Docker
Docker is a container solution for any operating system. Docker containers can run as a user, allowing for rootful and rootless containers, allowing for more security.
Concepts:
Images - A built software on top of a slim operating system, made into a prebuilt image ready for download
Containers - running images configured with system storage volumes, environment variables, tags and an image (with an optional version)
Volumes - internal storage passed through from host machine files and folders.
Environment variables - static settings for the container.
Installation
Debian 12 install:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
sudo apt-get install docker docker-compose
Common Docker Commands:
Keep in mind what permission level you are running containers in. Rootful containers will need sudo level permissions.
docker --help
Lists docker's commands and syntax.
docker container --help
docker container ls
docker container ls -a
Specifies we are working with containers, --help lists every action. ls lists all containers the user is running. -a lists all containers for the user.
docker container stop (container_name)
docker container restart (container_name)
docker container kill (container_name)
docker container logs (container_name)
docker container rm -f (container_name)
Stop, restart, and kill a container. Logs prints the logs in terminal. rm deletes the container from docker, -f force removing.
Docker Compose:
Compose simplifies docker down to files instead of commands, allows for full stacks to be built in a single file. Docker can then pull all images specified and build the container accordingly with one command.
Regular docker command:
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Sudo is ran as the Portainer container is privileged as it binds to docker.sock . -d runs the container in the background, -p specifies a port, --restart defines the restart policy, see above. -v defines a volume, can also define a file to be passed in. The image is defined at the end. Create a folder for Portainer to live in ~/Portainer and create docker-compose.yaml:
mkdir Portainer
cd Portainer
touch docker-compose.yaml
nano docker-compose.yaml
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /Path/To/portainer_data:/data
ports:
- 8000:8000
- 9443:9443
restart: always
Pull the listed images from docker's repositories and run the services listed:
sudo docker-compose pull
sudo docker-compose up -d
Sudo is used here as Portainer binds to docker.sock. -d runs the compose container(s) in the background.