october 2019 by ezequiel
Docker -- WARNING: No swap limit support - Unix & Linux Stack Exchange
Q: I'm running Docker(1.9.1) on Ubuntu 16.04. When I run docker info the last line of the output says:

WARNING: No swap limit support. [...]

A: [...] Swap limit support allows you to limit the swap the container uses, see

According to : [...]
docker  2017  memory  configuration  kernel  booting  linux  performance  reference  links  sysadmin  virtualisation  workaround 
september 2019 by ezequiel
neoclide/coc.nvim: Intellisense engine for vim8 & neovim, full language server protocol support as VSCode
Intellisense engine for vim8 & neovim, full language server protocol support as VSCode…

* Fast: instant increment completion, increment buffer sync using buffer update events.
* Reliable: typed language, tested with CI.
* Featured: full LSP support
* Flexible: configured like VSCode, extensions work like in VSCode
github  neovim  vim  plugin  sourcecode  plugins  links  source  opensource  golang  rust  c  c++  php  docker  bash  lua  python  ruby  latex 
august 2019 by ezequiel
Running Docker Containers with Systemd question - General Discussions / General - Docker Forums
Q: [...] I’m looking for information about how systemd interacts with Docker containers. I implemented systemd unit file for one of my container. [...]
2018  forumthread  docker  systemd  issue  example  sysadmin 
june 2019 by ezequiel
Dockerfile reference | Docker Documentation
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.

This page describes the commands you can use in a Dockerfile. When you are done reading this page, refer to the Dockerfile Best Practices for a tip-oriented guide. [...]

(me: extensive documentation and examples on the dockerfile file syntax)
docker  fileformats  reference  documentation  online  example  links  browsable 
june 2019 by ezequiel
Docker Network not Found - Stack Overflow
Q: In our team, we are currently transitioning to Docker to deploy everything on our server.

We are using Docker Swarm and multiple (10+) compose files defining plenty (20+) of services. Everything works beautifully so far, except when we take down our stack using docker stack rm <name> (and redeploy using docker stack deploy <options> <name>): about every second time, we get the following error:

Failed to remove network <id>: Error response from daemon: network <id> not foundFailed to remove some resources from stack: <name>

When using docker network ls, the network is indeed not removed, however, docker network rm <id> always results in the following:
2018  forumthread  stackexchange  networking  deployment  issue  links  workaround  linux  docker 
june 2019 by ezequiel
Docker compose can not start. Service network not found after restart docker · Issue #2194 · docker/for-win
Expected behavior
On restart the containers must start automatically without errors.

Actual behavior
All the containers run ok after running the command docker-compose -up -d. The problem is when I restart the docker service. Then, once restarted, all the containers are stoped and when I run the command docker-compose start the following error is shown:

Error response from daemon: network ccccccccccccc not found
2018  issue  docker  github  networking  sysadmin 
june 2019 by ezequiel
docker-compose up fails if network attached to container is removed · Issue #5745 · docker/compose
Container start fails, because network it was attached to has been removed. For some reason docker-compose tries to remove that container attached network first, which results with an error.

Steps to reproduce:

docker-compose up
docker network rm dockercomposenetworkrmfails_default
docker-compose up

docker  networking  issue  workaround  example  tips  sysadmin  cli  github 
june 2019 by ezequiel
Docker and iptables | Docker Documentation
On Linux, Docker manipulates iptables rules to provide network isolation. This is an implementation detail, and you should not modify the rules Docker inserts into your iptables policies. [...]
docker  networking  iptables  reference  documentation  example  tips  firewall  online  linux 
june 2019 by ezequiel
ufw-docker/ufw-docker at master · chaifeng/ufw-docker
ufw-docker <list|allow> [docker-instance-id-or-name [port[/tcp|/udp]]]
ufw-docker delete allow [docker-instance-id-or-name [port[/tcp|/udp]]]
ufw-docker service allow <swarm-service-id-or-name <port</tcp|/udp>>>
ufw-docker service delete allow <swarm-service-id-or-name>
ufw-docker <status|install|check|help>
(me: script linked from
2018  script  ufw  networking  linux  firewall  sysadmin  automation  ubuntu  iptables  docker  github 
june 2019 by ezequiel
How to force Docker not to bypass the UFW rules on Ubuntu 16.04
[...] So let’s just go a bit deeper and face one of the most commonly occurring problems I tried to solve a few months ago as well. If you have ever tried to make the Docker work with the UFW, then you probably know what’s the said struggle. Let’s examine it!
2017  blogpost  cli  sysadmin  ufw  firewall  configuration  howto  tips  example  linux  docker  iptables  ubuntu  ubuntu.xenial 
june 2019 by ezequiel
How to get a Docker container's IP address from the host? - Stack Overflow
Q: Is there a command I can run to get the container's IP address right from the host after a new container is created?

Basically, once Docker creates the container, I want to roll my own code deployment and container configuration scripts.
2013  2017  forumthread  stackexchange  cli  networking  tcpip  example  tips  links  docker  sysadmin 
june 2019 by ezequiel
linux - How can I set a static IP address in a Docker container? - Stack Overflow
Q: [...] I just want to give my containers a static address within that range so I can point client browsers to it directly. I tried using:

RUN echo "auto eth0" >> /etc/network/interfaces
RUN echo "iface eth0 inet static" >> /etc/network/interfaces
RUN echo "address" >> /etc/network/interfaces
RUN echo "netmask" >> /etc/network/interfaces
RUN ifdown eth0
RUN ifup eth0

from a Dockerfile, and it properly populated the interfaces file, but the interface itself didn't change. In fact, running ifup eth0 within the container gets this error:

RTNETLINK answers: Operation not permitted Failed to bring up eth0
2014  forumthread  stackexchange  docker  networking  configuration  sysadmin  scripting  cli  example  tips  links 
june 2019 by ezequiel
Docker cheat sheet - SaltyCrane Blog
An image is a read-only template with instructions for creating a Docker
docker  cheatsheet  info  example  tips  cli  linux  unix  sysadmin  links 
june 2019 by ezequiel
chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables

UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypass the UFW rules and the published ports can be accessed from outside.

The issue is:

* UFW is enabled on a server that provides external services, and all incoming connections that are not allowed are blocked by default.
* Run a Docker container on the server and use the -p option to publish ports for that container on all IP addresses. For example: docker run -d --name httpd -p httpd:alpine, this command will run an httpd service and publish port 80 of the container to port 8080 of the server.
* UFW will not block all external requests to visit port 8080. Even the command ufw deny 8080 will not prevent external access to this port.
* This problem is actually quite serious, which means that a port that was originally intended to provide services internally is exposed to the public network.

Searching for "ufw docker" on the web can find a lot of discussion: [...]
ufw  firewall  ubuntu  debian  tool  cli  sysadmin  scripting  docker  automation  configuration  security  iptables  article  links  issue  workaround  license.gplv3  freesoftware  github 
june 2019 by ezequiel
Autostart – How to run a service on Linux boot time using systemd – Better-Coding
We start defining a new service by creating my-service.service file located in /etc/systemd/system directory:

sudo nano /etc/systemd/system/my-service.service
The following listing presents the simplest configuration, which is required to run the service. As you can see it is very simple. We put only the name of the service and commands responsible for to starting and stopping our service.
docker  blogpost  2018  example  tips  linux  systemd 
june 2019 by ezequiel
Start a docker container on CentOS at boot time as a linux service | esalagea
Note: If docker daemon does not start at boot, you might want to enable the docker service
(me: very simple example that does not address errors well, integration with firewalls (ufw), reusability, etc.)
docker  blogpost  2016  example  tips  linux  systemd 
june 2019 by ezequiel
Format command and log output | Docker Documentation
Docker uses Go templates which you can use to manipulate the output format of certain commands and log drivers.

Docker provides a set of basic functions to manipulate template elements. All of these examples use the docker inspect command, but many other CLI commands have a --format flag, and many of the CLI command references include examples of customizing the output format.
docker  tool  cli  reference  documentation  example  tips  linux  unix  macosx  online  links  logging 
june 2019 by ezequiel
Life and death of a container – DevOpsion – Medium
Docker containers are prepared to die at any time: you can stop, kill and destroy them quickly. And when you do it, all data created during its existence is wiped out by default.
2016  blogpost  reference  faq  diagrams  docker  example  sysadmin  cli 
june 2019 by ezequiel
Docker Cheat Sheet | Razorops
Developers can get going quickly by starting with one of the 13,000+ apps available on Docker Hub. Docker manages and tracks changes and dependencies, making it easier for sysadmins to understand how the apps that developers build work. And with Docker Hub, developers can automate their build pipeline and share artifacts with collaborators through public or private repositories.
docker  cheatsheet  2018  links  example  tips  sysadmin 
june 2019 by ezequiel
The Overhead of Docker Run | The Blog
We use Docker a lot. Like a lot, lot. While we love it for a lot of things, it still has a lot of room for improvement. One of those areas that could use improvement is the startup/teardown time of running a container.
performance  docker  linux  macosx  comparison  test  blogpost  2016 
june 2019 by ezequiel
Post-installation steps for Linux | Docker Documentation
This section contains optional procedures for configuring Linux hosts to work better with Docker.
docker  installation  configuration  booting  linux  debian  ubuntu  centos  fedora  redhat  howto  guide  sysadmin  cli  systemd  security 
june 2019 by ezequiel
Command for restarting all running docker containers? - Stack Overflow
Q: How to restart all running docker containers? Mainly looking for a shortcut instead of doing:

# docker restart containerid1 containerid2
docker  cli  example  linux  unix  macosx  tips  sysadmin 
june 2019 by ezequiel
Top 10 Docker CLI commands you can’t live without – The Code Review – Medium
Docker is a great tool for building microservices, allowing you to create cloud-based applications and systems. To make the most of it via your terminal, here is a run down of the top 10 Docker commands for your terminal.
howto  example  tips  cli  sysadmin  docker  linux  unix  windows  macosx  blogpost  2018 
june 2019 by ezequiel
RancherOS Documentation
RancherOS is the smallest, easiest way to run Docker in production. Everything in RancherOS is a container managed by Docker. This includes system services such as udev and syslog. Because it only includes the services necessary to run Docker, RancherOS is dramatically smaller than most traditional operating systems. By removing unnecessary libraries and services, requirements for security patches and other maintenance are dramatically reduced. This is possible because, with Docker, users typically package all necessary libraries into their containers.
rancheros  docker  linux  distro  virtualisation  container  sysadmin  performance  security  serverapp  freesoftware  documentation 
june 2019 by ezequiel
linux containers - Docker how to change repository name or rename image? - Stack Overflow
Q: I'm trying to change repository name of the image:
Hence I want to change the name server to something like myname/server:
How can I do this?
docker  2014  forumthread  stackexchange  cli  linux  windows  macosx  tips  example  images 
june 2019 by ezequiel
mprasil/dokuwiki - Docker Hub
Container running DokuWiki with nice URLs and xsendfile enabled, also includes LDAP support.
(me: 'docker build' successfully builds a raspbian container)
docker  docker.container  wikiengine  container  linux  x86  amd64  source  bitbucket  raspberrypi  raspbian  arm  links  dokuwiki 
june 2019 by ezequiel
Basics - Docker, Containers, Hypervisors, CoreOS - EtherealMind
Containers virtualize at the operating system level, Hypervisors virtualize at the hardware level.

Hypervisors abstract the operating system from hardware, containers abstract the application from the operation system.
2014  blogpost  article  info  reference  virtualisation  lxc  docker  faq 
june 2019 by ezequiel
Docker Image Insecurity · Jonathan Rudenberg
Recently while downloading an “official” container image with Docker I saw this line:

ubuntu:14.04: The image you are pulling has been verified
I assumed this referenced Docker’s heavily promoted image signing system and didn’t investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.
2014  blogpost  docker  security  article  ssl  tls 
june 2019 by ezequiel
Use volumes | Docker Documentation
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers. While bind mounts are dependent on the directory structure of the host machine, volumes are completely managed by Docker. Volumes have several advantages over bind mounts: [...]
docker  documentation  reference  example  tips  manual  sysadmin 
june 2019 by ezequiel
« earlier      
per page:    204080120160

Copy this bookmark:

to read