# docker
* [Web UI](#web-ui)
* [Scripts](#scripts)
* [Dockerfile code snippets](#dockerfile-code-snippets)
* [CMD and ENTRYPOINT](#cmd-and-entrypoint)
* [apt](#apt)
* [alpine](#alpine)
* [tini](#tini)
* [S6 - a process supervisor](#s6---a-process-supervisor)
* [badger](#badger)
* [Storage](#storage)
* [btrfs issue](#btrfs-issue)
* [Network](#network)
* [macvlan/ipvlan](#macvlanipvlan)
* [plugins](#plugins)
* [DHCP](#dhcp)
* [Commands](#commands)
* [build](#build)
* [container/image operations](#containerimage-operations)
* [cp](#cp)
* [run](#run)
* [X11 Forwarding](#x11-forwarding)
* [container update](#container-update)
* [Clean up](#clean-up)
* [Detach](#detach)
* [Config](#config)
* [Mirrors](#mirrors)
* [Proxy](#proxy)
* [Swarm](#swarm)
* [OS](#os)
* [CoreOS](#coreos)
* [boot2docker](#boot2docker)
* [Windows/Mac](#windowsmac)
* [Automated builds](#automated-builds)
## Web UI
## Scripts
```
source /dev/stdin <<< "$(curl -sSL https://raw.githubusercontent.com/fzinfz/scripts/master/linux/docker.sh)"
```
## Dockerfile code snippets
### CMD and ENTRYPOINT
```
ENTRYPOINT [“exec_entry”, “p1_entry”]
CMD [“exec_cmd”, “p1_cmd”]
=> exec_entry p1_entry exec_cmd p1_cmd
```
### apt
```
RUN apt update && apt install -y
--no-install-recommends && rm -r /var/lib/apt/lists/*
```
### alpine
```
# install pip3
RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.py
RUN apk add --no-cache --virtual .build-deps \
curl ca-certificates jq \
&& apk del .build-deps
```
### tini
```
docker run --init
```
### S6 - a process supervisor
## badger
## Storage
```
When possible, overlay2 is the recommended storage driver.
Supported backing filesystems: xfs with ftype=1, ext4 ( where /var/lib/docker/ is located )
```
### btrfs issue
## Network
none/bridge/host/overlay/{belows}:
### macvlan/ipvlan
* Ipvlan:All sub-interfaces share parent’s MAC | vs Macvlan
* Ipvlan L3 mode:Each sub-interface has to be configured with a different subnet
* Macvlan and ipvlan cannot be used on the same parent interface at the same time.
* IPvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation.
* `--internal`: ( off `-o parent=` )
* if no `--gateway`: gw for `--subnet=192.168.1.0/24` will be 192.168.1.1
To access host, check [/nw/openwrt](https://github.com/fzinfz/book/blob/master/nw/openwrt/README.md)
### plugins
### DHCP
*
*
## Commands
### build
```
docker build [-f Dockerfile.custom] [--target multi-stage] Dockerfile-Root-Folder
docker build - < Dockerfile # no context, local ADD not working
curl example.com/remote/Dockerfile | docker build -f - .
Get-Content Dockerfile | docker build - # Powershell
docker build -f ctx/Dockerfile http://server/ctx.tar.gz
docker build https://github.com/user/repo.git
```
| Build Syntax Suffix | Commit Used | Build Context Used |
| ---------------------------- | ------------------- | ------------------ |
| myrepo.git#mytag:myfolder | refs/tags/mytag | /myfolder |
| myrepo.git#mybranch:myfolder | refs/heads/mybranch | /myfolder |
Squashing does not destroy any existing image, rather it creates a new image.
### container/image operations
```
docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
docker export container_name > container.tar
docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
docker save image_name > image.tar
docker load < image.tar[.gz]
docker save python | ssh -C 192.168.88.72 docker load
```
### cp
```
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
```
### run
```
--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
-m, --memory=""
-c, --cpu-shares=0 CPU shares (relative weight)
--dns=[] : Set custom dns servers for the container
--network="bridge" : Connect a container to a network
'bridge': create a network stack on the default Docker bridge
'none': no networking
'container:': reuse another container's network stack
'host': use the Docker host network stack
'|': connect to a user-defined network
--network-alias=[] : Add network-scoped alias for the container
--add-host="" : Add a line to /etc/hosts (host:IP)
--mac-address="" : Sets the container's Ethernet device's MAC address
--ip="" : Sets the container's Ethernet device's IPv4 address
--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
--read-only :prohibiting writes to locations other than the specified volumes
Volume labels
`:z` => shared
`:Z` => private
`--entrypoint` will clear out `CMD`
echo test | docker run --rm -i alpine cat
docker run --security-opt seccomp:unconfined # may fix chromium start error
```
#### X11 Forwarding
```
--env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw"
```
### container update
docker container update \[OPTIONS] CONTAINER \[CONTAINER...] --cpus="1.5" # one and a half of the CPUs --cpu-shares , -c --memory , -m Memory limit --memory-reservation Memory soft limit --restart
### Clean up
```
docker container prune
docker system prune # Remove unused data
```
### Detach
```
Ctrl+p & Ctrl+q
```
## Config
```
/etc/docker/daemon.json # delete `,` & `#...`
# `dockerd` for debugging: https://docs.docker.com/engine/admin/
{
"live-restore": true, # containers remain running if daemon unavailable
"graph": "/data/docker-fs",
"storage-driver": "overlay2",
}
```
### Mirrors
CN: LAN:
### Proxy
23.0+ :
* daemon configuration file : /etc/docker/daemon.json
*
* command-line options :
```
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:1081"
Environment="HTTPS_PROXY=http://127.0.0.1:1081"
Environment="NO_PROXY=localhost,127.0.0.1,192.168.*.*,172.16.*.*,100.*.*.*"
EOF
systemctl daemon-reload && systemctl restart docker
systemctl show --property=Environment docker
```
## Swarm
TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes TCP and UDP port 4789 for overlay network traffic --opt encrypted => protocol 50 (ESP) is open
```
docker swarm init --advertise-addr 10.2.0.1
docker swarm join-token manager
docker swarm join-token worker
docker swarm init --force-new-cluster # without losing data
docker node ls
docker node update --label-add server=s1 st
netstat -lntup | egrep '2377|7946|4789|50'
docker service create --name nginx -p 8080:80 --replicas 3 nginx
docker service create --name nginx -p 80:80 -p 443:443 --network web --mode global nginx
docker service ls
docker service ps nginx
docker inspect | grep Err
```
```
docker network create \
--driver overlay \
--subnet 10.66.3.0/24 \
--opt encrypted \
web
docker network ls
# node IP
ip addr | grep -P -o '\d+\.\d+\.\d+\.\d+(?=/24)'
# service VIP
ip addr | grep -P -o '\d+\.(?!255)\d+\.\d+\.\d+(?=/32)'
```
## OS
### CoreOS
```
vi /etc/coreos/update.conf
update_engine_client -update
```
### boot2docker
Lightweight Linux for Docker
```
echo EXTRA_ARGS="--foo=bar" >> /var/lib/boot2docker/profile
```
## Windows/Mac
## Automated builds
Docker Hub | $5+/m:
Github Actions | 2k min/m:
Jetbrains Space |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://book.ferro.pro/container/docker.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.