https://miguelangel.torresegea.es/wiki/ 2026-05-23T20:44:40+00:00 https://miguelangel.torresegea.es/wiki/ https://miguelangel.torresegea.es/wiki/_media/wiki:dokuwiki-128.png text/html 2020-04-11T07:55:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:dockerd:remote-tls?rev=1586591719&do=diff dockerd remote tls access via * <https://docs.docker.com/engine/security/https/> * <https://nickjanetakis.com/blog/docker-tip-73-connecting-to-a-remote-docker-daemon> * <https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerd> * <https://medium.com/@ssmak/how-to-enable-docker-remote-api-on-docker-host-7b73bd3278c6> setup * pretendemos «asegurar» la conexión con el dockerd de manera que solo los clientes con certificado firmado por la misma CA que el servidor p… text/html 2020-03-28T00:27:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:volumes?rev=1585355244&do=diff docker volumes /via: <https://docs.docker.com/storage/volumes/> * bind mount: montaje clásico con -v sobre una estructura de directorios * tmpfs mount: almacenar data no persistente * volume: * gestionado desde cli docker * trasversal al OS --volume o --mount * desde la versión 17.06 text/html 2025-06-17T09:04:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:start?rev=1750151077&do=diff DOCKER devops info related +info * dockerd * Dockerfile * docker-compose * docker volumes * docker TLS (OLD) * docker daemon TLS * docker context * docker scan * Dev Containers: <https://www.youtube.com/watch?v=DkKs29etRis> * Health Check: <https://atareao.es/podcast/tu-contenedor-docker-podria-estar-muerto-y-tu-sin-enterarte/> * <https://tech.paulcz.net/blog/secure-docker-with-tls/> * <https://gist.github.com/kekru/974e40bb1cd4b947a53cca5ba4b0bbe5> * <https://blog… text/html 2021-11-16T07:36:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:dockerfile:examples:mariadbssl?rev=1637048170&do=diff Dockerfile mariadb + SSL dockerfile Dockerfile FROM mariadb:latest ADD --chown=mysql:root ./data/certs/server-key.pem /etc/mysql/certs/server.key ADD ./data/certs/server-cert.pem /etc/mysql/certs/server.crt ADD ./data/certs/ca-cert.pem /etc/mysql/certs/CA.crt ADD ./data/certs/ssl.cnf /etc/mysql/conf.d/ssl.cnf text/html 2021-12-04T06:03:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:tls?rev=1638597822&do=diff docker daemon TLS * create directories: mkdir -p ${HOME}/.docker mkdir -p /etc/docker/certs * create certificates: docker run --rm -v $(pwd)/.docker:/certs paulczar/omgwtfssl sudo cp ~/.docker/ca.pem /etc/docker/ssl/ca.pem chown -R $USER ~/.docker # añadir IPs correspondientes docker run --rm -v /etc/docker/ssl:/server \ -v $(pwd)/.docker:/certs \ -e SSL_IP=127.0.0.1,172.17.8.101 \ -e SSL_DNS=docker.local -e SSL_KEY=/server/key.pem \ -e SSL_CERT=/server/cert.pem paulczar/o… text/html 2025-12-11T09:31:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:docker-compose:start?rev=1765445462&do=diff docker-compose related * docker-compose casos de uso comandos * detached start docker-compose up -d [service] * docker-compose up -d --scale <SERVICIO>=<NUM_CONT> estado servicio docker compose ps docker compose ps -a docker compose ps --status=exited reiniciar servicio text/html 2019-11-27T08:43:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:run?rev=1574844222&do=diff docker run usos útiles #!/bin/bash docker run \ --detach \ --publish 9000:9000 \ --name portainer \ --restart unless-stopped \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume ${PWD}/data:/data \ portainer/portainer text/html 2023-01-24T13:40:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:scan?rev=1674567649&do=diff docker scan * Instalación: apt-get update && apt-get install docker-scan-plugin * Aceptar licencia: docker scan --accept-license --version * Es necesario hacer login en Docker Hub: docker login --username matebcn * Scan: docker scan hello-world text/html 2021-11-28T20:24:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:security?rev=1638131099&do=diff docker TLS (OLD) * SSL, TLS: <https://docs.docker.com/engine/security/protect-access/> * <https://www.labkey.org/Documentation/wiki-page.view?name=dockerTLS> * <https://docs.docker.com/engine/security/apparmor/> * docker context -> <https://docs.docker.com/engine/context/working-with-contexts/> * <https://tech.paulcz.net/2016/01/secure-docker-with-tls/> * docker run --rm -v $(pwd)/.docker:/certs paulczar/omgwtfssl * <https://www.youtube.com/watch?v=70QOBVwLyC0> creación certific… text/html 2020-02-13T21:27:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:dockerd:start?rev=1581629264&do=diff dockerd * dockerd remote tls access info sudo systemctl start docker sudo service docker start # si hay cambios en los ficheros de configuración de configuración de los servicios systemd sudo systemctl daemon-reload sudo systemctl restart docker { "data-root": "/mnt/docker-data", "storage-driver": "overlay", # autorizar docker-registry no seguros "insecure-registries" : ["10.29.66.85:5000"] } text/html 2022-05-06T09:15:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:context?rev=1651828557&do=diff docker context connectar con dockerd remoto a través conexión SSH docker context create --docker host=ssh://<SERVER_CONN> --description "server docker daemon" <SERVER> docker context create --docker host=ssh://<USER>@<PASS> --description "server docker daemon" <SERVER> docker context use <SERVER> docker context ls docker context use default docker context remove <SERVER> text/html 2021-11-16T07:40:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:dockerfile:examples:runscript?rev=1637048457&do=diff Dockerfile run script dockerfile /via:<https://github.com/chio-nzgft/docker-MariaDB-with-SSL/blob/master/run.sh> destacable completo #!/bin/sh # execute any pre-init scripts for i in /scripts/pre-init.d/*sh do if [ -e "${i}" ]; then echo "[i] pre-init.d - processing $i" . "${i}" fi done if [ -d "/run/mysqld" ]; then echo "[i] mysqld already present, skipping creation" chown -R mysql:mysql /run/mysqld else echo "[i] … text/html 2021-11-16T07:34:36+00:00 Anonymous (anonymous@undisclosed.example.com) https://miguelangel.torresegea.es/wiki/tech:docker:dockerfile?rev=1637048076&do=diff Dockerfile * <https://docs.docker.com/develop/develop-images/dockerfile_best-practices/> * mirar: <https://runnable.com/blog/9-common-dockerfile-mistakes> nombre contenedores * [a-zA-Z0-9][a-zA-Z0-9_.-] * max. 30 caracteres * <https://stackoverflow.com/questions/42642561/docker-restrictions-regarding-naming-container> zona horaria * Zona Horaria (TZ) * crear volumenes a /etc/localtime, /etc/timezone para que coincida con el host: * <https://serverfault.com/questions/68360…