Internet resources

https://docs.docker.com/get-started/

https://docs.docker.com/engine/reference/builder/

Official containers:

https://hub.docker.com/search?q=&type=image&image_filter=official

Installation

Install from docker repo:

sudo install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

 sudo chmod a+r /etc/apt/keyrings/docker.gpg

Add following to /etc/apt/sources.list.d/docker.list:

sudo editor /etc/apt/sources.list.d/docker.list

deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Test:

sudo systemctl start docker
sudo docker run hello-world

 sudo systemctl enable docker

DON’T ADD ANY USER TO DOCKER GROUP`!!!

This means, that you have to delete the user that installed docker from the docker group in /etc/group.

Rootless mode

Rootless mode means running docker without root privileges. However, on Debian 11, that may generate some troubles…

Link: https://docs.docker.com/engine/security/rootless/

Images and Containers

Images are not yet running containers including one application and the os fundamentals for it.

Containers are running or sleeping instances of applications that are enclosed by the container.

Dowload and run official images

List available images:

docker images

Get an image:

docker pull image:tag

E.g:

docker pull debian:bullseye

Setting up images

Create directory wherever you want. Copy config files for the service to the directory. cd to that directory

Create Dockerfile in the dir.

Build image:

docker build -t <<repository>>/<<tag>> .

repository may be somethin like a name that explaines the containers purpose (samba_debian) the tag my be a version

Managing images

Show images on host:

docker images

Remove image (get id with command above):

docker rmi <<Image ID>>

Managing containers

Start container (text from docs.docker.com):

Run the following command to start a container based on your new image:

docker run --publish 8000:8080 --detach --name <<name>><<repository>>:<<tag>>

There are a couple of common flags here:

• --publish asks Docker to forward traffic incoming on the host’s port 8000 to the container’s port 8080. Containers have their own private set of ports, so if you want to reach one from the network, you have to forward traffic to it in this way. Otherwise, firewall rules will prevent all network traffic from reaching your container, as a default security posture.
• --detach asks Docker to run this container in the background.
• --name specifies a name with which you can refer to your container in subsequent commands, in this case bb.

Start container with interactive shell:

docker run -it <<repository>>:<<tag>> /bin/bash

Stop container:

docker stop <<name>>

Restart container:

docker restart <<container name>>

Show all containers on host:

docker ps -a

Show running containers on host:

docker ps

Remove container:

docker rm <<container name>>

Multi-Container communication

https://docs.docker.com/get-started/07_multi_container/