Docker in Action
阿新 • • 發佈:2018-12-07
docker help
docker help cp
docker run --detach --name web nginx:latest
docker run -d --name mailer
docker run --interactive --tty --link web:web --name web_test busybox:latest /bin/sh
docker run -it --name agent --link web:insideweb --link mailer:insidemailer dockerinaction/ch2_agent
docker ps
docker restart web
docker restart mailer
docker restart agent
docker logs web
docker run -d --name namespaceA busybox:latest /bin/sh -c "sleep 30000"
docker run -d --name namespaceB busybox:latest /bin/sh -c "nc -l -p 0.0.0.0:80"
docker exec namespaceA ps
docker exec namespaceB ps
docker run --pid host busybox:latest ps
docker run –d --name webConflict nginx:latest
docker logs webConflict
docker exec webConflict nginx -g 'daemon off‘
docker run -d --name webA nginx:latest
docker logs webA
docker run -d --name webB nginx:latest
docker logs webB
docker run -d --name webid nginx
docker rename webid webid-old
docker run -d --name webid nginx
docker exec 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5 ps
docker stop 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5
docker create nginx
CID=$(docker create nginx:latest)
echo $CID
docker create --cidfile /tmp/web.cid nginx
cat /tmp/web.cid
CID=$(docker ps --latest --quiet)
echo $CID
CID=$(docker ps -l –q)
echo $CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker create nginx)
AGENT_CID=$(docker create --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker ps -a
docker start $WEB_CID
docker start $AGENT_CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker run -d nginx)
AGENT_CID=$(docker run -d --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker run -d --name wpdb -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5
docker run -d --name wp2 --link wpdb:mysql -p 80 --read-only wordpress:4
docker logs wp2
docker run -d --name wp3 --link wpdb:mysql -p 80 -v /run/lock/apache2/ -v /run/apache2/ --read-only wordpress:4
SQL_CID=$(docker create -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
docker start $SQL_CID
MAILER_CID=$(docker create dockerinaction/ch2_mailer)
docker start $MAILER_CID
WP_CID=$(docker create --link $SQL_CID:mysql -p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create --link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run --env MY_ENVIRONMENT_VAR="this is a test" \
busybox:latest \
env
docker create --env WORDPRESS_DB_HOST=<my database hostname> wordpress:4
docker create \
--env WORDPRESS_DB_HOST=<my database hostname> \
--env WORDPRESS_DB_USER=site_admin \
--env WORDPRESS_DB_PASSWORD=MeowMix42 \
wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_a_wp wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_b_wp wordpress:4
DB_CID=$(docker run -d -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
if [ ! -n "$CLIENT_ID" ]; then
echo "Client ID not set”
exit 1
fi
WP_CID=$(docker create \
--link $DB_CID:mysql \
--name wp_$CLIENT_ID \
-p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
-e WORDPRESS_DB_NAME=$CLIENT_ID \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create \
--name agent_$CLIENT_ID \
--link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run -d --name backoff-detector --restart always busybox date
docker run -d -p 80:80 --name lamp-test tutum/lamp
docker top lamp-test
docker exec lamp-test ps
docker exec lamp-test kill <PID>
docker run --entrypoint="cat" wordpress:4 /entrypoint.sh
docker ps -a
docker rm wp
docker run --rm --name auto-exit-test busybox:latest echo Hello World
docker rm -vf $(docker ps -a -q)
docker search postgres
docker rmi dockerinaction/ch3_ex2_hunt
docker rmi <mystery repository>
docker pull quay.io/dockerinaction/ch3_hello_registry:latest
docker pull busybox:latest
docker save -o myfile.tar busybox:latest
docker rmi busybox
docker load –i myfile.tar
git clone https://github.com/dockerinaction/ch3_dockerfile.git
docker build -t dia_ch3/dockerfile:latest ch3_dockerfile
docker rmi dia_ch3/dockerfile
rm -rf ch3_dockerfile
docker pull dockerinaction/ch3_myapp
docker pull dockerinaction/ch3_myotherapp
docker images -a
docker rmi dockerinaction/ch3_myapp dockerinaction/ch3_myotherapp java:6
--storage-driver
docker run -d \
--volume /var/lib/cassandra/data \
--name cass-shared alpine echo Data Container
docker run -d --volumes-from cass-shared --name cass1 cassandra:2.2
docker run –it --rm --link cass1:cass cassandra:2.2 cqlsh cass
docker stop cass1
docker rm -vf cass1
docker run -d --volumes-from cass-shared --name cass2 cassandra:2.2
docker run –it --rm --link cass2:cass cassandra:2.2 cqlsh cass
docker rm -vf cass2 cass-shared
docker run -d --name bmweb -v ~/example-docs:/usr/local/apache2/htdocs -p 80:80 httpd:latest
docker rm -vf bmweb
docker run --name bmweb_ro --volume ~/example-docs:/usr/local/apache2/htdocs/:ro -p 80:80 httpd:latest
docker run --rm -v ~/example-docs:/testspace:ro alpine /bin/sh -c 'echo test > /testspace/test'
ls ~/example-docs/absent
docker run --rm -v ~/example-docs/absent:/absent alpine:latest /bin/sh -c 'mount | grep absent'
ls ~/example-docs/absent
docker run -d -v /var/lib/cassandra/data --name cass-shared alpine echo Data Container
docker inspect -f "{{json .Volumes}}" cass-shared
mkdir ~/web-logs-example
docker run --name plath -d -v ~/web-logs-example:/data dockerinaction/ch4_writer_a
docker run --rm -v ~/web-logs-example:/reader-data alpine:latest head /reader-data/logA
cat ~/web-logs-example/logA
docker stop plath
docker run --name woolf -d \
--volume ~/web-logs-example:/data \
dockerinaction/ch4_writer_a
docker run --name alcott -d \
-v ~/web-logs-example:/data \
dockerinaction/ch4_writer_b
docker run --rm --entrypoint head \
-v ~/web-logs-example:/towatch:ro \
alpine:latest \
/towatch/logA
docker run --rm \
-v ~/web-logs-example:/toread:ro \
alpine:latest \
head /toread/logB
docker run --name fowler \
-v ~/example-books:/library/PoEAA \
-v /library/DSL \
alpine:latest \
echo "Fowler collection created."
docker run --name knuth \
-v /library/TAoCP.vol1 \
-v /library/TAoCP.vol2 \
-v /library/TAoCP.vol3 \
-v /library/TAoCP.vol4.a \
alpine:latest \
echo "Knuth collection created"
docker run --name reader \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest ls -l /library/
docker inspect --format "{{json .Volumes}}" reader
docker run --name aggregator \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest \
echo "Collection Created."
docker run --rm \
--volumes-from aggregator \
alpine:latest \
ls -l /library/
docker run --name chomsky --volume /library/ss \
alpine:latest echo "Chomsky collection created."
docker run --name lamport --volume /library/ss \
alpine:latest echo "Lamport collection created."
docker run --name student \
--volumes-from chomsky --volumes-from lamport \
alpine:latest ls -l /library/
docker inspect -f "{{json .Volumes}}" student
docker rm -v student
docker rm -v $(docker ps -aq)
docker run --name dpvc \
-v /config \
dockerinaction/ch4_packed /bin/sh -c 'cp /packed/* /config/'
docker run --rm --volumes-from dpvc \
alpine:latest ls /config
docker run --rm --volumes-from dpvc \
alpine:latest cat /config/packedData
docker rm -v dpvc
docker run --name tools dockerinaction/ch4_tools
docker run --rm \
--volumes-from tools \
alpine:latest \
ls /operations/*
docker run -d --name important_application \
--volumes-from tools \
dockerinaction/ch4_ia
docker exec important_application /operations/tools/someTool
docker rm -vf important_application
docker rm -v tools
docker run --name devConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /development/* /config/'
docker run --name prodConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /production/* /config/'
docker run --name devApp \
--volumes-from devConfig \
dockerinaction/ch4_polyapp
docker run --name prodApp \
--volumes-from prodConfig \
dockerinaction/ch4_polyapp
docker run --rm \
--net none \
alpine:latest \
ip addr
docker run --rm \
--net none \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--net bridge \
alpine:latest \
ip addr
docker run --rm \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--hostname barker \
alpine:latest \
nslookup barker
docker run --rm \
--dns 8.8.8.8 \
alpine:latest \
nslookup docker.com
docker run --rm \
--dns-search docker.com \
busybox:latest \
nslookup registry.hub
docker run --rm \
--dns-search dev.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search test.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search mycompany \
--dns-search myothercompany ...
docker run --rm \
--add-host test:10.10.10.255 \
alpine:latest \
nslookup test
docker run --rm \
--hostname mycontainer \
--add-host docker.com:127.0.0.1 \
--add-host test:10.10.10.2 \
alpine:latest \
cat /etc/hosts
docker run -p 3333:3333
docker run -p 192.168.0.32::2222 ...
docker run -d --name dawson \
-p 5000 \
-p 6000 \
-p 7000 \
dockerinaction/ch5_expose
docker run -d --name woolery \
-P \
dockerinaction/ch5_expose
docker run -d --name philbin \
--expose 8000 \
-P \
dockerinaction/ch5_expose
docker port philbin
docker run -it --rm dockerinaction/ch5_nmap -sS -p 3333 172.17.0.0/24
docker -d --icc=false
docker -d --bip "192.168.0.128"
docker -d --fixed-cidr "192.168.0.192/26"
docker -d –mtu 1200
docker -d -b mybridge ...
docker -d --bridge mybridge
docker run -d --name brady \
--net none alpine:latest \
nc -l 127.0.0.1:3333
docker run -it \
--net container:brady \
alpine:latest netstat –al
docker run --rm \
--net host \
alpine:latest ip addr
docker run -d --name importantData \
--expose 3306 \
dockerinaction/mysql_noauth \
service mysql_noauth start
docker run -d --name importantWebapp \
--link imporantData:db \
dockerinaction/ch5_web startapp.sh -db tcp://db:3306
docker run -d --name buggyProgram \
dockerinaction/ch5_buggy
docker run --link a:alias-a --link b:alias-b --link c:alias-c
docker run -d --name mydb --expose 3306 \
alpine:latest nc -l 0.0.0.0:3306
docker run -it --rm \
dockerinaction/ch5_ff echo This "shouldn't" work.
docker run -it --rm \
--link mydb:wrongalias \
dockerinaction/ch5_ff echo Wrong.
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff echo It worked.
docker stop mydb && docker rm mydb
docker run -d --name mydb \
--expose 2222 --expose 3333 --expose 4444/udp \
alpine:latest nc -l 0.0.0.0:2222
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff env
docker stop mydb && docker rm mydb
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024
--user nobody \
--cap-drop all \
dockerfile/mariadb
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--user nobody \
--cap-drop net_raw \
--link ch6_mariadb \
wordpress:4.1
docker run -d \
--cpuset-cpus 0 \
--name ch6_stresser dockerinaction/ch6_stresse
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
docker -d -u nobody --name ch6_ipc_producer \
dockerinaction/ch6_ipc -producer
docker -d -u nobody --name ch6_ipc_consumer \
dockerinaction/ch6_ipc -consumer
docker logs ch6_ipc_producer
docker logs ch6_ipc_consumer
docker rm -v ch6_ipc_consumer
docker -d --name ch6_ipc_consumer \
--ipc container:ch6_ipc_producer \
dockerinaction/ch6_ipc -consumer
docker -d --name ch6_ipc_producer \
--ipc host \
dockerinaction/ch6_ipc –producer
docker -d --name ch6_ipc_consumer \
--ipc host \
dockerinaction/ch6_ipc -consumer
docker rm -vf ch6_ipc_producer ch6_ipc_consumer
docker create --name bob busybox:latest ping localhost
docker inspect bob
docker inspect --format "{{.Config.User}}" bob
docker run --rm --entrypoint "" busybox:latest whoami
docker run --rm --entrypoint "" busybox:latest id
docker run --rm busybox:latest awk -F: '$0=$1' /etc/passwd
docker run --rm \
--user nobody \
busybox:latest id
docker run --rm \
-u nobody:default \
busybox:latest id
docker run --rm \
-u 10000:20000 \
busybox:latest id
docker run -it --name escalation -u nobody busybox:latest \
/bin/sh -c "whoami; su -c whoami"
echo "e=mc^2" > garbage
chmod 600 garbage
sudo chown root:root garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u nobody \
ubuntu:latest cat /test/garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u root ubuntu:latest cat /test/garbage
# Outputs: "e=mc^2"
# cleanup that garbage
sudo rm -f garbage
mkdir logFiles
sudo chown 2000:2000 logFiles
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo This is important info > /logFiles/important.log"
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo More info >> /logFiles/important.log"
sudo rm –r logFiles
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
--cap-drop net_raw \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm -u nobody \
--cap-add sys_admin \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm \
--privileged \
ubuntu:latest id
docker run --rm \
--privileged \
ubuntu:latest capsh –print
docker run --rm \
--privileged \
ubuntu:latest ls /dev
docker run --rm \
--privileged \
ubuntu:latest ifconfig
docker run -d \
--lxc-conf="lxc.cgroup.cpuset.cpus=0,1" \
--name ch6_stresser dockerinaction/ch6_stresser
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker run --name hw_container ubuntu:latest touch /HelloWorld
docker commit hw_container hw_image
docker rm -vf hw_container
docker run --rm hw_image ls -l /HelloWorld
docker run -it --name image-dev ubuntu:latest /bin/bash
apt-get –y install git
git version
exit
docker diff image-dev
docker run --name tweak-a busybox:latest touch /HelloWorld
docker diff tweak-a
docker run --name tweak-d busybox:latest rm /bin/vi
docker run --name tweak-c busybox:latest touch /bin/vi
docker diff tweak-c
docker rm -vf tweak-a
docker rm -vf tweak-d
docker rm -vf tweak-c
docker commit -a "@dockerinaction" -m "Added git" image-dev ubuntu-git
docker run --rm ubuntu-git git version
docker run --rm ubuntu-git
docker run --name cmd-git --entrypoint git ubuntu-git
docker commit -m "Set CMD git" -a "@dockerinaction" cmd-git ubuntu-git
docker rm -vf cmd-git
docker run --name cmd-git ubuntu-git version
docker run --name rich-image-example \
-e ENV_EXAMPLE1=Rich -e ENV_EXAMPLE2=Example \
busybox:latest
docker commit rich-image-example rie
docker run --rm rie \
/bin/sh -c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker run --name rich-image-example-2 \
--entrypoint "/bin/sh" \
rie \
-c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker commit rich-image-example-2 rie
docker run --rm rie
docker run --name mod_ubuntu ubuntu:latest touch /mychange
docker diff mod_ubuntu
docker run --name mod_busybox_delete busybox:latest rm /etc/profile
docker diff mod_busybox_delete
docker run --name mod_busybox_change busybox:latest touch /etc/profile
docker diff mod_busybox_change
docker commit mod_ubuntu
docker commit mod_ubuntu myuser/myfirstrepo:mytag
docker tag ubuntu-git:latest ubuntu-git:1.9
docker run --name image-dev2 \
--entrypoint /bin/bash \
ubuntu-git:latest -c "apt-get remove -y git"
docker commit image-dev2 ubuntu-git:removed
docker tag -f ubuntu-git:removed ubuntu-git:latest
docker images
docker history ubuntu-git:removed
docker run --name export-test dockerinaction/ch7_packed:latest ./echo For Export
docker export --output contents.tar export-test
docker rm export-test
tar -tf contents.tar
docker run --rm -v "$(pwd)":/usr/src/hello \
-w /usr/src/hello golang:1.3 go build -v
docker import -c "ENTRYPOINT [\"/hello\"]" - \
dockerinaction/ch7_static < static_hello.tar
docker run dockerinaction/ch7_static
docker history dockerinaction/ch7_static
# An example Dockerfile for installing Git on Ubuntu
FROM ubuntu:latest
MAINTAINER " [email protected]"
RUN apt-get install -y git
ENTRYPOINT ["git"]
docker build --tag ubuntu-git:auto .
docker run --rm ubuntu-git:auto
RUN apt-get install -y git
docker build --tag ubuntu-git:auto .
.dockerignore
mailer-base.df
mailer-logging.df
mailer-live.df
FROM debian:wheezy
MAINTAINER Jeff Nickoloff " [email protected]"
RUN groupadd -r -g 2200 example && \
useradd -rM -g example -u 2200 example
ENV APPROOT="/app" \
APP="mailer.sh" \
VERSION="0.6"
LABEL base.name="Mailer Archetype" \
base.version="${VERSION}"
WORKDIR $APPROOT
ADD . $APPROOT
ENTRYPOINT ["/app/mailer.sh"]
EXPOSE 33333
# implementations will not be able to update the image
# USER example:example
docker build -t dockerinaction/mailer-base:0.6 -f mailer-base.df
docker inspect dockerinaction/mailer-base:0.6
FROM dockerinaction/mailer-base:0.6
COPY ["./log-impl", "${APPROOT}"]
RUN chmod a+x ${APPROOT}/${APP} && \
chown example:example /var/log
USER example:example
VOLUME ["/var/log"]
CMD ["/var/log/mailer.log"]
#!/bin/sh
printf "Logging Mailer has started.\n"
while true
do
MESSAGE=$(nc -l -p 33333)
printf "[Message]: %s\n" "$MESSAGE" > $1
sleep 1
done
docker build -t dockerinaction/mailer-logging -f mailer-logging.df .
docker run -d --name logging-mailer dockerinaction/mailer-logging
FROM dockerinaction/mailer-base:0.6
ADD ["./live-impl", "${APPROOT}"]
RUN apt-get update && \
apt-get install -y curl python && \
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" && \
python get-pip.py && \
pip install awscli && \
rm get-pip.py && \
chmod a+x "${APPROOT}/${APP}"
RUN apt-get install -y netcat
USER example:example
CMD [" [email protected]", "[email protected]"]
#!/bin/sh
printf "Live Mailer has started.\n"
while true
do
MESSAGE=$(nc -l -p 33333)
aws ses send-email --from $1 \
--destination {\"ToAddresses\":[\"$2\"]} \
--message "{\"Subject\":{\"Data\":\"Mailer Alert\"},\
\"Body\":{\"Text\":{\"Data\":\"$MESSAGE}\"}}}"
sleep 1
done
docker build -t dockerinaction/mailer-live -f mailer-live.df .
docker run -d --name live-mailer dockerinaction/mailer-live
ONBUILD COPY [".", "/var/myapp"]
ONBUILD RUN go build /var/myapp
FROM busybox:latest
WORKDIR /app
RUN touch /app/base-evidence
ONBUILD RUN ls -al /app
FROM dockerinaction/ch8_onbuild
RUN touch downstream-evidence
RUN ls -al .
docker build -t dockerinaction/ch8_onbuild -f base.df .
ocker build -t dockerinaction/ch8_onbuild_down -f downstream.df .
#!/bin/bash
set -e
if [ -n "$WEB_PORT_80_TCP" ]; then
if [ -z "$WEB_HOST" ]; then
WEB_HOST='web'
else
echo >&2 '[WARN]: Linked container, "web" overridden by $WEB_HOST.'
echo >&2 "===> Connecting to WEB_HOST ($WEB_HOST)"
fi
fi
if [ -z "$WEB_HOST" ]; then
echo >&2 '[ERROR]: specify a linked container, "web" or WEB_HOST environment variable'
exit 1
fi
exec "[email protected]" # run the default command
docker pull debian:jessie
FROM busybox:latest
USER 1000:1000
ENTRYPOINT ["nc"]
CMD ["-l", "-p", "80", "0.0.0.0"]
docker build \
-t dockerinaction/ch8_perm_denied \
-f UserPermissionDenied.df \
.
docker run dockerinaction/ch8_perm_denied
# Output:
# nc: bind: Permission denied
RUN groupadd -r postgres && useradd -r -g postgres postgres
FROM ubuntu:latest
# Set the SUID bit on whoami
RUN chmod u+s /usr/bin/whoami
# Create an example user and set it as the default
RUN adduser --system --no-create-home --disabled-password --disabled-login \
--shell /bin/sh example
USER example
# Set the default to compare the container user and
# the effective user for whoami
CMD printf "Container running as: %s\n" $(id -u -n) && \
printf "Effectively running whoami as: %s\n" $(whoami)
docker build -t dockerinaction/ch8_whoami .
docker run dockerinaction/ch8_whoami
docker run --rm debian:wheezy find / -perm +6000 -type f
docker run --rm debian:wheezy find / -perm +2000 -type f
RUN for i in $(find / -type f \( -perm +6000 -o -perm +2000 \)); \
do chmod ug-s $i; done
FROM busybox:latest
CMD echo Hello World
docker build \
-t <insert Docker Hub username>/hello-dockerfile \
-f HelloWorld.df \
docker login
docker push <insert Docker Hub username>/hello-dockerfile
docker search dockerinaction/hello-dockerfile
git init
git config --global user.email "[email protected]"
git config --global user.name "Your Name"
git remote add origin \
https://github.com/<your username>/hello-docker.git
git add Dockerfile
git commit -m "first commit"
git push -u origin master
docker search <your username>/hello-docker
docker run -d -p 5000:5000 \
-v "$(pwd)"/data:/tmp/registry-dev \
--restart=always --name local-registry registry:2
docker pull dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker tag dockerinaction/ch9_registry_bound \
localhost:5000/dockerinaction/ch9_registry_bound
docker push localhost:5000/dockerinaction/ch9_registry_bound
docker rmi \
dockerinaction/ch9_registry_bound \
localhost:5000/dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker pull localhost:5000/dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker rm -vf local-registry
docker run -d --name ftp-transport -p 21:12 dockerinaction/ch9_ftpd
docker save -o ./registry.2.tar registry:2
docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e 'cd pub/incoming; put registry.2.tar; exit' ftp_server
docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e "cd pub/incoming; ls; exit" ftp_server
docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e 'cd pub/incoming; get registry.2.tar; exit' ftp_server
docker load -i registry.2.tar
it init
git config --global user.email "[email protected]"
git config --global user.name "Your Name"
git add Dockerfile
# git add *whatever other files you need for the image*
git commit -m "first commit"
git remote add origin https://github.com/<your username>/<your repo>.git
git push -u origin master
git clone https://github.com/<your username>/<your repo>.git
cd <your-repo>
docker build -t <your username>/<your repo> .
docker run -d --name personal_registry \
-p 5000:5000 --restart=always \
registry:2
docker tag registry:2 localhost:5000/distribution:2
docker push localhost:5000/distribution:2
docker rmi localhost:5000/distribution:2
docker pull localhost:5000/distribution:2
FROM gliderlabs/alpine:latest
LABEL source=dockerinaction
LABEL category=utility
RUN apk --update add curl
ENTRYPOINT ["curl"]
CMD ["--help"]
docker build -t dockerinaction/curl -f curl.df .
docker run --rm --net host dockerinaction/curl -Is
http://localhost:5000/v2/
docker run --rm -u 1000:1000 --net host \
dockerinaction/curl -s http://localhost:5000/v2/distribution/tags/list
docker tag \
localhost:5000/distribution:2 \
localhost:5000/distribution:two
docker push localhost:5000/distribution:two
docker run --rm \
-u 1000:1000 \
--net host \
dockerinaction/curl \
-s http://localhost:5000/v2/distribution/tags/list
upstream docker-registry {
server registry:5000;
}
server {
listen 80;
# Use the localhost name for testing purposes
server_name localhost;
# A real deployment would use the real hostname where it is deployed
# server_name mytotallyawesomeregistry.com;
client_max_body_size 0;
chunked_transfer_encoding on;
# We’re going to forward all traffic bound for the registry
location /v2/ {
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ./basic-proxy.conf /etc/nginx/conf.d/default.conf
docker build -t dockerinaction/basic_proxy -f basic-proxy.df .
docker run -d --name basic_proxy -p 80:80 \
--link personal_registry:registry \
dockerinaction/basic_proxy
docker run --rm -u 1000:1000 --net host \
dockerinaction/curl \
-s http://localhost:80/v2/distribution/tags/list
docker run --rm -e COMMON_NAME=localhost -e KEY_NAME=localhost \
-v "$(pwd)":/certs centurylink/openssl
upstream docker-registry {
server registry:5000;
}
server {
listen 443 ssl;
server_name localhost
client_max_body_size 0;
chunked_transfer_encoding on;
ssl_certificate /etc/nginx/conf.d/localhost.crt;
ssl_certificate_key /etc/nginx/conf.d/localhost.key;
location /v2/ {
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ["./tls-proxy.conf", \
"./localhost.crt", \
"./localhost.key", \
"/etc/nginx/conf.d/"]
docker build -t dockerinaction/tls_proxy -f tls-proxy.df .
docker run -d --name tls-proxy -p 443:443 \
--link personal_registry:registry \
dockerinaction/tls_proxy
docker run --rm \
--net host \
dockerinaction/curl -ks \
https://localhost:443/v2/distribution/tags/list
FROM debian:jessie
LABEL source=dockerinaction
LABEL category=utility
RUN apt-get update && \
apt-get install -y apache2-utils
ENTRYPOINT ["htpasswd"]
docker build -t htpasswd -f htpasswd.df .
docker run -it --rm htpasswd -nB <USERNAME>
# filename: tls-auth-proxy.conf
upstream docker-registry {
server registry:5000;
}
server {
listen 443 ssl;
server_name localhost
client_max_body_size 0;
chunked_transfer_encoding on;
# SSL
ssl_certificate /etc/nginx/conf.d/localhost.crt;
ssl_certificate_key /etc/nginx/conf.d/localhost.key;
location /v2/ {
auth_basic "registry.localhost";
auth_basic_user_file /etc/nginx/conf.d/registry.password;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ["./tls-auth-proxy.conf", \
"./localhost.crt", \
"./localhost.key", \
"./registry.password", \
"/etc/nginx/conf.d/"]
# Filename: tls-auth-registry.df
FROM registry:2
LABEL source=dockerinaction
LABEL category=infrastructure
# Set the default argument to specify the config file to use
# Setting it early will enable layer caching if the
# tls-auth-registry.yml changes.
CMD ["/tls-auth-registry.yml"]
COPY ["./tls-auth-registry.yml", \
"./localhost.crt", \
"./localhost.key", \
"./registry.password", \
"/"]
docker build -t dockerinaction/secure_registry -f tls-auth-registry.df .
docker run -d --name secure_registry \
-p 5443:5000 --restart=always \
dockerinaction/secure_registry
upstream docker-registry-v2 {
server registry2:5000;
}
upstream docker-registry-v1 {
server registry1:5000;
}
server {
listen 80;
server_name localhost;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v1/ {
proxy_pass http://docker-registry-v1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location /v2/ {
proxy_pass http://docker-registry-v2;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ./dual-client-proxy.conf /etc/nginx/conf.d/default.conf
docker build -t dual_client_proxy -f dual-client-proxy.df .
docker run -d --name registry_v1 registry:0.9.1
docker run -d --name dual_client_proxy \
-p 80:80 \
--link personal_registry:registry2 \
--link registry_v1:registry1 \
dual_client_proxy
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -s http://localhost:80/v1/_ping
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -Is http://localhost:80/v2/
docker run -d --name dual_client_proxy \
-p 80:80 \
--link personal_registry:registry2 \
--link registry_v1:registry1 \
dual_client_proxy
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -s http://localhost:80/v1/_ping
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -Is http://localhost:80/v2/
docker run -d -e REGISTRY_LOG_LEVEL=error registry:2
docker run -d -e REGISTRY_HTTP_DEBUG='' registry:2
# Filename: docker-compose.yml
wordpress:
image: wordpress:4.2.2
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: example
docker-compose up
docker ps
docker-compose ps
docker-compose rm -v
git clone https://github.com/dockerinaction/ch11_notifications.git
cd ch11_notifications
docker-compose up -d
docker-compose logs
docker-compose logs pump elasticsearch
docker-compose up -d db
coffee:
build: ./coffee
user: 777:777
restart: always
expose:
- 3000
ports:
- "0:3000"
links:
- db:db
environment:
- COFFEEFINDER_DB_URI=postgresql://postgres:[email protected]:5432/po...
- COFFEEFINDER_CONFIG=development
- SERVICE_NAME=coffee
labels:
com.dockerinaction.chapter: "11"
com.dockerinaction.example: "Coffee API"
com.dockerinaction.role: "Application Logic"
docker-machine help
docker-machine create --driver virtualbox host1
docker-machine create --driver virtualbox host2
docker-machine create --driver virtualbox host3
docker-machine ls
docker-machine inspect host1
docker-machine inspect --format "{{.Driver.IPAddress}}" host1
docker-machine upgrade host3
docker-machine ssh host1
touch dog.file
exit
docker-machine ssh host1 "echo spot > dog.file"
docker-machine scp host1:dog.file host2:dog.file
docker-machine ssh host2 "cat dog.file"
docker-machine stop host2
docker-machine kill host3
docker-machine start host2
docker-machine rm host1 host2 host3
ocker-machine env machine1
docker-machine env --shell powershell machine1
docker-machine env --shell cmd machine1
docker-machine env --shell fish machine1
docker-machine env --shell bash machine1
docker-machine env --shell=powershell machine1 | Invoke-Expression
docker-machine active
docker-machine ls
docker pull dockerinaction/ch12_painted
eval "$(docker-machine env machine2)"
docker images
docker-machine create --driver virtualbox local
eval "$(docker-machine env local)"
docker run --rm swarm create
docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
--swarm-master \
machine0-manager
docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
machine1
docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
machine2
eval "$(docker-machine env --swarm machine0-manager)"
docker-machine env --swarm machine0-master | Invoke-Expression
docker run -t -d --name hello-swarm \
dockerinaction/ch12_painted \
Hello Swarm
docker ps -a -f name=hello-swarm
docker-compose -f flock.yml scale bird=10
docker-compose -f flock.yml kill
docker-compose -f flock.yml rm –vf