Docker Containers by examples – Intro

Intro

This article is the first of a series that I called “Docker containers by examples” where I am sharing my experience in learning and using Docker in real life scenarios (this website is running on Docker, for example). Next parts will be published in coming weeks, depending on time I have to test and write. It’s not THE way to use Docker but just the waY I learnt by doing after reading documentaion and other articles.

Topics covered during all the parts of this guide

  • Documentation reference + preparation of the technical environment
  • Starting with the end in mind:
    • local firewall setup with nftables
    • CIS Benchmark
    • networking/Isolation
    • Resource assignment/limits
  • Straight into the project – what we want to do:
    • Complete web server hosting solution (with Nginx Proxy and SSL redirect support)
    • Mail server
    • Private NextCloud Solution
  • Strategies to manage updates/lifecycle of images (security + vulnerability management focused)
  • Whatever will come to my mind

Few words before we talk about the first bullet-point.
This journey will not provide you an introduction about Docker. That means, we will not talk about what an Image or a Container is, what are benefits of the technology, how to start your first container, etc. In general we will not cover that kind of information that you can find in hundreds of other websites, books and video that are definitely better than my blog. I assume that you have an understanding of the basics, you played a bit with Docker and you would like to put your hands on something that is practical with some small tips and tricks that I discovered during my personal experience with Docker. Please also bear in mind that I am not even close to be an expert in Docker, I am just a person who started to love this technology and who decided to put his hands on it while taking some notes in this blog to share the experience.

That said, let’s get it started!

Documentation reference + Preparation of technical Environment

In this initial part we will only go through  some basics in order to understand what we are going to do, on what platform and following what technologies.

The majority of the activities and instructions provided in this journey are based on the great official documentation of Docker. You can find it at following link:

I will eventually reference the exact documents during the journey when and if needed.

I will be using Debian as Host operating system and I expect that you have already installed it with the minimal setup (no GUI, no special servers apart from SSH). If you are more confident with other O.S. feel free to pick the documentation that is appropriate for you from the above links.

One note I would like to mention in this part of the guide is that I will refer later on to CIS benchmarks (if you have no idea on what they are please visit their website straight away). I will talk about them mainly to secure Docker Daemon and Runtime but if you are going to follow them also to make sure your operating system has a secure configuration and you will start creating separate partitions during the installation, then make sure you will reserve enough space to /var. The reason is that by default Docker will make use of it for example to store images. Even if you plan to use bind mounts for your containers in a dedicated partition (like I will do using /opt) you will realize pretty soon how critical is to have enough space available in /var for Docker to run properly, especially if you rely on Docker Volumes. In case you need to avoid the use of /var for docker and use a complete different partition for Docker, you can create the file daemon.json in /etc/docker/ and use the following option:

{ 
"data-root": "/your/preferred/partition"
}

Good… Let’s start installing Docker using official repository and following instructions provided here (will not go through the installation itself as it will just repeat steps provided in link below):

https://docs.docker.com/install/linux/docker-ce/debian/

I also prefer (but is not manadatory) to configure Docker in order to be accessible by standard users instead of root only. To do so you can follow this document:

https://docs.docker.com/install/linux/linux-postinstall/

Once finished you can test if your installation is working with following command in console:

docker run hello-world

if all is fine you will get “hello world” images downloaded and executed. This will be enough to move to next steps that will be covered in another article.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.