Some related posts:
- Collection for Interesting Docker Images
- Collection for Cyber Security Related Dockers
- Collection for Cloud Storage and Downloading Docker
- Docker Usage Introduction (Tips and Tricks)
- Portainer Usage Introduction
Docker Failed To Start Troubleshooting
- docker logs --since 1h nginx
- docker logs --tail 50 nginx
2023/12/17 03:15:56 [notice] 24#24: exiting 2023/12/17 03:15:56 [notice] 24#24: exit 2023/12/17 03:15:56 [notice] 1#1: signal 17 (SIGCHLD) received from 26 2023/12/17 03:15:56 [notice] 1#1: worker process 25 exited with code 0 2023/12/17 03:15:56 [notice] 1#1: worker process 26 exited with code 0 2023/12/17 03:15:56 [notice] 1#1: signal 29 (SIGIO) received 2023/12/17 03:15:56 [notice] 1#1: signal 17 (SIGCHLD) received from 24 2023/12/17 03:15:56 [notice] 1#1: worker process 24 exited with code 0 2023/12/17 03:15:56 [notice] 1#1: exit /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2023/12/17 03:15:58 [emerg] 1#1: host not found in upstream "portainer" in /etc/nginx/conf.d/portainer.conf:6 nginx: [emerg] host not found in upstream "portainer" in /etc/nginx/conf.d/portainer.conf:6
Cause: portainer docker was upgraded but there was manually change joined into a Docker network which portainer docker is in. Upgrade portainer docker did not join that network automatically which cause host can not be resolved.
Docker pull rate limit
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading
You get this error when you try to pull an image from the public Docker Hub repository after you have reached your Docker pull rate limit. Docker Hub uses IP addresses to authenticate the users, and pull rates limits are based on individual IP addresses.
- For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address.
- For authenticated users with a Docker ID, the pull rate is set to 200 pulls per 6-hour period.
- If your image pull request exceeds these limits, these requests are denied until the six-hour window elapses.
Every docker pull command execution counts against your quota regardless if the requested image is up to date or not. Hitting the request limit is a piece of cake if you deploy your application stack to a cluster.
Use Docker Login command to authenticate yourself first, then try to pull again.
Copy docker file in / out
Copy file out from the inside of container:
- docker cp docker_nginx:/etc/nginx/config.d/portainer.conf .
Copy file back into inside of container:
- docker cp portainer.conf docker_nginx:/etc/nginx/config.d/portainer.conf .
Are You Inside Docker Environment
While creating a Docker container, a file “.dockerenv” is created at the root of the container. So, searching for this file could help us to know if we are inside the docker container or not.
On the Non-Container machine −
$ ls -la | grep ./dockerenv
This gives no output, hence the file is missing.
Now try on the Container machine −
/ # ls -la | grep .dockerenv
Output
-rwxr-xr-x 1 root root 0 Dec 18 14:00 .dockerenv
Hence this proves we are on the container.
Here is an example from https://ide.goorm.io/ site:
root@goorm:/# ls -la
total 84
drwxr-xr-x 81 root root 4096 Jul 28 14:31 .
drwxr-xr-x 81 root root 4096 Jul 28 14:31 ..
-rwxr-xr-x 1 root root 0 Jul 28 14:23 .dockerenv
drwxr-xr-x 2 root root 4096 Jul 28 14:31 bin
drwxr-xr-x 2 root root 4096 Apr 24 2018 boot
drwxr-xr-x 5 root root 360 Jul 28 14:23 dev
drwxr-xr-x 149 root root 4096 Jul 28 14:31 etc
drwxr-xr-x 5 root root 4096 Feb 24 2020 goorm
drwxr-xr-x 6 root root 4096 Jul 28 14:10 goormService
drwxr-xr-x 2 root root 4096 Apr 24 2018 home
drwxr-xr-x 23 root root 4096 Jul 28 14:30 lib
drwxr-xr-x 2 root root 4096 Jul 18 2019 lib64
drwxr-xr-x 2 root root 4096 Jul 18 2019 media
drwxr-xr-x 2 root root 4096 Jul 18 2019 mnt
drwxr-xr-x 2 root root 4096 Jul 18 2019 opt
dr-xr-xr-x 496 root root 0 Jul 28 14:23 proc
drwx------ 11 root root 4096 Jul 28 14:11 root
drwxr-xr-x 12 root root 4096 Jul 28 14:31 run
drwxr-xr-x 2 root root 4096 Jul 28 14:30 sbin
drwxr-xr-x 2 root root 4096 Jul 18 2019 srv
dr-xr-xr-x 13 root root 0 Jul 28 14:32 sys
drwxrwxrwt 833 root root 4096 Jul 28 14:31 tmp
drwxr-xr-x 42 root root 4096 Jul 28 14:30 usr
drwxr-xr-x 33 root root 4096 Jul 28 14:29 var
drwxr-xr-x 3 root root 4096 Jul 28 14:10 workspace
root@goorm:/#
Docker & Docker Compose Installation
Install Docker
#Ubuntu
root@Ubuntu18:/# curl -sSL https://get.docker.com/ | sh
For Ubuntu 20.04, it will be even eaiser to install:
#Ubuntu 20.04
sudo apt install docker.io
#CentOS 6
Or , references of my other posts:- Simplest Steps to Install Docker and Docker Compose into Ubuntu (16.04,18.04) and CentOS 7New
- Portainer and Docker UsageNew
Install Docker Compose
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
note: Check the latest version of docker-compose from https://docs.docker.com/compose/release-notes/
#Ubuntu 20.04
sudo apt install docker-composeOr you can play docker at Play with Docker online.
Common Docker Commands
- docker –version
- docker pull <image name>
- docker run -it -d <image name>
- docker ps
- docker ps -a //show all the running and exited containers
- docker exec -it <container name> /bin/bash
- or docker exec -it <container name> sh
- docker stop
- docker kill //kills the container by stopping its execution immediately
- docker commit //creates a new image of an edited container on the local system
- docker login //login to the docker hub repository
- docker push <username/image name> //push an image to the docker hub repository
- docker images //lists all the locally stored docker images
- docker rm <container id>
- docker rmi <image-id>
- docker build <path to docker file> //build an image from a specified docker file
- docker log <container-id> // show logs about your container, for troubleshooting
2020-03-17T15:24:42.758002000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied
2020-03-17T15:24:43.410251000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied
Backup image and load the backup
root@Ubuntu18-Docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx latest ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker save -o /root/nginx.tar nginx
root@Ubuntu18-Docker:~# ls
nginx.tar snap
root@Ubuntu18-Docker:~#
You can load this tar file into other machine's image list:
root@controller:~# docker load -i /root/nginx.tar
Export Container / Import to Image
docker export / docker import and docker save / docker load serve different purposes.docker export (and import) are commands to export/import a container's root filesystem; from the command's "help" output;Export a container's filesystem as a tar archive
When running these commands, you'll only get an archive of the container's filesystem, but not the image's configuration (such as the
CMD, ENTRYPOINT and ENV).
The
docker save / docker load commands on the other hand, allow you to save/load an image, including their configuration. From the command description;Using those commands, you can transfer an image between docker hosts (without using a registry), and preserve the layers and image configuration.root@Ubuntu18-Docker:~# docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f2118c12a0f nginx:latest "nginx -g 'daemon of…" 7 days ago Up 7 days 0.0.0.0:80->80/tcp, 443/tcp Nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker stop Nginx1
Nginx1
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f2118c12a0f nginx:latest "nginx -g 'daemon of…" 7 days ago Exited (0) 14 seconds ago Nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker export Nginx1 > /root/Container-Nginx1.tar
root@Ubuntu18-Docker:~# docker rm Nginx1
Nginx1
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker import /root/Container-Nginx1.tar Nginx1
invalid reference format: repository name must be lowercase
root@Ubuntu18-Docker:~# docker import /root/Container-Nginx1.tar nginx1
sha256:df44fea67db399580e7cbdd5d09bd882c91bfe96d43c4b0c0f639aa7f74c9e20
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx1 latest df44fea67db3 7 minutes ago 143MB
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx latest ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker run -d --name Nginx1 --restart=always -p 80:80 nginx1
docker: Error response from daemon: No command specified.
See 'docker run --help'.
Docker export command doesnot export all information such history information. It will give you all files and folder structure in the running docker. Use Docker Inspect command to check CMD and entrypoint. Put Entrypoint such as /bin/bash into a Dockerfile
From:nginx1
CMD: /bin/bash
You will be able to bring it up, but the services might still run properly.
Create Own Image Using Your Container
docker loginroot@Ubuntu18-Docker:~# docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0457b6159da9 nginx:latest "nginx -g 'daemon of…" 16 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker commit nginx1 nginx1netsec
sha256:0cf3a7c347f9bca870bd97b9e40bfc11e959e8220e4529d49e4f452cd5de8e68
root@Ubuntu18-Docker:~# docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx1netsec latest 0cf3a7c347f9 6 seconds ago 145MB
nginx latest e791337790a6 3 days ago 127MB
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx <none> ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker stop nginx1
nginx1
root@Ubuntu18-Docker:~# docker run --name nginx2 --restart=always -p 80:80 -d nginx1netsec
5fbe841d1f407db372ef8a69fe5295900b3b5b8eeea7d6d7be45f7eed247a19c
root@Ubuntu18-Docker:~#
root@Ubuntu18-Docker:~# docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fbe841d1f40 nginx1netsec "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp nginx2
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~#
Notice that certain directories are considered volume directories by docker, meaning that they are container specific and therefore never saved in the image. The /data directory is such an example. When docker commit my_container my_image:my_tag is executed, all of the containers filesystem is saved, except for /data. To work around it, you could do:
mkdir /data0
cp /data/* /data0
Then, outside the container:
docker commit my_container my_image:my_tag
Then you would perhaps want to copy the data on /data0 back to /data, in which case you could make a new image:
On the Dockerfile:
FROM my_image:my_tag
CMD "cp /data0 /data && my_other_CMD"
Notice that trying to copy content to /data in a RUN command will not work, since a new container is created in every layer and, in each of them, the contents of /data are discarded. After the container has been instatiated, you could also do:
docker exec -d my_container /bin/bash -c "cp /data0/* /data"=========================================================================
Here is an example how to download a image from DockerHub and how to push it to your own repository:
docker pull devisty/xssh:v2
docker image list
Create a new repository xssh from your Dockerhub's johnyan2 account.
docker tag devisty/xssh:v2 johnyan2/xssh:latest
docker push
Publish Your Own Docker Image to Docker Hub
root@Ubuntu18-Docker:~# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: johnyan2
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@Ubuntu18-Docker:~# docker commit nginx1netsec
root@Ubuntu18-Docker:~# docker tag nginx1netsec johnyan2/nginx1netsec:latest
root@Ubuntu18-Docker:~# docker push johnyan2/nginx1netsec:latest
The push refers to repository [docker.io/johnyan2/nginx1netsec]
a0ad3b8aa236: Pushed
be91fceb796e: Pushed
919b6770519b: Pushed
b60e5c3bcef2: Pushed
latest: digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28 size: 1160
You might need to copy your backed up files to configuration folder using following command:docker exec -d my_container /bin/bash -c "cp /data0/* /data"
Pull and run your own Docker:
$ docker pull johnyan2/nginx1netsec
Using default tag: latest
latest: Pulling from johnyan2/nginx1netsec
123275d6e508: Already exists
6cd6a943ce27: Already exists
a50b5ac4a7fb: Already exists
75facb91406e: Pull complete
Digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28
Status: Downloaded newer image for johnyan2/nginx1netsec:latest
docker.io/johnyan2/nginx1netsec:latest
[node1] (local) [email protected] ~
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
johnyan2/nginx1netsec latest 0cf3a7c347f9 11 hours ago 145MB
nginx latest e791337790a6 4 days ago 127MB
[node1] (local) [email protected] ~
$ docker run -p 80:80 --name Nginx1 -d johnyan2/nginx1netsec
a4e00ef3a26aede705f6519d34baeab2045b31153a4ad2b1a75bb1ec928d27f5
[node1] (local) [email protected] ~
$ netstat -lantp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:35667 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 36/sshd
tcp 0 0 :::22 :::* LISTEN 36/sshd
tcp 0 0 :::2375 :::* LISTEN 20/dockerd
tcp 0 0 :::80 :::* LISTEN 2283/docker-proxy
tcp 0 0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39999 ESTABLISHED 20/dockerd
tcp 0 0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39823 ESTABLISHED 20/dockerd
[node1] (local) [email protected] ~
You also can download an image to local then push it to your own repository:
Use Dockerfile to create your own image
Apache with a Dockerfile
FROM php:7.2-apache
COPY src/ /var/www/html/
Where src/ is the directory containing all your PHP code. Then, run the commands to build and run the Docker image:
docker pull php:7.2-apache
docker build -t speedtest .
docker run -dit --name st -p 80:80 speedtest
2 Only Delete non-running volumes and images
You will get an error message for those running dockers, but will not be deleted.
In this way, you will not need to install nano or vi into your docker.
$ apk add virt-what
Note: One Docker log file used 32G disk space
Restart Docker service:
If there is any errors or failed restart docker service, you can remove ipv6 part since it might not supported on your VPS.
Run Scheduled Task in Docker
For example , use Certbo command to renew HTTPS/SSL certificate in Docker:
Run it from host( certbotdocker is container 's name):
Put it into
crontab -e :Clean Docker Images and Volumes
1 Delete All Images and Vulumes (even it is running)
Save follow code to docker-cleanup.sh:
Run .sh file:
2 Only Delete non-running volumes and images
You will get an error message for those running dockers, but will not be deleted.
Write Keyboard Inputs into a File from Command Line
Using cat command to directly write keyboard inputs into a file.
root@8a14b324cde5:/etc/nginx/conf.d# cat > portainer.conf <<EOF
> server {
> listen 80;
> server_name awsportainer.51sec.org;
>
> location / {
> proxy_pass http://aws.51sec.org:9000;
> proxy_redirect off;
> proxy_http_version 1.1;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> }
> }
> EOF
Note: $ will be omitted from the file. If you will need to enter $, you might still need install nano or vi.
Or CTRL+D to end input and save to file.
- Make a text file on Linux: $ cat > filename.txt.
- Add data and press CTRL + D to save the filename.txt when using cat on Linux.
Docker Networking
1)Create a new network
2)Connect container into network
or join existing docker into network
3)ping docker with its name
Ps:需要注意的是,如果容器没有指定名称(--name),那么就只能用id。
64 bytes from c1 (172.18.0.4): icmp_seq=1 ttl=64 time=0.137 ms
64 bytes from c1 (172.18.0.4): icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from c1 (172.18.0.4): icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from c1 (172.18.0.4): icmp_seq=4 ttl=64 time=0.074 ms
请参阅文档的此部分;
注意:与旧版本不同links,新网络将不会创建环境变量,也不会与其他容器共享环境变量。
此功能当前不支持别名
4)Disconnect from default bridge network
由于容器仍然连接着默认bridge docker0,而现在我们已经不需要它,所以应该将容器与docker0的连接断开,执行以下操作:
docker network Doc:https://docs.docker.com/network/
[root@centos-nextcloud-aria2 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d2daf16b85d2 bridge bridge local
ced0ba273013 host host local
5bbc16718b13 none null local
[root@centos-nextcloud-aria2 ~]# docker network create mynetwork
118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93
[root@centos-nextcloud-aria2 ~]# docker network connect mynetwork nginx
[root@centos-nextcloud-aria2 ~]# docker network connect mynetwork portainer
[root@centos-nextcloud-aria2 ~]# docker network inspect mynetwork
[
{
"Name": "mynetwork",
"Id": "118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93",
"Created": "2021-04-20T16:04:26.972255453Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2533d99553373027929bdddd7db0de20b8d1bce8fdfc3dca07be28996960b1b8": {
"Name": "nginx",
"EndpointID": "13caa8d46093ecd672827998c9a0637f95136b900f846327db50edffb312d20b",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"312eec9453fbf1856dfafe3320fcc7518d15fd2a678e4f60711c1ec2dd9bdb4c": {
"Name": "portainer",
"EndpointID": "e115dcf5fc70366ff1e10951fd36879be76979ed78c51f15fb9d25765218eaac",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
You might need to install ping utility first using comand
- apt update & apt install iputils-ping
[root@centos-nextcloud-aria2 ~]# docker exec -it nginx ping portainer
PING portainer (172.18.0.3) 56(84) bytes of data.
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=3 ttl=64 time=0.050 ms
^C
--- portainer ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.050/0.071/0.083/0.018 ms
[root@centos-nextcloud-aria2 ~]# docker network disconnect bridge nginx
[root@centos-nextcloud-aria2 ~]# docker network disconnect bridge portainer
[root@centos-nextcloud-aria2 ~]#
Troubleshooting
[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
docker: Error response from daemon: path /var/data is mounted on / but it is not a shared mount.
[node1] (local) [email protected] ~
$ mount --make-shared /
[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
[node1] (local) [email protected] ~
root@ub20-1-test:~# docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 2 1 834.5MB 15.21MB (1%)
Containers 1 1 1.784MB 0B (0%)
Local Volumes 7 0 112.1kB 112.1kB (100%)
Build Cache 0 0 0B 0B
root@ub20-1-test:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alekslitvinenk/openvpn latest 312262dfa054 13 days ago 15.2MB
qualys/qcs-sensor latest 12e78646bce8 2 months ago 819MB
root@ub20-1-test:~#
Docker Data Backup & Restore
Check Docker data size:
root@hpthin:~# docker ps -s
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
974f72a5b8f4 luodaoyi/kms-server:latest "/bin/sh -c 'vlmcsdm…" 15 months ago Up 3 months 0.0.0.0:1688->1688/tcp, :::1688->1688/tcp kms 0B (virtual 5.74MB)
754f4e9fbbc5 pihole/pihole:latest "/s6-init" 16 months ago Up 3 months (healthy) 0.0.0.0:53->53/udp, :::53->53/udp, 0.0.0.0:53->53/tcp, :::53->53/tcp, 0.0.0.0:80->80/tcp, 0.0.0.0:67->67/udp, :::80->80/tcp, :::67->67/udp pihole 47.2MB (virtual 383MB)
e17a5f818091 openspeedtest/latest:latest "/docker-entrypoint.…" 16 months ago Up 3 months 0.0.0.0:3000-3001->3000-3001/tcp, :::3000-3001->3000-3001/tcp, 8080/tcp OpenSpeedTest 2B (virtual 55.6MB)
ea61e3109076 portainer/portainer-ce:latest "/portainer" 17 months ago Up 3 months 8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp hp-tc-portainer 0B (virtual 210MB)
- Size - The amount of data (on disk) that is used by each container (write)
- Virtual size -The amount of disk space used for the read-only image of each container.
Note: ncdu program can be used to check folder size in linux.
Since when a docker created, the required folders in container have been mounted to your local host folders, also the docker image always can be downloaded it again, we only need to backup those mounted local folders.
Usually to make backup process simplified is to create your own specific folder to store your Docker data:
mkdir -p data/docker_data
If you have not done this step before, you can inspect your docker to find out mount settings:
docker inspect <dockername>
root@hpthin:~# docker inspect hp-tc-portainer
[
{
"Id": "ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9",
"Created": "2021-07-04T00:42:29.61723624Z",
"Path": "/portainer",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1853,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-08-20T12:24:01.245072415Z",
"FinishedAt": "2022-08-20T12:23:46.134177221Z"
},
"Image": "sha256:8bd64518b97697ed2d0d00b5dfd46260f729cdb5ae8120b38e404a05ad08f61b",
"ResolvConfPath": "/var/lib/docker/containers/ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9/hostname",
"HostsPath": "/var/lib/docker/containers/ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9/hosts",
"LogPath": "/var/lib/docker/containers/ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9/ea61e3109076472b9c7922965cdbc1cd2badc462e22922cb9e30bc6fea8935d9-json.log",
"Name": "/hp-tc-portainer",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/var/run/docker.sock:/var/run/docker.sock",
"portainer_data:/data"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"9000/tcp": [
{
"HostIp": "",
"HostPort": "9000"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/167e59329997dad5067d8fd9b9a453d94cb44e22037677fcb5dce21de56a3dee-init/diff:/var/lib/docker/overlay2/91c12c584759da4f38c6a90943da940d5203ea5083a44f1d47d3324964c270c3/diff:/var/lib/docker/overlay2/b58cc223289bfc2f831da6d3cc03a2cb394cc97067b5fae7bac1163fde9a6850/diff:/var/lib/docker/overlay2/36213f2fd54546fef2a7c751f07baba95fe6a76be88152593102f0b8d11be555/diff",
"MergedDir": "/var/lib/docker/overlay2/167e59329997dad5067d8fd9b9a453d94cb44e22037677fcb5dce21de56a3dee/merged",
"UpperDir": "/var/lib/docker/overlay2/167e59329997dad5067d8fd9b9a453d94cb44e22037677fcb5dce21de56a3dee/diff",
"WorkDir": "/var/lib/docker/overlay2/167e59329997dad5067d8fd9b9a453d94cb44e22037677fcb5dce21de56a3dee/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "portainer_data",
"Source": "/var/lib/docker/volumes/portainer_data/_data",
"Destination": "/data",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Destination": "/var/run/docker.sock",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "ea61e3109076",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"8000/tcp": {},
"9000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"Image": "portainer/portainer-ce:latest",
"Volumes": {
"/data": {}
},
"WorkingDir": "/",
"Entrypoint": [
"/portainer"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "c7c1f390aeccac751d375d060e93f2b7f154fc5cd5df426df68dc1950c9cdc8c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8000/tcp": null,
"9000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "9000"
},
{
"HostIp": "::",
"HostPort": "9000"
}
]
},
"SandboxKey": "/var/run/docker/netns/c7c1f390aecc",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "4081d3dabcfa98d1d8642bc48a921bd7ec737535ad3391a89991f5bee081f784",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "6c771e8cb72dd4577a7f4f084b0be488bb02b1ac6b361dac88fabc39caa0ea79",
"EndpointID": "4081d3dabcfa98d1d8642bc48a921bd7ec737535ad3391a89991f5bee081f784",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
root@hpthin:~#
Or use following command directly back the folder up if you know the path:
- docker run --rm --volumes-from CONTAINER -v $(pwd):/backup busybox tar cvfz /backup/backup.tar CONTAINERPATH
Change two parameters :
- CONTAINER(docker name)
- CONTAINERPATH(the path inside of docker)
For example:
- docker run --rm --volumes-from bitwarden -v $(pwd):/backup busybox tar cvfz /backup/backup.tar /data
Using SCP transfer backed up file to remote server:
- scp /root/backup/backup.tar [email protected]:/root/data/docker-data/bitwarden
Other commands
upzip:
- tar -zxvf /root/data/docker-data/bitwarden/backup.tar
rename:
- mv data bw-data #rename from data to bw-data
Free Docker Playground
1. PWD https://labs.play-with-docker.com/
$ apk add virt-what
$ sudo apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
v3.16.2-203-g16a4499ea3 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.2-202-ge26245aea1 [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 17053 distinct packages available
[node1] (local) [email protected] ~
$ sudo apk add git
OK: 395 MiB in 156 packages
[node1] (local) [email protected] ~
$ git --version
git version 2.36.2
[node1] (local) [email protected] ~
$ Note: If you are using PWD (Play with docker), the copy shortcut key is ctrl+insert, paste is ctrl+shift+v or ctrl+insert.2. https://www.koyeb.com/
Docker Log Issue
[root@centos7-docker-portainer 1f9dad0548c5c1b45b30bf6f61183149d9aff3f575f3ddb4a2dbe9e5b8dee1fc]# ls -l
total 32863468
-rw-r-----. 1 root root 33652035791 Dec 19 15:12 1f9dad0548c5c1b45b30bf6f61183149d9aff3f575f3ddb4a2dbe9e5b8dee1fc-json.log
drwx------. 2 root root 6 Mar 18 2021 checkpoints
-rw-------. 1 root root 10480 Apr 16 2022 config.v2.json
-rw-r--r--. 1 root root 6279 Apr 16 2022 hostconfig.json
-rw-r--r--. 1 root root 13 Apr 16 2022 hostname
-rw-r--r--. 1 root root 174 Apr 16 2022 hosts
drwx------. 3 root root 17 Mar 18 2021 mounts
-rw-r--r--. 1 root root 88 Apr 16 2022 resolv.conf
-rw-r--r--. 1 root root 71 Apr 16 2022 resolv.conf.hash
Enable IPv6 and Limit Log File Size (Ubuntu)
Add customized self defined IPv6 address segment to enable container's IPv6 fucntion. And limit log file's size and numbers in case log file to fill all hard drive's space.
cat > /etc/docker/daemon.json << EOF
{
"log-driver": "json-file",
"log-opts": {
"max-size": "20m",
"max-file": "3"
},
"ipv6": true,
"fixed-cidr-v6": "fd00:dead:beef:c0::/80",
"eixperimental":true,
"ip6tables":true
}
EOFRestart Docker service:
systemctl restart dockerOn CentOS, you might want to remove ipv6 part:
cat > /etc/docker/daemon.json << EOF
{
"log-driver": "json-file",
"log-opts": {
"max-size": "20m",
"max-file": "3"
}
}
EOF
No comments:
Post a Comment