Difference between revisions of "Docker"

From Briki
Jump to: navigation, search
(Containers)
(Containers)
 
(61 intermediate revisions by the same user not shown)
Line 7: Line 7:
  
 
== Updating container ==
 
== Updating container ==
 +
 +
=== Manually ===
 +
  sudo docker pull <image>
 +
  sudo docker stop <container>
 +
  sudo docker rm <container>
 +
  <docker run command>
 +
 +
=== Automatically ===
 
   sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container>
 
   sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container>
  
 
== Containers ==
 
== Containers ==
  sudo docker run -d --name plex --network=host -e PUID=111 -e PGID=127 -e TZ=Europe/London -v /var/lib/plexmediaserver:/config -v /:/data plexinc/pms-docker:plexpass
 
  
   sudo docker run --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London -p 8181:8181 -v /var/lib/torrent/tautulli/config:/config -v /var/lib/plex/Library/Logs:/logs --restart unless-stopped linuxserver/tautulli
+
=== Portainer ===
 +
   sudo docker run -d --name portainer \
 +
    -p 8000:8000 -p 9443:9443 \
 +
    -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/portainer:/data \
 +
    -v /etc/ssl/bretts.org:/certs \
 +
    --restart unless-stopped \
 +
    portainer/portainer-ce \
 +
    --sslcert /certs/fullchain.pem --sslkey /certs/key.pem
 +
 
 +
=== Plex ===
 +
 
 +
Get your claim token: https://www.plex.tv/claim/
 +
 
 +
Create the container with the claim token substituted:
 +
  sudo docker run -d --name plex --network=host -e PLEX_UID=111 -e PLEX_GID=127 -e TZ=Europe/London -e PLEX_CLAIM=<CLAIM_TOKEN> \
 +
    -v /var/lib/plexmediaserver:/config -v /srv:/srv --device=/dev/dri:/dev/dri \
 +
    --restart unless-stopped \
 +
    plexinc/pms-docker:plexpass
 +
 
 +
=== Tautulli (Plex Monitoring/Notifications) ===
 +
  sudo docker run -d --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London \
 +
    -p 8181:8181 \
 +
    -v /var/lib/torrent/tautulli/config:/config -v /var/lib/plexmediaserver/Library/Logs:/logs \
 +
    --restart unless-stopped \
 +
    linuxserver/tautulli
 +
 
 +
=== Jackett (Torrent Gateway) ===
 +
  sudo docker run -d --name=jackett -e PUID=127 -e PGID=138 -e TZ=Europe/London \
 +
    -p 9117:9117 \
 +
    -v /var/lib/torrent/jackett/config:/config -v /var/lib/torrent/jackett/downloads:/downloads \
 +
    --restart unless-stopped \
 +
    linuxserver/jackett
 +
 
 +
=== FlareSolverr (CloudFlare proxy bypass) ===
 +
  sudo docker run -d --name=flaresolverr \
 +
    -p 8191:8191 \
 +
    -e LOG_LEVEL=info \
 +
    --restart unless-stopped \
 +
    ghcr.io/flaresolverr/flaresolverr:latest
 +
 
 +
=== Deluge ===
 +
  sudo docker run -d --name deluge -e PUID=127 -e PGID=138 -e TZ=Europe/London \
 +
    --net=host \
 +
    -v /var/lib/torrent/deluged/config:/config -v /srv/incoming/torrents/deluge:/srv/incoming/torrents/deluge \
 +
    -v /etc/ssl/bretts.org:/etc/ssl/bretts.org \
 +
    --restart unless-stopped \
 +
    linuxserver/deluge
 +
 
 +
Since user groups don't seem to apply across the docker boundary, "torrent" will need to be given explicit permission to the private key file via an ACL:
 +
  setfacl -m "u:torrent:rw" /etc/ssl/bretts.org/key.pem
 +
 
 +
=== Radarr (Movie Downloads) ===
 +
  sudo docker run -d --name radarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \
 +
    -p 7878:7878 \
 +
    -v /var/lib/torrent/radarr/config:/config -v /srv/videos/programs/movies:/movies -v /srv/incoming/torrents/deluge:/downloads \
 +
    --restart unless-stopped \
 +
    linuxserver/radarr
 +
 
 +
=== Sonarr (TV Downloads) ===
 +
  sudo docker run -d --name=sonarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \
 +
    -p 8989:8989 \
 +
    -v /var/lib/torrent/sonarr/config:/config -v /srv/videos/programs/tv:/tv -v /srv/incoming/torrents/deluge:/downloads \
 +
    --restart unless-stopped \
 +
    linuxserver/sonarr
 +
 
 +
=== Unifi ===
 +
  sudo docker run -d --name=unifi-controller -e PUID=140 -e PGID=150 \
 +
    -p 3478:3478/udp -p 10001:10001/udp -p 18080:18080 -p 18081:18081 -p 18443:18443 -p 18880:18880 -p 6789:6789 \
 +
    -v /var/lib/unifi:/config \
 +
    --restart unless-stopped \
 +
    linuxserver/unifi-controller
 +
 
 +
=== Home-Assistant (as part of host network) ===
 +
  sudo docker run -d --name=home-assistant -e TZ=Europe/London \
 +
    --net=host \
 +
    -v /var/lib/home-assistant/config:/config -v /srv:/media -v /etc/ssl/bretts.org:/etc/ssl/bretts.org -v /var/www/html/arlo-snapshots:/arlo-snapshots \
 +
    --restart unless-stopped \
 +
    homeassistant/home-assistant
 +
 
 +
=== Stash ===
 +
  sudo docker run -d --name stash \
 +
    -e STASH_GENERATED=/generated/ -e STASH_METADATA=/metadata/ -e STASH_CACHE=/cache/ \
 +
    -e STASH_STASH=/data/ \
 +
    -p 9999:9999 \
 +
    -v /var/lib/stash:/root/.stash -v /var/lib/stash/metadata:/metadata -v /var/lib/stash/cache:/cache -v /var/lib/stash/blobs:/blobs -v /var/lib/stash/generated:/generated \
 +
    -v /var/lib/stash/data:/data -v /srv/porn:/srv/porn -v /srv/incoming/torrents/deluge/porn:/srv/incoming/torrents/deluge/porn \
 +
    -v /etc/localtime:/etc/localtime:ro \
 +
    --restart unless-stopped \
 +
    stashapp/stash
 +
 
 +
=== Atlassian ===
 +
 
 +
==== JIRA ====
 +
Note: In this instance JIRA is configured (with `-v`) using a named volume, rather than a bind mount
 +
  sudo docker volume create --name jira
 +
  sudo docker run -d --name=jira -e TZ=Europe/London \
 +
    -e ATL_TOMCAT_SCHEME=https -e ATL_TOMCAT_SECURE=true -e ATL_PROXY_NAME=jira.bretts.org -e ATL_PROXY_PORT=443 \
 +
    -p 7980:8080 \
 +
    -v jira:/var/atlassian/application-data/jira \
 +
    --restart unless-stopped \
 +
    atlassian/jira-software
 +
 
 +
Docker JIRA runs with a uid and gid of 2001. To ensure they show up as a named user in the hosting system you can run:
 +
  sudo addgroup --gid 2001 jira-docker
 +
  sudo adduser --system --no-create-home --uid 2001 --gid 2001 jira-docker
 +
 
 +
==== Bitbucket====
 +
Note: In this instance Bitbucket is configured (with `-v`) using a named volume, rather than a bind mount
 +
  sudo docker volume create --name bitbucket
 +
  sudo docker run -d --name=bitbucket -e TZ=Europe/London \
 +
    -e SERVER_SCHEME=https -e SERVER_SECURE=true -e SERVER_PROXY_NAME=bitbucket.bretts.org -e SERVER_PROXY_PORT=443 \
 +
    -p 7990:7990 -p 7999:7999 \
 +
    -v bitbucket:/var/atlassian/application-data/bitbucket \
 +
    --restart unless-stopped \
 +
    atlassian/bitbucket-server
 +
 
 +
Docker Bitbucket runs with a uid and gid of 2003. To ensure they show up as a named user in the hosting system you can run:
 +
  sudo addgroup --gid 2003 bitbucket-docker
 +
  sudo adduser --system --no-create-home --uid 2003 --gid 2003 bitbucket-docker
 +
 
 +
==== Bamboo ====
 +
Note: In this instance Bamboo is configured (with `-v`) using a named volume, rather than a bind mount
 +
  sudo docker volume create --name bamboo
 +
  sudo docker run -d --name=bamboo -e TZ=Europe/London \
 +
    -p 54663:54663 -p 7970:8085 \
 +
    -v bamboo:/var/atlassian/application-data/bamboo \
 +
    --restart unless-stopped \
 +
    atlassian/bamboo-server
  
== Creating a dedicated IP for a home-assistant docker container ==
+
===== Limitations =====
 +
* Bamboo runs with a uid of 1000, which means it's likely to clash with a real user in the containing host
 +
* Bamboo container doesn't support any reverse proxy configuration, which means hiding it behind nginx is likely to result in broken Application Links. This can be worked around by manually editing /opt/atlassian/bamboo/conf/server.xml, but those changes will be overwritten on every container upgrade.
  
  sudo docker network create -d macvlan --gateway 192.168.1.1 --subnet 192.168.1.0/24 --ip-range 192.168.1.231/29 -o parent=eth0 docker-subnet
+
== Tips / Fixes ==
  sudo docker run --init -d --name="home-assistant" -v /var/lib/homeassistant/docker:/config -v /var/www/html/arlo-snapshots:/arlo-snapshots -v /etc/localtime:/etc/localtime:ro --net docker-subnet --ip 192.168.1.231 homeassistant/home-assistant
 
  
== Tautulli slow to start ==
+
=== Tautulli slow to start ===
 
This may be due to an attempt to chown a large number of files.  
 
This may be due to an attempt to chown a large number of files.  
 
Login to the container:
 
Login to the container:
 
   sudo docker exec -it <container> /bin/bash
 
   sudo docker exec -it <container> /bin/bash
 
Disable the chown step by editing <code>/etc/cont-init.d/30-config</code> and commenting out the chown command.
 
Disable the chown step by editing <code>/etc/cont-init.d/30-config</code> and commenting out the chown command.
 +
 +
=== Adding an SSL cert for Unifi ===
 +
  sudo openssl pkcs12 -export -inkey /etc/ssl/bretts.org/key.pem -in /etc/ssl/bretts.org/fullchain.pem -out /tmp/cert.p12 -name unifi -password pass:temppass
 +
  sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt
 +
  sudo docker restart unifi-controller
 +
  sudo rm /tmp/cert.p12
 +
 +
=== Local DNS resolution fails on docker 18.09 ===
 +
This may be the result of a bug: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278. Normally the container's /etc/resolv.conf should mirror that of the host, but in this case it seems to just be a default version. As a workaround, create /etc/docker/daemon.json with the following contents:
 +
 +
  {
 +
    "dns": ["192.168.1.1", "8.8.8.8"],
 +
    "dns-search": ["bretts.org"]
 +
  }

Latest revision as of 06:09, 4 December 2024

Useful Commands

docker ps -a
List all containers
docker container inspect <container>
Show details of <container>
docker logs <container>
Show logs for <container>
docker exec -it <container> /bin/bash
Start an interactive shell in <container>

Updating container

Manually

 sudo docker pull <image>
 sudo docker stop <container>
 sudo docker rm <container>
 <docker run command>

Automatically

 sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container>

Containers

Portainer

 sudo docker run -d --name portainer \
   -p 8000:8000 -p 9443:9443 \
   -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/portainer:/data \
   -v /etc/ssl/bretts.org:/certs \
   --restart unless-stopped \
   portainer/portainer-ce \
   --sslcert /certs/fullchain.pem --sslkey /certs/key.pem

Plex

Get your claim token: https://www.plex.tv/claim/

Create the container with the claim token substituted:

 sudo docker run -d --name plex --network=host -e PLEX_UID=111 -e PLEX_GID=127 -e TZ=Europe/London -e PLEX_CLAIM=<CLAIM_TOKEN> \
   -v /var/lib/plexmediaserver:/config -v /srv:/srv --device=/dev/dri:/dev/dri \
   --restart unless-stopped \
   plexinc/pms-docker:plexpass

Tautulli (Plex Monitoring/Notifications)

 sudo docker run -d --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London \
   -p 8181:8181 \
   -v /var/lib/torrent/tautulli/config:/config -v /var/lib/plexmediaserver/Library/Logs:/logs \
   --restart unless-stopped \
   linuxserver/tautulli

Jackett (Torrent Gateway)

 sudo docker run -d --name=jackett -e PUID=127 -e PGID=138 -e TZ=Europe/London \
   -p 9117:9117 \
   -v /var/lib/torrent/jackett/config:/config -v /var/lib/torrent/jackett/downloads:/downloads \
   --restart unless-stopped \
   linuxserver/jackett

FlareSolverr (CloudFlare proxy bypass)

 sudo docker run -d --name=flaresolverr \
   -p 8191:8191 \
   -e LOG_LEVEL=info \
   --restart unless-stopped \
   ghcr.io/flaresolverr/flaresolverr:latest

Deluge

 sudo docker run -d --name deluge -e PUID=127 -e PGID=138 -e TZ=Europe/London \
   --net=host \
   -v /var/lib/torrent/deluged/config:/config -v /srv/incoming/torrents/deluge:/srv/incoming/torrents/deluge \
   -v /etc/ssl/bretts.org:/etc/ssl/bretts.org \
   --restart unless-stopped \
   linuxserver/deluge

Since user groups don't seem to apply across the docker boundary, "torrent" will need to be given explicit permission to the private key file via an ACL:

 setfacl -m "u:torrent:rw" /etc/ssl/bretts.org/key.pem

Radarr (Movie Downloads)

 sudo docker run -d --name radarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \
   -p 7878:7878 \
   -v /var/lib/torrent/radarr/config:/config -v /srv/videos/programs/movies:/movies -v /srv/incoming/torrents/deluge:/downloads \
   --restart unless-stopped \
   linuxserver/radarr

Sonarr (TV Downloads)

 sudo docker run -d --name=sonarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \
   -p 8989:8989 \
   -v /var/lib/torrent/sonarr/config:/config -v /srv/videos/programs/tv:/tv -v /srv/incoming/torrents/deluge:/downloads \
   --restart unless-stopped \
   linuxserver/sonarr

Unifi

 sudo docker run -d --name=unifi-controller -e PUID=140 -e PGID=150 \
   -p 3478:3478/udp -p 10001:10001/udp -p 18080:18080 -p 18081:18081 -p 18443:18443 -p 18880:18880 -p 6789:6789 \
   -v /var/lib/unifi:/config \
   --restart unless-stopped \
   linuxserver/unifi-controller

Home-Assistant (as part of host network)

 sudo docker run -d --name=home-assistant -e TZ=Europe/London \
   --net=host \
   -v /var/lib/home-assistant/config:/config -v /srv:/media -v /etc/ssl/bretts.org:/etc/ssl/bretts.org -v /var/www/html/arlo-snapshots:/arlo-snapshots \
   --restart unless-stopped \
   homeassistant/home-assistant

Stash

 sudo docker run -d --name stash \
   -e STASH_GENERATED=/generated/ -e STASH_METADATA=/metadata/ -e STASH_CACHE=/cache/ \
   -e STASH_STASH=/data/ \
   -p 9999:9999 \
   -v /var/lib/stash:/root/.stash -v /var/lib/stash/metadata:/metadata -v /var/lib/stash/cache:/cache -v /var/lib/stash/blobs:/blobs -v /var/lib/stash/generated:/generated \
   -v /var/lib/stash/data:/data -v /srv/porn:/srv/porn -v /srv/incoming/torrents/deluge/porn:/srv/incoming/torrents/deluge/porn \
   -v /etc/localtime:/etc/localtime:ro \
   --restart unless-stopped \
   stashapp/stash

Atlassian

JIRA

Note: In this instance JIRA is configured (with `-v`) using a named volume, rather than a bind mount

 sudo docker volume create --name jira
 sudo docker run -d --name=jira -e TZ=Europe/London \
   -e ATL_TOMCAT_SCHEME=https -e ATL_TOMCAT_SECURE=true -e ATL_PROXY_NAME=jira.bretts.org -e ATL_PROXY_PORT=443 \
   -p 7980:8080 \
   -v jira:/var/atlassian/application-data/jira \
   --restart unless-stopped \
   atlassian/jira-software

Docker JIRA runs with a uid and gid of 2001. To ensure they show up as a named user in the hosting system you can run:

 sudo addgroup --gid 2001 jira-docker
 sudo adduser --system --no-create-home --uid 2001 --gid 2001 jira-docker

Bitbucket

Note: In this instance Bitbucket is configured (with `-v`) using a named volume, rather than a bind mount

 sudo docker volume create --name bitbucket
 sudo docker run -d --name=bitbucket -e TZ=Europe/London \
   -e SERVER_SCHEME=https -e SERVER_SECURE=true -e SERVER_PROXY_NAME=bitbucket.bretts.org -e SERVER_PROXY_PORT=443 \
   -p 7990:7990 -p 7999:7999 \
   -v bitbucket:/var/atlassian/application-data/bitbucket \
   --restart unless-stopped \
   atlassian/bitbucket-server

Docker Bitbucket runs with a uid and gid of 2003. To ensure they show up as a named user in the hosting system you can run:

 sudo addgroup --gid 2003 bitbucket-docker
 sudo adduser --system --no-create-home --uid 2003 --gid 2003 bitbucket-docker

Bamboo

Note: In this instance Bamboo is configured (with `-v`) using a named volume, rather than a bind mount

 sudo docker volume create --name bamboo
 sudo docker run -d --name=bamboo -e TZ=Europe/London \
   -p 54663:54663 -p 7970:8085 \
   -v bamboo:/var/atlassian/application-data/bamboo \
   --restart unless-stopped \
   atlassian/bamboo-server
Limitations
  • Bamboo runs with a uid of 1000, which means it's likely to clash with a real user in the containing host
  • Bamboo container doesn't support any reverse proxy configuration, which means hiding it behind nginx is likely to result in broken Application Links. This can be worked around by manually editing /opt/atlassian/bamboo/conf/server.xml, but those changes will be overwritten on every container upgrade.

Tips / Fixes

Tautulli slow to start

This may be due to an attempt to chown a large number of files. Login to the container:

 sudo docker exec -it <container> /bin/bash

Disable the chown step by editing /etc/cont-init.d/30-config and commenting out the chown command.

Adding an SSL cert for Unifi

 sudo openssl pkcs12 -export -inkey /etc/ssl/bretts.org/key.pem -in /etc/ssl/bretts.org/fullchain.pem -out /tmp/cert.p12 -name unifi -password pass:temppass
 sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt
 sudo docker restart unifi-controller
 sudo rm /tmp/cert.p12

Local DNS resolution fails on docker 18.09

This may be the result of a bug: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278. Normally the container's /etc/resolv.conf should mirror that of the host, but in this case it seems to just be a default version. As a workaround, create /etc/docker/daemon.json with the following contents:

 {
   "dns": ["192.168.1.1", "8.8.8.8"],
   "dns-search": ["bretts.org"]
 }