====== Docker basics ======
===== Installation =====
Read the docs
===== Web interface =====
use "portainer" [[https://github.com/portainer/portainer|Github repo]]
===== Remote API =====
use "sherpa" [[https://github.com/djenriquez/sherpa|Github repo]]
====== Websites ======
===== Nginx + php-fpm =====
[[http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/|Source]]

==== Create files ====
  - Create a folder that will contain the config files and go inside. (The containers names will take the name of the folder)
  - Create a folder named "www" (that will be mounted in /srv/www (equivalent of /var/www))
  - Create a folder ./www/first_website and put your php code inside
  - Create a folder ./www/second_website and put your php code inside
  - Create a folder named "conf.d" (that will be mounted in /etc/nginx/conf.d)
  - Create the following files :
=== docker-compose.yml ===
<sxh yml>
nginx:
    image: nginx:latest
    ports:
        - "8080:80"
    volumes:
        - ./www:/srv/www
        - ./conf.d:/etc/nginx/conf.d
    links:
        - php
php:
    image: php:7-fpm
    volumes:
        - ./www:/srv/www
</sxh>
=== ./conf.d/site.conf ===
<sxh bash>
server {
    index index.php index.html;
    server_name php-docker.local;
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /srv/www/first_website;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}
</sxh>
=== ./conf.d/site2.conf ===
<sxh bash>
server {
    index index.php index.html;
    server_name php-docker2.local;
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /srv/www/second_website;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}
</sxh>
==== Run the containers ====
<sxh bash>docker-compose up</sxh>
===== Mysql =====
<sxh bash>
  docker run \
   --name="mysql-dck" \
   -v "/path/to/my.cnf":"/etc/my.cnf" \
   -e MYSQL_ROOT_PASSWORD=mypassword \
   -e MYSQL_ROOT_HOST=172.17.0.1 \
   -d \
    mysql/mysql-server:5.6
</sxh>
Note: i was not able to use root credentials as /root/.my.cnf
==== Script to write to mysql ====
=== First solution ===
add this line to the previous command :
<sxh bash>-v /tmp/mysql-temp:/tmp \</sxh>
run this command :
<sxh bash>docker exec mysql-dck /bin/sh -c 'mysql -u root -pmypassword < /tmp/mysql-temp/test-create.sql'</sxh>
content of the file "test-create.sql" :
<sxh sql>
CREATE DATABASE IF NOT EXISTS `mybase` DEFAULT CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON `mybase`.* TO 'foo'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
</sxh>
=== Second solution ===
run :
<sxh bash>
docker exec mysql-dck /bin/sh -c 'mysql -u root -pmypassword -e "CREATE DATABASE IF NOT EXISTS `mybase` DEFAULT CHARACTER SET utf8"'
docker exec mysql-dck /bin/sh -c 'mysql -u root -pmypassword -e "GRANT ALL PRIVILEGES ON `mybase`.* TO \'foo\'@\'localhost\' IDENTIFIED BY \'password\' WITH GRANT OPTION;"'
docker exec mysql-dck /bin/sh -c 'mysql -u root -pmypassword -e "FLUSH PRIVILEGES;"'
</sxh>
===== Docker and OpenSimulator (work in progress) =====
[[https://github.com/Makopo/docker-opensimulator-simple|Source]]
==== Dockerfile ====
<sxh>
# start from this image
FROM mono:5.2.0.215

# create an "opensim" user
RUN useradd -ms /bin/bash opensim

# get the opensim bin folder
COPY opensim.tar.gz /home/opensim/opensimulator/opensim.tar.gz

WORKDIR /home/opensim/opensimulator
RUN tar -zxf opensim.tar.gz && rm opensim.tar.gz

WORKDIR /home/opensim/opensimulator/bin

USER opensim

ENTRYPOINT ["mono", "--server", "OpenSim.exe"]
#CMD ["mono", "--server", "OpenSim.exe"]
</sxh>

<sxh bash>
#!/bin/bash

HOST_IP="192.168.1.217"

DEFAULT_SIMNAME="opensimulator"
# check if params
if [ $# -lt 1 ];then
  echo "Simulator name was not set so default is opensimulator"
else
  DEFAULT_SIMNAME=$1
fi

# get port
SIMPORT=$(/srv/docker/get_port opensimulator)

# define the sim name
SIMNAME="opensimulator-${SIMPORT}"
RADMINPORT=$((${SIMPORT} + 1))
REGIONPORT_START=$((${RADMINPORT} + 1))
REGIONPORT_END=$((${REGIONPORT_START} + 97))

# check if config folder exists
if [ ! -d "/srv/docker/opensimulator/sims/${SIMNAME}" ]; then
        cp -r "/srv/docker/opensimulator/sims/default" "/srv/docker/opensimulator/sims/${SIMNAME}"
fi

# add the config to the inis
cat <<EOM > "/srv/docker/opensimulator/sims/${SIMNAME}/config/02-network.ini"
[Const]
BaseHostname = "${HOST_IP}"
PublicPort = "${SIMPORT}"
PrivatePort = "${SIMPORT}"

[Network]
http_listener_port = ${SIMPORT}

[RemoteAdmin]
enabled = true
port = ${RADMINPORT}
access_password = "test"
enabled_methods = all
EOM

# run the container
 docker run \
 -d \
--name=${SIMNAME} \
-v /srv/docker/opensimulator/sims/${SIMNAME}/config:/home/opensim/opensimulator/bin/config \
-v /srv/docker/opensimulator/sims/${SIMNAME}/config-include:/home/opensim/opensimulator/bin/config-include \
-v /srv/docker/opensimulator/sims/${SIMNAME}/archives:/home/opensim/opensimulator/bin/archives \
-v /srv/docker/opensimulator/sims/${SIMNAME}/log:/home/opensim/opensimulator/bin/log \
-v /srv/docker/opensimulator/sims/${SIMNAME}/OpenSim.exe.config:/home/opensim/opensimulator/bin/OpenSim.exe.config \
--link mysql-dck:mysql \
-p ${SIMPORT}:${SIMPORT} \
-p ${RADMINPORT}:${RADMINPORT} \
-p ${REGIONPORT_START}-${REGIONPORT_END}:${REGIONPORT_START}-${REGIONPORT_END}/udp \
opensimulator
</sxh>
File to get port "get_port"
<sxh bash>
#!/bin/bash

# check if params
if [ $# -lt 1 ];then
  echo $"Usage : get_next_available_sim_port <SIM_NAME>"
  exit;
fi

i="10100"
status=false
PORTS_FILE="/srv/docker/ports"

while [ $status = false  ]
do
  cat "${PORTS_FILE}" | grep $i &> /dev/null
  if [ ! $? -eq 0 ]; then
    echo "${i}"
    echo "${1};${i}" >> "${PORTS_FILE}"
    status=true
  fi
  i=$[$i+100]
  if [ $i -gt 48000 ]; then
    status=true
    exit 1
  fi
done
</sxh>
Script to delete port "delete-port"
<sxh bash>
#!/bin/bash

# check if params
if [ $# -lt 1 ];then
  echo $"Usage : delete_port <SIM_NAME>"
  exit;
fi

PORTS_FILE="/srv/docker/ports"
#sed -i '/${1}/d' ${PORTS_FILE}
grep -v "${1}" ${PORTS_FILE} > temp; mv temp ${PORTS_FILE}
</sxh>
====== Some notes ======
===== Get container name =====
Get containers containing the letter "t" in name.
<sxh bash>docker ps -a --format '{{.Names}}' --filter "name=t"</sxh>
===== Get exposed ports =====
<sxh bash>docker inspect --format='{{range $p, $conf := .HostConfig.PortBindings}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' containername</sxh>

===== Docker one mysql instance =====
[[https://severalnines.com/blog/mysql-docker-containers-understanding-basics|Source]]

==== Run the container ====
<sxh bash>
docker run --detach --name=test-mysql --env="MYSQL_ROOT_PASSWORD=mypassword" mysql
</sxh>
==== Get container ip ====
This is optionnal but noted as reference.
<sxh bash>
docker inspect test-mysql | grep IPAddress
</sxh>
==== Run client ====
<sxh bash>
docker run --detach --name test-debian --link test-mysql:mysql debian
</sxh>
==== Enter client ====
<sxh bash>
docker exec -it test-debian bash
</sxh>
See that the ip is mapped in /etc/hosts.
==== Expose to the outside ====
<sxh bash>
docker run --detach --name=test-mysql --env="MYSQL_ROOT_PASSWORD=mypassword" --publish 6603:3306 mysql
</sxh>
The mysql server will be accessible from the outside on the port 6603.

== User Namespaces ==
[[https://resourcepool.io/fr/2016/09/09/francais-le-user-namespace-dans-docker/|Source]]
[[https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/|Source2]]

BEWARE IT CAN BREAK AN OLD DOCKER INSTALLATION !!!

<sxh bash>
groupadd -g 500000 dockremap && 
      groupadd -g 501000 dockremap-user && 
      useradd -u 500000 -g dockremap -s /bin/false dockremap && 
      useradd -u 501000 -g dockremap-user -s /bin/false dockremap-user
</sxh>
<sxh bash>
echo "dockremap:500000:65536" >> /etc/subuid && 
    echo "dockremap:500000:65536" >>/etc/subgid
</sxh>
<sxh>
{
    "userns-remap": "default"
}
</sxh>
<sxh bash>
systemctl daemon-reload && systemctl restart docker
</sxh>
== Portainer ==
in normal mode :
<sxh bash>
docker run -d --privileged -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
</sxh>
in usernamespace mode :
<sxh bash>
docker run -d --privileged --userns=host -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
</sxh>

===== php-fpm nginx with php extensions =====
./docker-compose.yml
<sxh yml>
nginx:
  image: nginx:latest
  ports:
      - "80:80"
  volumes:
      - ./htdocs:/srv/www
      - ./conf.d:/etc/nginx/conf.d
  links:
      - php
php:
  build: ./docker/php
  volumes:
      - ./htdocs:/srv/www
</sxh>
./docker/php/Dockerfile
<sxh>
FROM php:7-fpm
RUN apt-get update && apt-get install -y --fix-missing  zip libzip-dev libpng-dev libonig-dev \
&& docker-php-ext-install gd \
&& docker-php-ext-install mbstring \
&& docker-php-ext-enable gd \
&& docker-php-ext-enable mbstring
</sxh>
{{tag>docker}}