Docker basics

What is Docker

Docker is a set of techniques to run your application in an isolated environment. Instead of installing dependencies like libxml or openssl globally, they are packaged with your application as a container image. This container is then copied to the Hipex server and executed.

For the rest of the documentation we assume basic knowledge of the docker concepts. We implemented docker support by creating a wrapper for the original docker and docker-compose commands. We further more assume that you are familiar with these commands. If not please look read the official docs: https://docs.docker.com/get-started/ and https://docs.docker.com/compose/gettingstarted/.

Docker @ Hipex

With security as our main priority. the command wrapper prevent the use of certain features. This so you can use docker on the Hipex platform without the risk of breaking the server.

The commands are part of the Hipex CLI and grouped under the docker command group:

$ hipex | grep docker

The docker-compose commands implemented:

• docker:compose:down Stops containers and removes containers, networks, volumes, and images created by up.
• docker:compose:exec Execute a command in a running container.
• docker:compose:logs View output from containers.
• docker:compose:restart Restart running containers.
• docker:compose:run Run a one-off command on a service.
• docker:compose:stop Stop running containers without removing them.
• docker:compose:up Builds, (re)creates, starts, and attaches to containers for a service.

The docker commands implemented:

• docker:login Log in to a Docker registry.
• docker:ps List containers
• docker:stats Display a live stream of container(s) resource usage statistics

Compose file

Again for security purposes the docker-compose.yml options are reduced to a subset of the original docker-compose.yml. The options allowed are described in the following example file. For a more detailed explanation of the config settings please have a look at the original documentation https://docs.docker.com/compose/compose-file/.

The supported settings are:

#everything above 3.2 is supported
version: "3.2"

services:
    serviceA:
        # Just string without options
        image: redis
        # A string or array
        command: "echo hoi"
        depends_on:
        - serviceB
        # A string or array
        dns: 1.1.1.1
        dns_search: example.com
        domainname: "service-a.com"
        # A string or array
        entrypoint: "/bin/entry.sh test"
        # A string or array
        env_file: ".env"
        # Default
        environment:
            NODE_ENV: prod 
        # Only host ports between 10000 and 50000
        ports:
        - 10001:80
        # Default
        healthcheck:
            test: ["CMD", "curl", "-f", "http://localhost"]
            interval: 1m30s
            timeout: 10s
            retries: 3
            start_period: 40s
        # Default
        extra_hosts:
        - "service_redis"
        # Default
        hostname: service_redis_backend
        # A string or array
        networks: internal
        # Default
        restart: always
        # Only anonymous volumes and paths that are both readable and writable by the current user
        volumes:
        - "data-serviceA:/data"
        - "./host-data:/host-data"
        
    # An alternative valid service configuration
    serviceB:
        image: "elasticsearch"
        command: 
        - echo
        - hoi
        dns:
        - 1.1.1.1
        - 8.8.8.8
        dns_search:
        - dc1.example.com
        - dc2.example.com
        entrypoint:
        - /bin/entry.sh
        - test
        network:
        - internal
        - external

# Without options:
volumes:
    data-serviceA:

# Without options:
networks:
    internal: 
    external: 

Do not use the following parts

Within the docker-compose.yml you cannot use the following component:

    container_name:

Private registries

To use private registries. normally docker login would be used. This command is wrapped under hipex docker:login and credentials are stored per ssh user. For more info check out the docker:login command.

Backups

When your container volume's need to be backuped you can put them under your domain folder. For example put your elasticsearch configuration here ~/domains/example.com/elasticsearch/docker-compose.yml and make a volume mount like this:

# ~/domains/example.com/elasticsearch/docker-compose.yml
version: "3.2"

services:
    elasticsearch:
        image: elasticsearch:7.8.0
        restart: "always"
        volumes:
        - ./data:/usr/share/elasticsearch/data
        environment:
            discovery.type: "single-node"
        ports:
        - "19200:9200"

For more info about what is and what is not backuped have a look here.