====== Docker ======
see also: [[compose|Docker Compose]] / [[swarm|Docker Swarm]]
==== file locations ====
| ''/var/lib/docker/volumes'' | Volumes |
===== Tools =====
* [[https://github.com/bcicen/ctop|ctop]] – **top** like tool for **c**ontainer metrics.
===== Useful containers =====
^ Automated Nginx Proxy | [[https://hub.docker.com/r/jwilder/nginx-proxy/|jwilder/nginx-proxy]] |
^ Automated Nginx Letsencrypt Companion | [[https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/|jrcs/letsencrypt-nginx-proxy-companion]] |
^ Nextcloud | [[https://hub.docker.com/_/nextcloud|nextcloud]] |
^ TCP Proxy | [[https://github.com/Tecnativa/docker-tcp-proxy|tecnativa/docker-tcp-proxy]] |
^ UDP Proxy | [[https://hub.docker.com/r/instantlinux/udp-nginx-proxy|instantlinux/udp-nginx-proxy]] |
^ PostgreSQL | [[https://hub.docker.com/_/postgres|postgres]] |
===== useful commands =====
Start interactive shell in container
docker exec -ti container sh
List stopped containers
docker ps --filter "status=exited"
Get command used to start a Docker container
docker inspect -f '{{json .Config}}' CONTAINERID | jq '.Env'
Get IP of a container
docker inspect --format '{{ .NetworkSettings.IPAddress }}' CONTAINERID
===== Storage =====
==== Free up space ====
docker system prune -a
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all images without at least one container associated to them
Are you sure you want to continue? [y/N] y
==== Identify space wasters in overlay2 directory ====
du -t 100M -shc /var/lib/docker/overlay2/*/diff | sort
([[https://forums.docker.com/t/some-way-to-clean-up-identify-contents-of-var-lib-docker-overlay/30604/6|source]])
Further reading:
* [[https://hub.docker.com/r/clockworksoul/docker-gc-cron/|Docker garbage collector cronjob]]
* https://stackoverflow.com/questions/46672001/is-it-safe-to-clean-docker-overlay2
* https://docs.docker.com/config/pruning/
==== prune images ====
# delete all volumes not in use or dangling
docker volume rm $(docker volume ls -qf dangling=true)
# same
docker system prune --all --volumes --force
==== show all mounted directories ====
docker inspect -f '{{ range .Mounts }}{{ .Source }}:{{ .Destination }} {{ end }}' $(docker-compose ps -q)
===== Backup / restore =====
* [[https://camptocamp.github.io/bivac/|Bivac]] - backup container volumes using Restic
==== MySQL DB ====
# Backup
docker exec CONTAINER /usr/bin/mysqldump -u root --password=root DATABASE > backup.sql
# Restore
cat backup.sql | docker exec -i CONTAINER /usr/bin/mysql -u root --password=root DATABASE
===== Host OS =====
* [[https://containerjournal.com/2017/03/07/os-best-docker-heres-decide/|Which Host OS is best?]]
==== Minimalist Docker-only/-centric ====
see also: [[https://blog.docker.com/2015/02/the-new-minimalist-operating-systems/|The New Minimalist Operating Systems (blog.docker.com)]]
* Rancher
* Project Atomic
* CoreOS
* Snappy Ubuntu Core
===== caveats =====
==== bind mounts & SELinux ====
to be able to access mounts with enabled SELinux, you need to specify '':z'' or '':Z'' to the bind mount option.
See also: https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
===== Troubleshooting =====
==== mysql/mariadb doesn't work after I pulled a new image ====
docker exec CONTAINERNAME mysql_upgrade "-uroot" "-pROOTPASSWORD"
===== Resources =====
==== Articles ====
* [[http://www.offermann.us/2013/12/tiny-docker-pieces-loosely-joined.html|Tiny Docker Pieces, Loosely Joined (data-only Docker containers)]]
* [[https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf|Understanding how uid and gid work in Docker containers]]
=== setups / howtos ===
* [[http://jonaskunze.com/restrict-user-to-its-own-container-using-docker/]]
* [[https://github.com/rootless-containers/runrootless]]
* [[https://www.jujens.eu/posts/en/2018/Feb/25/multiple-docker/]]