Docker: Difference between revisions

Line 62:

Docker apparently doesn't respect your host firewall by default - leading to the potential for a gaping security hole. This has been a [https://github.com/docker/for-linux/issues/690 reported bug since 2018]. One fix is to [https://www.smarthomebeginner.com/traefik-docker-security-best-practices/#10_Change_DOCKER_OPTS_to_Respect_IP_Table_Firewall set the DOCKER_OPTS] configuration parameter. Another is to add a jump rule to UFW. The bug report links to docs and multiple references.

==~~Future Reading~~==

== Docker Downsides ==

One major negative to the system architecture of Docker is that it relies on a server daemon. **Unlike** [[Podman]], Docker's Engine can use up 4GB of RAM just sitting idle.

A similar thing happens with WSL2 on Windows <ref>https://news.ycombinator.com/item?id=26897095</ref>

~~#The compose application model https://docs.docker.com/compose/compose-file/02-model/~~

== Future Reading ==

~~#Understand how moby [https://github.com/moby/buildkit buildkit] is integrated with [https://github.com/docker/buildx buildx] (or docker) and use it.~~

~~#Interesting read about docker commit https://adamtheautomator.com/docker-commit/~~

# The compose application model https://docs.docker.com/compose/compose-file/02-model/

# Understand how moby [https://github.com/moby/buildkit buildkit] is integrated with [https://github.com/docker/buildx buildx] (or docker) and use it.

# Interesting read about docker commit https://adamtheautomator.com/docker-commit/

Inspect your running container based on it's container name: docker inspect $(docker container ls | awk '/app2/ {print $1}')

@@ Line 62: / Line 62: @@
 Docker apparently doesn't respect your host firewall by default - leading to the potential for a gaping security hole. This has been a [https://github.com/docker/for-linux/issues/690 reported bug since 2018]. One fix is to [https://www.smarthomebeginner.com/traefik-docker-security-best-practices/#10_Change_DOCKER_OPTS_to_Respect_IP_Table_Firewall set the DOCKER_OPTS] configuration parameter. Another is to add a jump rule to UFW. The bug report links to docs and multiple references.
-==Future Reading==
+== Docker Downsides ==
+One major negative to the system architecture of Docker is that it relies on a server daemon. **Unlike** [[Podman]], Docker's Engine can use up 4GB of RAM just sitting idle.
+A similar thing happens with WSL2 on Windows <ref>https://news.ycombinator.com/item?id=26897095</ref>
-#The compose application model https://docs.docker.com/compose/compose-file/02-model/
+== Future Reading ==
-#Understand how moby [https://github.com/moby/buildkit buildkit] is integrated with [https://github.com/docker/buildx buildx] (or docker) and use it.
-#Interesting read about docker commit https://adamtheautomator.com/docker-commit/
+# The compose application model https://docs.docker.com/compose/compose-file/02-model/
+# Understand how moby [https://github.com/moby/buildkit buildkit] is integrated with [https://github.com/docker/buildx buildx] (or docker) and use it.
+# Interesting read about docker commit https://adamtheautomator.com/docker-commit/
 Inspect your running container based on it's container name: docker inspect $(docker container ls | awk '/app2/ {print $1}')