Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker [2025-11-16 Sun wk46 19:39] – [downgrade docker] baumkpdocker_notes:docker [2026-01-17 Sat wk03 09:03] (current) – [Docker CLI] baumkp
Line 76: Line 76:
 ++++For some more details, tldr;|This may affect other services operating on the host machine.  The default FORWARD chain is set to DROP.  On my existing home web server this effectively stopped the KVM bridge network from operating, so the virtual machines could not communicate outside the local host IP address with other LAN addresses, including the router / gateway.  ++++For some more details, tldr;|This may affect other services operating on the host machine.  The default FORWARD chain is set to DROP.  On my existing home web server this effectively stopped the KVM bridge network from operating, so the virtual machines could not communicate outside the local host IP address with other LAN addresses, including the router / gateway. 
  
-Linux forwarding is required for Docker and can be checked with  ''sudo sysctl net.ipv4.ip_forward''.+Linux forwarding is required for Docker and can be checked with  ''sudo sysctl net.ipv4.ip_forward'' and ''sudo sysctl net.ipv6.conf.all.forwarding''
  
 It would also adversely affect my Linux router should I attempt to load docker on this machine.  To make matters worse my Linux router is based on nftables which may not operate well with iptables.  I will cross that hurdle should I get there. Interestingly, it would seem that iptables operates on/as nftables in the Debian 11. It would also adversely affect my Linux router should I attempt to load docker on this machine.  To make matters worse my Linux router is based on nftables which may not operate well with iptables.  I will cross that hurdle should I get there. Interestingly, it would seem that iptables operates on/as nftables in the Debian 11.
Line 158: Line 158:
  
 =====Portainer agent===== =====Portainer agent=====
 +Running Portainer agent from docker is a tedious.  I decided to make it operate using compose.
 +++++docker agent docker compose,  docker-compose.yml|
 +<code yaml>name: portainer
 +services:
 +
 +  portainer-agent:
 +    container_name: portainer-agent
 +    image: portainer/agent
 +    ports:
 +      - "9001:9001" 
 +    volumes:
 +      # Mount the host's Docker socket into the container
 +      - /var/run/docker.sock:/var/run/docker.sock
 +      # Mount the host's Docker volumes into the container
 +      - /var/lib/docker/volumes:/var/lib/docker/volumes
 +    deploy:
 +      resources:
 +        limits:
 +          cpus: '0.5'
 +          memory: 1024M
 +      restart_policy:
 +        condition: unless-stopped
 +        delay: 5s
 +        window: 120s</code>
 +++++
 +
 +++++run docker agent from docker|
 Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001. Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001.
   * First stop the agent container: ''%%docker stop portainer_agent%%''   * First stop the agent container: ''%%docker stop portainer_agent%%''
Line 163: Line 190:
   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.
 <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code> <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code>
 +++++
 It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"'' It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"''
  
Line 220: Line 247:
 |''docker rmi -f $(docker images -a -q)'' | To delete all the images| |''docker rmi -f $(docker images -a -q)'' | To delete all the images|
 |''docker system prune'' | To delete all dangling and unused images, containers, cache and volumes| |''docker system prune'' | To delete all dangling and unused images, containers, cache and volumes|
-|''docker system prune -a'' | To delete all used and unused images| +|''docker system prune -a'' | To delete all dangling and unused images| 
-|''%%docker system prune --volumes%%'' | To delete all docker volumes|+|''%%docker system prune --volumes%%'' | To delete all docker unused system volumes|
  
 **Inspect / Troubleshoot Containers:** **Inspect / Troubleshoot Containers:**
-|<38em>|+|<56em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker ps'' | List running containers| |''docker ps'' | List running containers|
Line 235: Line 262:
 |''docker stats'' | Show stats| |''docker stats'' | Show stats|
 |''docker port CONTAINER'' | Show mapped port of a container| |''docker port CONTAINER'' | Show mapped port of a container|
 +|''docker system df -v'' | displays information regarding the amount of disk space used by the Docker daemon|
 +|''docker system info'' | displays docker system information|
  
 **Run Commands:** **Run Commands:**
Line 248: Line 277:
  
 **Images:** **Images:**
-|<35em>|+|<40em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker images'' | List all local images| |''docker images'' | List all local images|
Line 267: Line 296:
  
 **Volumes:** **Volumes:**
-|<50em>|+|<55em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker volume ls'' | List all volumes| |''docker volume ls'' | List all volumes|
Line 274: Line 303:
 |''docker volume rm VOLUME'' | Destroy a volume| |''docker volume rm VOLUME'' | Destroy a volume|
 |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)| |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)|
-|''docker volume prune'' | Delete all volumes not referenced by any container|+|''docker volume prune'' | Delete all system volumes not referenced by any container|
  
 **Network:** **Network:**
-|<50em>|+|<55em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker network ls'' | List all volumes| |''docker network ls'' | List all volumes|
Line 359: Line 388:
  
 ====References==== ====References====
 +  *[[https://www.fobwp.com/network_mode-host-docker-compose-guide/|Using network_mode: host in Docker Compose Explained]]
   *[[https://www.aidenwebb.com/posts/dockers-seven-network-types-and-when-to-use-them/|Dockers seven network types and when to use them]]   *[[https://www.aidenwebb.com/posts/dockers-seven-network-types-and-when-to-use-them/|Dockers seven network types and when to use them]]
   *[[https://dev.to/wallacefreitas/docker-networking-a-comprehensive-guide-3d5j|Docker Networking: A Comprehensive Guide]]   *[[https://dev.to/wallacefreitas/docker-networking-a-comprehensive-guide-3d5j|Docker Networking: A Comprehensive Guide]]
Line 366: Line 396:
   *[[https://4sysops.com/archives/macvlan-network-driver-assign-mac-address-to-docker-containers/|Macvlan network driver: Assign MAC address to Docker containers]]   *[[https://4sysops.com/archives/macvlan-network-driver-assign-mac-address-to-docker-containers/|Macvlan network driver: Assign MAC address to Docker containers]]
   *[[https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/|Configuring IPvlan networking in Docker]]   *[[https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/|Configuring IPvlan networking in Docker]]
 +
 +=====Docker IP6=====
 +
 +====References====
 +  *[[https://exia.dev/blog/2025-08-10/Enable-IPv6-For-Docker-Container/|Enable IPv6 For Docker Container]]
 +  *[[https://neonode.cc/en/blog/ipv6_docker_docker_compose/|How to Set Up IPv6 Networking in Docker and Docker Compose]]
 =====network troubleshooting===== =====network troubleshooting=====
 A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon. A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon.
Line 374: Line 410:
   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''
   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]
 +
 +=====Docker Container Repositories=====
 +
 +====References====
 +  *[[https://www.linuxserver.io/|linuxserver.io]]
 +    *[[https://www.linuxserver.io/blog/docker-security-practices|Docker Security Practices]]
 +
  
 =====Docker Cleanup===== =====Docker Cleanup=====