https://linzeyan.github.io/categories/docker/Recent content in Docker on RickyHugo -- gohugo.ioenSun, 11 Jan 2026 15:22:11 +0800https://linzeyan.github.io/posts/2026/20260111-wud/Sun, 11 Jan 2026 15:22:11 +0800https://linzeyan.github.io/posts/2026/20260111-wud/<ul> <li><a href="https://blog.ibytebox.com/archives/TKFPS2tq" target="_blank" rel="noopener">Replace Watchtower with WUD: Build a Controlled Docker Auto-Update Plan</a></li> </ul> <p>WUD (What&rsquo;s Up Docker)</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">wud</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">getwud/wud:latest</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">wud</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;3000:3000&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/var/run/docker.sock:/var/run/docker.sock</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">./store:/store</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">TZ=Asia/Shanghai</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Local Docker watcher</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_SOCKET=/var/run/docker.sock</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Key: do not watch any containers by default</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_WATCHBYDEFAULT=false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Scan every 12 hours</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_CRON=0 */12 * * *</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Auto update + prune old images after update</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_TRIGGER_DOCKER_AUTO_PRUNE=true</span> <span style="color:#75715e"># Equivalent to `watchtower --cleanup`</span> </span></span></code></pre></div><h4 id="monitor-only-no-auto-update">Monitor only (no auto update)</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">labels</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.watch=true&#34;</span> </span></span></code></pre></div><ul> <li>Appears in the WUD UI</li> <li>Shows update hints</li> <li>Does not auto-restart</li> </ul> <h4 id="monitor--auto-update-watchtower-equivalent">Monitor + auto update (Watchtower equivalent)</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">labels</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.watch=true&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.trigger.include=docker.auto&#34;</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2025/20250903-linux-docker-nftables/Wed, 03 Sep 2025 09:03:00 +0800https://linzeyan.github.io/posts/2025/20250903-linux-docker-nftables/<ul> <li><a href="https://blog.ibytebox.com/archives/docker-rong-qi-wu-fa-fang-wen-wai-wang-nftables-xia-de-nat-pei-zhi-zhi-nan" target="_blank" rel="noopener">Docker Containers Can&rsquo;t Access the Internet? NAT Configuration Guide for nftables</a></li> </ul>https://linzeyan.github.io/posts/2025/20250801-linuxserver.io/Fri, 01 Aug 2025 15:52:00 +0800https://linzeyan.github.io/posts/2025/20250801-linuxserver.io/<ul> <li><a href="https://ivonblog.com/posts/linuxserver-io-docker-applications/" target="_blank" rel="noopener">Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps</a></li> <li><a href="https://www.linuxserver.io/our-images" target="_blank" rel="noopener">LinuxServer.io Official Site</a></li> </ul>https://linzeyan.github.io/posts/2025/20250801-gluetun-vpn-docker/Fri, 01 Aug 2025 15:51:00 +0800https://linzeyan.github.io/posts/2025/20250801-gluetun-vpn-docker/<ul> <li><a href="https://ivonblog.com/posts/gluetun-vpn-docker/" target="_blank" rel="noopener">Gluetun: Route Docker Containers Through a VPN, Disconnect on No Network</a></li> </ul> <h2 id="gluetun">Gluetun</h2> <ul> <li>OpenVPN</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gluetun</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">qmcgaw/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">cap_add</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">NET_ADMIN</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">devices</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/dev/net/tun:/dev/net/tun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8888</span>:<span style="color:#ae81ff">8888</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># HTTP proxy</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/udp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/home/user/gluetun:/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: <span style="color:#75715e"># Fill in based on your VPN provider&#39;s OpenVPN config</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_SERVICE_PROVIDER=protonvpn</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_TYPE=openvpn</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">OPENVPN_USER=</span> <span style="color:#75715e"># OpenVPN username</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">OPENVPN_PASSWORD=</span> <span style="color:#75715e"># OpenVPN password</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">SERVER_COUNTRIES=United Kingdom</span> <span style="color:#75715e"># Set server country, separated by commas</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipv4_address</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">bridge</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipam</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">config</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">subnet</span>: <span style="color:#ae81ff">172.27.0.0</span><span style="color:#ae81ff">/16</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">gateway</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span></code></pre></div><ul> <li>WireGuard</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gluetun</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">qmcgaw/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">cap_add</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">NET_ADMIN</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">devices</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/dev/net/tun:/dev/net/tun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8888</span>:<span style="color:#ae81ff">8888</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># HTTP proxy</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/udp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/home/user/gluetun:/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_SERVICE_PROVIDER=protonvpn</span> <span style="color:#75715e"># Fill in based on your VPN provider&#39;s WireGuard config</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_TYPE=wireguard</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_PRESHARED_KEY=</span> <span style="color:#75715e"># Preshared key</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_PRIVATE_KEY=</span> <span style="color:#75715e"># Private key</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_ADDRESSES=</span> <span style="color:#75715e"># Set IPv4 and IPv6 addresses, separated by commas</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">SERVER_COUNTRIES=United Kingdom</span> <span style="color:#75715e"># Set server country, separated by commas</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipv4_address</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">bridge</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipam</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">config</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">subnet</span>: <span style="color:#ae81ff">172.27.0.0</span><span style="color:#ae81ff">/16</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">gateway</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span></code></pre></div><h2 id="let-containers-use-gluetuns-vpn-connection">Let containers use Gluetun&rsquo;s VPN connection</h2> <ul> <li>If the service and Gluetun are in the same docker-compose, add network mode: network_mode: &ldquo;service:gluetun&rdquo;</li> <li>If the service is in a different docker-compose from Gluetun, add network_mode: &ldquo;container:gluetun&rdquo;</li> <li>Open Gluetun&rsquo;s docker-compose file and re-add the service ports you need (e.g. 8080)</li> <li>Start Gluetun first, then start services that should use Gluetun&rsquo;s VPN connection</li> <li>The container&rsquo;s public IP should match the VPN server you selected</li> </ul>https://linzeyan.github.io/posts/2024/20240806-best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly/Tue, 06 Aug 2024 12:26:26 +0800https://linzeyan.github.io/posts/2024/20240806-best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly/<ul> <li><a href="https://soulteary.com/2024/08/05/best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly.html" target="_blank" rel="noopener">Build a Private Object Storage with Traefik v3 and MinIO in Docker</a></li> <li><a href="https://github.com/soulteary/traefik-minio-example.git" target="_blank" rel="noopener">https://github.com/soulteary/traefik-minio-example.git</a></li> <li><a href="https://soulteary.com/2024/08/04/best-practices-for-traefik-3-in-docker-getting-started-quickly.html#docker-%E7%8E%AF%E5%A2%83" target="_blank" rel="noopener">Best Practices for Traefik 3 in Docker: Quick Start</a></li> </ul>https://linzeyan.github.io/posts/2023/20231004-container/Wed, 04 Oct 2023 09:06:00 +0800https://linzeyan.github.io/posts/2023/20231004-container/<ul> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/" target="_blank" rel="noopener">Container security fundamentals: Exploring containers as processes</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/" target="_blank" rel="noopener">Container security fundamentals part 2: Isolation &amp; namespaces</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-3/" target="_blank" rel="noopener">Container security fundamentals part 3: Capabilities</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-4/" target="_blank" rel="noopener">Container security fundamentals part 4: Cgroups</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-5/" target="_blank" rel="noopener">Container security fundamentals part 5: AppArmor and SELinux</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-6/" target="_blank" rel="noopener">Container security fundamentals part 6: seccomp </a></li> </ul>https://linzeyan.github.io/posts/2023/20230904-faster-multi-platform-builds-dockerfile-cross-compilation-guide/Mon, 04 Sep 2023 10:31:54 +0800https://linzeyan.github.io/posts/2023/20230904-faster-multi-platform-builds-dockerfile-cross-compilation-guide/<ul> <li><a href="https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/" target="_blank" rel="noopener">Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide</a></li> </ul> <h3 id="method">method</h3> <ul> <li><code>docker buildx create --use</code></li> <li><code>FROM --platform=linux/amd64 debian</code> / <code>FROM --platform=$BUILDPLATFORM debian</code></li> <li>variables</li> </ul> <pre tabindex="0"><code>BUILDPLATFORM — matches the current machine. (e.g. linux/amd64) BUILDOS — os component of BUILDPLATFORM, e.g. linux BUILDARCH — e.g. amd64, arm64, riscv64 BUILDVARIANT — used to set ARM variant, e.g. v7 TARGETPLATFORM — The value set with --platform flag on build TARGETOS - OS component from --platform, e.g. linux TARGETARCH - Architecture from --platform, e.g. arm64 TARGETVARIANT </code></pre><h3 id="example">example</h3> <ul> <li>before</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> golang:1.17-alpine AS build</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> /src</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> . .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> go build -o /out/myapp .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>build /out/myapp /bin<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><ul> <li>after</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> --platform=$BUILDPLATFORM golang:1.17-alpine AS build</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> /src</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> TARGETOS TARGETARCH<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> --mount<span style="color:#f92672">=</span>target<span style="color:#f92672">=</span>. <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --mount<span style="color:#f92672">=</span>type<span style="color:#f92672">=</span>cache,target<span style="color:#f92672">=</span>/root/.cache/go-build <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --mount<span style="color:#f92672">=</span>type<span style="color:#f92672">=</span>cache,target<span style="color:#f92672">=</span>/go/pkg <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> GOOS<span style="color:#f92672">=</span>$TARGETOS GOARCH<span style="color:#f92672">=</span>$TARGETARCH go build -o /out/myapp .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>build /out/myapp /bin<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20221006-elasticsearch/Thu, 06 Oct 2022 11:30:59 +0800https://linzeyan.github.io/posts/2022/20221006-elasticsearch/<ul> <li><a href="https://jiajunhuang.com/articles/2022_10_06-elasticsearch.md.html" target="_blank" rel="noopener">Elasticsearch Study Notes</a></li> </ul> <h3 id="install-the-chinese-analyzer-plugin">Install the Chinese analyzer plugin</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>docker exec -it elasticsearch bash </span></span><span style="display:flex;"><span>$ elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.4.1/elasticsearch-analysis-ik-8.4.1.zip </span></span></code></pre></div><ul> <li>Dev Tools <ul> <li>The <code>content</code> field is <code>text</code>. Use <code>ik_max_word</code> for indexing and <code>ik_smart</code> for searching. The former generates as many tokens as possible, while the latter generates coarser-grained tokens.</li> </ul> </li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">PUT</span> <span style="color:#960050;background-color:#1e0010">/words</span> </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;mappings&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;properties&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;content&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;type&#34;</span>: <span style="color:#e6db74">&#34;text&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;analyzer&#34;</span>: <span style="color:#e6db74">&#34;ik_max_word&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;search_analyzer&#34;</span>: <span style="color:#e6db74">&#34;ik_smart&#34;</span> </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;age&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;type&#34;</span>: <span style="color:#e6db74">&#34;integer&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;index&#34;</span>: <span style="color:#66d9ef">false</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;acknowledged&#34;</span>: <span style="color:#66d9ef">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;shards_acknowledged&#34;</span>: <span style="color:#66d9ef">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;index&#34;</span>: <span style="color:#e6db74">&#34;words&#34;</span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20220725-build-lightweight-docker-image-for-go-app/Mon, 25 Jul 2022 17:33:47 +0800https://linzeyan.github.io/posts/2022/20220725-build-lightweight-docker-image-for-go-app/<ul> <li><a href="https://iter01.com/605065.html" target="_blank" rel="noopener">Build a Lightweight Docker Image for Your Go App? | IT Man</a></li> </ul> <h5 id="go-build">go build</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># default</span> </span></span><span style="display:flex;"><span>$ go build -o test1 main.go </span></span><span style="display:flex;"><span>$ du -sh test1 </span></span><span style="display:flex;"><span>14M test1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># You can add `-ldflags &#34;-s -w&#34;` during compilation to reduce the binary size by stripping some link and debug info. Details:</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -a: force rebuilding all dependencies</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -s: drop symbol table info; stack traces in panic will lose file/line info</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -w: drop DWARF debug info; you cannot debug with gdb</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># If you don&#39;t need the symbol table, you can just use &#34;-s&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Note: it is not recommended to use -w and -s together</span> </span></span><span style="display:flex;"><span>$ go build -ldflags <span style="color:#e6db74">&#34;-s -w&#34;</span> -o test2 main.go </span></span><span style="display:flex;"><span>$ du -sh test2 </span></span><span style="display:flex;"><span>11M test2 </span></span></code></pre></div><h5 id="upxbrewyum-install-upx">upx(<code>brew/yum install upx</code>)</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ upx test2 </span></span><span style="display:flex;"><span> Ultimate Packer <span style="color:#66d9ef">for</span> eXecutables </span></span><span style="display:flex;"><span> Copyright <span style="color:#f92672">(</span>C<span style="color:#f92672">)</span> <span style="color:#ae81ff">1996</span> - <span style="color:#ae81ff">2020</span> </span></span><span style="display:flex;"><span>UPX 3.96 Markus Oberhumer, Laszlo Molnar &amp; John Reiser Jan 23rd <span style="color:#ae81ff">2020</span> </span></span><span style="display:flex;"><span> File size Ratio Format Name </span></span><span style="display:flex;"><span> -------------------- ------ ----------- ----------- </span></span><span style="display:flex;"><span> <span style="color:#ae81ff">11490768</span> -&gt; <span style="color:#ae81ff">4063248</span> 35.36% macho/amd64 test2 </span></span><span style="display:flex;"><span>Packed <span style="color:#ae81ff">1</span> file. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ upx --brute test2 </span></span><span style="display:flex;"><span>$ du -sh test2 </span></span><span style="display:flex;"><span>4.6M test2 </span></span></code></pre></div><p>UPX compression options</p>https://linzeyan.github.io/posts/2021/20210917-docker/Fri, 17 Sep 2021 14:11:03 +0800https://linzeyan.github.io/posts/2021/20210917-docker/<h1 id="docker">Docker</h1> <h2 id="concept">Concept</h2> <h3 id="vm-vs-container">VM vs Container</h3> <ul> <li>VM - Base on OS</li> <li>Container - Base on Application (Linux Kernel: Namespace and Cgroup)</li> </ul> <h3 id="client-to-server">Client to Server</h3> <ul> <li>Docker daemon - containerd, docker-containerd-shim, docker-runc</li> <li>Docker client - cli command</li> </ul> <pre tabindex="0"><code>docker cli -&gt; docker daemon -&gt; containerd -&gt; runc -&gt; namespace &amp; cgroup </code></pre><h3 id="image">Image</h3> <ul> <li>Snapshots</li> </ul> <h3 id="container">Container</h3> <ul> <li>Read-Only processes on image</li> </ul> <h3 id="hub--registry">Hub / Registry</h3> <ul> <li>Store images</li> </ul> <h3 id="references">References</h3> <ul> <li><a href="https://philipzheng.gitbook.io/docker_practice/" target="_blank" rel="noopener">Docker —— 從入門到實踐</a></li> <li><a href="https://docs.docker.com/" target="_blank" rel="noopener">docker docs</a></li> </ul> <hr> <h2 id="docker-commands">Docker commands</h2> <h3 id="dockerfile">Dockerfile</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">ARG</span> dist<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;/tmp/password&#34;</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> projectDir<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;/password&#34;</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> golang:1.16-alpine3.14 AS builder</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> apk add build-base upx<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> dist<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> projectDir<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> ${projectDir}</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> . .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> go build -trimpath -o main cmd/main.go<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> upx -9 -o <span style="color:#e6db74">${</span>dist<span style="color:#e6db74">}</span> main<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> scratch</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> dist<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ENV</span> TZ<span style="color:#f92672">=</span>Asia/Taipei<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>builder <span style="color:#e6db74">${</span>dist<span style="color:#e6db74">}</span> /usr/local/bin/password<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="dockerfile1">Dockerfile1</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">CMD</span> [<span style="color:#e6db74">&#34;nc&#34;</span>,<span style="color:#e6db74">&#34;-l&#34;</span>,<span style="color:#e6db74">&#34;12345&#34;</span>]<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="dockerfile2">Dockerfile2</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">CMD</span> [<span style="color:#e6db74">&#34;echo&#34;</span>,<span style="color:#e6db74">&#34;DOCKER&#34;</span>]<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="docker-build-command">docker build command</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>docker build . -t program </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>docker build . -f Dockerfile -t test_mysql </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>docker build . -t hello:v1.1 --build-arg dist<span style="color:#f92672">=</span>/tmp/hello --build-arg projectDir<span style="color:#f92672">=</span>/hello </span></span></code></pre></div><hr> <h3 id="docker-build">docker build</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Before build</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span><span style="display:flex;"><span>docker build . -f docker/Dockerfile1 -t test1 </span></span><span style="display:flex;"><span>docker build . -f docker/Dockerfile2 -t test2 </span></span></code></pre></div><h3 id="docker-image">docker image</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">After build</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="docker-run-and-rm">docker run AND rm</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Run container1</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker run -d --name container1 test1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Run container2</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker run -d --name container2 test2 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List alive containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove alive container</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rm -f container1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove exit container</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rm container2 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span></code></pre></div><hr> <h3 id="docker-pull-and-rmi">docker pull AND rmi</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Pull alpine image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker pull alpine </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="docker-rmi">docker rmi</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove alpine image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rmi alpine </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="prune">prune</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>docker system prune -f --volumes </span></span></code></pre></div><hr> <h3 id="docker-history">docker history</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">History of test1</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker history test1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">History of mysql:8</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker history mysql:8 </span></span></code></pre></div><hr> <h2 id="docker-remote">Docker remote</h2> <h3 id="edit-service-file">Edit service file</h3> <pre tabindex="0"><code># /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 </code></pre><h3 id="restart-service">Restart service</h3> <pre tabindex="0"><code>systemctl daemon-reload systemctl restart docker </code></pre><h3 id="specify-docker_host">Specify DOCKER_HOST</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List images on 192.168.185.9</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>DOCKER_HOST<span style="color:#f92672">=</span>192.168.185.9:2375 docker images </span></span></code></pre></div><hr> <h2 id="docker-compose">Docker-compose</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">version</span>: <span style="color:#e6db74">&#34;3&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">svn</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/svn</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_HOSTS=${LDAP_HOSTS}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_BASE_DN=${LDAP_BASE_DN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_BIND_DN=${LDAP_BIND_DN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8000</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">3690</span>:<span style="color:#ae81ff">3690</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">depends_on</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">ldap</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ldap</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/openldap</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_DOMAIN=${LDAP_DOMAIN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">389</span>:<span style="color:#ae81ff">389</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">636</span>:<span style="color:#ae81ff">636</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">php</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/phpldapadmin</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_HOSTS=${LDAP_HOSTS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">80</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">depends_on</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">ldap</span> </span></span></code></pre></div><hr> <h3 id="env">Env</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-ini" data-lang="ini"><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_HOSTS</span><span style="color:#f92672">=</span><span style="color:#e6db74">ldap</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_DOMAIN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;knowhow.fun&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_BASE_DN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;dc=knowhow,dc=fun&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_BIND_DN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;cn=admin&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_ADMIN_PASS</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;123qwe&#34;</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2021/20210820-how-to-improve-your-docker-containers-security-cheat-sheet/Fri, 20 Aug 2021 23:14:30 +0800https://linzeyan.github.io/posts/2021/20210820-how-to-improve-your-docker-containers-security-cheat-sheet/<ul> <li><a href="https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/" target="_blank" rel="noopener">Docker Security Best Practices: Cheat Sheet</a></li> </ul> <h3 id="image-security">Image Security</h3> <h4 id="use-trusted-images">Use Trusted Images</h4> <h4 id="unprivileged-user">Unprivileged User</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> base_image</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> addgroup -S appgroup <span style="color:#f92672">&amp;&amp;</span> adduser -S appuser -G appgroup<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">USER</span><span style="color:#e6db74"> appuser</span><span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h4 id="user-id-namespace">User ID Namespace</h4> <blockquote> <p>Segregate namespaces to prevent container privilege escalation from affecting the host.</p></blockquote> <p>To mitigate this risk, configure your host and the Docker daemon to use a separate namespace with the <code>--userns-remap</code> option.</p> <h3 id="container-runtime-security">Container Runtime Security</h3> <h4 id="forbid-new-privileges">Forbid New Privileges</h4> <p>For enhanced security, it is recommended to explicitly forbid the addition of new privileges after container creation using this option: <code>--security-opt=no-new-privileges</code>.</p>https://linzeyan.github.io/posts/2021/20210719-docker-compose-yaml-problem/Mon, 19 Jul 2021 15:40:36 +0800https://linzeyan.github.io/posts/2021/20210719-docker-compose-yaml-problem/<h4 id="issue">issue</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e"># ./docker-compose up -d</span> </span></span><span style="display:flex;"><span>Creating network <span style="color:#e6db74">&#34;gogs_default&#34;</span> with the default driver </span></span><span style="display:flex;"><span>Creating gogs_mysql_1 ... <span style="color:#66d9ef">done</span> </span></span><span style="display:flex;"><span>Creating gogs_gogs_1 ... error </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ERROR: <span style="color:#66d9ef">for</span> gogs_gogs_1 Cannot create container <span style="color:#66d9ef">for</span> service gogs: invalid port specification: <span style="color:#e6db74">&#34;133342&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ERROR: <span style="color:#66d9ef">for</span> gogs Cannot create container <span style="color:#66d9ef">for</span> service gogs: invalid port specification: <span style="color:#e6db74">&#34;133342&#34;</span> </span></span><span style="display:flex;"><span>ERROR: Encountered errors <span style="color:#66d9ef">while</span> bringing up the project. </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gogs</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">2222</span>:<span style="color:#ae81ff">22</span> </span></span></code></pre></div><p>YAML supports so-called &ldquo;base-60 floating-point numbers,&rdquo; which is useful for time calculations.</p> <p>Therefore, <code>2222:22</code> is interpreted as <code>2222 * 60 + 22</code>, which is 133342.</p>https://linzeyan.github.io/posts/2020/20200914-about-using-docker-config/Mon, 14 Sep 2020 11:13:23 +0800https://linzeyan.github.io/posts/2020/20200914-about-using-docker-config/<ul> <li><a href="https://medium.com/better-programming/about-using-docker-config-e967d4a74b83" target="_blank" rel="noopener">Docker Tips: Using Docker Config</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> nginx:1.13.6</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> nginx.conf /etc/nginx/nginx.conf<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><p>Using the Docker CLI, we can create a <code>config</code> from this configuration file, we name this config <code>proxy</code>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker config create proxy nginx.conf </span></span><span style="display:flex;"><span>mdcfnxud53ve6jgcgjkhflg0s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ docker config inspect proxy </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;ID&#34;</span>: <span style="color:#e6db74">&#34;x06uaozphg9kbnf8g4az4mucn&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Version&#34;</span>: <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Index&#34;</span>: <span style="color:#ae81ff">2723</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;CreatedAt&#34;</span>: <span style="color:#e6db74">&#34;2017-11-21T07:49:09.553666064Z&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;UpdatedAt&#34;</span>: <span style="color:#e6db74">&#34;2017-11-21T07:49:09.553666064Z&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Spec&#34;</span>: <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Name&#34;</span>: <span style="color:#e6db74">&#34;proxy&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Labels&#34;</span>: <span style="color:#f92672">{}</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Data&#34;</span>: <span style="color:#e6db74">&#34;dXNlciB3d3ctZGF0YTsKd29y...ogIgICAgIH0KICAgIH0KfQo=&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">]</span> </span></span></code></pre></div><h5 id="use-a-config">Use a Config</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker network create --driver overlay front </span></span><span style="display:flex;"><span>$ docker service create --name api --network front lucj/api </span></span><span style="display:flex;"><span>$ docker service create --name proxy <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network front <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --config src<span style="color:#f92672">=</span>proxy,target<span style="color:#f92672">=</span>/etc/nginx/nginx.conf <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --port 8000:8000 <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> nginx:1.13.6 </span></span></code></pre></div><h5 id="service-update">Service Update</h5> <p>When the content of a configuration needs to be modified, it&rsquo;s a common pattern to create a new config (using <code>docker config create</code>), and then to update the service order to remove the access to the previous config, and to add the access to the new one. The service commands are<code>--config-rm</code> and <code>--config-add</code>.</p>https://linzeyan.github.io/posts/2020/20200325-how-to-deploy-on-remote-docker-hosts-with-docker-compose/Wed, 25 Mar 2020 19:30:54 +0800https://linzeyan.github.io/posts/2020/20200325-how-to-deploy-on-remote-docker-hosts-with-docker-compose/<ul> <li><a href="https://www.docker.com/blog/how-to-deploy-on-remote-docker-hosts-with-docker-compose/" target="_blank" rel="noopener">How to deploy on remote Docker hosts with docker-compose</a></li> </ul> <h5 id="manual-deployment-by-copying-project-files-install-docker-compose-and-running-it">Manual deployment by copying project files, install docker-compose and running it</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ scp -r hello-docker user@remotehost:/path/to/src </span></span><span style="display:flex;"><span>$ ssh user@remotehost </span></span><span style="display:flex;"><span>$ pip install docker-compose </span></span><span style="display:flex;"><span>$ cd /path/to/src/hello-docker </span></span><span style="display:flex;"><span>$ docker-compose up -d </span></span></code></pre></div><h5 id="using-docker_host-environment-variable-to-set-up-the-target-engine">Using DOCKER_HOST environment variable to set up the target engine</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ cd hello-docker </span></span><span style="display:flex;"><span>$ DOCKER_HOST<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;ssh://user@remotehost&#34;</span> docker-compose up -d </span></span></code></pre></div><h5 id="using-docker-contexts">Using docker contexts</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker context create remote ‐‐docker <span style="color:#e6db74">&#34;host=ssh://user@remotemachine&#34;</span> </span></span><span style="display:flex;"><span>remote </span></span><span style="display:flex;"><span>Successfully created context <span style="color:#e6db74">&#34;remote&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ docker context ls </span></span><span style="display:flex;"><span>NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR </span></span><span style="display:flex;"><span>default * Current DOCKER_HOST… unix:///var/run/docker.sock swarm </span></span><span style="display:flex;"><span>remote ssh://user@remotemachine </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ cd hello-docker </span></span><span style="display:flex;"><span>$ docker-compose ‐‐context remote up -d </span></span></code></pre></div>