Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
docker_notes:docker [2024-01-14 Sun wk02 12:02] – [DNS and nftable / iptables / netfilter within containers] baumkp | docker_notes:docker [2024-06-01 Sat wk22 19:04] (current) – baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
- | Much of this material was originally sourced from: [[https:// | ||
- | |||
======Docker====== | ======Docker====== | ||
Line 68: | Line 66: | ||
Docker has to perform some interesting network filtering both on the container host, as noted above and within containers as outlined here. It looks like this is required to allow container DNS functionality on Docker containers using bridge networking. | Docker has to perform some interesting network filtering both on the container host, as noted above and within containers as outlined here. It looks like this is required to allow container DNS functionality on Docker containers using bridge networking. | ||
- | The containers DNS is assigned to a proxy on 127.0.0.11: | + | The containers DNS (''/ |
Further to this The container netfilter use NAT chains to operate on 127.0.0.11. | Further to this The container netfilter use NAT chains to operate on 127.0.0.11. | ||
Line 102: | Line 100: | ||
On VPN setup, at least openvpn, the / | On VPN setup, at least openvpn, the / | ||
- | On the other hand where Docker bridge network DNS container name resolution is desirable then these netfilter chains must basically remain unadulterated. | + | On the other hand where Docker bridge network DNS container name resolution is desirable then these netfilter chains must basically remain unadulterated. |
| | ||
Line 132: | Line 130: | ||
=====Docker CLI===== | =====Docker CLI===== | ||
+ | Much of this material was originally sourced from: [[https:// | ||
**Run Containers** | **Run Containers** | ||
Line 238: | Line 237: | ||
|'' | |'' | ||
+ | ====docker ps command==== | ||
+ | The '' | ||
+ | *'' | ||
+ | < | ||
+ | *'' | ||
+ | < | ||
+ | *'' | ||
+ | < | ||
+ | |||
+ | ===reference=== | ||
+ | *[[https:// | ||
+ | *Docker Docs | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
====Backup a container==== | ====Backup a container==== | ||
Backup docker data from inside container volumes and package it in a tarball archive.\\ | Backup docker data from inside container volumes and package it in a tarball archive.\\ | ||
Line 290: | Line 303: | ||
- Overlay network, an even more obscure network arrangement I know nothing about. | - Overlay network, an even more obscure network arrangement I know nothing about. | ||
- None network - no assigned network, container has no external network connectivity | - None network - no assigned network, container has no external network connectivity | ||
+ | |||
+ | ====network troubleshooting==== | ||
+ | A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems. | ||
+ | *'' | ||
+ | |||
====Troubleshooting==== | ====Troubleshooting==== | ||
*[[https:// | *[[https:// |