one137

Theme: 

Docker

Setup in Debian VM

VM Creation

  • Create VM settings:
    • Start at boot: Yes, Start order: order=2, up=30 to wait for TrueNAS’ shares
    • Machine = 135, Disk = 64 GB
    • CPU cores = 10, CPU type = x86-64-v4, RAM = 16384
  • Debian install (terminal or graphic):
    • leave root pwd empty
    • Guided partitioning - use entire disk. All files in one partition.
    • Software selection = SSH + Sys utils only
    • GRUB boot loader on /dev/sda

VM Setup

  1. Configure the network interface from Proxmox console
  2. See the rest of Linux Systems Setup
  3. See SMB if SMB share needed.

Docker Setup

Quick install (or follow manual installation steps: https://docs.docker.com/engine/install/debian/#install-using-the-repository)

curl -fsSL https://get.docker.com | sh
sudo docker run hello-world # To test

https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user:

sudo usermod -aG docker $USER && logout
# log back in...
sudo systemctl enable docker.service && sudo systemctl enable containerd.service

Create user and dir to manage bind-mount volumes:

sudo adduser --disabled-login dockeruser
sudo usermod -aG dockeruser $USER # needs log out
 
sudo mkdir -p /srv/docker/volumes
sudo chown -R dockeruser:dockeruser /srv/docker
sudo chmod -R o-rwx /srv/docker
sudo chmod -R g+s /srv/docker
 
echo "alias sdu='sudo -u dockeruser'" >> ~/.bash_aliases

Portainer & Stacks Setup

Portainer

Difference with standard LXCs

Similar to LXC. Early versions of Docker (pre 1.10) used LXC as the container execution driver.

Now, Docker

  • Adds a higher-level abstraction layer over Linux kernel features.
    • Unlike LXC, which mimics a full OS environment with systemd/init, Docker removes system-level dependencies like init processes, reducing overhead.
  • Uses a Layered filesystem to create container images.
    • Containers only use the top writable layer, sharing underlying read-only layers between multiple containers.
    • So Docker shareable containers usually include just the application and the minimal libraries required for it to function.

And also (among others):

  • Enforces stricter application-level isolation by default.
  • Simplifies networking with built-in tools like bridge, host, and overlay networks.

But Docker is a lot about the components around the containers themselves. For example

  • Its daemon dockerd
  • Its API to interact with containers
  • Various tools to manage containers, images, networking, etc.
  • Docker Hub
  • Docker Compose
  • Docker Swarm

Backlinks