https://995facee.rickylin.pages.dev/categories/docker/Recent content in Docker on RickyHugo -- gohugo.ioenWed, 10 Jun 2026 10:59:53 +0800https://995facee.rickylin.pages.dev/posts/2026/20260610-articles/Wed, 10 Jun 2026 10:59:53 +0800https://995facee.rickylin.pages.dev/posts/2026/20260610-articles/<ul> <li><a href="https://pokeemerald.com/" target="_blank" rel="noopener">Pokemon Emerald in WebAssembly(https://github.com/tripplyons/pokeemerald-wasm)</a></li> <li><strong>Github</strong> <ul> <li><a href="https://github.com/wxt-dev/wxt" target="_blank" rel="noopener">wxt: Next-gen Web Extension Framework</a></li> <li><a href="https://github.com/anthropics/defending-code-reference-harness" target="_blank" rel="noopener">Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can <code>/customize</code></a></li> <li><a href="https://github.com/ad-si/awesome-3d-printing" target="_blank" rel="noopener">A curated list of awesome 3D printing resources</a></li> <li><a href="https://github.com/NousResearch/hermes-agent" target="_blank" rel="noopener">hermes-agent: It&rsquo;s the only agent with a built-in learning loop - it creates skills from experience, improves them during use, nudges itself to persist knowledge, searches its own past conversations, and builds a deepening model of who you are across sessions. Run it on a $5 VPS, a GPU cluster, or serverless infrastructure that costs nearly nothing when idle. It&rsquo;s not tied to your laptop - talk to it from Telegram while it works on a cloud VM.</a></li> <li><a href="https://github.com/mysk-research/loupe" target="_blank" rel="noopener">loupe: A privacy-focused iOS app that raises awareness about what native apps can see(https://apps.apple.com/cn/app/loupe-app%E8%83%BD%E7%9C%8B%E5%88%B0%E4%BB%80%E4%B9%88/id6766152470)</a></li> <li><a href="https://github.com/RoversX/LaunchNext" target="_blank" rel="noopener">LaunchNext: Bring your Launchpad back in MacOS26+ ,highly customizable, powerful, free.</a></li> <li><a href="https://github.com/skeeto/endlessh" target="_blank" rel="noopener">endlessh: SSH tarpit that slowly sends an endless banner</a></li> <li><a href="https://github.com/akerouanton/iptables-tracer" target="_blank" rel="noopener">iptables-tracer: Trace packets as they go through iptables chains</a></li> <li><a href="https://github.com/serverless-dns/serverless-dns" target="_blank" rel="noopener">serverless-dns: The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io</a></li> <li><a href="https://github.com/ouch-org/ouch" target="_blank" rel="noopener">ouch: stands for Obvious Unified Compression Helper. It&rsquo;s a CLI tool for compressing and decompressing various formats.(https://github.com/ouch-org/ouch#supported-formats)</a></li> <li><a href="https://github.com/shell-pool/shpool" target="_blank" rel="noopener">shpool: shpool is a service that enables session persistence by allowing the creation of named shell sessions owned by shpool so that the session is not lost if the connection drops. shpool can be thought of as a lighter weight alternative to tmux or GNU screen. While tmux and screen take over the whole terminal and provide window splitting and tiling features, shpool only provides persistent sessions. The biggest advantage of this approach is that shpool does not break native scrollback or copy-paste.</a></li> <li><a href="https://github.com/google/capslock" target="_blank" rel="noopener">capslock: is a capability analysis CLI for Go packages that informs users of which privileged operations a given package can access. This works by classifying the capabilities of Go packages by following transitive calls to privileged standard library operations.</a></li> <li><a href="https://github.com/psviderski/unregistry" target="_blank" rel="noopener">unregistry: Push docker images directly to remote servers without an external registry</a></li> <li><a href="https://github.com/Ranchero-Software/NetNewsWire" target="_blank" rel="noopener">NetNewsWire is a free and open-source feed reader for macOS and iOS. It supports RSS, Atom, JSON Feed, and RSS-in-JSON formats.</a></li> <li><a href="https://github.com/k4yt3x/sysctl" target="_blank" rel="noopener">K4YT3X&rsquo;s Hardened &amp; Optimized Linux Kernel Parameters</a></li> <li><a href="https://github.com/tursodatabase/turso" target="_blank" rel="noopener">Turso is an in-process SQL database, compatible with SQLite.</a></li> <li><a href="https://github.com/zizmorcore/zizmor" target="_blank" rel="noopener">zizmor is a static analysis tool for GitHub Actions.</a></li> <li><a href="https://github.com/rustfs/rustfs" target="_blank" rel="noopener">RustFS is a high-performance, distributed object storage system built in Rust.</a></li> <li><a href="https://github.com/jdx/usage" target="_blank" rel="noopener">Usage: is a spec and CLI for defining CLI tools. Arguments, flags, environment variables, and config files can all be defined in a Usage spec. It can be thought of like OpenAPI (swagger) for CLIs.</a></li> <li><a href="https://github.com/MODSetter/SurfSense" target="_blank" rel="noopener">SurfSense: An open source, privacy focused alternative to NotebookLM for teams with no data limits.</a></li> <li><a href="https://github.com/icann/icann-rdap" target="_blank" rel="noopener">ICANN implementation of the Registry Data Access Protocol (RDAP)</a></li> <li><a href="https://github.com/openrdap/rdap" target="_blank" rel="noopener">OpenRDAP is a command line RDAP client implementation in Go.</a></li> </ul> </li> <li><strong>Article</strong> <ul> <li><a href="https://blog.ammaraskar.com/github-token-stealing/" target="_blank" rel="noopener">1-Click GitHub Token Stealing via a VSCode Bug</a></li> <li><a href="https://www.zhihu.com/question/590661860" target="_blank" rel="noopener">Linux 系统误将 chmod 权限改成 了 000，如何恢复?</a></li> <li><a href="https://ahelwer.ca/post/2026-05-08-builtin-u2f/" target="_blank" rel="noopener">Laptops all have built-in security tokens these days</a></li> <li><a href="https://tailscale.com/blog/tailscale-rustdesk-remote-desktop-access" target="_blank" rel="noopener">Tailscale and RustDesk: Secure remote access to all your desktops</a></li> <li><a href="https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/" target="_blank" rel="noopener">Unexpected security footguns in Go&rsquo;s parsers</a></li> <li><a href="https://marvin.yabi.me/misc/junzishendoo.htm" target="_blank" rel="noopener">君子慎讀</a></li> <li><a href="https://marvin.yabi.me/misc/wenbai.htm" target="_blank" rel="noopener">辭典中標注的「讀音」和「語音」是什麼？</a></li> <li><a href="https://marvin.yabi.me/misc/AND.htm" target="_blank" rel="noopener">拜託別再「我汗你」了！</a></li> </ul> </li> </ul> <hr> <h2 id="linux-系统误将-chmod-权限改成-了-000如何恢复">Linux 系统误将 chmod 权限改成 了 000，如何恢复?</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-c" data-lang="c"><span style="display:flex;"><span><span style="color:#75715e">#include</span> <span style="color:#75715e">&lt;sys/stat.h&gt;</span><span style="color:#75715e"> </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">int</span> <span style="color:#a6e22e">main</span>() { </span></span><span style="display:flex;"><span> <span style="color:#a6e22e">chmod</span>(<span style="color:#e6db74">&#34;/usr/bin/chmod&#34;</span>, <span style="color:#ae81ff">0755</span>); </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">return</span> <span style="color:#ae81ff">0</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>ubuntu@ubuntu:~$ which chmod </span></span><span style="display:flex;"><span>/usr/bin/chmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod </span></span><span style="display:flex;"><span>lrwxrwxrwx <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">8</span> Sep <span style="color:#ae81ff">27</span> <span style="color:#ae81ff">2025</span> /usr/bin/chmod -&gt; gnuchmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod </span></span><span style="display:flex;"><span>-rwxr-xr-x <span style="color:#ae81ff">1</span> root root 67K Jan <span style="color:#ae81ff">23</span> 21:34 /usr/bin/gnuchmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ sudo chmod <span style="color:#ae81ff">000</span> /usr/bin/chmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod </span></span><span style="display:flex;"><span>lrwxrwxrwx <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">8</span> Sep <span style="color:#ae81ff">27</span> <span style="color:#ae81ff">2025</span> /usr/bin/chmod -&gt; gnuchmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod </span></span><span style="display:flex;"><span>---------- <span style="color:#ae81ff">1</span> root root 67K Jan <span style="color:#ae81ff">23</span> 21:34 /usr/bin/gnuchmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ cat main.c </span></span><span style="display:flex;"><span><span style="color:#75715e">#include &lt;sys/stat.h&gt;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>int main<span style="color:#f92672">()</span> <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> chmod<span style="color:#f92672">(</span><span style="color:#e6db74">&#34;/usr/bin/chmod&#34;</span>, 0755<span style="color:#f92672">)</span>; </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">return</span> 0; </span></span><span style="display:flex;"><span><span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ gcc ./main.c </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ sudo ./a.out </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod </span></span><span style="display:flex;"><span>lrwxrwxrwx <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">8</span> Sep <span style="color:#ae81ff">27</span> <span style="color:#ae81ff">2025</span> /usr/bin/chmod -&gt; gnuchmod </span></span><span style="display:flex;"><span>ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod </span></span><span style="display:flex;"><span>-rwxr-xr-x <span style="color:#ae81ff">1</span> root root 67K Jan <span style="color:#ae81ff">23</span> 21:34 /usr/bin/gnuchmod </span></span></code></pre></div><hr> <h2 id="laptops-all-have-built-in-security-tokens-these-days">Laptops all have built-in security tokens these days</h2> <h3 id="macos">macOS</h3> <blockquote> <p><a href="https://github.com/yubico/libfido2" target="_blank" rel="noopener">https://github.com/yubico/libfido2</a></p>https://995facee.rickylin.pages.dev/posts/2026/20260111-wud/Sun, 11 Jan 2026 15:22:11 +0800https://995facee.rickylin.pages.dev/posts/2026/20260111-wud/<ul> <li><a href="https://blog.ibytebox.com/archives/TKFPS2tq" target="_blank" rel="noopener">Replace Watchtower with WUD: Build a Controlled Docker Auto-Update Plan</a></li> </ul> <p>WUD (What&rsquo;s Up Docker)</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">wud</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">getwud/wud:latest</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">wud</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;3000:3000&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/var/run/docker.sock:/var/run/docker.sock</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">./store:/store</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">TZ=Asia/Shanghai</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Local Docker watcher</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_SOCKET=/var/run/docker.sock</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Key: do not watch any containers by default</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_WATCHBYDEFAULT=false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Scan every 12 hours</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_WATCHER_LOCAL_CRON=0 */12 * * *</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Auto update + prune old images after update</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WUD_TRIGGER_DOCKER_AUTO_PRUNE=true</span> <span style="color:#75715e"># Equivalent to `watchtower --cleanup`</span> </span></span></code></pre></div><h4 id="monitor-only-no-auto-update">Monitor only (no auto update)</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">labels</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.watch=true&#34;</span> </span></span></code></pre></div><ul> <li>Appears in the WUD UI</li> <li>Shows update hints</li> <li>Does not auto-restart</li> </ul> <h4 id="monitor--auto-update-watchtower-equivalent">Monitor + auto update (Watchtower equivalent)</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">labels</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.watch=true&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;wud.trigger.include=docker.auto&#34;</span> </span></span></code></pre></div>https://995facee.rickylin.pages.dev/posts/2025/20250903-linux-docker-nftables/Wed, 03 Sep 2025 09:03:00 +0800https://995facee.rickylin.pages.dev/posts/2025/20250903-linux-docker-nftables/<ul> <li><a href="https://blog.ibytebox.com/archives/docker-rong-qi-wu-fa-fang-wen-wai-wang-nftables-xia-de-nat-pei-zhi-zhi-nan" target="_blank" rel="noopener">Docker Containers Can&rsquo;t Access the Internet? NAT Configuration Guide for nftables</a></li> </ul>https://995facee.rickylin.pages.dev/posts/2025/20250801-linuxserver.io/Fri, 01 Aug 2025 15:52:00 +0800https://995facee.rickylin.pages.dev/posts/2025/20250801-linuxserver.io/<ul> <li><a href="https://ivonblog.com/posts/linuxserver-io-docker-applications/" target="_blank" rel="noopener">Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps</a></li> <li><a href="https://www.linuxserver.io/our-images" target="_blank" rel="noopener">LinuxServer.io Official Site</a></li> </ul>https://995facee.rickylin.pages.dev/posts/2025/20250801-gluetun-vpn-docker/Fri, 01 Aug 2025 15:51:00 +0800https://995facee.rickylin.pages.dev/posts/2025/20250801-gluetun-vpn-docker/<ul> <li><a href="https://ivonblog.com/posts/gluetun-vpn-docker/" target="_blank" rel="noopener">Gluetun: Route Docker Containers Through a VPN, Disconnect on No Network</a></li> </ul> <h2 id="gluetun">Gluetun</h2> <ul> <li>OpenVPN</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gluetun</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">qmcgaw/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">cap_add</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">NET_ADMIN</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">devices</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/dev/net/tun:/dev/net/tun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8888</span>:<span style="color:#ae81ff">8888</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># HTTP proxy</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/udp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/home/user/gluetun:/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: <span style="color:#75715e"># Fill in based on your VPN provider&#39;s OpenVPN config</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_SERVICE_PROVIDER=protonvpn</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_TYPE=openvpn</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">OPENVPN_USER=</span> <span style="color:#75715e"># OpenVPN username</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">OPENVPN_PASSWORD=</span> <span style="color:#75715e"># OpenVPN password</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">SERVER_COUNTRIES=United Kingdom</span> <span style="color:#75715e"># Set server country, separated by commas</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipv4_address</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">bridge</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipam</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">config</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">subnet</span>: <span style="color:#ae81ff">172.27.0.0</span><span style="color:#ae81ff">/16</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">gateway</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span></code></pre></div><ul> <li>WireGuard</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gluetun</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">qmcgaw/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">cap_add</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">NET_ADMIN</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">devices</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/dev/net/tun:/dev/net/tun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8888</span>:<span style="color:#ae81ff">8888</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># HTTP proxy</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/tcp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8388</span>:<span style="color:#ae81ff">8388</span><span style="color:#ae81ff">/udp</span> <span style="color:#75715e"># Shadowsocks</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">/home/user/gluetun:/gluetun</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_SERVICE_PROVIDER=protonvpn</span> <span style="color:#75715e"># Fill in based on your VPN provider&#39;s WireGuard config</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">VPN_TYPE=wireguard</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_PRESHARED_KEY=</span> <span style="color:#75715e"># Preshared key</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_PRIVATE_KEY=</span> <span style="color:#75715e"># Private key</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">WIREGUARD_ADDRESSES=</span> <span style="color:#75715e"># Set IPv4 and IPv6 addresses, separated by commas</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">SERVER_COUNTRIES=United Kingdom</span> <span style="color:#75715e"># Set server country, separated by commas</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipv4_address</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">networks</span>: <span style="color:#75715e"># (Optional) fixed IP for the Gluetun container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">bridge</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ipam</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">config</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">subnet</span>: <span style="color:#ae81ff">172.27.0.0</span><span style="color:#ae81ff">/16</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">gateway</span>: <span style="color:#ae81ff">172.27.0.5</span> </span></span></code></pre></div><h2 id="let-containers-use-gluetuns-vpn-connection">Let containers use Gluetun&rsquo;s VPN connection</h2> <ul> <li>If the service and Gluetun are in the same docker-compose, add network mode: network_mode: &ldquo;service:gluetun&rdquo;</li> <li>If the service is in a different docker-compose from Gluetun, add network_mode: &ldquo;container:gluetun&rdquo;</li> <li>Open Gluetun&rsquo;s docker-compose file and re-add the service ports you need (e.g. 8080)</li> <li>Start Gluetun first, then start services that should use Gluetun&rsquo;s VPN connection</li> <li>The container&rsquo;s public IP should match the VPN server you selected</li> </ul>https://995facee.rickylin.pages.dev/posts/2024/20240806-best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly/Tue, 06 Aug 2024 12:26:26 +0800https://995facee.rickylin.pages.dev/posts/2024/20240806-best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly/<ul> <li><a href="https://soulteary.com/2024/08/05/best-practices-for-traefik-3-and-minio-in-docker-getting-started-quickly.html" target="_blank" rel="noopener">Build a Private Object Storage with Traefik v3 and MinIO in Docker</a></li> <li><a href="https://github.com/soulteary/traefik-minio-example.git" target="_blank" rel="noopener">https://github.com/soulteary/traefik-minio-example.git</a></li> <li><a href="https://soulteary.com/2024/08/04/best-practices-for-traefik-3-in-docker-getting-started-quickly.html#docker-%E7%8E%AF%E5%A2%83" target="_blank" rel="noopener">Best Practices for Traefik 3 in Docker: Quick Start</a></li> </ul>https://995facee.rickylin.pages.dev/posts/2023/20231004-container/Wed, 04 Oct 2023 09:06:00 +0800https://995facee.rickylin.pages.dev/posts/2023/20231004-container/<ul> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/" target="_blank" rel="noopener">Container security fundamentals: Exploring containers as processes</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/" target="_blank" rel="noopener">Container security fundamentals part 2: Isolation &amp; namespaces</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-3/" target="_blank" rel="noopener">Container security fundamentals part 3: Capabilities</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-4/" target="_blank" rel="noopener">Container security fundamentals part 4: Cgroups</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-5/" target="_blank" rel="noopener">Container security fundamentals part 5: AppArmor and SELinux</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-6/" target="_blank" rel="noopener">Container security fundamentals part 6: seccomp </a></li> </ul>https://995facee.rickylin.pages.dev/posts/2023/20230904-faster-multi-platform-builds-dockerfile-cross-compilation-guide/Mon, 04 Sep 2023 10:31:54 +0800https://995facee.rickylin.pages.dev/posts/2023/20230904-faster-multi-platform-builds-dockerfile-cross-compilation-guide/<ul> <li><a href="https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/" target="_blank" rel="noopener">Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide</a></li> </ul> <h3 id="method">method</h3> <ul> <li><code>docker buildx create --use</code></li> <li><code>FROM --platform=linux/amd64 debian</code> / <code>FROM --platform=$BUILDPLATFORM debian</code></li> <li>variables</li> </ul> <pre tabindex="0"><code>BUILDPLATFORM — matches the current machine. (e.g. linux/amd64) BUILDOS — os component of BUILDPLATFORM, e.g. linux BUILDARCH — e.g. amd64, arm64, riscv64 BUILDVARIANT — used to set ARM variant, e.g. v7 TARGETPLATFORM — The value set with --platform flag on build TARGETOS - OS component from --platform, e.g. linux TARGETARCH - Architecture from --platform, e.g. arm64 TARGETVARIANT </code></pre><h3 id="example">example</h3> <ul> <li>before</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> golang:1.17-alpine AS build</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> /src</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> . .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> go build -o /out/myapp .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>build /out/myapp /bin<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><ul> <li>after</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> --platform=$BUILDPLATFORM golang:1.17-alpine AS build</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> /src</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> TARGETOS TARGETARCH<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> --mount<span style="color:#f92672">=</span>target<span style="color:#f92672">=</span>. <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --mount<span style="color:#f92672">=</span>type<span style="color:#f92672">=</span>cache,target<span style="color:#f92672">=</span>/root/.cache/go-build <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --mount<span style="color:#f92672">=</span>type<span style="color:#f92672">=</span>cache,target<span style="color:#f92672">=</span>/go/pkg <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> GOOS<span style="color:#f92672">=</span>$TARGETOS GOARCH<span style="color:#f92672">=</span>$TARGETARCH go build -o /out/myapp .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>build /out/myapp /bin<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div>https://995facee.rickylin.pages.dev/posts/2022/20221006-elasticsearch/Thu, 06 Oct 2022 11:30:59 +0800https://995facee.rickylin.pages.dev/posts/2022/20221006-elasticsearch/<ul> <li><a href="https://jiajunhuang.com/articles/2022_10_06-elasticsearch.md.html" target="_blank" rel="noopener">Elasticsearch Study Notes</a></li> </ul> <h3 id="install-the-chinese-analyzer-plugin">Install the Chinese analyzer plugin</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>docker exec -it elasticsearch bash </span></span><span style="display:flex;"><span>$ elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.4.1/elasticsearch-analysis-ik-8.4.1.zip </span></span></code></pre></div><ul> <li>Dev Tools <ul> <li>The <code>content</code> field is <code>text</code>. Use <code>ik_max_word</code> for indexing and <code>ik_smart</code> for searching. The former generates as many tokens as possible, while the latter generates coarser-grained tokens.</li> </ul> </li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">PUT</span> <span style="color:#960050;background-color:#1e0010">/words</span> </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;mappings&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;properties&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;content&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;type&#34;</span>: <span style="color:#e6db74">&#34;text&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;analyzer&#34;</span>: <span style="color:#e6db74">&#34;ik_max_word&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;search_analyzer&#34;</span>: <span style="color:#e6db74">&#34;ik_smart&#34;</span> </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;age&#34;</span>: { </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;type&#34;</span>: <span style="color:#e6db74">&#34;integer&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;index&#34;</span>: <span style="color:#66d9ef">false</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;acknowledged&#34;</span>: <span style="color:#66d9ef">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;shards_acknowledged&#34;</span>: <span style="color:#66d9ef">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;index&#34;</span>: <span style="color:#e6db74">&#34;words&#34;</span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div>https://995facee.rickylin.pages.dev/posts/2022/20220725-build-lightweight-docker-image-for-go-app/Mon, 25 Jul 2022 17:33:47 +0800https://995facee.rickylin.pages.dev/posts/2022/20220725-build-lightweight-docker-image-for-go-app/<ul> <li><a href="https://iter01.com/605065.html" target="_blank" rel="noopener">Build a Lightweight Docker Image for Your Go App? | IT Man</a></li> </ul> <h5 id="go-build">go build</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># default</span> </span></span><span style="display:flex;"><span>$ go build -o test1 main.go </span></span><span style="display:flex;"><span>$ du -sh test1 </span></span><span style="display:flex;"><span>14M test1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># You can add `-ldflags &#34;-s -w&#34;` during compilation to reduce the binary size by stripping some link and debug info. Details:</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -a: force rebuilding all dependencies</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -s: drop symbol table info; stack traces in panic will lose file/line info</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># -w: drop DWARF debug info; you cannot debug with gdb</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># If you don&#39;t need the symbol table, you can just use &#34;-s&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Note: it is not recommended to use -w and -s together</span> </span></span><span style="display:flex;"><span>$ go build -ldflags <span style="color:#e6db74">&#34;-s -w&#34;</span> -o test2 main.go </span></span><span style="display:flex;"><span>$ du -sh test2 </span></span><span style="display:flex;"><span>11M test2 </span></span></code></pre></div><h5 id="upxbrewyum-install-upx">upx(<code>brew/yum install upx</code>)</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ upx test2 </span></span><span style="display:flex;"><span> Ultimate Packer <span style="color:#66d9ef">for</span> eXecutables </span></span><span style="display:flex;"><span> Copyright <span style="color:#f92672">(</span>C<span style="color:#f92672">)</span> <span style="color:#ae81ff">1996</span> - <span style="color:#ae81ff">2020</span> </span></span><span style="display:flex;"><span>UPX 3.96 Markus Oberhumer, Laszlo Molnar &amp; John Reiser Jan 23rd <span style="color:#ae81ff">2020</span> </span></span><span style="display:flex;"><span> File size Ratio Format Name </span></span><span style="display:flex;"><span> -------------------- ------ ----------- ----------- </span></span><span style="display:flex;"><span> <span style="color:#ae81ff">11490768</span> -&gt; <span style="color:#ae81ff">4063248</span> 35.36% macho/amd64 test2 </span></span><span style="display:flex;"><span>Packed <span style="color:#ae81ff">1</span> file. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ upx --brute test2 </span></span><span style="display:flex;"><span>$ du -sh test2 </span></span><span style="display:flex;"><span>4.6M test2 </span></span></code></pre></div><p>UPX compression options</p>https://995facee.rickylin.pages.dev/posts/2021/20210917-docker/Fri, 17 Sep 2021 14:11:03 +0800https://995facee.rickylin.pages.dev/posts/2021/20210917-docker/<h1 id="docker">Docker</h1> <h2 id="concept">Concept</h2> <h3 id="vm-vs-container">VM vs Container</h3> <ul> <li>VM - Base on OS</li> <li>Container - Base on Application (Linux Kernel: Namespace and Cgroup)</li> </ul> <h3 id="client-to-server">Client to Server</h3> <ul> <li>Docker daemon - containerd, docker-containerd-shim, docker-runc</li> <li>Docker client - cli command</li> </ul> <pre tabindex="0"><code>docker cli -&gt; docker daemon -&gt; containerd -&gt; runc -&gt; namespace &amp; cgroup </code></pre><h3 id="image">Image</h3> <ul> <li>Snapshots</li> </ul> <h3 id="container">Container</h3> <ul> <li>Read-Only processes on image</li> </ul> <h3 id="hub--registry">Hub / Registry</h3> <ul> <li>Store images</li> </ul> <h3 id="references">References</h3> <ul> <li><a href="https://philipzheng.gitbook.io/docker_practice/" target="_blank" rel="noopener">Docker —— 從入門到實踐</a></li> <li><a href="https://docs.docker.com/" target="_blank" rel="noopener">docker docs</a></li> </ul> <hr> <h2 id="docker-commands">Docker commands</h2> <h3 id="dockerfile">Dockerfile</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">ARG</span> dist<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;/tmp/password&#34;</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> projectDir<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;/password&#34;</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> golang:1.16-alpine3.14 AS builder</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> apk add build-base upx<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> dist<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> projectDir<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">WORKDIR</span><span style="color:#e6db74"> ${projectDir}</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> . .<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> go build -trimpath -o main cmd/main.go<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> upx -9 -o <span style="color:#e6db74">${</span>dist<span style="color:#e6db74">}</span> main<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> scratch</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ARG</span> dist<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">ENV</span> TZ<span style="color:#f92672">=</span>Asia/Taipei<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> --from<span style="color:#f92672">=</span>builder <span style="color:#e6db74">${</span>dist<span style="color:#e6db74">}</span> /usr/local/bin/password<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="dockerfile1">Dockerfile1</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">CMD</span> [<span style="color:#e6db74">&#34;nc&#34;</span>,<span style="color:#e6db74">&#34;-l&#34;</span>,<span style="color:#e6db74">&#34;12345&#34;</span>]<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="dockerfile2">Dockerfile2</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> alpine</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">CMD</span> [<span style="color:#e6db74">&#34;echo&#34;</span>,<span style="color:#e6db74">&#34;DOCKER&#34;</span>]<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="docker-build-command">docker build command</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>docker build . -t program </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>docker build . -f Dockerfile -t test_mysql </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>docker build . -t hello:v1.1 --build-arg dist<span style="color:#f92672">=</span>/tmp/hello --build-arg projectDir<span style="color:#f92672">=</span>/hello </span></span></code></pre></div><hr> <h3 id="docker-build">docker build</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Before build</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span><span style="display:flex;"><span>docker build . -f docker/Dockerfile1 -t test1 </span></span><span style="display:flex;"><span>docker build . -f docker/Dockerfile2 -t test2 </span></span></code></pre></div><h3 id="docker-image">docker image</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">After build</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="docker-run-and-rm">docker run AND rm</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Run container1</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker run -d --name container1 test1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Run container2</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker run -d --name container2 test2 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List alive containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove alive container</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rm -f container1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove exit container</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rm container2 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all containers</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker ps -a </span></span></code></pre></div><hr> <h3 id="docker-pull-and-rmi">docker pull AND rmi</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Pull alpine image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker pull alpine </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="docker-rmi">docker rmi</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">Remove alpine image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker rmi alpine </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List all image</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker image ls </span></span></code></pre></div><hr> <h3 id="prune">prune</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>docker system prune -f --volumes </span></span></code></pre></div><hr> <h3 id="docker-history">docker history</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">History of test1</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker history test1 </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">History of mysql:8</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>docker history mysql:8 </span></span></code></pre></div><hr> <h2 id="docker-remote">Docker remote</h2> <h3 id="edit-service-file">Edit service file</h3> <pre tabindex="0"><code># /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 </code></pre><h3 id="restart-service">Restart service</h3> <pre tabindex="0"><code>systemctl daemon-reload systemctl restart docker </code></pre><h3 id="specify-docker_host">Specify DOCKER_HOST</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. docker/status </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>GREEN<span style="color:#e6db74">}</span><span style="color:#e6db74">List images on 192.168.185.9</span><span style="color:#e6db74">${</span>RESET<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span>DOCKER_HOST<span style="color:#f92672">=</span>192.168.185.9:2375 docker images </span></span></code></pre></div><hr> <h2 id="docker-compose">Docker-compose</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">version</span>: <span style="color:#e6db74">&#34;3&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">svn</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/svn</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_HOSTS=${LDAP_HOSTS}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_BASE_DN=${LDAP_BASE_DN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_BIND_DN=${LDAP_BIND_DN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">8000</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">3690</span>:<span style="color:#ae81ff">3690</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">depends_on</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">ldap</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ldap</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/openldap</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_DOMAIN=${LDAP_DOMAIN}</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">389</span>:<span style="color:#ae81ff">389</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">636</span>:<span style="color:#ae81ff">636</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">php</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">zeyanlin/phpldapadmin</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">LDAP_HOSTS=${LDAP_HOSTS}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">80</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">depends_on</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">ldap</span> </span></span></code></pre></div><hr> <h3 id="env">Env</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-ini" data-lang="ini"><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_HOSTS</span><span style="color:#f92672">=</span><span style="color:#e6db74">ldap</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_DOMAIN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;knowhow.fun&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_BASE_DN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;dc=knowhow,dc=fun&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_BIND_DN</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;cn=admin&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">LDAP_ADMIN_PASS</span><span style="color:#f92672">=</span><span style="color:#e6db74">&#34;123qwe&#34;</span> </span></span></code></pre></div>https://995facee.rickylin.pages.dev/posts/2021/20210820-how-to-improve-your-docker-containers-security-cheat-sheet/Fri, 20 Aug 2021 23:14:30 +0800https://995facee.rickylin.pages.dev/posts/2021/20210820-how-to-improve-your-docker-containers-security-cheat-sheet/<ul> <li><a href="https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/" target="_blank" rel="noopener">Docker Security Best Practices: Cheat Sheet</a></li> </ul> <h3 id="image-security">Image Security</h3> <h4 id="use-trusted-images">Use Trusted Images</h4> <h4 id="unprivileged-user">Unprivileged User</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> base_image</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">RUN</span> addgroup -S appgroup <span style="color:#f92672">&amp;&amp;</span> adduser -S appuser -G appgroup<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">USER</span><span style="color:#e6db74"> appuser</span><span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h4 id="user-id-namespace">User ID Namespace</h4> <blockquote> <p>Segregate namespaces to prevent container privilege escalation from affecting the host.</p></blockquote> <p>To mitigate this risk, configure your host and the Docker daemon to use a separate namespace with the <code>--userns-remap</code> option.</p> <h3 id="container-runtime-security">Container Runtime Security</h3> <h4 id="forbid-new-privileges">Forbid New Privileges</h4> <p>For enhanced security, it is recommended to explicitly forbid the addition of new privileges after container creation using this option: <code>--security-opt=no-new-privileges</code>.</p>https://995facee.rickylin.pages.dev/posts/2021/20210719-docker-compose-yaml-problem/Mon, 19 Jul 2021 15:40:36 +0800https://995facee.rickylin.pages.dev/posts/2021/20210719-docker-compose-yaml-problem/<h4 id="issue">issue</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e"># ./docker-compose up -d</span> </span></span><span style="display:flex;"><span>Creating network <span style="color:#e6db74">&#34;gogs_default&#34;</span> with the default driver </span></span><span style="display:flex;"><span>Creating gogs_mysql_1 ... <span style="color:#66d9ef">done</span> </span></span><span style="display:flex;"><span>Creating gogs_gogs_1 ... error </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ERROR: <span style="color:#66d9ef">for</span> gogs_gogs_1 Cannot create container <span style="color:#66d9ef">for</span> service gogs: invalid port specification: <span style="color:#e6db74">&#34;133342&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ERROR: <span style="color:#66d9ef">for</span> gogs Cannot create container <span style="color:#66d9ef">for</span> service gogs: invalid port specification: <span style="color:#e6db74">&#34;133342&#34;</span> </span></span><span style="display:flex;"><span>ERROR: Encountered errors <span style="color:#66d9ef">while</span> bringing up the project. </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">gogs</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">2222</span>:<span style="color:#ae81ff">22</span> </span></span></code></pre></div><p>YAML supports so-called &ldquo;base-60 floating-point numbers,&rdquo; which is useful for time calculations.</p> <p>Therefore, <code>2222:22</code> is interpreted as <code>2222 * 60 + 22</code>, which is 133342.</p>https://995facee.rickylin.pages.dev/posts/2020/20200914-about-using-docker-config/Mon, 14 Sep 2020 11:13:23 +0800https://995facee.rickylin.pages.dev/posts/2020/20200914-about-using-docker-config/<ul> <li><a href="https://medium.com/better-programming/about-using-docker-config-e967d4a74b83" target="_blank" rel="noopener">Docker Tips: Using Docker Config</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span><span style="color:#e6db74"> nginx:1.13.6</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span><span style="color:#66d9ef">COPY</span> nginx.conf /etc/nginx/nginx.conf<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><p>Using the Docker CLI, we can create a <code>config</code> from this configuration file, we name this config <code>proxy</code>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker config create proxy nginx.conf </span></span><span style="display:flex;"><span>mdcfnxud53ve6jgcgjkhflg0s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ docker config inspect proxy </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;ID&#34;</span>: <span style="color:#e6db74">&#34;x06uaozphg9kbnf8g4az4mucn&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Version&#34;</span>: <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Index&#34;</span>: <span style="color:#ae81ff">2723</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;CreatedAt&#34;</span>: <span style="color:#e6db74">&#34;2017-11-21T07:49:09.553666064Z&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;UpdatedAt&#34;</span>: <span style="color:#e6db74">&#34;2017-11-21T07:49:09.553666064Z&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Spec&#34;</span>: <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Name&#34;</span>: <span style="color:#e6db74">&#34;proxy&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Labels&#34;</span>: <span style="color:#f92672">{}</span>, </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;Data&#34;</span>: <span style="color:#e6db74">&#34;dXNlciB3d3ctZGF0YTsKd29y...ogIgICAgIH0KICAgIH0KfQo=&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">]</span> </span></span></code></pre></div><h5 id="use-a-config">Use a Config</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker network create --driver overlay front </span></span><span style="display:flex;"><span>$ docker service create --name api --network front lucj/api </span></span><span style="display:flex;"><span>$ docker service create --name proxy <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network front <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --config src<span style="color:#f92672">=</span>proxy,target<span style="color:#f92672">=</span>/etc/nginx/nginx.conf <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --port 8000:8000 <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> nginx:1.13.6 </span></span></code></pre></div><h5 id="service-update">Service Update</h5> <p>When the content of a configuration needs to be modified, it&rsquo;s a common pattern to create a new config (using <code>docker config create</code>), and then to update the service order to remove the access to the previous config, and to add the access to the new one. The service commands are<code>--config-rm</code> and <code>--config-add</code>.</p>https://995facee.rickylin.pages.dev/posts/2020/20200325-how-to-deploy-on-remote-docker-hosts-with-docker-compose/Wed, 25 Mar 2020 19:30:54 +0800https://995facee.rickylin.pages.dev/posts/2020/20200325-how-to-deploy-on-remote-docker-hosts-with-docker-compose/<ul> <li><a href="https://www.docker.com/blog/how-to-deploy-on-remote-docker-hosts-with-docker-compose/" target="_blank" rel="noopener">How to deploy on remote Docker hosts with docker-compose</a></li> </ul> <h5 id="manual-deployment-by-copying-project-files-install-docker-compose-and-running-it">Manual deployment by copying project files, install docker-compose and running it</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ scp -r hello-docker user@remotehost:/path/to/src </span></span><span style="display:flex;"><span>$ ssh user@remotehost </span></span><span style="display:flex;"><span>$ pip install docker-compose </span></span><span style="display:flex;"><span>$ cd /path/to/src/hello-docker </span></span><span style="display:flex;"><span>$ docker-compose up -d </span></span></code></pre></div><h5 id="using-docker_host-environment-variable-to-set-up-the-target-engine">Using DOCKER_HOST environment variable to set up the target engine</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ cd hello-docker </span></span><span style="display:flex;"><span>$ DOCKER_HOST<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;ssh://user@remotehost&#34;</span> docker-compose up -d </span></span></code></pre></div><h5 id="using-docker-contexts">Using docker contexts</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker context create remote ‐‐docker <span style="color:#e6db74">&#34;host=ssh://user@remotemachine&#34;</span> </span></span><span style="display:flex;"><span>remote </span></span><span style="display:flex;"><span>Successfully created context <span style="color:#e6db74">&#34;remote&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ docker context ls </span></span><span style="display:flex;"><span>NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR </span></span><span style="display:flex;"><span>default * Current DOCKER_HOST… unix:///var/run/docker.sock swarm </span></span><span style="display:flex;"><span>remote ssh://user@remotemachine </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ cd hello-docker </span></span><span style="display:flex;"><span>$ docker-compose ‐‐context remote up -d </span></span></code></pre></div>