This content originally appeared on DEV Community and was authored by Lulu
Docker is an open-source application container engine built with Go and follows the Apache 2.0 protocol. It enables developers to package their applications and dependencies into lightweight, portable containers. These containers can be deployed on any popular Linux machine, offering a form of lightweight virtualization. Each container operates in complete isolation (similar to iPhone apps), and most importantly, the performance overhead is minimal.
Docker Installation
Here's how to install Docker on CentOS:
1.Install Docker Image
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
2.Set Up Stable Repositories
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.Install Required Packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
4.Remove Old Docker Versions (if any)
yum remove docker docker-client docker-common docker-latest docker-engine
5.List Available Docker Versions
yum list docker-ce --showduplicates | sort -r
6.Install Selected Version (e.g., 19.03.13)
yum install docker-ce-19.03.13 docker-ce-cli-19.03.13 containerd.io
7.Alternatively, Install the Latest Version
yum -y install docker-ce
8.Start and Enable Docker
systemctl start docker
systemctl enable docker
Optimization (Tuning Docker for SafeLine)
When deploying services, it’s best to tune the system for minimal service disruption. Below are some optimizations to improve Docker's performance.
Step 1: Directory Migration
# Stop Docker service
systemctl stop docker
# Create new directory for Docker data
mkdir -p /home/jamelli/docker/data/lib
# Copy existing Docker data to the new directory
rsync -r -avz /var/lib/docker /home/jamelli/docker/data/lib
Step 2: Configure Docker to Use New Directory
cat <<EOF > /etc/systemd/system/docker.service.d/devicemapper.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --graph=/home/jamelli/docker/data/lib/docker
EOF
# Reload and restart Docker
systemctl daemon-reload
systemctl restart docker
Log Optimization
To manage log file size and avoid excessive disk usage, configure log rotation:
cat <<EOF > /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
EOF
Disk Optimization
Use these commands to clean up unused containers, volumes, and images:
docker system df
docker system prune
docker system prune -a
To check detailed disk usage:
docker system df -v
Docker Commands You Should Know
-
docker system df
: Check Docker’s memory usage -
docker image
: View Docker image contents -
docker info
: Get Docker system information -
docker stats
: View container resource usage (CPU, memory) -
docker logs --tail=10 -f <container-name>
: View container logs in real-time
SafeLine WAF Integration
Now that Docker is installed and optimized, you can further secure your infrastructure by deploying SafeLine WAF, a powerful and free web application firewall. Here's how to install SafeLine on your Dockerized system:
1.Install SafeLine
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
2.Access SafeLine
After installation, open port 9443 on your firewall to access the SafeLine management interface:
# Open port 9443
firewall-cmd --zone=public --add-port=9443/tcp --permanent
firewall-cmd --reload
Then, access SafeLine at:
https://<your-server-ip>:9443/
3.Protect Your Web Apps
With SafeLine, your Dockerized applications will be protected against common attacks like SQL injections, XSS, and DDoS threats. SafeLine’s traffic processing engine, built on Nginx, ensures that your applications are secure while maintaining high performance.
Solving Common Docker Issues
When pulling Docker images, if you encounter the following error:
Error response from daemon: net/http: TLS handshake timeout
You can resolve this by adding a Docker mirror:
sudo vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
Then reload and restart Docker:
systemctl daemon-reload
systemctl restart docker
This content originally appeared on DEV Community and was authored by Lulu
Lulu | Sciencx (2024-09-12T09:31:35+00:00) Optimizing Docker for High Security: Combining Docker and SafeLine. Retrieved from https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.