tiyn
/
wiki
mirror of https://github.com/tiyn/wiki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '83d7032ad7'
${ noResults }
wiki/wiki/docker.md

2.7 KiB
Raw Blame History

Docker

Docker is a virtualization software that deploys docker containers. Due to easy handling and reproducable environments it is a useful tool.

Setup

Another possibility is to try the official convenience script. To get and execute it run the following in your terminal.

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Usage

This section addresses various features of Docker.

virtualize Operating Systems

Docker is a tool that can be used to virtualize different programs and softwares. Especially for containerizing and virtualizing operating systems (mostly based on Linux) can be handled by distrobox.

Run Docker as non-root user

To run docker as a non-root user you need to add your user to the docker group. To do this create the group docker if it doesn't exist sudo groupadd docker and then add your user to the group using sudo usermod -aG docker $USER. After that relog into your machine and you should be able to run docker run hello-world.

Tools and Visualisation

The programs below are useful docker-management systems in different style.

  • ctop: top-like cli interface for containers
  • portainer: web ui for managing docker and kubernetes

Enable Nvidia GPUs

To use Nvidia GPUs with docker you need to install the nvidia-cuda-toolkit. There is a guide on marmelab that focusses on that topic.

Block remote port access

If you configured a reverse proxy to a port chances are you don't want the port to be accessed outside of the proxy. Especially if you set up a authentication over nginx the open port will avoid the authentication. This can be changed at the forwarded docker-service by replacing for example -p 7000:7000 with -p 172.17.0.1:7000:7000. This forces the docker container to only expose the port in the docker bridge network, effectively banning remote access.

If you use Traefik it is not needed, because you don't have to publish ports to reverse proxy them.

Dockerize a graphical application

A graphical application can easily be dockerized and made available over both the web browser or VNC. For this jlesages baseimage-gui container can be used.