*** #### Ports: --- ```bash -p {outside}:{inside} ``` ```bash NAMES PORTS portainer 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 9443/tcp sonarr 0.0.0.0:8989->8989/tcp, :::8989->8989/tcp radarr 0.0.0.0:7878->7878/tcp, :::7878->7878/tcp jackett 0.0.0.0:9117->9117/tcp, :::9117->9117/tcp prowlarr 0.0.0.0:9696->9696/tcp, :::9696->9696/tcp uglyfeed 0.0.0.0:8001->8001/tcp, :::8001->8001/tcp, 0.0.0.0:8501->8501/tcp, :::8501->8501/tcp bazarr 0.0.0.0:6767->6767/tcp, :::6767->6767/tcp Gitea-DB 3306/tcp, 33060/tcp plantuml 0.0.0.0:8881->8080/tcp, :::8881->8080/tcp lidarr 0.0.0.0:8686->8686/tcp, :::8686->8686/tcp jellyfin unmanic 0.0.0.0:8888->8888/tcp, :::8888->8888/tcp whisper 0.0.0.0:9005->9000/tcp, :::9005->9000/tcp qbittorrent 0.0.0.0:6881->6881/tcp, :::6881->6881/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:6881->6881/udp, :::8080->8080/tcp, :::6881->6881/udp searx-searx 8080/tcp gitea 0.0.0.0:2222->22/tcp, :::2222->22/tcp, 0.0.0.0:3052->3000/tcp, :::3052->3000/tcp watchtower 8080/tcp ``` ### Managing Ports in Docker on Synology When setting up multiple containers, it's important to avoid port conflicts. Here are several methods to check which ports are already in use: #### Using Docker Commands bash ```bash # List all running containers with their port mappings docker ps --format "{{.Names}}: {{.Ports}}" # For a more detailed view of all port bindings docker container ls --format "table {{.Names}}\t{{.Ports}}" # Get only the host ports that are currently mapped docker ps -q | xargs -n 1 docker port | grep -o '[0-9]*:[0-9]*' | cut -d: -f1 | sort -nu ``` #### Using Synology Tools 1. **Synology Docker UI**: - Open Docker package in DSM - Go to "Container" tab - View the "Port Settings" column 2. **Using Portainer**: - Open Portainer web interface - Go to "Containers" section - View the "Published Ports" column 3. **From Synology DSM**: - Go to Control Panel → Network → Network Interface - Click "Network Port Status" to see all used ports #### Check System-Wide Port Usage To see all ports in use on the system (not just Docker): bash ```bash # Requires SSH access with admin privileges sudo netstat -tulpn | grep LISTEN ``` #### Creating a Port Inventory Script You can create a simple script in Task Scheduler to maintain a port inventory: bash ```bash #!/bin/bash # Save as port_inventory.sh in Task Scheduler echo "Docker Port Inventory - $(date)" > /volume1/docker/port_inventory.txt echo "----------------------------------------" >> /volume1/docker/port_inventory.txt docker ps --format "{{.Names}}: {{.Ports}}" >> /volume1/docker/port_inventory.txt echo "" >> /volume1/docker/port_inventory.txt echo "System-wide ports:" >> /volume1/docker/port_inventory.txt netstat -tulpn | grep LISTEN >> /volume1/docker/port_inventory.txt ``` Run this script periodically or before creating new containers to maintain an up-to-date list of used ports, helping you avoid conflicts when configuring new containers. ## Docker on Synology NAS Synology NAS provides a Docker package that offers both GUI and command-line interfaces for managing containers. However, for more complex container configurations, using custom scripts is often more efficient. ### Best Practices for Synology Docker Deployments 1. **Standard Directory Structure**: - Use `/volume1/docker/[container_name]/` for container configurations - This organization makes backups and migrations easier 2. **User Permissions**: - Synology has a predefined `docker` user which should be used for container directories - Typical PUID/PGID values in Synology: PUID=1033 (docker user), PGID=100 (users group) 3. **Script-Based Management**: - Create container deployment scripts in the Synology Task Scheduler - Run scripts as root to ensure proper permissions - For modifications, either: - Update the script and recreate the container - Make minor adjustments via Portainer 4. **Using Portainer**: - Install Portainer for easy container management through a web interface - Useful for monitoring, restarting containers, and making minor configuration changes - For major changes, modify the original script and redeploy ### Example Script for Synology Task Scheduler ```bash #!/bin/bash # Script to deploy Jellyfin container # Save in Synology Task Scheduler and run as root # Stop and remove existing container if it exists docker stop jellyfin docker rm jellyfin # Create the container docker run -d --name=jellyfin \ -v /volume2/Media/Peliculas:/movies \ -v /volume1/docker/jellyfin/config:/config \ -v /volume2/Media/Musica:/music \ -v /volume1/docker/jellyfin/cache:/cache \ -v /volume2/Media/Series:/series \ -e PUID=1033 \ -e PGID=100 \ --group-add 937 \ --net=host \ --device /dev/dri/renderD128:/dev/dri/renderD128 \ --device /dev/dri/card0:/dev/dri/card0 \ --restart always \ jellyfin/jellyfin echo "Jellyfin container deployed successfully." ``` ## Example Containers ### Media Server (Jellyfin) ```bash docker run -d --name=jellyfin \ -v /volume2/Media/Peliculas:/movies \ -v /volume1/docker/jellyfin/config:/config \ -v /volume2/Media/Musica:/music \ -v /volume1/docker/jellyfin/cache:/cache \ -v /volume2/Media/Series:/series \ -e PUID=1033 \ -e PGID=100 \ --group-add 937 \ --net=host \ --device /dev/dri/renderD128:/dev/dri/renderD128 \ --device /dev/dri/card0:/dev/dri/card0 \ --restart always \ jellyfin/jellyfin ``` This container: - Runs in detached mode (`-d`) - Mounts multiple volumes for media and configuration - Sets user/group IDs for permissions - Uses host networking for optimal performance - Passes through GPU devices for hardware acceleration - Automatically restarts if it crashes or on system boot ### Media Processing (Unmanic) ```bash docker run -d --name=unmanic \ -p 8888:8888 \ -v /volume1/docker/unmanic/config:/config \ -v /volume1/docker/unmanic/library:/library \ -v /volume1/docker/unmanic/cache:/tmp/unmanic \ -v /volume2/Media/Peliculas:/movies \ -v /volume2/Media/Musica:/music \ -v /volume2/Media/Series:/series \ -e TZ=Europe/Roma \ -e PUID=1033 \ -e PGID=100 \ --group-add 937 \ --device /dev/dri/renderD128:/dev/dri/renderD128 \ --device /dev/dri/card0:/dev/dri/card0 \ --restart always \ josh5/unmanic:latest ``` This container: - Exposes port 8888 for web UI access - Mounts volumes for configuration, processing, and media - Sets timezone and user/group IDs - Passes through GPU devices for hardware acceleration - Automatically restarts if it crashes or on system boot ### Important Container Options Explained - `-d`: Run in detached (background) mode - `--name=NAME`: Assign a name to the container - `-p HOST:CONTAINER`: Port mapping - `-v HOST:CONTAINER`: Volume mapping - `-e KEY=VALUE`: Environment variable - `--restart always`: Automatically restart the container - `--net=host`: Use host networking - `--device SRC:DST`: Add a device to the container - `--group-add GID`: Add additional groups to the container - `-w PATH`: Set working directory inside the container - `--user USER`: Set the user running the container - `--memory LIMIT`: Set memory limit - `--cpus LIMIT`: Set CPU limit - `--privileged`: Give extended privileges to the container (use with caution) ## Installation Docker installation varies by operating system: - **Linux**: ```bash sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io ``` - **macOS and Windows**: Download Docker Desktop from the [official website](https://www.docker.com/products/docker-desktop). After installation, verify Docker is running: ```bash docker --version docker run hello-world ``` ## Basic Docker Commands ### System Information ```bash # View Docker system information docker info # Check Docker version docker version # Display system-wide information docker system info # Show disk usage docker system df ``` ### Help ```bash # Get help on any command docker [COMMAND] --help ``` ## Working with Docker Images Images are the blueprints for containers. ```bash # List downloaded images docker images # Search for images on Docker Hub docker search [IMAGE_NAME] # Pull an image from a registry docker pull [IMAGE_NAME]:[TAG] # Build an image from a Dockerfile docker build -t [IMAGE_NAME]:[TAG] [PATH_TO_DOCKERFILE] # Remove an image docker rmi [IMAGE_NAME]:[TAG] # Remove all unused images docker image prune ``` ## Creating and Managing Containers ### Running Containers ```bash # Run a container in interactive mode docker run -it [IMAGE_NAME]:[TAG] # Run a container in detached mode (background) docker run -d [IMAGE_NAME]:[TAG] # Run a container with a specific name docker run --name [CONTAINER_NAME] [IMAGE_NAME]:[TAG] # Run a container and automatically remove it when it exits docker run --rm [IMAGE_NAME]:[TAG] # Run a container with port mapping (host_port:container_port) docker run -p 8080:80 [IMAGE_NAME]:[TAG] # Run a container with environment variables docker run -e VARIABLE_NAME=value [IMAGE_NAME]:[TAG] # Run a container with a mounted volume docker run -v /host/path:/container/path [IMAGE_NAME]:[TAG] ``` ### Container Management ```bash # List running containers docker ps # List all containers (including stopped) docker ps -a # Start a stopped container docker start [CONTAINER_NAME or ID] # Stop a running container docker stop [CONTAINER_NAME or ID] # Restart a container docker restart [CONTAINER_NAME or ID] # Pause a container docker pause [CONTAINER_NAME or ID] # Unpause a container docker unpause [CONTAINER_NAME or ID] # Remove a container docker rm [CONTAINER_NAME or ID] # Remove all stopped containers docker container prune # View container logs docker logs [CONTAINER_NAME or ID] # Follow container logs (stream) docker logs -f [CONTAINER_NAME or ID] # Execute a command in a running container docker exec -it [CONTAINER_NAME or ID] [COMMAND] # Open a shell inside a running container docker exec -it [CONTAINER_NAME or ID] /bin/bash ``` ## Docker Networking ```bash # List networks docker network ls # Create a network docker network create [NETWORK_NAME] # Connect a container to a network docker network connect [NETWORK_NAME] [CONTAINER_NAME] # Disconnect a container from a network docker network disconnect [NETWORK_NAME] [CONTAINER_NAME] # Inspect a network docker network inspect [NETWORK_NAME] # Remove a network docker network rm [NETWORK_NAME] ``` ### Network Options - `--net=host`: Uses the host's networking directly - `--net=bridge`: Default network mode - `--net=none`: No networking - `--net=[NETWORK_NAME]`: Connect to a custom network ## Docker Volumes Volumes are used for persistent data storage. ```bash # List volumes docker volume ls # Create a volume docker volume create [VOLUME_NAME] # Inspect a volume docker volume inspect [VOLUME_NAME] # Remove a volume docker volume rm [VOLUME_NAME] # Remove all unused volumes docker volume prune ``` ### Volume Mounting Options - `-v /host/path:/container/path`: Bind mount - `-v [VOLUME_NAME]:/container/path`: Named volume - `--mount type=bind,source=/host/path,target=/container/path`: Bind mount (alternative syntax) - `--mount type=volume,source=[VOLUME_NAME],target=/container/path`: Named volume (alternative syntax) ## Docker Compose Docker Compose is a tool for defining and running multi-container applications. ### Basic Commands ```bash # Start services defined in docker-compose.yml docker-compose up # Start services in detached mode docker-compose up -d # Stop services docker-compose down # Stop services and remove volumes docker-compose down -v # View logs docker-compose logs # View running services docker-compose ps ``` ## Best Practices 1. **Use specific image tags** instead of `latest` for reproducibility 2. **Implement health checks** to ensure containers are functioning properly 3. **Use volumes for persistent data** to prevent data loss 4. **Minimize image size** by using multi-stage builds and alpine-based images 5. **Set resource limits** to prevent container resource exhaustion 6. **Use Docker Compose** for multi-container applications 7. **Follow least privilege principle** for security 8. **Regular cleanup** of unused containers, images, and volumes