You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

72 lines
2.7 KiB

# Docker
Docker is a virtualization software that deploys docker containers.
Due to easy handling and reproducable environments it is a useful tool.
## Setup
- [Arch Linux](/wiki/linux/arch-linux.md): run `pacman -S docker` to install docker
- Ubuntu: visit [the official installation guide](https://docs.docker.com/engine/install/ubuntu/)
Another possibility is to try the official convenience script.
To get and execute it run the following in your
[terminal](/wiki/system_console.md).
```sh
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
```
## Usage
This section addresses various features of Docker.
### virtualize Operating Systems
Docker is a tool that can be used to virtualize different programs and softwares.
Especially for containerizing and virtualizing operating systems (mostly based on
[Linux](/wiki/linux.md)) can be handled by [distrobox](https://github.com/89luca89/distrobox).
### Run Docker as non-root user
To run docker as a non-root user you need to add your user to the `docker` group.
To do this create the group docker if it doesn't exist `sudo groupadd docker`
and then add your user to the group using `sudo usermod -aG docker $USER`.
After that relog into your machine and you should be able to run
`docker run hello-world`.
### Tools and Visualisation
The programs below are useful docker-management systems in different style.
- [ctop](https://github.com/bcicen/ctop): top-like cli interface for containers
11 months ago
- [portainer](https://www.portainer.io/): web ui for managing docker and kubernetes
### Enable Nvidia GPUs
To use Nvidia GPUs with docker you need to install the nvidia-cuda-toolkit.
There is a [guide on marmelab](https://marmelab.com/blog/2018/03/21/using-nvidia-gpu-within-docker-container.html)
that focusses on that topic.
### Block remote port access
If you configured a [reverse proxy](/wiki/reverse-proxy.md) to a port chances
are you don't want the port to be accessed outside of the proxy.
Especially if you set up a authentication over nginx the open port will avoid
the authentication.
This can be changed at the forwarded docker-service by replacing for example
`-p 7000:7000` with `-p 172.17.0.1:7000:7000`.
This forces the docker container to only expose the port in the docker bridge
network, effectively banning remote access.
If you use [Traefik](./traefik.md) it is not needed, because you don't have to
publish ports to reverse proxy them.
### Dockerize a graphical application
A graphical application can easily be dockerized and made available over both
11 months ago
the [web browser](/wiki/web_browser.md) or [VNC](/wiki/vnc.md).
For this
[jlesages baseimage-gui container](https://hub.docker.com/r/jlesage/baseimage-gui)
can be used.