Miguel
/
Obsidean_VM
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Obsidean_VM/01-Documentation/Dockers/Docker Basics - Essential C...

12 KiB
Raw Blame History

Ports:


-p {outside}:{inside}



NAMES         PORTS
portainer     0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 9443/tcp
sonarr        0.0.0.0:8989->8989/tcp, :::8989->8989/tcp
radarr        0.0.0.0:7878->7878/tcp, :::7878->7878/tcp
jackett       0.0.0.0:9117->9117/tcp, :::9117->9117/tcp
prowlarr      0.0.0.0:9696->9696/tcp, :::9696->9696/tcp
uglyfeed      0.0.0.0:8001->8001/tcp, :::8001->8001/tcp, 0.0.0.0:8501->8501/tcp, :::8501->8501/tcp
bazarr        0.0.0.0:6767->6767/tcp, :::6767->6767/tcp
Gitea-DB      3306/tcp, 33060/tcp
plantuml      0.0.0.0:8881->8080/tcp, :::8881->8080/tcp
lidarr        0.0.0.0:8686->8686/tcp, :::8686->8686/tcp
jellyfin
unmanic       0.0.0.0:8888->8888/tcp, :::8888->8888/tcp
whisper       0.0.0.0:9005->9000/tcp, :::9005->9000/tcp
qbittorrent   0.0.0.0:6881->6881/tcp, :::6881->6881/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:6881->6881/udp, :::8080->8080/tcp, :::6881->6881/udp
searx-searx   8080/tcp
gitea         0.0.0.0:2222->22/tcp, :::2222->22/tcp, 0.0.0.0:3052->3000/tcp, :::3052->3000/tcp
watchtower    8080/tcp

Managing Ports in Docker on Synology

When setting up multiple containers, it's important to avoid port conflicts. Here are several methods to check which ports are already in use:

Using Docker Commands

bash

# List all running containers with their port mappings
docker ps --format "{{.Names}}: {{.Ports}}"

# For a more detailed view of all port bindings
docker container ls --format "table {{.Names}}\t{{.Ports}}"

# Get only the host ports that are currently mapped
docker ps -q | xargs -n 1 docker port | grep -o '[0-9]*:[0-9]*' | cut -d: -f1 | sort -nu

Using Synology Tools

  1. Synology Docker UI:
    • Open Docker package in DSM
    • Go to "Container" tab
    • View the "Port Settings" column
  2. Using Portainer:
    • Open Portainer web interface
    • Go to "Containers" section
    • View the "Published Ports" column
  3. From Synology DSM:
    • Go to Control Panel → Network → Network Interface
    • Click "Network Port Status" to see all used ports

Check System-Wide Port Usage

To see all ports in use on the system (not just Docker):

bash

# Requires SSH access with admin privileges
sudo netstat -tulpn | grep LISTEN

Creating a Port Inventory Script

You can create a simple script in Task Scheduler to maintain a port inventory:

bash

#!/bin/bash
# Save as port_inventory.sh in Task Scheduler

echo "Docker Port Inventory - $(date)" > /volume1/docker/port_inventory.txt
echo "----------------------------------------" >> /volume1/docker/port_inventory.txt
docker ps --format "{{.Names}}: {{.Ports}}" >> /volume1/docker/port_inventory.txt
echo "" >> /volume1/docker/port_inventory.txt
echo "System-wide ports:" >> /volume1/docker/port_inventory.txt
netstat -tulpn | grep LISTEN >> /volume1/docker/port_inventory.txt

Run this script periodically or before creating new containers to maintain an up-to-date list of used ports, helping you avoid conflicts when configuring new containers.

Docker on Synology NAS

Synology NAS provides a Docker package that offers both GUI and command-line interfaces for managing containers. However, for more complex container configurations, using custom scripts is often more efficient.

Best Practices for Synology Docker Deployments

  1. Standard Directory Structure:

    • Use /volume1/docker/[container_name]/ for container configurations
    • This organization makes backups and migrations easier

  2. User Permissions:

    • Synology has a predefined docker user which should be used for container directories
    • Typical PUID/PGID values in Synology: PUID=1033 (docker user), PGID=100 (users group)

  3. Script-Based Management:

    • Create container deployment scripts in the Synology Task Scheduler
    • Run scripts as root to ensure proper permissions
    • For modifications, either:
      • Update the script and recreate the container
      • Make minor adjustments via Portainer

  4. Using Portainer:

    • Install Portainer for easy container management through a web interface
    • Useful for monitoring, restarting containers, and making minor configuration changes
    • For major changes, modify the original script and redeploy

Example Script for Synology Task Scheduler

#!/bin/bash
# Script to deploy Jellyfin container
# Save in Synology Task Scheduler and run as root

# Stop and remove existing container if it exists
docker stop jellyfin
docker rm jellyfin

# Create the container
docker run -d --name=jellyfin \
  -v /volume2/Media/Peliculas:/movies \
  -v /volume1/docker/jellyfin/config:/config \
  -v /volume2/Media/Musica:/music \
  -v /volume1/docker/jellyfin/cache:/cache \
  -v /volume2/Media/Series:/series \
  -e PUID=1033 \
  -e PGID=100 \
  --group-add 937 \
  --net=host \
  --device /dev/dri/renderD128:/dev/dri/renderD128 \
  --device /dev/dri/card0:/dev/dri/card0 \
  --restart always \
  jellyfin/jellyfin

echo "Jellyfin container deployed successfully."

Example Containers

Media Server (Jellyfin)

docker run -d --name=jellyfin \
  -v /volume2/Media/Peliculas:/movies \
  -v /volume1/docker/jellyfin/config:/config \
  -v /volume2/Media/Musica:/music \
  -v /volume1/docker/jellyfin/cache:/cache \
  -v /volume2/Media/Series:/series \
  -e PUID=1033 \
  -e PGID=100 \
  --group-add 937 \
  --net=host \
  --device /dev/dri/renderD128:/dev/dri/renderD128 \
  --device /dev/dri/card0:/dev/dri/card0 \
  --restart always \
  jellyfin/jellyfin

This container:

  • Runs in detached mode (-d)
  • Mounts multiple volumes for media and configuration
  • Sets user/group IDs for permissions
  • Uses host networking for optimal performance
  • Passes through GPU devices for hardware acceleration
  • Automatically restarts if it crashes or on system boot

Media Processing (Unmanic)

docker run -d --name=unmanic \
  -p 8888:8888 \
  -v /volume1/docker/unmanic/config:/config \
  -v /volume1/docker/unmanic/library:/library \
  -v /volume1/docker/unmanic/cache:/tmp/unmanic \
  -v /volume2/Media/Peliculas:/movies \
  -v /volume2/Media/Musica:/music \
  -v /volume2/Media/Series:/series \
  -e TZ=Europe/Roma \
  -e PUID=1033 \
  -e PGID=100 \
  --group-add 937 \
  --device /dev/dri/renderD128:/dev/dri/renderD128 \
  --device /dev/dri/card0:/dev/dri/card0 \
  --restart always \
  josh5/unmanic:latest

This container:

  • Exposes port 8888 for web UI access
  • Mounts volumes for configuration, processing, and media
  • Sets timezone and user/group IDs
  • Passes through GPU devices for hardware acceleration
  • Automatically restarts if it crashes or on system boot

Important Container Options Explained

  • -d: Run in detached (background) mode
  • --name=NAME: Assign a name to the container
  • -p HOST:CONTAINER: Port mapping
  • -v HOST:CONTAINER: Volume mapping
  • -e KEY=VALUE: Environment variable
  • --restart always: Automatically restart the container
  • --net=host: Use host networking
  • --device SRC:DST: Add a device to the container
  • --group-add GID: Add additional groups to the container
  • -w PATH: Set working directory inside the container
  • --user USER: Set the user running the container
  • --memory LIMIT: Set memory limit
  • --cpus LIMIT: Set CPU limit
  • --privileged: Give extended privileges to the container (use with caution)

Installation

Docker installation varies by operating system:

  • Linux:

    sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

  • macOS and Windows: Download Docker Desktop from the official website.

After installation, verify Docker is running:

docker --version
docker run hello-world

Basic Docker Commands

System Information

# View Docker system information
docker info

# Check Docker version
docker version

# Display system-wide information
docker system info

# Show disk usage
docker system df

Help

# Get help on any command
docker [COMMAND] --help

Working with Docker Images

Images are the blueprints for containers.

# List downloaded images
docker images

# Search for images on Docker Hub
docker search [IMAGE_NAME]

# Pull an image from a registry
docker pull [IMAGE_NAME]:[TAG]

# Build an image from a Dockerfile
docker build -t [IMAGE_NAME]:[TAG] [PATH_TO_DOCKERFILE]

# Remove an image
docker rmi [IMAGE_NAME]:[TAG]

# Remove all unused images
docker image prune

Creating and Managing Containers

Running Containers

# Run a container in interactive mode
docker run -it [IMAGE_NAME]:[TAG]

# Run a container in detached mode (background)
docker run -d [IMAGE_NAME]:[TAG]

# Run a container with a specific name
docker run --name [CONTAINER_NAME] [IMAGE_NAME]:[TAG]

# Run a container and automatically remove it when it exits
docker run --rm [IMAGE_NAME]:[TAG]

# Run a container with port mapping (host_port:container_port)
docker run -p 8080:80 [IMAGE_NAME]:[TAG]

# Run a container with environment variables
docker run -e VARIABLE_NAME=value [IMAGE_NAME]:[TAG]

# Run a container with a mounted volume
docker run -v /host/path:/container/path [IMAGE_NAME]:[TAG]

Container Management

# List running containers
docker ps

# List all containers (including stopped)
docker ps -a

# Start a stopped container
docker start [CONTAINER_NAME or ID]

# Stop a running container
docker stop [CONTAINER_NAME or ID]

# Restart a container
docker restart [CONTAINER_NAME or ID]

# Pause a container
docker pause [CONTAINER_NAME or ID]

# Unpause a container
docker unpause [CONTAINER_NAME or ID]

# Remove a container
docker rm [CONTAINER_NAME or ID]

# Remove all stopped containers
docker container prune

# View container logs
docker logs [CONTAINER_NAME or ID]

# Follow container logs (stream)
docker logs -f [CONTAINER_NAME or ID]

# Execute a command in a running container
docker exec -it [CONTAINER_NAME or ID] [COMMAND]

# Open a shell inside a running container
docker exec -it [CONTAINER_NAME or ID] /bin/bash

Docker Networking

# List networks
docker network ls

# Create a network
docker network create [NETWORK_NAME]

# Connect a container to a network
docker network connect [NETWORK_NAME] [CONTAINER_NAME]

# Disconnect a container from a network
docker network disconnect [NETWORK_NAME] [CONTAINER_NAME]

# Inspect a network
docker network inspect [NETWORK_NAME]

# Remove a network
docker network rm [NETWORK_NAME]

Network Options

  • --net=host: Uses the host's networking directly
  • --net=bridge: Default network mode
  • --net=none: No networking
  • --net=[NETWORK_NAME]: Connect to a custom network

Docker Volumes

Volumes are used for persistent data storage.

# List volumes
docker volume ls

# Create a volume
docker volume create [VOLUME_NAME]

# Inspect a volume
docker volume inspect [VOLUME_NAME]

# Remove a volume
docker volume rm [VOLUME_NAME]

# Remove all unused volumes
docker volume prune

Volume Mounting Options

  • -v /host/path:/container/path: Bind mount
  • -v [VOLUME_NAME]:/container/path: Named volume
  • --mount type=bind,source=/host/path,target=/container/path: Bind mount (alternative syntax)
  • --mount type=volume,source=[VOLUME_NAME],target=/container/path: Named volume (alternative syntax)

Docker Compose

Docker Compose is a tool for defining and running multi-container applications.

Basic Commands

# Start services defined in docker-compose.yml
docker-compose up

# Start services in detached mode
docker-compose up -d

# Stop services
docker-compose down

# Stop services and remove volumes
docker-compose down -v

# View logs
docker-compose logs

# View running services
docker-compose ps

Best Practices

  1. Use specific image tags instead of latest for reproducibility
  2. Implement health checks to ensure containers are functioning properly
  3. Use volumes for persistent data to prevent data loss
  4. Minimize image size by using multi-stage builds and alpine-based images
  5. Set resource limits to prevent container resource exhaustion
  6. Use Docker Compose for multi-container applications
  7. Follow least privilege principle for security
  8. Regular cleanup of unused containers, images, and volumes