Docker

Docker¶

Get images with only the programs you need

Docker Commands¶

Download Docker Container:

docker pull rust
````

**Add Credential to docker fetch:**
```bash
docker login registry-1.docker.io

Copy files out of containers:

docker cp <DOCKER_NAME>:/go/xc.exe ./xc/xc.exe

Attach to Running Container¶

Running an Interactive Shell:

docker exec -it matrix-postgres /bin/bash
````

#### Run new Container

**Override entrypoint in a Docker Container:**
```bash
docker run -v $(pwd):/wd --rm -it --entrypoint=/bin/bash matrixdotorg/synapse:latest

Running an Interactive Shell in a Docker Container with Environment variables:

docker run --rm -v $(pwd):/wd --name rust --env-file ./.env -it rust /bin/bash
````

### Building a Container

**Build from Docker File with Tag:**
```bash
docker build . -t agendav

Docker File¶

Example Docker File:

# select operating system
FROM rust:latest

# install operating system packages 
RUN apt-get -y update
RUN apt-get -y install cmake docker mcrypt docker-compose libsasl2-dev && apt-get clean && rm -rf /var/lib/apt/lists/*
## add more packages, if necessary

#git config --global credential.helper "store --file ~/.git-credentials"
#echo -e "url=https://example.com\n\n" | git credential fill | git credential approve

#CARGO_NET_GIT_FETCH_WITH_CLI=true cargo test

WORKDIR /opt/docker-init
ENTRYPOINT ["./entrypoint"]

Multi Stage Docker:

FROM rust:latest as builder

RUN cargo build

FROM alpine as serve

COPY --from=builder ./build ./build

CMD ["./build/main"]
````

### Compose

https://github.com/Haxxnet/Compose-Examples


#### Commands

**Run a single Container:**
```bash
docker-compose -f docker-compose.yml up yourService

Run multiple files:

docker-compose -f docker-compose.yml -f docker-compose-public.yml up

Run multiple files for project:

docker-compose -f ./docker-compose-new.yml -p new_project_name up -d

Profiles¶

Docker Compose Profiles

Docker Mods¶

https://tailscale.dev/blog/docker-mod-tailscale

Nix Dockers¶

Networks¶

Bridge: Make a virtual switch and assign IP addresses. This makes it easy for info to go out but not connect back from the internet.

Host: Make the container use your network and open ports on your connection.

Macvlan: Connect your container to your internal network switch. Each Container has its own mac address and might not work with your router since there is more than one device on a single port. Need to enable promisc mode.
- You can also do vlans for this

IPVlan: Share MAC Address with host but with different IP

Disable iptables for docker¶

>>> cat /etc/docker/daemon.json
{
    "iptables": false
}

>>> service docker restart

Firewall Routing¶

Docker engine adds two custom chains, DOCKER and DOCKER-USER to the iptables

iptables:

ufw:

Docker Socket¶

Examples with HTTP Connections to the Docker Sokcet
https://blog.quarkslab.com/why-is-exposing-the-docker-socket-a-really-bad-idea.html