Docker

• docker run | Docker Documentation
  • docker cheat sheet
• (212) Docker Tutorial for Beginners [FULL COURSE in 3 Hours] - YouTube
• Docker Internals -- Docker Saigon
  • Lifecycle of Docker Container
• Dockerfile reference | Docker Documentation
  • Best practices for writing Dockerfiles
    • How to write excellent Dockerfiles
  • Docker CMD 與 ENTRYPOINT 說明詳解
  • Understand CMD and ENTRYPOINT Differences in Docker
    • the executable is defined with ENTRYPOINT, while CMD specifies the default parameter.
      • If you are using both instructions, make sure to keep them in exec form.
  • dockerfile - Why should I use docker ONBUILD? - Stack Overflow
  • [Docker] Health Check and Restart Unhealthy Container | wshs0713's blog
• What is the difference between a process, a container, and a VM
• dockerd | Docker Docs
• 用網頁圖形化界面管理Docker容器 \~ Portainer安裝教學，一鍵啟動docker-compose、管理image · Ivon的部落格
• Docker 命令行小技巧：runlike | 卡瓦邦噶！
• Python 新手筆記 - 用 Docker 跑 Python 網站-黑暗執行緒
• HTTPS Nginx Docker 之懶人安裝法-黑暗執行緒
• Labs
  • :star:那些關於 docker 你知道與不知道的事 :: 2022 iThome 鐵人賽
    • Docker (容器) 的原理 | 卡瓦邦噶！
    • :star:Docker 镜像构建的一些技巧 | 卡瓦邦噶！
      • GitHub - wagoodman/dive: A tool for exploring each layer in a docker image
  • Welcome to Docker Labs
  • Play with Docker Classroom
  • Docker Compose 101 Labs
• error
  • docker.errors.DockerException: Error while fetching server API version
• registry
  • 透過 Harbor 建制自己的 Docker Registry + 永久憑證更新
• How to keep Docker container running after starting services
• Docker container will automatically stop after "docker run -d"
• Environment variables in Python & Docker
• How to set up separate .env for development and production using Docker
• How to use the same dockerfile for dev and prod
• GitHub - wsargent/docker-cheat-sheet: Docker Cheat Sheet
• Docker Container 基礎入門篇 1. 猴子也會的 Docker，但猴子並不想會。 | by Azole (小賴) | Medium
• Distrobox
  • 我全都要！Distrobox使用教學，透過容器安裝其他Linux發行版的套件 · Ivon的部落格
  • 透過 Distrobox 解決 Linux 環境依賴問題 | omegaatt
  • Never Install Locally？試試 Dev Container | omegaatt
• debug
  • 5 ways to debug an exploding Docker container | by Tim Perry | Medium
  • What does docker container exit status 255 mean? - Stack Overflow
  • Running docker compose up -d (strconv.Atoi: parsing "": invalid syntax) · Issue #1537 · docker/compose-cli · GitHub
• systemctl
  • Systemd fails to run in a docker container when using cgroupv2 (--cgroupns=private) - Server Fault
  • How to run systemd in a container | Red Hat Developer
    • Systemd vs. Docker [LWN.net]
  • Docker and systemd | The Startup
  • docker中单容器开启多服务时systemctl引发的血案及破案过程 - 知乎
  • centos - failed to get D-Bus connection: Operation not permitted - Server Fault
  • Systemd integration
  • 渡鴉之丘: 在 docker container 裡面執行 systemd 服務（測試環境用～）
  • Docker容器出现使用systemctl问题：Failed to get D-Bus connection: Operation not permitted · 浩翰Redamancy的博客
  • Is it recommended to run systemd inside docker container? - Stack Overflow
  • linux - Docker with systemd and systemctl - Super User
  • systemd - Run systemctl inside docker container - Ask Ubuntu
  • https://chatgpt.com/share/6814872e-1b40-8009-9e0f-f75edc8ad2ec
• cap_add
  • mknod: /dev/net/tun: Operation not permitted · Issue #498 · kylemanna/docker-openvpn · GitHub
  • 為何在 Docker 中執行特權容器不是個好主意? – 資安趨勢部落格
• High Availability
  • Building a High Availability Cluster with HAProxy, Keepalived, and Docker: A Step-by-Step Guide | by Yahya sghiouri | Medium
• firewall
  • Packet filtering and firewalls | Docker Docs
  • How to configure your firewall
    • LXD and Docker Firewall Redux - How to deal with FORWARD policy set to drop - LXD - Linux Containers Forum

build

• Capture ouput of docker build into a log file? - General Discussions - Docker Community Forums

docker build --no-cache --progress=plain . 2>&1 | tee build.log

multi-stage builds

• Docker multi-stage builds 教學 - MyApollo
• 透過 Multiple Stage Builds 編譯出最小的 Docker Image
• 透過 Multi-Stage Builds 改善持續交付流程

container

docker container prune

容器與訊號

• 執行 Docker 容器可使用 dumb-init 或 tini 改善程序優雅結束的問題 | The Will Will Web

當你在執行 Docker 容器時，主要執行程序(Process)的 PID 將會是 1，只要這個程序停止，容器就會跟著停止。

以 docker stop 為例，這個命令實質上是對容器中的 PID 1 送出一個 SIGTERM 訊號，如果程序本身並沒有處理 Signal 的機制，就會直接忽略這類訊號，這就會導致 docker stop 等了 10 秒之後還不結束，然後 Docker Engine 又會對 PID 1 送出另一個 SIGKILL 訊號，試圖強迫砍掉這個程序，這才會讓容器徹底停下來。

mknod

• linux - Error running mknod within buildah - Server Fault

systemd inside the docker container

That being said, there are also lots of reasons not to run systemd in containers. The main one is that systemd/journald controls the output of containers, whereas tools like Kubernetes and OpenShift expect the containers to log directly to stdout and stderr. So, if you are going to manage your containers via Orchestrator like these, then you should think twice about using systemd-based containers. Additionally, the upstream community of Docker and Moby were often hostile to the use of systemd in a container. How to run systemd in a container | Red Hat Developer

It is generally recommended that you separate areas of concern by using one service per container. That service may fork into multiple processes (for example, Apache web server starts multiple worker processes). It’s ok to have multiple processes - Run multiple services in a container | Docker Documentation

If your process falls into this category, you can use the --init option when you run the container. The --init flag inserts a tiny init-process into the container as the main process, and handles reaping of all processes when the container exits. Handling such processes this way is superior to using a full-fledged init process such as sysvinit, upstart, or systemd to handle process lifecycle within your container.

for example nginx

root@2b8cf1261323:/# ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.0   8932  5708 ?        Ss   08:55   0:00 nginx: master process nginx -g daemon off;
nginx         29  0.0  0.0   9320  2668 ?        S    08:55   0:00 nginx: worker process
nginx         30  0.0  0.0   9320  2668 ?        S    08:55   0:00 nginx: worker process
nginx         31  0.0  0.0   9320  2668 ?        S    08:55   0:00 nginx: worker process
nginx         32  0.0  0.0   9320  2668 ?        S    08:55   0:00 nginx: worker process
root          33  0.0  0.0   4164  3580 pts/0    Ss   08:56   0:00 bash
root         383  0.0  0.0   6760  3076 pts/0    R+   08:58   0:00 ps aux

for example ubuntu

upermicro@supermicro-Virtual-Machine:~/srccode/dockerize-xcat$ docker run ubuntu bash -c 'ps aux'
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.0   7060  1548 ?        Rs   09:03   0:00 ps aux

for example redis

root@dc49d0761c3f:/data# ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
redis          1  0.1  0.1  53676 13532 ?        Ssl  09:05   0:00 redis-server *:6379
root          34  0.0  0.0   4156  3484 pts/0    Ss   09:05   0:00 bash
root         855  0.0  0.0   6760  3008 pts/0    R+   09:10   0:00 ps aux
root@dc49d0761c3f:/data# cat /etc/issue
Debian GNU/Linux 11 \n \l

image

docker image prune

docker image ls | awk 'NR>1 {print $1":"$2}' | xargs -I {} sh -c 'echo "Inspecting image: {}"; docker image inspect {}

save and load

• docker image save | Docker Docs
• docker image load | Docker Docs
• 把image另外儲存成檔案 · Docker學習筆記
• 使用 save / export 分享 image - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天

network

• From inside of a Docker container, how do I connect to the localhost of the machine?
• Docker Container 基礎入門篇 2. 不當邊緣人的 container | by Azole (小賴) | Medium
• Docker networking is CRAZY!! (you NEED to learn it) - YouTube
• under the hood
  • Docker Network - 網路模型 | Hwchiu Learning Note
  • Docker 網路入門篇(二) - Bridge 網路模型 | Hwchiu Learning Note
  • Docker 網路入門篇(三) - 網路存取分析 | Hwchiu Learning Note
  • Docker 網路入門篇(四) - 外界主動存取 | Hwchiu Learning Note
• Ubuntu
  • networking - No network access from within Docker container - Ask Ubuntu
    • Favoring "iptables-legacy" on Debian Sid causes iptables rules inconsistency · Issue #2331 · moby/libnetwork

host

• Use host networking | Docker Documentation
• Networking using the host network | Docker Documentation if you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated.

port

• port - What is the difference between "expose" and "publish" in Docker? - Stack Overflow

env, arg

• How to set up separate .env for development and production using Docker
• Pass argument to docker compose
• 活用 ENV 與 ARG
• How to define build-args in docker-compose?

permission

• Fixing permissions issues with Docker Compose and PHP

volume

• Docker Compose: volumes without colon (:) - Stack Overflow
  • anonymous volume

/var/lib/docker/volumes

docker volume ls

volume propagation behavior

#!/bin/bash


sudo ls -la /var/lib/docker/volumes/ng-vol/_data


# run a container which creates a new volume
docker volume rm ng-vol
docker run -d --name nginx1 --mount source=ng-vol,target=/usr/share/nginx/html nginx
docker exec nginx1 ls -la /usr/share/nginx/html
docker exec nginx1 ls -la /app
docker exec nginx1 touch /usr/share/nginx/html/abc.html
sudo ls -la /var/lib/docker/volumes/ng-vol/_data


# /app not exist
docker run -d --name nginx2 --mount source=ng-vol,target=/app nginx
docker exec nginx2 ls -la /app
sudo ls -la /var/lib/docker/volumes/ng-vol/_data


# mount a non-empty volume into a directory in the container in which some files or directories exist, 
# these files or directories are obscured by the mount
docker run -d --name nginx3 --mount source=ng-vol,target=/usr/share/nginx/html nginx
docker exec nginx3 ls -la /usr/share/nginx/html
sudo ls -la /var/lib/docker/volumes/ng-vol/_data


# A given volume can be mounted into multiple containers simultaneously


# create file in a container and show in another container
docker exec nginx3 touch /usr/share/nginx/html/ng3-abc.html
docker exec nginx2 ls -la /app
sudo ls -la /var/lib/docker/volumes/ng-vol/_data


docker stop nginx1 nginx2 nginx3
docker rm nginx1 nginx2 nginx3
docker volume rm ng-vol

docker compose

• Compose specification | Docker Documentation
• Compose V2 Overview | Docker Documentation
  • Announcing Compose V2 General Availability | Docker
    • >= v20.10.13
• Reuse image built by one service in another service
• How to view log output using docker-compose run?
• Environment variables in Compose
• How to tag docker image with docker-compose
• docker-compose up for only certain containers
• Docker-compose exclude service by default - Stack Overflow
• 使用 Docker Compose 建立你自己的开发环境 - 咸糖 - 自律者自由
• 3 個使用 docker compose 的必備指令 - MyApollo
• 談 docker compose 的 depends_on 設定怎麼使用 - MyApollo
• Why docker-compose down deletes my volume? how to avoid this action done by 'down'. (Postgresql) - Stack Overflow

``` docker= version: "3" services: redis: container_name: "project-name-redis" image: "redis:3.2.4-alpine" ports: - "6379:6379" mariadb: container_name: "project-name-config-db" image: "mariadb:10.4" ports: - "3306:3306" environment: MYSQL_ROOT_PASSWORD: example MYSQL_DATABASE: project_name_alpha_0706 MYSQL_USER: project MYSQL_PASSWORD: project volumes: - ./mariadb:/docker-entrypoint-initdb.d command: ['mysqld', '--character-set-server=utf8', '--collation-server=utf8_general_ci'] elasticsearch: container_name: "project-name-es" image: "docker.elastic.co/elasticsearch/elasticsearch:6.8.18" ports: - "127.0.0.1:9200:9200" - "127.0.0.1:9300:9300" environment: discovery.type: single-node kibana: image: "docker.elastic.co/kibana/kibana:6.8.18" container_name: "project-name-kibana" environment: SERVER_NAME: kibana-server ELASTICSEARCH_URL: http://elasticsearch:9200 depends_on: - elasticsearch ports: - "127.0.0.1:5601:5601"

There is a file such as init.sql in mariadb directory
``` sql=
GRANT ALL PRIVILEGES ON *.* TO 'project'@'%';
CREATE DATABASE  IF NOT EXISTS `project_name_alpha_0706`;
USE `project_name_alpha_0706`;

build

Build subsection is present for a service, it is valid for a Compose file to miss an Image attribute for corresponding service, as Compose implementation can build image from source. Compose file build reference | Docker Documentation

networks

• docker compose network簡介和設定固定ip - Hjoru's sharing - Medium

multiple compose files

• Use multiple Compose files | Docker Docs
  • Extend | Docker Docs
  • Include | Docker Docs
• Docker Compose Modularity with `include` | Docker

healthcheck

• How To Perform A Health Check In Docker Compose | Warp
• Docker HEALTHCHECK健康检查及注意事项 | 胡文峰的博客

mysql

• File in docker-entrypoint-initdb.d never get executed when using docker compose
  • docker-compose rm
• [實作筆記] 使用 Docker 一鍵生成 Sample 資料庫 | Marsen's Blog

awesome image

sameersbn/bind - Docker Image | Docker Hub

version: '3.5'

services:
  bind9:
    image: sameersbn/bind:latest
    ports:
    - "53:53/udp"
    - "53:53/tcp"
    - "10000:10000"
    volumes:
    - ./docker_data:/data
    restart: always

sonatype/nexus3 - Docker Image | Docker Hub

• 使用 Docker 建立 Nexus3 的 Image Registry - Yowko's Notes

Use a docker volume

services:
  nexus:
    image: sonatype/nexus3
    container_name: nexus
    ports:
      - "8081:8081"
      # https://blog.yowko.com/nexus-docker-image-rergistry/
      - "8082:8082"
    volumes:
      - nexus-data:/nexus-data

volumes:
  nexus-data:
    name: nexus-data

Mount a host directory as the volume.

version: "3.9"
services:
  nexus:
    image: sonatype/nexus3
    ports:
    - "8081:8081"
    # https://blog.yowko.com/nexus-docker-image-rergistry/
    - "8082:8082"
    volumes:
    - ./host-nexus-data:/nexus-data
    restart: always

Run Docker Container · dbeaver/cloudbeaver Wiki · GitHub

for quick test and the volume will be removed after stop

docker run --name cloudbeaver --rm -ti -p 9090:8978 -v /opt/cloudbeaver/workspace dbeaver/cloudbeaver:latest

version: "3.9"
services:
  cloudbeaver:
    image: dbeaver/cloudbeaver:latest
    ports:
    - "9527:8978"
    volumes:
    - cloudbeaver-data:/opt/cloudbeaver/workspace
    restart: always
volumes:
  cloudbeaver-data:

GitHub - mermaid-js/mermaid-live-editor: Edit, preview and share mermaid charts/diagrams. New implementation of the live editor.

quick test

docker run --name mermaid-live-editor --platform linux/amd64 -d --rm --publish 3000:8080 ghcr.io/mermaid-js/mermaid-live-editor

git clone https://github.com/mermaid-js/mermaid-live-editor.git
cd mermaid-live-editor
docker compose up -d

docker安裝老牌「會議室預約系統(MRBS)」 - 咖啡偶-IT日常

GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

docker run aquasec/trivy image 3x3cut0r/tftpd-hpa

TFTP and DHCP for PXE

- [3x3cut0r/isc-dhcp-server - Docker Image | Docker Hub](https://hub.docker.com/r/3x3cut0r/isc-dhcp-server)
- [3x3cut0r/tftpd-hpa - Docker Image | Docker Hub](https://hub.docker.com/r/3x3cut0r/tftpd-hpa)

version: '3.9'

services:
  tftpd-hpa:
    image: 3x3cut0r/tftpd-hpa
    environment:
        CREATE: 1
        VERBOSE: 1
    volumes:
      - /tftpboot:/tftpboot
    ports:
      - 69:69/udp

  isc-dhcp-server:
    image: 3x3cut0r/isc-dhcp-server:latest
    environment:
        IFACE: "ens160 ens256"
        PROTOCOL: 4
    volumes:
        - /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf
    network_mode: host

GitHub - cturra/docker-ntp: 🕒 Chrony NTP Server running in a Docker container (without the priviledged flag)

httpd

• https://hub.docker.com/_/httpd
• Apache 403 Forbidden Error and Solution - nixCraft
  • permission
    • directory: 755
    • file: 644

用Docker建構開箱可用的Nextcloud  / Deploying a Ready-to-Use Nextcloud Instance with Docker - 布丁布丁吃什麼？

basic

docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/usr/local/apache2/htdocs/ httpd:2.4

# alpine
docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/usr/local/apache2/htdocs/ httpd:alpine

SSL enable

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout server.key -out server.crt -days 30

docker run --rm httpd:2.4 cat /usr/local/apache2/conf/httpd.conf > my-httpd.conf
sed -i \
        -e 's/^#\(Include .*httpd-ssl.conf\)/\1/' \
        -e 's/^#\(LoadModule .*mod_ssl.so\)/\1/' \
        -e 's/^#\(LoadModule .*mod_socache_shmcb.so\)/\1/' \
        conf/my-httpd.conf

docker run -dit --name my-apache-app \
-p 8080:80 -p 443:443 \
-v "$PWD":/usr/local/apache2/htdocs/ \
-v "$PWD"/config/server.key:/usr/local/apache2/conf/server.key \
-v "$PWD"/config/server.crt:/usr/local/apache2/conf/server.crt \
-v "$PWD"/config/my-httpd.conf:/usr/local/apache2/conf/httpd.conf \
httpd:alpine

nginx

• 使用 Docker 版 Nginx 建立靜態頁面網站 - Yowko's Notes
• Docker 一分鐘完成自動更新 SSL 証書的 nginx-proxy 設置 | by Edmond Y. | HKIT DOG | Medium

basic

docker run --name some-nginx -p 8088:80 -v "$PWD"/test_html:/usr/share/nginx/html:ro -d nginx

# alpine
docker run --name some-nginx -p 8088:80 -v "$PWD"/test_html:/usr/share/nginx/html:ro -d nginx:stable-alpine-slim

auto index

• Apache-like directory listing fallback in Nginx - Server Fault

:::info autoindex on; :::

nginx_auto_index.conf

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        autoindex on;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

docker run --name some-nginx -p 8088:80 -v "$PWD"/test_html/config/nginx_auto_index.conf:/etc/nginx/conf.d/default.conf:ro -v "$PWD"/test_html:/usr/share/nginx/html:ro -d nginx:stable-alpine-slim

SSL enable

• Day 11 利用 docker 安裝 nginx 並配置 https - iT 邦幫忙
• HTTPS Nginx Docker 之懶人安裝法-黑暗執行緒
• 用Nginx架設local端https應用 - HackMD

:::info listen 443 ssl; :::

:::info ssl_certificate cert/server.crt; ssl_certificate_key cert/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; :::

nginx_ssl_enable.conf

server {
    listen       80;
    listen  [::]:80;
    listen 443 ssl;

    ssl_certificate cert/server.crt;
    ssl_certificate_key cert/server.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        autoindex on;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

docker run --name some-nginx -p 8088:80 -p 443:443 -v "$PWD"/test_html/config/nginx_ssl_enable.conf:/etc/nginx/conf.d/default.conf:ro -v "$PWD"/cert:/etc/nginx/cert:ro -v "$PWD"/test_html:/usr/share/nginx/html:ro -d nginx:stable-alpine-slim

GitHub - semaphoreui/semaphore: Modern UI and powerful API for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools.

GitHub - rundeck/rundeck: Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts

install

docker run --name rundeck-demo -d \
  -p 4440:4440 \
  -v rundeck-data:/home/rundeck/server/data \
  -e RUNDECK_GRAILS_URL=http://172.19.57.10:4440 \
  rundeck/rundeck:5.11.1

# access http://172.19.57.10:4440/ with admin/admin

install with Welcom project

wget https://github.com/rundeck/welcome-project-community/archive/refs/heads/main.zip && unzip main.zip
cd welcome-project-community-main/
# modify RUNDECK_GRAILS_URL and ciao port if 3000 is used
# RUNDECK_GRAILS_URL: http://172.19.57.10:4440
# ciao:
#         container_name: ciao
#         image: brotandgames/ciao
#         ports:
#           - '3001:3000'
docker compose up -d

offiline install

• Install Docker offline | Cyberwatch Documentation
  • `Index of linux/ubuntu/dists/jammy/pool/stable/amd64/
• Linux Ubuntu離線安裝Docker. 步驟1–1：準備Docker離線安裝包。 | by Wilson Lee | Medium
  • Index of linux/static/stable/x86_64/`

# Ubuntu 22 offiline docker installation
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/docker-ce_26.1.1-1~ubuntu.22.04~jammy_amd64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/containerd.io_1.6.31-1_amd64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/docker-ce-cli_26.1.1-1~ubuntu.22.04~jammy_amd64.deb
sudo dpkg -i *.deb

MTU

• Docker MTU issues and solutions - Matthias Lohr
• Fixing Docker's MTU Issues on Ubuntu - Civo.com
• How we spent a full day figuring out a MTU issue with docker | by Sylvain Witmeyer | Medium
• 虚拟网络环境中 Docker MTU 问题及解决方式 - ZengXu's BLOG
• Docker in Docker (DIND) MTU fix for docker-compose

for docker default bridge

/lib/systemd/system/docker.service
/etc/docker/daemon.json

sudo systemctl daemon-reload
sudo systemctl restart docker.service

/etc/docker/daemon.json

{ "mtu": 1400 }

for docker compose

docker-compose.yml

networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1400