Table of Contents

Docker

Install

Ubuntu:

Requirements:

apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

Then:

curl -sSL https://get.docker.com | sh

Check also on:

https://docs.docker.com/engine/install/ubuntu/

SLES:

zypper se -s docker                          #get the version
zypper in -f docker=18.06.1_ce-98.21.1       #reference the version 

Control service:

systemctl is-enabled docker.service
systemctl start docker.service
systemctl status docker.service
systemctl daemon-reload
systemctl restart docker
systemctl show --property Environment docker

https://hub.docker.com

https://hub.docker.com/r/mysql/mysql-server/

https://hub.docker.com/_/mysql/

https://github.com/cmoro-deusto/docker-rpi-mysql

https://www.techrepublic.com/article/how-to-deploy-and-use-a-mysql-docker-container/

https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-docker-ce-1

https://docs.docker.com

https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

https://docs.docker.com/config/containers/multi-service_container/ #running multiple services in a container

Commands

Node/ swarm

docker node ls
docker node ls -q | xargs docker node inspect   -f '{{ .Description.Hostname }}: {{ .Spec.Labels }}' | grep map |  sed 's/ /\n\t/g'                       #show labels
docker service ls |grep container-name                                                                                                                    #check if container runs
docker service ps container-id                                                                                                                            #check on which node container runs 
docker network create -d overlay --subnet=10.0.32.0/22 --attachable my_network_name

Container

Start, stop, manage containers:

docker container ls
docker container ls --all
docker container start 10095cc1e53d
docker start 176bd91300c3                                                           #Start Container
docker container stop 00b9227af244
docker container rm b9e0eb78c272
docker rm $(docker ps --all -q -f status=exited)
docker rename CONTAINER_NAME NEW_NAME                                               #Rename container
docker commit my-container ubuntu:16.04                                             #Commit changes from container "my-container" to image "ubuntu:16.04"
docker stats redis1 redis2                                                          #command to live stream a container’s runtime metrics (cpu, mem etc.)
docker cp containerID:/path/to/file/file_or_foldername .                            #to copy a file or an folder from within the container to the docker-host
docker cp -a server.key cf755a260e93:/tmp

Forcefully delete all containers, so pay attention!!

docker container rm $(docker container ls -a -q)

Image

docker image ls
docker images -q                                                                    #Just show "IMAGE ID"
docker images --digests                                                             #show "sha" value to get version of e. g. "lastest"
docker image ls --all
docker pull mysql/mysql-server:latest                                               #Install image mysql
docker rmi image:tag                                                                #delete image-tag

Forcefully delete all images, so pay attention!!

docker rmi $(docker images -q) -f 

Remove <none> images (untagged):

docker rmi $(docker images -f "dangling=true" -q)                                   

Save & Restore

docker image save 915f54b28a31 -o ubuntu-16.04.tar
docker load < ubuntu-16.04.tar ubuntu-16.04
docker exec some-mysql sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /some/path/on/your/host/all-databases.sql                   

Build

docker build -t "simple_flask:dockerfile" .                                         #Build an image from a Dockerfile
docker build - < Dockerfile
docker build -t friendlyhello .                                                     #Create image using this directory's Dockerfile
docker build -t friendlyhello /usr/lib/docker/example/.                             #Create image using path Dockerfile
docker build -t ubuntu16-test:16.04 --no-cache .
docker history simple_flask:dockerfile
docker build -t ubuntu16-squid:16.04 /software/.                                    #Build image "ubuntu16-squid" from Dockerfile within "/software/"
docker build --build-arg http_proxy=http://1.2.3.4:80 --build-arg https_proxy=http://1.2.3.4:80 -t ubuntu16-squid:16.04 .
docker build --no-cache -t tftp-alpine:latest .
docker build -t php:5-apache $(pwd)/.
 

Deploy Container

docker run ubuntu:16.04                                                                                      #Download ans install ubuntu 16.04.
docker run --name=mysql-01 -d mysql/mysql-server:latest
docker run --name=ubuntu16.04-squid-1 ubuntu:16.04
docker run -d -p 8080:8080 --name=ubuntu16.04-squid-2 -ti ubuntu:16.04                                       #Deploy and keep running container from image "ubuntu:16.04"
docker run --rm -i --user="$(id -u):$(id -g)" --net=none -v "$PWD":/data blang/latex xelatex article.tex
docker run --name=mysql01 -d mysql:dockerfile
docker run -d -p 3306:3306 -v /path/in/host:/var/lib/mysql dordoka/rpi-mysql
docker run -d -p 3306:3306 --name=mysql01 -v /path/in/host:/var/lib/mysql -d mysql/mysql-server:latest
docker run --name=test-kibana -d rutsky/kibana-logtrail-kubernetes:4.6.1-0.1.7-2
docker run -p 8080:80 -p 8443:443 68b57f0b6302 apache2-foreground
docker run -dti -p 69:69/udp -v /data/tftp:/var/tftpboot tftp-alpine:latest
docker run -it --entrypoint /bin/bash container-ID
docker run --rm -tid -p 2080:80 -p 2443:443 haproxy-test:latest

Run

Run and connect to container. When exiting, container stopps!

docker run -ti ubuntu:latest /bin/bash
docker run -ti ubuntu /bin/bash
docker run -ti mysql:dockerfile
docker run -d -p 3306:3306 mysql:dockerfile

Info

docker version
docker info
docker logs mysql01
docker logs --follow jenkins
journalctl -fu docker
docker ps
docker ps --all
docker inspect f8f1140788d8

Logs

docker inspect --format='{{.LogPath}}' $CONTNAME | xargs tail -f

Connect

Connect to running (!) container:

docker exec -it mysql3 bash
docker exec -it 7079297b1b01 /bin/bash
docker exec -it 4c1d592d40d9 mysql -uroot -p
docker exec -it 176bd91300c3 bash
docker exec -it $(echo $(docker ps | grep -i esphome | awk '{print $1}')) bash

Volumes

docker volume create --name DataVolume1
docker volume create --label DataVolume1
docker volume create -d netapp --name myFirstVolume -opt size=1G
docker volume inspect DataVolume1
docker run -d \
  --name=nginxtest \
  -v nginx-vol:/usr/share/nginx/html:ro \
  nginx:latest
 
docker run -d \
  --name=nginxtest \
  --mount source=nginx-vol,destination=/usr/share/nginx/html,readonly \
  nginx:latest
docker run -ti --name=Container2 -v DataVolume2:/datavolume2 ubuntu
docker run -ti --name=Container2 -v DataVolume1:/datavolume1 ubuntu
docker run --rm -ti -v DataVolume1:/datavolume1 ubuntu

Plugin

docker plugin ls
docker plugin install netapp/trident-plugin:18.04 --alias netapp --grant-all-permissions

Path

/usr/lib/docker/
/var/lib/docker/

User

Use docker by a user that is a member of the docker group. If you do not have a user in that group, issue the command

sudo usermod -a -G docker USERNAME
usermod -aG docker tmade

System

docker system prune

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - unused build cache
Are you sure you want to continue? [y/N] y

Dockerfile

Squid

https://docs.docker.com/engine/reference/builder/

Example dockerfile which builds ubuntu 16.04 with compiled squid 4.8:

Dockerfile
#Download base image ubuntu
FROM ubuntu:22.04
#FROM ubuntu:16.04
#FROM ubuntu:18.04
LABEL version="1.1"
LABEL maintainer="info@tmade.de"
 
ENV SQUID_VERSION="6.4"
ENV MAIN_VERSION="6"
ENV SQUIDURL="http://www.squid-cache.org/Versions/v${MAIN_VERSION}/squid-${SQUID_VERSION}.tar.gz"
 
#http://www.squid-cache.org/Versions/v5/squid-5.1.tar.gz
#http://www.squid-cache.org/Versions/v4/squid-4.10.tar.gz
 
# locales to UTF-8
#RUN locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8
#ENV LC_ALL C.UTF-8
#ENV SQUID_VERSION=3.5.12-1ubuntu7
 
RUN apt-get update && \
    apt-get -y upgrade && \
    apt-get -y install bash-completion \
        build-essential \
        libssl-dev \
    wget \
    curl \
    netcat \
    vim \
    iputils-ping \
    net-tools && \
    apt-get -qy autoremove && \
    rm -rf /var/lib/apt/lists/*
 
RUN wget ${SQUIDURL}
RUN tar -xzf squid-${SQUID_VERSION}.tar.gz
 
RUN cd /squid-${SQUID_VERSION} && ./configure --with-large-files \
    --disable-ipv6 --enable-follow-x-forwarded-for \
    --sysconfdir=/etc/squid --localstatedir=/var/log/squid \
    --enable-ssl --with-openssl --with-filedescriptors=16384 \
    --enable-storeio=diskd,ufs --prefix=/usr/local/squid \
    --with-included-ltdl
 
RUN cd /squid-${SQUID_VERSION} && make && make install
 
RUN useradd -r squid -s /bin/false && \
    cat /etc/passwd && \
#RUN groupadd -r squid
    touch /var/log/squid/logs/access.log && \
    cd /var/log/squid/ && chmod -R 770 * && chown -R squid:squid * && \
    chmod 660 /var/log/squid/logs/access.log
 
COPY squid-no-cache.conf /etc/squid/squid.conf
#COPY entrypoint.sh /usr/bin/entrypoint.sh
 
WORKDIR /etc/squid
USER squid
 
#ENTRYPOINT "/sbin/entrypoint.sh && /bin/bash"
 
#EXPOSE 8080/tcp
#ENTRYPOINT ["/sbin/entrypoint.sh"]

Squid entrypoint.sh:

entrypoint.sh
#!/bin/sh
 
echo "start squid-proxy"
/usr/local/squid/sbin/squid -f /etc/squid/squid.conf

Alpine

Example alpine with apache2:

Dockerfile
FROM alpine:3.11
 
LABEL version="1.4"
LABEL maintainer="info@tmade.de"
 
#ENV http_proxy "http://proxy:80"
#ENV https_proxy "https://proxy:80"
#ENV no_proxy="localhost,127.0.0.1,.local"
 
#ARG VERSION
 
RUN set -ex;
 
RUN apk update && apk upgrade && \
    apk add --no-cache \
    bash \
    tini \
    tar \
    xz \
    wget \
    less \
    man man-pages \
    mdocml-apropos \
    busybox-extras \
    curl \
    make \
    gcc \
    g++ \
    apache2 \
    apache2-ssl \
    apache2-ldap \
    apache2-utils
 
RUN makewhatis
 
RUN rm -rf /var/cache/apk/* && \
    #mkdir /var/www/htdocs && \
    #chown -R apache:www-data /var/www/htdocs && \
    mkdir /etc/apache2/certificate && \
    echo 'alias ll="ls -alh"' >> ~/.bashrc && \
    echo 'alias ..="cd .."' >> ~/.bashrc && \
    echo 'alias ...="cd ../.."' >> ~/.bashrc
 
COPY certificate/* /etc/apache2/certificate/
COPY httpd.conf /etc/apache2/
COPY ssl.conf /etc/apache2/conf.d/
COPY index.html /var/www/localhost/htdocs/
 
WORKDIR /etc/apache2
 
#USER apache
 
#EXPOSE 80 443
#ENTRYPOINT ["/bin/sh", "-c", "/bin/bash"]                                  #exec form
#ENTRYPOINT /bin/bash                                                       #shell form
#ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]                    #exec form
#ENTRYPOINT /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf        #shell form
#ENTRYPOINT /sbin/tini /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND", "-f", "/etc/apache2/httpd.conf"]

Build:

docker build --no-cache -t alpine-apache2:3.11 .
docker run -it -d -p 80:8080 -p 443:8443 --hostname myhost.local --name=alpine-apache2-1 alpine-apache2:3.11
docker run -it -d -p 80:80 -p 443:443 --hostname myhost.local --name=alpine-apache2-1 alpine-apache2:3.11
docker container ls -a | grep alpine
docker exec -ti PROCESS-ID /bin/bash

Config

Docker Root Dir

Just put this json into /etc/docker/daemon.json:

{
"graph": "/var/lib/docker"
}

Proxy

Files (SLES12 and Ubuntu 16.04/ 18.04/ 20.04/ 22.04):

/etc/systemd/system/docker.service.d/http-proxy.conf
/etc/systemd/system/docker.service.d/https-proxy.conf

Conf:

[Service]
Environment="HTTP_PROXY=proxy:80"
Environment="NO_PROXY=localhost,127.0.0.1"
[Service]
Environment="HTTPS_PROXY=proxy:80"
Environment="NO_PROXY=localhost,127.0.0.1"

Proxy-Setup for container-proxy-communication (version >= 17.07):

~/.docker/config.json
{
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://proxy:8080",
     "httpsProxy": "https://proxy:8443",
     "noProxy": "localhost, 127.0.0.1"
   }
 }
}

Check also on:

https://docs.docker.com/network/proxy/#configure-the-docker-client

docker-compose

https://docs.docker.com/compose/gettingstarted/#step-8-experiment-with-some-other-commands

https://docs.docker.com/compose/reference/overview/

https://docs.docker.com/compose/completion/

Install

apt-get install docker-compose

Or check releases for binary:

https://github.com/docker/compose/releases/

curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

Commands

  
docker-compose up                                                           #inside directory where docker-compose.yml is located to run your service
docker-compose up -d                                                        #to run your services in the background (still runs after system reboot)
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d        #to run your services in the background ("-d")
docker-compose -f /scripts/dockerfiles/gitlab/docker-compose.yml down       
docker-compose -f docker-compose.yml up -d
docker-compose down
docker-compose ps

Example

docker-compose.yaml (located inside “dockerfile” folder):

version: '2'

services:
  mysql:
    image: mysql:dockerfile
    container_name: test-mysql
    ports:
    #localport:containerport
      - 3306:3306
    environment:
      MYSQL_ROOT_PASSWORD: "mypassword"
    volumes:
      - /data/db:/var/lib/mysql
    restart: always

gitlab-ce:

https://www.ivankrizsan.se/2018/06/23/gitlab-ce-on-docker/

# GitLab CE deployment using two external volumes; one for data and another
# for configuration. These volumes needs to be created prior to starting GitLab
# using the following commands:
# docker volume create gitlab-data
# docker volume create gitlab-config
#
# In addition you may want to change the hostname value in the Docker-Compose
# configuration below to match the name of your server/computer on which
# GitLab is to be run.
#
# Once started, access GitLab using the URL http://localhost:8880.
#
# The following ports are exposed by GitLab:
# 8880 (HTTP)
# 443 (if you configure HTTPS)
# 8080 (used by Unicorn)
# 8822 (used by the SSH daemon)
#
# The GitLab documentation suggests the following line to be added to the
# GITLAB_OMNIBUS_CONFIG environment variable.
# external_url 'http://hostname:8880'
# However, with this line present I am unable to access the GitLab webpage.
version: '2'
#version: '3'

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    hostname: hostname
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        gitlab_rails['gitlab_shell_ssh_port'] = 8822
    ports:
      - "8443:443"
      - "8880:80"
      - "8822:22"
# The logs directory can be mapped to the logs directory in the same director
# as the docker-compose file using the following entry under volumes:
    volumes:
      - gitlab-config:/etc/gitlab
      - gitlab-data:/var/opt/gitlab
      - ./logs:/var/log/gitlab
    restart: always

volumes:
  gitlab-data:
    external: true
  gitlab-config:
    external: true

Jenkins:

version: '2'

services:
  jenkins:
    image: jenkins/jenkins:lts
    user: "1000:1000"                             #has to match lokal jenkins user´s uid and gid!
    #user: "${UID}:${GID}"
    container_name: jenkins-master
    ports:
      - 8888:8080
      - 50000:50000
    volumes:
      - /data/jenkins/:/var/jenkins_home
    restart: always

tftp:

version: '2'

services:
  tftp:
    image: tftp-alpine:latest
    #user: "1003:1003"
    #user: "${UID}:${GID}"
    container_name: tftp-alpine
    ports:
      - "69:69/udp"
      #- 69:69/udp
    volumes:
      -  /data/tftp:/var/tftpboot
    restart: always

Private Registry

https://docs.docker.com/engine/security/certificates/

mkdir -p /var/lib/docker/private-registry/auth
mkdir -p /var/lib/docker/private-registry/data
mkdir -p /var/lib/docker/private-registry/cert
docker run --entrypoint htpasswd registry:2 -Bbn admin mysecret >> /var/lib/docker/private-registry/auth/htpasswd
docker container ls -a |grep registry
docker container rm $(docker ps |grep registry |awk '{ print $1 }')

“/var/lib/docker/docker-compose.yml”:

registry:
 restart: always
 image: registry:2
 container_name: registry
 ports:
 - 5000:5000
 environment:
   REGISTRY_HTTP_TLS_CERTIFICATE: /cert/my.crt
   REGISTRY_HTTP_TLS_KEY: /cert/my.key
   REGISTRY_AUTH: htpasswd
   REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
   REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
 volumes:
 - /var/lib/docker/private-registry/data:/var/lib/registry
 - /var/lib/docker/private-registry/cert:/cert
 - /var/lib/docker/private-registry/auth:/auth

Start and stop:

docker-compose -f /var/lib/docker/docker-compose.yml up -d
docker-compose -f /var/lib/docker/docker-compose.yml down

Login:

docker login --username admin my-registry:5000

MISC

sudo usermod -aG docker myuser                                                #add user "myuser" to docker group