You are here: start » tools » docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tools:docker [2022/07/17 16:11] – [Resources] darrontools:docker [2025/02/09 20:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====Docker==== ====Docker====
  
-Docker is similar to [[:tools:lxc|LXC]], however it is geared to running a single +Docker is similar to [[:tools:lxc|LXC]], however it is geared to running a single application within its jailed system rather than being a lightweight VM. It's like having a chroot management system enhanced with networking.
-application within its jailed system rather than being a lightweight +
-VM. It's like having a chroot management system enhanced with networking. One side +
-effect of not having an init process is zombie processes can accumulate in the container. Docker is also dependant on the overlay2 file system which is relatively slow.+
  
-Docker has a lot of pre-built applications, and due to this the docker ecosystem +This page details the latest version of docker for Debian bookworm. For older use cases see on docker for Debian [[tools:docker-bullseye|bullseye]].
-is a security nightmare and cannot really be recommended unless you  +
-skip this and create your own builds from base O/S images such as Alpine Linux.+
  
-On this page are demos of using Docker on Linux. One container +===Uninstall===
-is an install of Laravel and another is Alpine Linux. The installation +
-of Laravel should demonstrate the security issues when using pre-built docker +
-images.+
  
-Alpine Linux is further configured for PHP8, composer and Symfony. This +Debian's version of docker is too old so ensure it'not installed.
-is not for production, just for development and not fully configured here, yet. +
- +
-Later a build is investigated containing WordPress using Alpine Linux +
-and accessed via a proxy with nginx. +
- +
-===Environment=== +
- +
-VirtualBox virtual machine manager or Xen virtual machine. +
- +
-===Operating System=== +
- +
-Devuan Chimaera on VirtualBox or Debian Bullseye on Xen. +
- +
-===Docker=== +
- +
-==Install==+
  
 <code> <code>
-apt-get install apparmor +apt-get remove --purge docker.io docker-compose docker-doc podman-docker containerd runc
-apt-get install docker.io +
-apt-get install docker-compose+
 </code> </code>
  
-==User== +Clean up and reboot if an old version was removed.
- +
-Add your login user to the docker group with vigr and vigr -s and relog. +
- +
-==Run==+
  
 <code> <code>
-/etc/init.d/docker start+apt-get autoremove 
 +reboot
 </code> </code>
  
-===Laravel===+===Install===
  
-<code> +[[https://docs.docker.com/engine/install/debian/#install-using-the-repository|Install using the apt repository]]
-wget "https://laravel.build/example-app" -O example-app.sh +
-sh ./example-app.sh +
-cd example-app +
-./vendor/bin/sail up +
-</code> +
- +
-===Alpine Linux=== +
- +
-Alpine Linux is a lightweight Linux ideal for running inside a container. +
- +
-==Install== +
- +
-Fetch the image and create the container.+
  
 <code> <code>
-docker pull alpine:latest +sudo apt-get update 
-docker create ----name alpine_linux alpine:latest +sudo apt-get install ca-certificates curl 
-</code>+sudo install -m 0755 -d /etc/apt/keyrings 
 +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc 
 +sudo chmod a+r /etc/apt/keyrings/docker.asc
  
-==Start==+echo \ 
 +  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ 
 +  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ 
 +  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  
-Start Alpine Linux. +sudo apt-get update 
- +sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-<code> +
-docker start alpine_linux+
 </code> </code>
  
-==Shell==+===Setup===
  
-Connect to a shell within Alpine Linux.+[[https://docs.docker.com/engine/install/linux-postinstall/|Linux post-installation steps for Docker Engine]]
  
 <code> <code>
-docker exec -it alpine_linux /bin/sh+sudo groupadd docker 
 +sudo usermod -aG docker $USER
 </code> </code>
  
-==Stop== +===Reboot===
- +
-Stop Alpine Linux+
  
 <code> <code>
-docker stop alpine_linux+reboot
 </code> </code>
  
-==Delete== +===Test===
- +
-How do delete Alpine Linux if necessary.+
  
 <code> <code>
-docker rm alpine_linux+docker --version 
 +Docker version 27.5.1, build 9f9e405
 </code> </code>
- 
-===PHP8=== 
- 
-==Install== 
  
 <code> <code>
-docker exec -it alpine_linux /bin/sh +docker compose version 
-apk update +Docker Compose version v2.32.4
-apk upgrade +
-apk add php8 php8-fpm php8-opcache php8-cli php8-ctype php8-iconv php8-session php8-simplexml php8-tokenizer php8-openssl php8-phar +
-ln -sf /usr/bin/php8 /usr/local/bin/php +
-exit+
 </code> </code>
- 
-===Composer=== 
- 
-==Git== 
  
 <code> <code>
-docker exec -it alpine_linux apk add git+ip addr show docker0 
 +4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
 +    link/ether 02:42:ae:18:42:ab brd ff:ff:ff:ff:ff:ff 
 +    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 
 +       valid_lft forever preferred_lft forever
 </code> </code>
- 
-==Install== 
- 
-Visit the composer downloads page to find the composer installer script. 
- 
-[[https://getcomposer.org/download/?lang=php|Composer Downloads]] 
- 
-Save the script as composer-installer.sh 
  
 <code> <code>
-php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" +docker run hello-world
-php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" +
-php composer-setup.php +
-php -r "unlink('composer-setup.php');" +
-</code>+
  
-Run the saved script.+Hello from Docker! 
 +This message shows that your installation appears to be working correctly.
  
-<code> +To generate this message, Docker took the following steps: 
-sh composer-installer.sh + 1. The Docker client contacted the Docker daemon. 
-Installer verified + 2. The Docker daemon pulled the "hello-world" image from the Docker Hub
-All settings correct for using Composer +    (amd64) 
-Downloading...+ 3. The Docker daemon created a new container from that image which runs the 
 +    executable that produces the output you are currently reading. 
 + 4The Docker daemon streamed that output to the Docker client, which sent it 
 +    to your terminal.
  
-Composer (version 2.3.5) successfully installed to/root/composer.phar +To try something more ambitious, you can run an Ubuntu container with
-Use it: php composer.phar + $ docker run -it ubuntu bash
-</code>+
  
-Move the blob into your path.+Share images, automate workflows, and more with a free Docker ID: 
 + https://hub.docker.com/
  
-<code> +For more examples and ideasvisit
-mv composer.phar /usr/local/bin/ + https://docs.docker.com/get-started/
-</code> +
- +
-===Symfony=== +
- +
-==Install== +
- +
-Fetch the symfony blob. +
- +
-<code> +
-wget "https://github.com/symfony-cli/symfony-cli/releases/download/v5.4.8/symfony-cli_linux_amd64.tar.gz" +
-tar zxvf symfony-cli_linux_amd64.tar.gz +
-</code> +
- +
-Move the blob into your path. +
- +
-<code> +
-mv symfony /usr/local/bin/ +
-</code> +
- +
-==Application== +
- +
-Create a symfony application. +
- +
-<code> +
-symfony new --webapp my_project +
-</code> +
- +
-===Fixed IP address=== +
- +
-==Bridge== +
- +
-Create a network bridge using docker. +
- +
-<code> +
-docker network create --subnet=10.44.0.0/24 vlan +
-</code> +
- +
-==Run== +
- +
-Create and run the container. The option d starts the container in the background and t assigns a pseudo tty. +
- +
-<code> +
-docker pull alpine:latest +
-docker run -d -t --net vlan --ip 10.44.0.10 --name alpine_linux alpine +
-</code> +
- +
-==Command== +
- +
-Run a command in the container +
- +
-<code> +
-docker exec -it alpine_linux /sbin/ifconfig eth0 +
-eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX +
-          inet addr:10.44.0.10  Bcast:10.44.0.255  Mask:255.255.255.0 +
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 +
-          RX packets:10 errors:0 dropped:0 overruns:0 frame:0 +
-          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 +
-          collisions:0 txqueuelen:+
-          RX bytes:876 (876.0 B)  TX bytes:0 (0.0 B) +
-</code> +
- +
-==Stop== +
- +
-Stop container +
- +
-<code> +
-docker stop alpine_linux +
-</code> +
- +
-==Restart== +
- +
-Restart container +
- +
-<code> +
-docker start alpine_linux +
-</code> +
- +
-===WordPress development=== +
- +
-This is the process I used to develop a WordPress docker container. Following this is +
-the method using a Dockerfile which automates the process once it is known. Some differences +
-are also found in the application of the container during development. +
- +
-==Proxy== +
- +
-Install nginx in the main host. +
- +
-<code> +
-apt install nginx-full php php-cli php-fpm +
-</code> +
- +
-Use proxy_pass to direct a https URL to the container. +
- +
-Eg. +
-<code> +
-location / { +
- proxy_pass http://x.x.x.x:80; +
- proxy_set_header Host $host; +
- proxy_set_header X-Real-IP $remote_addr; +
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +
- proxy_set_header X-Forwarded-Proto https; +
- proxy_set_header X-Forwarded-Port 443; +
- proxy_buffering off; +
-+
-</code> +
- +
-==Apache2== +
- +
-Install apache2 in the container. +
- +
-__Install__ +
-<code> +
-docker exec -it alpine_linux sh +
-apk update +
-apk upgrade +
-apk add php8 php8-apache2 php8-mysqli php8-mysqlnd php8-opcache php8-cli php8-ctype php8-iconv php8-session php8-simplexml php8-tokenizer php8-openssl php8-phar php8-curl php8-dom php8-exif php8-fileinfo php8-pecl-imagick php8-mbstring php8-zip php8-gd php-intl +
-ln -sf /usr/bin/php8 /usr/local/bin/php +
-exit +
-</code> +
- +
-__Config__ +
- +
-At the least edit the Listen and ServerName directives in /etc/apache2/httpd.conf +
- +
-<code> +
-Listen *:80 +
-ServerName WordPress +
-ServerAdmin root +
-ServerTokens Prod +
-ServerSignature Off +
-</code> +
- +
-__Logging__ +
- +
-Use mod remoteip resolve client ip address. +
- +
-__Newer apache2__ +
-<code> +
-RemoteIPProxyProtocol On +
-RemoteIPProxyProtocolExceptions 127.0.0.1 X.X.X.X/24 +
-RemoteIPHeader X-Forwarded-For +
-RemoteIPTrustedProxy X.X.X.X +
-</code> +
- +
-__Older apache2__ +
-<code> +
-RemoteIPHeader X-Real-IP +
-RemoteIPTrustedProxy X.X.X.X +
-LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +
-</code> +
- +
-__Run__ +
- +
-Start apache2 in the container. +
- +
-<code> +
-docker exec -it alpine_linux /usr/sbin/httpd -DFOREGROUND +
-</code> +
- +
-To keep this process upstart it from RUNIT or similar in the main docker host. +
- +
-__run__ +
-<code> +
-/usr/bin/docker start alpine_linux +
-exec /usr/bin/docker exec -e TZ=UTC -e PHP_INI_SCAN_DIR=/etc/php8/conf.d -t alpine_linux /usr/sbin/httpd -DFOREGROUND +
-</code> +
- +
-__finish__ +
-<code> +
-/usr/bin/docker stop alpine_linux +
-</code> +
- +
-==WordPress== +
- +
-Install WordPress in the container. +
- +
-<code> +
-docker exec -it alpine_linux sh +
-cd /var/www/localhost/htdocs +
-wget "https://wordpress.org/latest.zip" +
-unzip latest.zip +
-rm latest.zip +
-chown -R apache:apache wordpress +
-exit +
-</code> +
- +
-The URL will become https://example.com/wordpress/ and the setup URL will be +
-https://example.com/wordpress/wp-admin/setup-config.php +
- +
-If a MySQL server is not available then MySQL must be started in another +
-container in the same network. +
- +
-Add custom config values to support proxy. +
-<code> +
-define('FORCE_SSL_ADMIN', true); +
-// in some setups HTTP_X_FORWARDED_PROTO might contain +
-// a comma-separated list e.g. http,https +
-// so check for https existence +
-if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) +
-$_SERVER['HTTPS']='on'; +
- +
-define('FS_METHOD','direct'); +
-</code> +
- +
-===WordPress Dockerfile=== +
- +
-A docker file can be used to automate the building of an image after one +
-has been developed. +
- +
-Here is a simple Makefile just used to contain various rules. +
- +
-<code> +
-clean: +
-        rm -f *~ +
- +
-build: +
-        docker build --no-cache -t alpine_wp . +
- +
-run: +
-        docker run -d -t --net vlan --ip 10.44.0.11 --name wp-dev alpine_wp +
- +
-test: +
-        curl -v http://10.44.0.11/ +
- +
-stop: +
-        docker stop wp-dev +
- +
-rm: +
-        docker rm -f wp-dev +
-        docker image rm -f alpine_wp +
-</code> +
- +
-The Makefile uses a Dockerfile to make the build, as follows: +
- +
-<code> +
-# LATEST WORDPRESS ON ALPINE LINUX +
-FROM alpine:latest +
-# INSTALL APACHE2/PHP8 +
-RUN apk --no-cache update && apk --no-cache upgrade && apk --no-cache add php8 php8-apache2 php8-mysqli php8-mysqlnd php8-opcache php8-cli php8-ctype php8-iconv php8-session php8-simplexml php8-tokenizer php8-openssl php8-phar php8-curl php8-dom php8-exif php8-fileinfo php8-pecl-imagick php8-mbstring php8-zip php8-gd php-intl && ln -sf /usr/bin/php8 /usr/local/bin/php +
-# INSTALL WORDPRESS +
-WORKDIR /var/www/localhost/htdocs +
-RUN wget -q "https://wordpress.org/latest.zip" && unzip -q latest.zip && rm latest.zip && chown -R apache:apache wordpress && rm -f index.html && echo "<?php header('Location: /wordpress/')?>" > index.php +
-# START HTTPD +
-EXPOSE 80 +
-ENTRYPOINT /usr/sbin/httpd -DFOREGROUND +
-</code> +
- +
- +
-===Miscellaneous=== +
- +
-==Copy file== +
- +
-<code> +
-docker cp .vimrc alpine_linux:/root/.vimrc +
-</code> +
- +
-==Apache log rotation== +
- +
-<code> +
-#! /bin/sh +
- +
-# Apache log rotation. +
-+
-# Dmb May 1999 - Jun 2022. +
- +
-# Alpine Linux: +
-+
-# apk add apache2-utils webalizer +
-+
-# 0 1 * * *  /usr/bin/docker exec alpine_linux /root/rotatelog 1>/dev/null 2>/dev/null +
- +
-umask 022 +
- +
-LOGDIR="/var/log/apache2" +
-WEBLOG="access.log" +
-LOGFILES="$WEBLOG error.log" +
-STATDIR="stats" +
- +
-cd $LOGDIR +
- +
-for f in $LOGFILES +
-do +
-        if test -f $f; then +
- +
-                test -f $f.6.gz && mv $f.6.gz $f.7.gz +
-                test -f $f.5.gz && mv $f.5.gz $f.6.gz +
-                test -f $f.4.gz && mv $f.4.gz $f.5.gz +
-                test -f $f.3.gz && mv $f.3.gz $f.4.gz +
-                test -f $f.2.gz && mv $f.2.gz $f.3.gz +
-                test -f $f.1.gz && mv $f.1.gz $f.2.gz +
-                test -f $f.0 && mv $f.0 $f.1 && gzip $f.1 +
- +
-                cp -p $f $f.0 +
- +
-                cat /dev/null >$f +
-        fi +
-done +
- +
-if test -f $WEBLOG.0; then +
- +
-        TMPLOG=`mktemp /tmp/logresolve.XXXXXXXXXX` +
- +
-        logresolve < $WEBLOG.0 > $TMPLOG +
- +
-        mkdir -p $STATDIR +
- +
-        webalizer -Q -p -n"localhost" -o$STATDIR $TMPLOG +
- +
-        rm -f $TMPLOG +
-fi +
- +
-exit 0 +
-</code> +
- +
-==Clone== +
- +
-__First stop the container to commit any changes__ +
- +
-The commit creates a tagged version of the container which +
-has any changes made since installation. +
- +
-<code> +
-docker stop alpine_lunux +
-docker commit alpine_linux wordpress:v1 +
-</code> +
- +
-__Container can be restarted now__ +
- +
-<code> +
-docker start alpine_linux +
-</code> +
- +
-__Save the docker container as an image__ +
- +
-This saves the container at the specified commit tag for import +
-elsewhere. +
- +
-<code> +
-docker save -o wordpress_v1.tar wordpress:v1+
 </code> </code>
  
-Container image can now be used elsewhere. 
 ===Resources=== ===Resources===