Docker Class
Docker Class
http://localhost:8080
docker stop web
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Docker Nginx</title>
</head>
<body>
<h2>Hello from Nginx container</h2>
</body></html>
FROM nginx:latest
docker login
$ docker tag nginx-frontend <dockerid>/nginx-frontend
Setup environment:
$ mkdir Myapp
$ cd Myapp
Now lets create passowrd file for our DB:
$ openssl rand -base64 32 > db_password.txt
$ openssl rand -base64 32 > db_root_password.txt
Create a docker-compose.yml file:
Explain
version: '3.1'
services:
#Nginx Service
webserver:
image: nginx:alpine
container_name: webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
#Mysql DB
db:
image: mysql:5.7
container_name: Mysqldb
restart: unless-stopped
volumes:
- db_data:/var/lib/mysql
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_root_password
- db_password
secrets:
db_password:
file: db_password.txt
db_root_password:
file: db_root_password.txt
volumes:
db_data:
Create the compose container:
$ sudo docker-compose up
SSH into the instance and check the app
List out the compose services:
Explain
$ docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------
--------
Mysqldb docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp,
33060/tcp
webserver nginx -g daemon off; Up 0.0.0.0:443->443/tcp,
0.0.0.0:80->80/tcp
Verify the nginx is running:
$ curl http://localhost
Verify the Mysql db:
$ docker exec -it Mysqldb mysql -u root -p
Prerequisites
You will need all of the following to complete this lab:
A Docker host
Explain
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
1befe23acd58 bridge bridge local
726ead8f4e6b host host local
ef4896538cc7 none null local
The output above shows that the bridge network is associated with
the bridge driver. It’s important to note that the network and the driver are
connected, but they are not the same. In this example the network and the
driver have the same name – but they are not the same thing!
The output above also shows that the bridge network is scoped locally. This
means that the network only exists on this Docker host. This is true of all
networks using the bridge driver – the bridge driver provides single-host
networking.
All networks created with the bridge driver are based on a Linux bridge
(a.k.a. a virtual switch).
Install the brctl command and use it to list the Linux bridges on your
Docker host.
Explain
# Install the brctl tools
$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242f17f89a6 no
The output above shows a single Linux bridge called docker0. This is the
bridge that was automatically created for the bridge network. You can see
that it has no interfaces currently connected to it.
You can also use the ip command to view details of the docker0 bridge.
Explain
$ ip a
<Snip>
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group
default
link/ether 02:42:f1:7f:89:a6 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f1ff:fe7f:89a6/64 scope link
valid_lft forever preferred_lft forever
$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242f17f89a6 no veth3a080f
Notice how the docker0 bridge now has an interface connected. This
interface connects the docker0 bridge to the new container just created.
Inspect the bridge network again to see the new container attached to it.
Explain
$ docker network inspect bridge
<Snip>
"Containers": {
"6dd93d6cdc806df6c7812b6202f6096e43d9a013e56e5e638ee4bfb4ae8779ce": {
"Name": "reverent_dubinsky",
"EndpointID": "dda76da5577960b30492fdf1526c7dd7924725e5d654bed57b44e1a6e85e956c",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
<Snip>
Ping the IP address of the container from the shell prompt of your Docker
host. Remember to use the IP of the container in your environment.
Explain
$ ping 172.17.0.2
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.069 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.052 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from 172.17.0.2: icmp_seq=5 ttl=64 time=0.049 ms
^C
--- 172.17.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.049/0.053/0.069/0.012 ms
Press Ctrl-C to stop the ping. The replies above show that the Docker host
can ping the container over the bridge network.
Explain
# Get the ID of the container started in the previous step.
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
6dd93d6cdc80 ubuntu "sleep infinity" 5 mins Up reverent_dubinsky
This shows that the new container can ping the internet and therefore has a
valid and working network configuration.
NOTE: If you start a new container from the official NGINX image without
specifying a command to run, the container will run a basic web server on
port 80.
Explain
$ docker run --name web1 -d -p 8080:80 nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
386a066cd84a: Pull complete
7bdb4b002d7f: Pull complete
49b006ddea70: Pull complete
Digest: sha256:9038d5645fa5fcca445d12e1b8979c87f46ca42cfb17beb1e5e093785991a639
Status: Downloaded newer image for nginx:latest
b747d43fa277ec5da4e904b932db2a3fe4047991007c2d3649e3f0c615961038
Check that the container is running and view the port mapping.
Explain
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
b747d43fa277 nginx "nginx -g 'daemon off" 3 seconds ago Up 2 seconds 443/tcp,
0.0.0.0:8080->80/tcp web1
6dd93d6cdc80 ubuntu "sleep infinity" About an hour ago Up About an hour
reverent_dubinsky
There are two containers listed in the output above. The top line shows the
new web1 container running NGINX. Take note of the command the
container is running as well as the port mapping
– 0.0.0.0:8080->80/tcp maps port 8080 on all host interfaces to port 80
inside the web1 container. This port mapping is what effectively makes the
containers web service accessible from external sources (via the Docker hosts
IP address on port 8080).
Now that the container is running and mapped to a port on a host interface
you can test connectivity to the NGINX web server.
To complete the following task you will need the IP address of your Docker
host. This will need to be an IP address that you can reach (e.g. if your lab is
in AWS this will need to be the instance’s Public IP).
Point your web browser to the IP and port 8080 of your Docker host. The
following example shows a web browser pointed to 52.213.169.69:8080