Using Docker

Docker is an innovative platform designed for deploying and running applications within isolated environments known as containers. This technology allows developers and system administrators to package applications with all their dependencies, ensuring consistency across various environments. With Docker, you gain the flexibility to utilize specific software, such as Redis or MongoDB, or even particular versions of software that might otherwise be incompatible with your operating system or require complex compilation processes.

The Docker extension provides robust capabilities for managing containerized applications. It empowers users to run and manage containers based on various Docker images, supporting deployment both on the local host and across remote servers. This guide will walk you through the essential steps to create, configure, and effectively manage Docker containers, including how to control remote Docker hosts for scalable and distributed application environments.

Requirements and Limitations

Warning: The Docker extension acquires images from public repositories such as Docker Hub without pre-configuration. It is crucial to understand that some Docker containers and the software within them are designed for trusted environments only and may necessitate additional security configurations. Before deploying these downloaded images, it is your responsibility to enhance their security. Always consult the official documentation provided by the container or software vendor for specific security guidelines and best practices.

• Docker is supported on the following operating systems: CentOS 7, Red Hat Enterprise Linux 7, Debian 10, Debian 11, Debian 12, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, AlmaLinux 8.x, AlmaLinux 9.x, Rocky Linux 8.x, and Virtuozzo 7 with Update 1 Hotfix 1 (7.0.1-686) or later.
• For Windows environments, Docker can be utilized when installed on a remote machine.
• It is not possible to use Docker within a system that is itself deployed as a Docker container.
• Docker is exclusively compatible with x64 systems.
• Docker containers generally cannot be migrated or backed up directly. However, it is possible to back up the data utilized by containers through volume mapping, or by downloading container snapshots.
• Virtuozzo 7 with Update 1 Hotfix 1 (7.0.1-686) or later is supported. Be aware that with this update, new CentOS 7-based containers are created with the firewall enabled by default to enhance security. System administrators must manually configure the firewall to ensure that all necessary ports for operation are open.

Prerequisites

Before you can begin leveraging the capabilities of Docker, it is essential that the Docker extension is installed on your server environment. The installation process varies depending on your role:

• If you have administrative privileges, you can typically install the extension directly from the Extensions Catalog available within your server management interface.
• If you do not have administrative access, please reach out to your hosting provider or system administrator and request the installation of the Docker extension.

Once the extension has been successfully installed, you will find the Docker option readily available in your Navigation Pane, indicating that you are now prepared to proceed with container management.

Containers

You can access a vast library of images from Docker Hub directly within the Run Container catalog. Navigate to the Docker section, then to Containers, and finally select Run Container to explore the available options.

To access this catalog:

• If you haven't deployed any containers previously, go to Docker > Containers, and click Run Container.
• If you have existing containers, navigate to Docker > Containers, and click the plus icon .

To efficiently locate specific images, utilize the search box. You can search by image name, repository, or a combination of both.

The available repositories for your search include:

• Local repository: This contains images that have already been downloaded and are stored on your server, ready for immediate use.
• Docker Hub: A comprehensive cloud-based registry service where you can find and share Docker images.

For many applications, multiple versions are available. You can deploy a specific version by selecting the appropriate tag, as illustrated below:

To initiate the deployment of a container:

1. Navigate to Docker > Containers > Run Container.
2. Use the search box to find images in the catalog. If the image is stored locally, (local) will be appended after its version identifier.
3. For images sourced from Docker Hub, click the more info icon to view its detailed description and documentation. This option is not applicable to local images.
4. Click on the image card to proceed.

   • To run a specific version, choose your preferred image version from the Image version drop-down menu and then click Next.
   • To deploy the latest available version of the selected application, simply click Next.

   Your system will then create a container and prompt you to define its essential settings, such as environment variables, before initiating its run. You have the option to cancel this process by clicking Cancel on the Settings screen. Further details on these settings are provided in the "Container Settings" section of this guide.

5. Once you have refined the settings to your requirements, click Run. The newly created container will then appear in the list displayed within the Containers tab.

Always review the Console Log to ascertain if the container is operating without any issues or errors, ensuring a smooth deployment.

Container Settings

Note: You do not need to stop a container to modify its settings. When new settings are saved, the container will be automatically recreated to apply the changes, ensuring minimal downtime.

To adjust container settings, navigate to the Containers tab and click the settings icon located next to the container you wish to configure.

Limiting Memory

By default, Docker containers operate without a specific limit on RAM usage. To impose a memory restriction, select the Memory limit checkbox and input the desired limit value in megabytes (MB).

Note: Currently, direct limitations on CPU and disk usage are not available for Docker containers. Additionally, Docker containers are managed at an administrative level and are not governed by subscription-level resource limits (e.g., CPU, RAM, or disk usage).

Automatic Start

If the Automatic start after system reboot option is not enabled, any websites relying on this container may become unavailable after a system reboot, requiring manual intervention to restart the container.

Port Mapping

Automatic port mapping is enabled by default, which means the container's internal port is automatically assigned to a random, available port on the host system (e.g., 32768).

To manually assign a specific port on the host system, deselect Automatic port mapping and specify your preferred external port in the Manual mapping field. If the Manual mapping option is not visible upon deselection, it indicates that the container does not expose any ports.

When employing manual mapping, Docker typically binds to the specified port only on the host system’s localhost interface (127.0.0.1). This configuration restricts external access, thereby enhancing the security of the application within the container. To make the application accessible from the internet, and reachable via any of the host system's IP addresses on the specified port, deselect Make the port inaccessible from the Internet. Be aware that doing so exposes the application to the public network.

Warning: While Docker often expects applications to handle their own authentication, this is not always the case (for instance, Redis typically allows anonymous access by default, whereas MySQL/MariaDB does not). Exposing an application within a container to the internet without proper internal authentication mechanisms could leave it vulnerable to malicious attacks.

Volume Mapping

Docker volumes facilitate persistent storage by mounting directories from your server directly into a Docker container. This mechanism ensures that data remains intact even when a container is stopped or deleted, making it accessible from your host system.

Warning: Data stored within Docker volumes will not be included in standard platform backups. To prevent potential data loss, it is highly recommended to implement a third-party backup solution for any critical data residing in volumes.

To establish a volume mapping, you need to specify the following:

• In the Host field, provide the absolute path to the directory on your server that you intend to mount.
• In the Container field, enter the absolute path to the corresponding directory inside the container.

You can add multiple directory mappings by clicking Add one more.

Setting Environment Variables

Environment variables are crucial for configuring the application running inside a container. You may need to add new variables or modify existing ones to tailor the application’s behavior. The system allows for the addition of as many variables as your application requires.

Operations with Containers

Various essential operations can be performed on your Docker containers to manage their lifecycle and configuration:

• You can stop (Stop), start (Start), or restart (Restart) a container. Each of these actions will result in the container being recreated with its current configuration settings.

  Note: Any data not saved to mounted volumes will be lost when a container is stopped or removed. It is crucial to implement volume mapping for persistent data storage.

• To monitor container activity, click the arrow adjacent to the container to access its logs and review resource consumption metrics.
• To modify a container's configuration, such as environment variables or volume mappings, click the settings icon next to the container and select Settings.
• Containers can be renamed by accessing their settings (Settings > Container name).

Additionally, by clicking the more options icon next to a container, you gain access to further advanced actions:

• Recreate: Rebuild a container using its current image version or select an alternative version.
• Save as Image: Generate a new image based on the current state and custom settings of a container.
• Download Snapshot: Create and download a snapshot of the container's current state.
• Remove: Permanently delete a container.

Recreating a Container

Recreating a container is a common procedure, often necessary when updating an application to a newer version. This process allows you to rebuild a container using any available application version from the catalog, not just the latest one.

During recreation, all custom settings you have configured for the container are preserved. To ensure the persistence of data utilized by the application within the container, it is vital to establish volume mapping prior to initiating the recreation. Volume mapping provides continuous access to the directories used inside the container, preventing data loss (refer to the "Volume Mapping" section in container settings for more details).

To recreate a container, follow these steps:

1. Navigate to the Docker interface and click the more options icon located next to the container you intend to recreate.
2. Select Recreate from the container settings menu. You will then be prompted to specify the desired image version and whether to apply default environment variables.

Using Remote Docker

While Docker is typically installed as a local service, the system provides the flexibility to integrate with one or more remote Docker services. Although you can configure multiple remote services, only one can be active at any given time. The active server can be identified within the Environments tab of the Docker settings page.

Configuring Remote Services

To prepare a remote server running Docker for integration as a remote service, follow the configuration guidelines outlined in the official Docker documentation, particularly concerning secure communication (HTTPS).

Managing Remote Services

You can establish a secure connection between your server's Docker extension and a remote node hosting the Docker service. The following procedures are applicable to both Linux and Windows operating systems.

Steps on the Remote Host:

1. Create the /etc/docker/daemon.json configuration file for Docker with the following content:

   {
       "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
       "tls": true,
       "tlsverify": true,
       "tlscacert": "/root/ca.pem",
       "tlscert": "/root/server-cert.pem",
       "tlskey": "/root/server-key.pem"
   }

2. Generate the necessary .pem files for TLS authentication. Use the following example, replacing the IP address on line 4 with the actual IP address of your remote node, and execute each command sequentially:

   openssl genrsa -aes256 -out ca-key.pem 4096
   openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
   openssl genrsa -out server-key.pem 4096
   openssl req -subj "/CN=192.0.2.1" -new -key server-key.pem -out server.csr
   openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
   openssl genrsa -out key.pem 4096
   openssl req -subj '/CN=client' -new -key key.pem -out client.csr
   openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem
   chmod 0400 ca-key.pem server-key.pem key.pem
   chmod 0444 ca.pem server-cert.pem cert.pem

3. Execute the following commands to ensure the Docker service starts correctly after host configuration:

   cp /lib/systemd/system/docker.service /etc/systemd/system/
   sed -i 's/\ -H\ fd:\/\///g' /etc/systemd/system/docker.service
   systemctl daemon-reload
   systemctl restart docker

4. For client-side remote connection, save the outputs of these files from your local machine:

   cat key.pem
   cat cert.pem
   cat ca.pem

Configuring the Docker Remote Host on the Local Server:

1. Access Docker > Environments.
2. Click Add Server and provide the necessary settings for your remote Docker server.
3. To immediately activate this Docker service for use, ensure that Set active remains selected.

Once configured, a link to the Docker management interface will appear in the Navigation Pane.

Switching Between Docker Services

To change the active Docker service:

1. Go to Docker > Environments.
2. From the list of available servers, select the desired Docker node and click Set Active.

Alternatively, this activation can also be performed while editing the settings of a specific Docker node.

Creating Images with Custom Settings

When you wish to capture the modifications made to a container and transform them into a reusable image, the Save as Image command is the appropriate tool. This function essentially takes a snapshot of your current container's state, which then appears as a new, customized image within your image catalog. This capability is particularly useful for creating images pre-configured with specific settings, including custom environment variables.

To generate an image from an existing container:

Navigate to Docker > Containers. Locate the container from which you want to create an image, click the more options icon next to it, and then select Save as Image. In the ensuing Save <container name> as Image side panel, you will need to provide:

• An Image name, which will identify your new custom image.
• An optional Tag, allowing you to specify a version for the image. If no tag is provided, the default version will be "latest".

The newly created image will then be listed in the Images tab, distinctly marked as a Local image.

Managing Local Images

Local images are Docker images that reside on your local disk, eliminating the need to download them from external repositories or the Image Catalog when deployed. This provides faster access and reduces bandwidth usage.

An image transitions to a local state under several circumstances:

• When you select and initiate the download of any version (tag) of an image. Regardless of whether you proceed to run a container or cancel the operation on the settings screen, the image will be stored locally.
• Upon uploading an image directly to the Docker environment via the Upload image function in the Docker Images tab.
• When you create a custom image derived from an existing container, capturing its unique configuration and state.
• If you build an image using the command-line interface.

To acquire an alternative version of an image from an online catalog, click the Pull icon , select the desired version from the drop-down menu, and then click Pull.

If at least one version of a particular image group is downloaded, that image will be designated as a Local image within the catalog. The system also indicates the total number of local images available for a given product.

To effectively manage and remove local images:

1. Access Docker > Images.
2. Utilize the Search bar to efficiently locate a specific local image.
3. To view all local images associated with a particular product, click the link situated beneath the product name. This will display all local image tags and their respective disk space consumption.
4. Select the image(s) you wish to remove and then click Remove to free up disk space.

Setting up Nginx to Proxy Requests from Domains to a Container

Some Docker containers are configured to expose specific ports, allowing the applications running within them to be accessible externally. However, specifying a non-standard port directly in a website's URL can be cumbersome for users.

To enhance user experience and simplify URL access, you can configure Nginx to act as a reverse proxy. This setup enables your domains to use standard web ports (such as 80 or 443) while Nginx seamlessly forwards requests to the appropriate non-standard port of your Docker container. This eliminates the need for users to explicitly include the port number in the URL.

Requirements

• Nginx must be actively running on your server.
• You must manually map the internal port of your container to a specific port on the host system (e.g., 32768).

Mapping the Container Port

1. Navigate to Docker > Containers and click the settings icon next to the container you intend to configure.
2. Deactivate the Automatic port mapping option.
3. Manually map the container's internal port to a designated port on your host system (for example, 32768). You have the option to configure this port to be inaccessible from the public internet for enhanced security.

Once the port is manually mapped, you can proceed to configure Nginx to proxy requests from your domains to this specific host port. This involves adding a proxy rule within your domain's settings.

Adding an Nginx Proxy Rule in Domain Settings

Go to Websites & Domains > [select your domain] > Docker Proxy Rules > Add Rule, and specify the following details:

• URL: Enter the URL of the website or a specific section of the website that will utilize the application running in the Docker container.
• Container: Choose the Docker container application that will serve the requests.
• Port: Select one of the mappings that was specified in the container settings (the host system port mapped to the internal container port). Nginx will then proxy requests to this specified port on the host system.

These proxy rules are efficiently implemented within the web server configuration, allowing them to function seamlessly even on servers operating behind Network Address Translation (NAT).

Deploying Docker Compose YAML Files

The system supports the deployment of Docker Compose YAML files through several convenient methods. You can utilize an integrated online text editor, upload a file directly from your local storage, or specify a Docker Compose file already present within a website’s Home directory. This functionality allows for common stack operations such as up (which includes pulling images and forcing recreation), stop, and down. Furthermore, stacks can be modified and updated post-creation, providing flexibility for ongoing development.

Note: This section is specifically for Docker Compose files and does not support the deployment of Dockerfiles or other application-specific configuration files.

To deploy a Docker Compose file, follow these steps:

1. Navigate to Docker > Stacks > Add Stack.
2. Provide a project name for your stack and then select one of the following deployment methods for your Docker Compose file:

   • Editor: Allows you to directly define or paste the content of your Compose file into a text editor.
   • Upload: Enables you to upload a Compose file from your local computer.
   • Webspace: Provides the option to select a Compose file that is already stored within a domain’s Home directory. For this method, you will need to choose the relevant domain and then browse to the exact location of your Compose file.

Beyond deployment, you also have the capability to declare and build custom containers. Any artifacts generated during the build process will be automatically stored within the specified website’s Home directory, streamlining your development workflow.

Deploying Portainer Containers in Docker

Portainer stands as a robust container management software designed to simplify the deployment and administration of containers and application stacks. It offers an intuitive interface for monitoring container status and logs, managing user access and team collaboration, and enhancing the security of your Docker environments.

To install Portainer, navigate to Docker > Install Portainer. Once the installation process is finalized, you can access and manage your Portainer containers by going to Docker > Go to Portainer.

Note: Portainer is currently offered as a beta feature.