containers
debian
docker
tutos
Docker CE sur Debian 12
Installation de Docker Community Edition sur Debian 12 Bookworm.
Composant
Version
Debian
12 Bookworm
Docker CE
24.x
Docker Compose
2.x
Durée estimée : 20 minutes
1. Prérequis
# Supprimer anciennes versions
remove -y docker docker-engine docker.io containerd runc
# Dépendances
update
install -y ca-certificates curl gnupg
2. Installation
Ajouter le dépôt Docker
# Clé GPG
-m 0755 -d /etc/apt/keyrings
-fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
a+r /etc/apt/keyrings/docker.gpg
# Dépôt
echo \
"deb [arch= $( dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
$( . /etc/os-release && echo " $VERSION_CODENAME " ) stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
Installer Docker
update
install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Vérifier
--version
compose version
Démarrer le service
enable --now docker
status docker
3. Post-installation
Utiliser Docker sans sudo
-aG docker $USER
docker
# Tester
run hello-world
Configuration daemon
> /etc/docker/daemon.json << 'EOF'
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2",
"live-restore": true,
"default-address-pools": [
{"base": "172.17.0.0/16", "size": 24}
]
}
EOF
restart docker
4. Commandes de base
Images
pull nginx:alpine
images
rmi nginx:alpine
Conteneurs
# Lancer
run -d --name web -p 8080 :80 nginx:alpine
# Gérer
ps
logs -f web
exec -it web sh
stop web
rm web
Volumes
volume create appdata
run -d -v appdata:/data myapp
run -d -v $( pwd ) /html:/var/www:ro nginx
Réseaux
network create mynet
run -d --network mynet --name web nginx
run -d --network mynet --name app myapp
5. Docker Compose
# compose.yml
version : "3.8"
services :
frontend :
image : nginx:alpine
ports :
- "80:80"
volumes :
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./www:/usr/share/nginx/html:ro
depends_on :
- backend
restart : unless-stopped
backend :
build :
context : ./backend
dockerfile : Dockerfile
environment :
- DB_HOST=database
- DB_NAME=app
depends_on :
database :
condition : service_healthy
restart : unless-stopped
database :
image : postgres:15
environment :
POSTGRES_DB : app
POSTGRES_USER : user
POSTGRES_PASSWORD : secret
volumes :
- pgdata:/var/lib/postgresql/data
healthcheck :
test : [ "CMD-SHELL" , "pg_isready -U user -d app" ]
interval : 10s
timeout : 5s
retries : 5
restart : unless-stopped
volumes :
pgdata :
compose up -d
compose logs -f
compose ps
compose down
6. Build d'images
Dockerfile multi-stage
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Production stage
FROM nginx:alpine AS production
COPY --from= builder /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
CMD [ "nginx" , "-g" , "daemon off;" ]
build -t myapp:1.0 .
build --target builder -t myapp:dev .
7. Registry
# Docker Hub
login
tag myapp:1.0 user/myapp:1.0
push user/myapp:1.0
# Registry local
run -d -p 5000 :5000 --restart always registry:2
tag myapp:1.0 localhost:5000/myapp:1.0
push localhost:5000/myapp:1.0
8. Firewall UFW
# Docker modifie iptables directement
# UFW peut être contourné par défaut
# Pour forcer UFW
>> /etc/ufw/after.rules << 'EOF'
*filter
:DOCKER-USER - [0:0]
-A DOCKER-USER -j RETURN
COMMIT
EOF
reload
9. Healthchecks
# Dans compose.yml
services :
web :
image : nginx
healthcheck :
test : [ "CMD" , "curl" , "-f" , "http://localhost/" ]
interval : 30s
timeout : 10s
retries : 3
start_period : 40s
inspect --format= '{{.State.Health.Status}}' web
10. Ressources et limites
# Limiter mémoire et CPU
run -d \
--memory= "256m" \
--memory-swap= "512m" \
--cpus= "0.5" \
--pids-limit= 50 \
myapp
# Dans compose.yml
app:
image: myapp
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
reservations:
cpus: '0.25'
memory: 128M
11. Logs
# Voir les logs
logs container_name
logs -f --tail 100 container_name
# Driver de log
run -d \
--log-driver= json-file \
--log-opt max-size= 10m \
--log-opt max-file= 3 \
myapp
12. Nettoyage
# Conteneurs arrêtés
container prune -f
# Images orphelines
image prune -a -f
# Volumes non utilisés
volume prune -f
# Tout (attention!)
system prune -a --volumes -f
# Vérifier l'espace
system df
13. Backup
# Exporter un conteneur
export container_name > backup.tar
# Sauvegarder une image
save myapp:1.0 > myapp.tar
# Restaurer
load < myapp.tar
# Backup volume
run --rm \
-v myvolume:/data \
-v $( pwd ) :/backup \
alpine tar czf /backup/volume-backup.tar.gz /data
Comparatif Rocky vs Debian
Aspect
Rocky 9
Debian 12
Dépôt
centos
debian
SELinux
Oui
Non (AppArmor)
Firewall
firewalld
ufw/iptables
Volumes
:z/:Z
Standard
Vérification
--version
compose version
info
run --rm hello-world
Dépannage
-u docker -f
logs container_name
inspect container_name
events
Problème
Solution
Permission denied
usermod -aG docker $USER
Port in use
docker ps -a + docker rm -f
Disk full
docker system prune -a
Network issue
docker network prune
Changelog
Date
Modification
2024-12
Création initiale