Docker

Web UI

Scripts

1
source /dev/stdin <<< "$(curl -sSL https://raw.githubusercontent.com/fzinfz/scripts/master/linux/docker.sh)"
Copied!

Dockerfile code snippets

CMD and ENTRYPOINT

1
ENTRYPOINT [“exec_entry”, “p1_entry”]
2
CMD [“exec_cmd”, “p1_cmd”]
3
=> exec_entry p1_entry exec_cmd p1_cmd
Copied!

apt

1
RUN apt update && apt install -y
2
--no-install-recommends && rm -r /var/lib/apt/lists/*
Copied!

alpine

1
# install pip3
2
RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.py
3
4
RUN apk add --no-cache --virtual .build-deps \
5
curl ca-certificates jq \
6
&& apk del .build-deps
Copied!

tini

1
docker run --init
Copied!

S6 - a process supervisor

badger

Storage

1
When possible, overlay2 is the recommended storage driver.
2
Supported backing filesystems: xfs with ftype=1, ext4 ( where /var/lib/docker/ is located )
Copied!

btrfs issue

Commands

build

1
docker build [-f Dockerfile.custom] [--target multi-stage] Dockerfile-Root-Folder
2
3
docker build - < Dockerfile # no context, local ADD not working
4
curl example.com/remote/Dockerfile | docker build -f - .
5
Get-Content Dockerfile | docker build - # Powershell
6
7
docker build -f ctx/Dockerfile http://server/ctx.tar.gz
8
docker build https://github.com/user/repo.git
Copied!
Build Syntax Suffix
Commit Used
Build Context Used
myrepo.git#mytag:myfolder
refs/tags/mytag
/myfolder
myrepo.git#mybranch:myfolder
refs/heads/mybranch
/myfolder
Squashing does not destroy any existing image, rather it creates a new image.

container/image operations

1
docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
2
3
docker export container_name > container.tar
4
docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
5
6
docker save image_name > image.tar
7
docker load < image.tar[.gz]
8
9
docker save python | ssh -C 192.168.88.72 docker load
Copied!

cp

1
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
2
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Copied!

run

1
--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
2
3
-m, --memory=""
4
-c, --cpu-shares=0 CPU shares (relative weight)
5
--dns=[] : Set custom dns servers for the container
6
--network="bridge" : Connect a container to a network
7
'bridge': create a network stack on the default Docker bridge
8
'none': no networking
9
'container:<name|id>': reuse another container's network stack
10
'host': use the Docker host network stack
11
'<network-name>|<network-id>': connect to a user-defined network
12
--network-alias=[] : Add network-scoped alias for the container
13
--add-host="" : Add a line to /etc/hosts (host:IP)
14
--mac-address="" : Sets the container's Ethernet device's MAC address
15
--ip="" : Sets the container's Ethernet device's IPv4 address
16
--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
17
--read-only :prohibiting writes to locations other than the specified volumes
18
19
Volume labels
20
`:z` => shared
21
`:Z` => private
22
23
`--entrypoint` will clear out `CMD`
24
25
echo test | docker run --rm -i alpine cat
26
docker run --security-opt seccomp:unconfined # may fix chromium start error
Copied!

X11 Forwarding

1
--env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw"
Copied!

container update

docker container update [OPTIONS] CONTAINER [CONTAINER...] --cpus="1.5" # one and a half of the CPUs --cpu-shares , -c --memory , -m Memory limit --memory-reservation Memory soft limit --restart

Clean up

1
docker container prune
2
docker system prune # Remove unused data
Copied!

Detach

1
Ctrl+p & Ctrl+q
Copied!

Config

1
/etc/docker/daemon.json # delete `,` & `#...`
2
# `dockerd` for debugging: https://docs.docker.com/engine/admin/
3
{
4
"live-restore": true, # containers remain running if daemon unavailable
5
"graph": "/data/docker-fs",
6
"storage-driver": "overlay2",
7
}
Copied!

Mirrors

Proxy

1
mkdir -p /etc/systemd/system/docker.service.d
2
3
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
4
[Service]
5
Environment="HTTP_PROXY=http://192.168.88.20:1080/" "NO_PROXY=localhost,127.0.0.1,192.168.*.*.172.16.*.*"
6
EOF
7
8
sudo systemctl daemon-reload
9
systemctl restart docker
10
11
systemctl show --property=Environment docker
Copied!

Swarm

TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes TCP and UDP port 4789 for overlay network traffic --opt encrypted => protocol 50 (ESP) is open
1
docker swarm init --advertise-addr 10.2.0.1
2
docker swarm join-token manager
3
docker swarm join-token worker
4
docker swarm init --force-new-cluster # without losing data
5
6
docker node ls
7
docker node update --label-add server=s1 st
8
9
netstat -lntup | egrep '2377|7946|4789|50'
10
11
docker service create --name nginx -p 8080:80 --replicas 3 nginx
12
docker service create --name nginx -p 80:80 -p 443:443 --network web --mode global nginx
13
14
docker service ls
15
docker service ps nginx
16
docker inspect <ID> | grep Err
Copied!
1
docker network create \
2
--driver overlay \
3
--subnet 10.66.3.0/24 \
4
--opt encrypted \
5
web
6
7
docker network ls
8
9
# node IP
10
ip addr | grep -P -o '\d+\.\d+\.\d+\.\d+(?=/24)'
11
12
# service VIP
13
ip addr | grep -P -o '\d+\.(?!255)\d+\.\d+\.\d+(?=/32)'
Copied!

OS

CoreOS

1
vi /etc/coreos/update.conf
2
update_engine_client -update
Copied!

boot2docker

https://github.com/boot2docker/boot2docker Lightweight Linux for Docker
1
echo EXTRA_ARGS="--foo=bar" >> /var/lib/boot2docker/profile
Copied!

Windows/Mac