First steps
Run container (first time, download and run)
$ docker run <options> <image>
Start container
$ docker start <name or ID>
Stop container
$ docker stop <name or ID>
List containers
$ docker ps [-a]
-a lists also stopped containers
Remove container
$ docker rm <name or ID> [-v]
-v include volumes
Search for image on hub
$ docker search <name>
Download image only
$docker pull <image>
Example of running container
$ docker run -d --name <name> -p <host port:container port> <image>
-d = detach/daemon --name = the name you want to give the container -p = port/publish
Another example
$ docker run -d --name nginx -p 80:80 -v $(pwd):/usr/local/nginx/html nginx
-v = volume where the first part is the host directory ($(pwd) = current dir) and the second part is the container directory
Autostart
is built-in from docker v1.11 and can easily be changed with
$ docker update --restart=<no|on-failure|unless-stopped|always> <container>
Use docker inspect to check the “RestartPolicy” key for the current autostart setting
$ docker inspect <container> | grep -A 3 "RestartPolicy"
this lists the line where “RestartPolicy” is found and the following three lines.
Getting a terminal inside a container
Method 1
$ docker inspect <container> | grep Pid $ nsenter -m -u -n -p -i -t <Pid from above command> /bin/bash
Method 2
$ docker-enter <container>
Method 3
$ docker exec -it <container> /bin/bash
Use exit to leave container, while container is still running
nano editor
Making the nano editor work in a container.
Error: "Error opening terminal:unknown"
Solution: run container with -t (TTY option)
set environment variable $TERM: export TERM=xterm
Alternatively add to the docker file
ENV TERM xterm
application examples
These are real examples I use or have used
Gitlab
Source: http://docs.gitlab.com/omnibus/docker/README.html
$ docker image pull gitlab/gitlab-ce
$ docker container run -d -h git.azura.ld -p 10.60.1.54:443:443 -p 10.60.1.54:80:80 -p 10.60.1.54:22:22 --name gitlab --restart always \
-v /data/docker_data/gitlab/config:/etc/gitlab \
-v /data/docker_data/gitlab/logs:/var/log/gitlab \
-v /data/docker_data/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
Additional steps
- create certificates (git.azura.ld.crt & .key)
- copy certs to /data/docker_data/gitlab/config/ssl
- change gitlab.rb:
external_url "https://git.azura.ld" nginx['redirect_http_to_https'] = true
- restart docker container
$ docker restart gitlab
- change gitlab.rb:
Email settings
Mumble server
Source: https://github.com/dcshock/docker-mumble-server
$ docker pull dcshock/docker-mumble-server
$ docker volume create --driver local --name mumble-db --opt type=none --opt device=/data/docker_data/mumble-server/db --opt o=uid=root,gid=root,bind
$ docker container run -d -p 64738:64738 --name mumble --restart=unless-stopped -v mumble-db:/var/lib/mumble-server dcshock/docker-mumble-server
- standard password for superuser is
admin - SSH login with the user
adminand passwordadmin(you should change the standard password!) - change to root with
$ sudo su - root
Change super user password (when in SSH session)
$ murmurd -supw <password>
NOTES It was necessary to create a volume for the db to enable the container to access it else I got an access denied!
Owncloud
$ docker pull owncloud $ docker run -d -p 83:80 -v /var/www/html --name owncloud owncloud
Owncloud is now accessible on <host>:83 use that to configure the server
Make a vhost using nginx and proxy forward port 443 to 83 on the container. Nginx on the host is now handling SSL, so no SSL is necessary on the container.
Owncloud must have the hostname in the “trusted_domains” array else a security error is given on login.
For heightened security restrict access to the container with iptables.
MailCatcher
MailCatcher is an application that acts like a mail server and receives and displays all messages in a webpage.
It's especially interesting in a development environment in that it always receives the message and you never accidentally send messages to thousands of real people by mistake.
$ docker pull schickling/mailcatcher $ docker run -d -p 1080:1080 -p 1025:1025 --name mailcatcher schickling/mailcatcher
The web interface is now accessible on localhost port 1080. You should point your (PHP) script to the server localhost with the port 1025. No login or password is necessary.
Plex Media Server
$ docker image pull plexinc/pms-docker:latest
Create volumes
$ docker volume create --driver local --name plex_config --opt type=none --opt device=/data/docker_data/plexmediaserver --opt o=uid=root,gid=root,bind $ docker volume create --driver local --name plex_data --opt type=none --opt device=/data/media --opt o=uid=root,gid=root,bind,readonly
Run container
$ docker container run -d --name plex -p 10.60.1.51:32400:32400/tcp \ -e TZ="Europe/Copenhagen" -e PLEX_CLAIM="claim-i9pquDSQQyQERMu2JUDD" \ -e ADVERTISE_IP="http://10.60.1.51:32400/" -h azura.ld \ -v plex_config:/config \ -v plex_data:/data/media \ --restart=unless-stopped plexinc/pms-docker:latest
NOTES You should of course change the PLEX_CLAIM variable as it's only working for 4 minutes. (get a new from https://www.plex.tv/claim )
Network ports and their uses:
- UDP: 1900 (for access to the Plex DLNA Server)
- TCP: 3005 (for controlling Plex Home Theater via Plex Companion)
- UDP: 5353 (for older Bonjour/Avahi network discovery)
- TCP: 8324 (for controlling Plex for Roku via Plex Companion)
- UDP: 32410, 32412, 32413, 32414 (for current GDM network discovery)
- TCP: 32469 (for access to the Plex DLNA Server)
Emby Media Server
$ docker image pull emby/embyserver:latest
Create volumes
$ docker volume create --driver local --name emby_config --opt type=none --opt device=/data/docker_data/embymediaserver/config --opt o=uid=root,gid=root,bind $ docker volume create --driver local --name plex_data --opt type=none --opt device=/data/media --opt o=uid=root,gid=root,bind,readonly
NB! used the same data directory as plex.
Run container
$ docker container run -d --name emby \ -v emby_config:/config \ -v plex_data:/mnt/mediafolder \ --device /dev/dri:/dev/dri \ -p 192.168.35.3:8096:8096 \ -p 192.168.35.3:8920:8920 \ -e UID=1000 \ -e GID=1000 \ -e GIDLIST=39 \ --restart=unless-stopped emby/embyserver:latest