Docker
Docker is a container solution for any operating system. Docker containers can run as a user, allowing for rootful and rootless containers, allowing for more security.
Concepts:
Images - A built software on top of a slim operating system, made into a prebuilt image ready for download
Containers - running images configured with system storage volumes, environment variables, tags and an image (with an optional version)
Volumes - internal storage passed through from host machine files and folders.
Environment variables - static settings for the container.
Installation
Debian 12 install:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
sudo apt-get install docker docker-compose
sudo systemctl enable docker
sudo systemctl start docker
Fully update the system, install docker and docker compose and enable related services.
Common Docker Commands:
Keep in mind what permission level you are running containers in. Rootful containers will need sudo level permissions.
docker --help
Lists docker's commands and syntax.
docker container --help
docker container ls
docker container ls -a
Specifies we are working with containers, --help lists every action. ls lists all containers the user is running. -a lists all containers for the user.
docker container stop (container_name)
docker container restart (container_name)
docker container kill (container_name)
docker container logs (container_name)
docker container rm -f (container_name)
Stop, restart, and kill a container. Logs prints the logs in terminal. rm deletes the container from docker, -f force removing.
Docker Compose:
Compose simplifies docker down to files instead of commands, allows for full stacks to be built in a single file. Docker can then pull all images specified and build the container accordingly with one command.
Regular docker command:
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Sudo is ran as the Portainer container is privileged as it binds to docker.sock . -d runs the container in the background, -p specifies a port, --restart defines the restart policy, see above. -v defines a volume, can also define a file to be passed in. The image is defined at the end. Create a folder for Portainer to live in ~/Portainer and create docker-compose.yaml:
mkdir Portainer
cd Portainer
touch docker-compose.yaml
nano docker-compose.yaml
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /Path/To/portainer_data:/data
ports:
- 8000:8000
- 9443:9443
restart: always
Pull the listed images from docker's repositories and run the services listed:
sudo docker-compose pull
sudo docker-compose up -d
Sudo is used here as Portainer binds to docker.sock. -d runs the compose container(s) in the background.
Common NAS stack inside docker example
Docker compose will be used, all containers (that are separate services, databases and libraries excluded) will be in separate docker-compose.yaml files.
Docker will expose host ports