Miguel
/
Obsidean_VM
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Obsidean_VM/01-Documentation/Dockers/Docker Basics - Essential C...

468 lines
12 KiB
Markdown
Raw Blame History

***
#### Ports:
---
```bash
-p {outside}:{inside}
```
```bash
NAMES PORTS
portainer 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 9443/tcp
sonarr 0.0.0.0:8989->8989/tcp, :::8989->8989/tcp
radarr 0.0.0.0:7878->7878/tcp, :::7878->7878/tcp
jackett 0.0.0.0:9117->9117/tcp, :::9117->9117/tcp
prowlarr 0.0.0.0:9696->9696/tcp, :::9696->9696/tcp
uglyfeed 0.0.0.0:8001->8001/tcp, :::8001->8001/tcp, 0.0.0.0:8501->8501/tcp, :::8501->8501/tcp
bazarr 0.0.0.0:6767->6767/tcp, :::6767->6767/tcp
Gitea-DB 3306/tcp, 33060/tcp
plantuml 0.0.0.0:8881->8080/tcp, :::8881->8080/tcp
lidarr 0.0.0.0:8686->8686/tcp, :::8686->8686/tcp
jellyfin
unmanic 0.0.0.0:8888->8888/tcp, :::8888->8888/tcp
whisper 0.0.0.0:9005->9000/tcp, :::9005->9000/tcp
qbittorrent 0.0.0.0:6881->6881/tcp, :::6881->6881/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:6881->6881/udp, :::8080->8080/tcp, :::6881->6881/udp
searx-searx 8080/tcp
gitea 0.0.0.0:2222->22/tcp, :::2222->22/tcp, 0.0.0.0:3052->3000/tcp, :::3052->3000/tcp
watchtower 8080/tcp
```
### Managing Ports in Docker on Synology
When setting up multiple containers, it's important to avoid port conflicts. Here are several methods to check which ports are already in use:
#### Using Docker Commands
bash
```bash
# List all running containers with their port mappings
docker ps --format "{{.Names}}: {{.Ports}}"
# For a more detailed view of all port bindings
docker container ls --format "table {{.Names}}\t{{.Ports}}"
# Get only the host ports that are currently mapped
docker ps -q | xargs -n 1 docker port | grep -o '[0-9]*:[0-9]*' | cut -d: -f1 | sort -nu
```
#### Using Synology Tools
1. **Synology Docker UI**:
- Open Docker package in DSM
- Go to "Container" tab
- View the "Port Settings" column
2. **Using Portainer**:
- Open Portainer web interface
- Go to "Containers" section
- View the "Published Ports" column
3. **From Synology DSM**:
- Go to Control Panel → Network → Network Interface
- Click "Network Port Status" to see all used ports
#### Check System-Wide Port Usage
To see all ports in use on the system (not just Docker):
bash
```bash
# Requires SSH access with admin privileges
sudo netstat -tulpn | grep LISTEN
```
#### Creating a Port Inventory Script
You can create a simple script in Task Scheduler to maintain a port inventory:
bash
```bash
#!/bin/bash
# Save as port_inventory.sh in Task Scheduler
echo "Docker Port Inventory - $(date)" > /volume1/docker/port_inventory.txt
echo "----------------------------------------" >> /volume1/docker/port_inventory.txt
docker ps --format "{{.Names}}: {{.Ports}}" >> /volume1/docker/port_inventory.txt
echo "" >> /volume1/docker/port_inventory.txt
echo "System-wide ports:" >> /volume1/docker/port_inventory.txt
netstat -tulpn | grep LISTEN >> /volume1/docker/port_inventory.txt
```
Run this script periodically or before creating new containers to maintain an up-to-date list of used ports, helping you avoid conflicts when configuring new containers.
## Docker on Synology NAS
Synology NAS provides a Docker package that offers both GUI and command-line interfaces for managing containers. However, for more complex container configurations, using custom scripts is often more efficient.
### Best Practices for Synology Docker Deployments
1. **Standard Directory Structure**:
- Use `/volume1/docker/[container_name]/` for container configurations
- This organization makes backups and migrations easier
2. **User Permissions**:
- Synology has a predefined `docker` user which should be used for container directories
- Typical PUID/PGID values in Synology: PUID=1033 (docker user), PGID=100 (users group)
3. **Script-Based Management**:
- Create container deployment scripts in the Synology Task Scheduler
- Run scripts as root to ensure proper permissions
- For modifications, either:
- Update the script and recreate the container
- Make minor adjustments via Portainer
4. **Using Portainer**:
- Install Portainer for easy container management through a web interface
- Useful for monitoring, restarting containers, and making minor configuration changes
- For major changes, modify the original script and redeploy
### Example Script for Synology Task Scheduler
```bash
#!/bin/bash
# Script to deploy Jellyfin container
# Save in Synology Task Scheduler and run as root
# Stop and remove existing container if it exists
docker stop jellyfin
docker rm jellyfin
# Create the container
docker run -d --name=jellyfin \
-v /volume2/Media/Peliculas:/movies \
-v /volume1/docker/jellyfin/config:/config \
-v /volume2/Media/Musica:/music \
-v /volume1/docker/jellyfin/cache:/cache \
-v /volume2/Media/Series:/series \
-e PUID=1033 \
-e PGID=100 \
--group-add 937 \
--net=host \
--device /dev/dri/renderD128:/dev/dri/renderD128 \
--device /dev/dri/card0:/dev/dri/card0 \
--restart always \
jellyfin/jellyfin
echo "Jellyfin container deployed successfully."
```
## Example Containers
### Media Server (Jellyfin)
```bash
docker run -d --name=jellyfin \
-v /volume2/Media/Peliculas:/movies \
-v /volume1/docker/jellyfin/config:/config \
-v /volume2/Media/Musica:/music \
-v /volume1/docker/jellyfin/cache:/cache \
-v /volume2/Media/Series:/series \
-e PUID=1033 \
-e PGID=100 \
--group-add 937 \
--net=host \
--device /dev/dri/renderD128:/dev/dri/renderD128 \
--device /dev/dri/card0:/dev/dri/card0 \
--restart always \
jellyfin/jellyfin
```
This container:
- Runs in detached mode (`-d`)
- Mounts multiple volumes for media and configuration
- Sets user/group IDs for permissions
- Uses host networking for optimal performance
- Passes through GPU devices for hardware acceleration
- Automatically restarts if it crashes or on system boot
### Media Processing (Unmanic)
```bash
docker run -d --name=unmanic \
-p 8888:8888 \
-v /volume1/docker/unmanic/config:/config \
-v /volume1/docker/unmanic/library:/library \
-v /volume1/docker/unmanic/cache:/tmp/unmanic \
-v /volume2/Media/Peliculas:/movies \
-v /volume2/Media/Musica:/music \
-v /volume2/Media/Series:/series \
-e TZ=Europe/Roma \
-e PUID=1033 \
-e PGID=100 \
--group-add 937 \
--device /dev/dri/renderD128:/dev/dri/renderD128 \
--device /dev/dri/card0:/dev/dri/card0 \
--restart always \
josh5/unmanic:latest
```
This container:
- Exposes port 8888 for web UI access
- Mounts volumes for configuration, processing, and media
- Sets timezone and user/group IDs
- Passes through GPU devices for hardware acceleration
- Automatically restarts if it crashes or on system boot
### Important Container Options Explained
- `-d`: Run in detached (background) mode
- `--name=NAME`: Assign a name to the container
- `-p HOST:CONTAINER`: Port mapping
- `-v HOST:CONTAINER`: Volume mapping
- `-e KEY=VALUE`: Environment variable
- `--restart always`: Automatically restart the container
- `--net=host`: Use host networking
- `--device SRC:DST`: Add a device to the container
- `--group-add GID`: Add additional groups to the container
- `-w PATH`: Set working directory inside the container
- `--user USER`: Set the user running the container
- `--memory LIMIT`: Set memory limit
- `--cpus LIMIT`: Set CPU limit
- `--privileged`: Give extended privileges to the container (use with caution)
## Installation
Docker installation varies by operating system:
- **Linux**:
```bash
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
```
- **macOS and Windows**: Download Docker Desktop from the [official website](https://www.docker.com/products/docker-desktop).
After installation, verify Docker is running:
```bash
docker --version
docker run hello-world
```
## Basic Docker Commands
### System Information
```bash
# View Docker system information
docker info
# Check Docker version
docker version
# Display system-wide information
docker system info
# Show disk usage
docker system df
```
### Help
```bash
# Get help on any command
docker [COMMAND] --help
```
## Working with Docker Images
Images are the blueprints for containers.
```bash
# List downloaded images
docker images
# Search for images on Docker Hub
docker search [IMAGE_NAME]
# Pull an image from a registry
docker pull [IMAGE_NAME]:[TAG]
# Build an image from a Dockerfile
docker build -t [IMAGE_NAME]:[TAG] [PATH_TO_DOCKERFILE]
# Remove an image
docker rmi [IMAGE_NAME]:[TAG]
# Remove all unused images
docker image prune
```
## Creating and Managing Containers
### Running Containers
```bash
# Run a container in interactive mode
docker run -it [IMAGE_NAME]:[TAG]
# Run a container in detached mode (background)
docker run -d [IMAGE_NAME]:[TAG]
# Run a container with a specific name
docker run --name [CONTAINER_NAME] [IMAGE_NAME]:[TAG]
# Run a container and automatically remove it when it exits
docker run --rm [IMAGE_NAME]:[TAG]
# Run a container with port mapping (host_port:container_port)
docker run -p 8080:80 [IMAGE_NAME]:[TAG]
# Run a container with environment variables
docker run -e VARIABLE_NAME=value [IMAGE_NAME]:[TAG]
# Run a container with a mounted volume
docker run -v /host/path:/container/path [IMAGE_NAME]:[TAG]
```
### Container Management
```bash
# List running containers
docker ps
# List all containers (including stopped)
docker ps -a
# Start a stopped container
docker start [CONTAINER_NAME or ID]
# Stop a running container
docker stop [CONTAINER_NAME or ID]
# Restart a container
docker restart [CONTAINER_NAME or ID]
# Pause a container
docker pause [CONTAINER_NAME or ID]
# Unpause a container
docker unpause [CONTAINER_NAME or ID]
# Remove a container
docker rm [CONTAINER_NAME or ID]
# Remove all stopped containers
docker container prune
# View container logs
docker logs [CONTAINER_NAME or ID]
# Follow container logs (stream)
docker logs -f [CONTAINER_NAME or ID]
# Execute a command in a running container
docker exec -it [CONTAINER_NAME or ID] [COMMAND]
# Open a shell inside a running container
docker exec -it [CONTAINER_NAME or ID] /bin/bash
```
## Docker Networking
```bash
# List networks
docker network ls
# Create a network
docker network create [NETWORK_NAME]
# Connect a container to a network
docker network connect [NETWORK_NAME] [CONTAINER_NAME]
# Disconnect a container from a network
docker network disconnect [NETWORK_NAME] [CONTAINER_NAME]
# Inspect a network
docker network inspect [NETWORK_NAME]
# Remove a network
docker network rm [NETWORK_NAME]
```
### Network Options
- `--net=host`: Uses the host's networking directly
- `--net=bridge`: Default network mode
- `--net=none`: No networking
- `--net=[NETWORK_NAME]`: Connect to a custom network
## Docker Volumes
Volumes are used for persistent data storage.
```bash
# List volumes
docker volume ls
# Create a volume
docker volume create [VOLUME_NAME]
# Inspect a volume
docker volume inspect [VOLUME_NAME]
# Remove a volume
docker volume rm [VOLUME_NAME]
# Remove all unused volumes
docker volume prune
```
### Volume Mounting Options
- `-v /host/path:/container/path`: Bind mount
- `-v [VOLUME_NAME]:/container/path`: Named volume
- `--mount type=bind,source=/host/path,target=/container/path`: Bind mount (alternative syntax)
- `--mount type=volume,source=[VOLUME_NAME],target=/container/path`: Named volume (alternative syntax)
## Docker Compose
Docker Compose is a tool for defining and running multi-container applications.
### Basic Commands
```bash
# Start services defined in docker-compose.yml
docker-compose up
# Start services in detached mode
docker-compose up -d
# Stop services
docker-compose down
# Stop services and remove volumes
docker-compose down -v
# View logs
docker-compose logs
# View running services
docker-compose ps
```
## Best Practices
1. **Use specific image tags** instead of `latest` for reproducibility
2. **Implement health checks** to ensure containers are functioning properly
3. **Use volumes for persistent data** to prevent data loss
4. **Minimize image size** by using multi-stage builds and alpine-based images
5. **Set resource limits** to prevent container resource exhaustion
6. **Use Docker Compose** for multi-container applications
7. **Follow least privilege principle** for security
8. **Regular cleanup** of unused containers, images, and volumes
Reference in New Issue View Git Blame Copy Permalink