Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ 24 Docker recommendations     - Struts2 form of non-use component tags (Programming)

- Systemd on RHEL7 (Linux)

- Analyzing Linux server architecture is 32-bit / 64-bit (Server)

- OpenvSwitch 2.1.2 shell script to start and stop (Linux)

- Docker study notes (Server)

- Video editing captions under Linux (Linux)

- IOwait Linux system monitoring diagnostic tools (Linux)

- Linux system network security tools sudo Introduction (Linux)

- Linux kernel network subsystem analysis (Programming)

- In-depth summary of the PHP core of object-oriented (Programming)

- Debian 8.2.0 (Jessie) fast clean installation tutorial (Linux)

- DRBD installation configuration, working principle and Recovery (Server)

- CentOS7 installation GAMIT and GMT (Linux)

- Eight sorting algorithm implemented in Python (Programming)

- Understanding the Linux load average on other UNIX-Like systems (Linux)

- Linux ./configure --prefix command (Linux)

- Linux suffered SYN flood attack setting (Linux)

- Java, extends and implements Usage (Programming)

- Install minimize RHEL / CentOS 7 things to do (Linux)

- Simple to use multi-threaded programming under Linux mutex and condition variable (Programming)

  24 Docker recommendations
  Add Date : 2018-11-21      
  In TES GLOBAL, we have fallen in love Docker and start using it from version 0.8 of Docker in a production environment. Many of our developers have participated in the training on DockerCon Europe. Here is our summary of some tips, hope can help students have Docker basis.

1. CLI

1.1 Amenity output docker ps of

Docker ps output through a pipe to less -S, such tabular row will not be collapsed.

docker ps - a | less -S
1.2 Refresh log

docker log no immediate refresh unless you use the -F option:

docker logs & lt; containerid> -F
1.3 gets a single value from a docker inspect the

docker inspect a large number of default output data in JSON format. You can use jq, to get the value for a particular key. Or you can use the built-go templates:

Finally, a docker container is now functioning properly?

docker inspect --format '{{.State.Running}}' $ (docker ps -lq)
1.4 Use docker exec instead of sshd or nsenter

If you viewed Docker release you will you will be very aware of this little trick. exec in New features in version 1.3 are added, it allows you to run a new process inside the container. So you do not run or install sshd nscenter on the host.

2. Dockerfiles

2.1 docker build support git repository

Not only can you create from the local Dockerfile in Docker mirror, you can simply specify a URL to a docker build warehouse, then docker build for you to finish the rest of the things.

2.2 no list of packages

Default image (such as Ubuntu) that does not contain a list of packages, the purpose is to make the mirror smaller. Requiring the need to use apt-get update on any basis in the Dockerfile.

2.3 note version of the package

Note that installing the package, because these commands are also cached up. It means that if you empty the cache, you might get a different version; long or if the cache is not updated, you may not get the latest security updates.

A small volume of 2.4 base image

On Docker Hub has an official true zero volume Docker image, its name is called scratch. So if you have such needs, you can make your image from scratch. And in most cases, you'd better start from busybox, its size is only 2.5M.

2.5 FROM default to obtain the latest

If, after the FROM keyword you do not specify a version of tag, then the default will be to obtain the latest. Note that this point, and to ensure as much as possible to specify a particular version.

2.6 shell or exec mode

Dockerfile can be specified in two ways commands (such as CMD RUN, etc.). If you only write command then it will be wrapped Docker execute sh -c command. You can also write in the form of an array of strings. The wording of the array does not depend on the container shell, because it will go using the exec. Docker developers recommend using the latter approach.

2.7 ADD vs COPY

ADD and COPY can create the container at the time of adding local files. However, there are some additional ADD magic, such as adding a remote file, unzip or untar a number of documents and other packages. Please understand this difference before using ADD.


Each command will create a new temporary image and run in a new shell, so if you can not run cd < directory> in Dockerfile or export < var> = < value>. Use WORKDIR set the working directory and use multiple commands to set the environment variable ENV.


CMD is a mirror when running the default command will be executed. ENTRYPOINT default is / bin / sh -c, then the CMD will be passed as a parameter. We can cover ENTRYPOINT in Dockerfile to let container like accepting command line parameters (specified in the default parameter CMD Dockerfile in).

Dockerfile in

ENTRYPOINT / bin / ls
CMD [ "-a"]
We cover the command line but still netrypoint ls

docker run training / ls -l
2.10 ADD placed at the end

If the file is changed, ADD will cache invalidation. Do not add things Dockerfile constantly changing in order to avoid caching. Your code in the end, will depend on libraries and foremost. For Node.js applications, this means package.json on the front, running nmp install and then add your code.

3. Docker network

Docker has a built-in IP pool for the specified container ip address. It is not visible outside, through the network port can access to the bridge.

Find 3.1 port mapping

docker run received an explicit port mapping as a parameter, or you can map all of the ports through the -P option. The advantage of the second approach is to prevent conflict. Through the following command to find the specified port:

docker port containerID portNumber

docker inspect --format '{{.NetworkSettings.Ports}}'
3.2 IP address of the container

Each container has its own IP address belonging to a private network (default IP may vary at restart, if you want to know the address, you can use:

docker inspect --format '{{.NetworkSettings.IPAddress}}' containerID
Docker tries to check for conflicts, in case of need to use a different network address.

3.3 to take over the host's network

docker run --net = host network can be reused. But do not do it.

4. Volume (volume)

A bypass directory or single file copy-on-write (copy-on-write) file system is close to zero load (bind mounts).

4.1 content volume will not be saved in the docker commit time

Write your volumes do not have much significance in the mirror after the establishment.

4.2 The default volume is readable and writable

But there is one: ro flag.

4.3 volumes and containers exist separately

As long as there is a container volume will use their presence. It can be shared by --volumes-from options between the container.

4.4 mount your docker.sock

You can only mount docker.sock can make your container to access Docker's API. Then you can run the command Docker in the container. Such containers can even kill themselves, run a Docker guardian process in which a vessel is not necessary.

5. Security

5.1 running as root Docker

Docker API to give access to the root, because you can use the / mapped to a volume, and then read or write. Or you can --net host to take over the host of the network. Do not expose Docker API if you need to use TLS.

5.2 Dockerfile of USER

By default Docker can run any command as root, but you can use USER. Docker without the user's name space, so the container will be seen as a user on the host user. But only UID and therefore you need to add the user inside the container.

5.3 Use TLS operation Docker API

Docker 1.3 release adds support for the TLS. They use manual authentication mechanism: the client and the server has a Key. Key is seen as the root user's password. Starting with version 1.3, Boot2docker default TLS and will generate a key for you.

Key generate additional support needs OpenSSL 1.0.1 or higher, then Docker daemon process needs to add --tls-verify option to run, Docker uses the secure port (2376).
- Ubuntu 12.04 installation NVIDIA GTX750 graphics driver (Linux)
- Debian 8.1 (amd64) deployed Memcached (Server)
- Oracle 11g new features and associated SQL TUNING (Database)
- Mhddfs: multiple smaller partitions into one large virtual storage (Linux)
- The traffic monitoring system: cacti (Linux)
- When Linux virtual machine to another copy of the operating system, a static IP NAT mode Invalid (Linux)
- How to install PlayOnLinux 4.2.5 under Ubuntu 14.04 / 12.04 (Linux)
- Java 8 perspective annotation types (Programming)
- Install Java on RHEL6 (Linux)
- Linux see whether there is a hacker program (Linux)
- Smack 4.1.x Upgrade Guide (Linux)
- Linux `dirname $ 0` (Linux)
- Oracle database import and export (Database)
- Object-C in the preparation of multi-parameter function parameter is omitted (Programming)
- Xmanager Remote Desktop connection CentOS (Linux)
- Virt Related Command Summary (Linux)
- Infinispan 8 new Redis cache storage implementation (Linux)
- Oracle Data Pump Example (Database)
- Java multi-threaded communications pipeline flow (Programming)
- IOwait Linux system monitoring diagnostic tools (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.