|
|
|
# Docker
|
|
|
|
|
|
|
|
Docker is a virtualization software that deploys docker containers.
|
|
|
|
Due to easy handling and reproducable environments it is a useful tool.
|
|
|
|
|
|
|
|
## Setup
|
|
|
|
|
|
|
|
- [Arch Linux](/wiki/linux/arch-linux.md): run `pacman -S docker` to install docker
|
|
|
|
- Ubuntu: visit [the official installation guide](https://docs.docker.com/engine/install/ubuntu/)
|
|
|
|
|
|
|
|
Another possibility is to try the official convenience script.
|
|
|
|
To get and execute it run the following in your
|
|
|
|
[terminal](/wiki/system_console.md).
|
|
|
|
|
|
|
|
```sh
|
|
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
|
|
sudo sh get-docker.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
This section addresses various features of Docker.
|
|
|
|
|
|
|
|
### virtualize Operating Systems
|
|
|
|
|
|
|
|
Docker is a tool that can be used to virtualize different programs and softwares.
|
|
|
|
Especially for containerizing and virtualizing operating systems (mostly based on
|
|
|
|
[Linux](/wiki/linux.md)) can be handled by [distrobox](https://github.com/89luca89/distrobox).
|
|
|
|
|
|
|
|
### Run Docker as non-root user
|
|
|
|
|
|
|
|
To run docker as a non-root user you need to add your user to the `docker` group.
|
|
|
|
To do this create the group docker if it doesn't exist `sudo groupadd docker`
|
|
|
|
and then add your user to the group using `sudo usermod -aG docker $USER`.
|
|
|
|
After that relog into your machine and you should be able to run
|
|
|
|
`docker run hello-world`.
|
|
|
|
|
|
|
|
### Tools and Visualisation
|
|
|
|
|
|
|
|
The programs below are useful docker-management systems in different style.
|
|
|
|
|
|
|
|
- [ctop](https://github.com/bcicen/ctop): top-like cli interface for containers
|
|
|
|
- [portainer](https://www.portainer.io/): web ui for managing docker and kubernetes
|
|
|
|
|
|
|
|
### Enable Nvidia GPUs
|
|
|
|
|
|
|
|
To use Nvidia GPUs with docker you need to install the nvidia-cuda-toolkit.
|
|
|
|
There is a [guide on marmelab](https://marmelab.com/blog/2018/03/21/using-nvidia-gpu-within-docker-container.html)
|
|
|
|
that focusses on that topic.
|
|
|
|
|
|
|
|
### Block remote port access
|
|
|
|
|
|
|
|
If you configured a [reverse proxy](/wiki/reverse-proxy.md) to a port chances
|
|
|
|
are you don't want the port to be accessed outside of the proxy.
|
|
|
|
Especially if you set up a authentication over nginx the open port will avoid
|
|
|
|
the authentication.
|
|
|
|
This can be changed at the forwarded docker-service by replacing for example
|
|
|
|
`-p 7000:7000` with `-p 172.17.0.1:7000:7000`.
|
|
|
|
This forces the docker container to only expose the port in the docker bridge
|
|
|
|
network, effectively banning remote access.
|
|
|
|
|
|
|
|
If you use [Traefik](./traefik.md) it is not needed, because you don't have to
|
|
|
|
publish ports to reverse proxy them.
|
|
|
|
|
|
|
|
### Dockerize a graphical application
|
|
|
|
|
|
|
|
A graphical application can easily be dockerized and made available over both
|
|
|
|
the [web browser](/wiki/web_browser.md) or [VNC](/wiki/vnc.md).
|
|
|
|
For this
|
|
|
|
[jlesages baseimage-gui container](https://hub.docker.com/r/jlesage/baseimage-gui)
|
|
|
|
can be used.
|