r/docker

New to docker

I want to know if there's a way to reduce the size of docker.raw without going into docker desktop

Using a laptop with 30gb total and 17 is taken up by Linux mint and docker, when I open docker desktop it creates the .raw file and ends up crashing my laptop.

I know, or at least think I know, that the resources tab in settings has a slider that allows you to select how much disk space you can dedicate and its automatically set to 28gb or something

Just want to know if there's a way to edit that value in the terminal to reduce the size without having to open the desktop app or if its a fruitless venture. At least then I can treat my laptop like spagghetti and throw it against a wall to see if it sticks

Many thanks

Genuinely curious where people draw the line before moving to orchestration.

I have some containers running for production with Docker Desktop in Windows Server 2022 (WSL2 backend), and every time the system is rebooted (because they want the system to run only when it is used, so it is shut down every night) it gave me an error like this:

failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: failed to fulfil mount request: open /run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu/c3c215e6291e7ef302bde128905c6ab417a8d6f151f80f5e20ebf844bc82e224: no such file or directory

That means that it is trying to find a mount on the path /run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu/c3c215e.... The problem is that it isn't the path I indicated on the compose.yml file:

services:
    odoo:
        image: odoo:19.0
        container_name: odoo
        depends_on:
            - db
        volumes:
            - odoo-data:/var/lib/odoo
            - ./extra-addons:/mnt/extra-addons
            - ./config:/etc/odoo
...

So it is creating a new mount (a temporal one is what I believe), and whenever the system is reboot that path doesn't exist anymore, so it give me the error mentioned earlier.

On the other hand i have a nginx service with this one, which also has some bind mounts for configuration:

...
nginx:
    image: nginx:stable
    container_name: nginx
    volumes:
        - ./nginx/conf.d:/etc/nginx/conf.d
        - ./nginx/certs:/etc/nginx/certs
    restart: unless-stopped
...

But this service is mounted perfectly, without creating a new path on /run/desktop/.... How can i solve this and why is this happening. Lastly this is the containers inspect:

odoo_container:
    ...
    "Mounts": [
        {
            "Type": "bind",
            "Source": "/run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu/38b8d7fc8b1872091c39fa535a68a676b74d392987bdbd4be60b649953003172",
            "Destination": "/etc/odoo",
            "Mode": "rw",
            "RW": true,
            "Propagation": "rprivate"
        },
        {
            "Type": "bind",
            "Source": "/run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu/ecece816d735920a3230dde5be3ef847967c389c4a6132a5c638f406ea9ab606",
            "Destination": "/mnt/extra-addons",
            "Mode": "rw",
            "RW": true,
            "Propagation": "rprivate"
        }
    ...
nginx_container:
    ...
    "Mounts": [
        {
            "Type": "bind",
            "Source": "/home/mickael/odoo-gema/nginx/certs",
            "Destination": "/etc/nginx/certs",
            "Mode": "rw",
            "RW": true,
            "Propagation": "rprivate"
        },
        {
            "Type": "bind",
            "Source": "/home/mickael/odoo-gema/nginx/conf.d",
            "Destination": "/etc/nginx/conf.d",
            "Mode": "rw",
            "RW": true,
            "Propagation": "rprivate"
        }
    ]
    ...
    ...

Hey everyone, I've been setting up a kiosk-style browser for hotel reception PCs and after a lot of trial and error I finally got it working. I wanted to share my setup and ask a couple of questions about performance and scheduled resets.

My current setup:

I'm running Windows 10 LTSC 1809 with Docker Desktop using Hyper-V as the backend (WSL2 is not available on this build, the option is greyed out). Firefox runs inside a jlesage/firefox container, accessible via localhost:5801 in the local browser. The profile is stored in RAM using --tmpfs /config so everything gets wiped when the container is destroyed.

This is the .ps1 script triggered by a desktop shortcut:

powershell

docker stop firefox-kiosk
docker rm firefox-kiosk
docker run --tmpfs /config:rw,noexec,nosuid,size=512m -p 5801:5800 --name firefox-kiosk -d jlesage/firefox
Stop-Process -Name firefox -Force -ErrorAction SilentlyContinue
Start-Sleep 6
Start-Process "C:\Program Files\Mozilla Firefox\firefox.exe" "-no-remote -new-instance http://localhost:5801"

The shortcut runs this silently via:

powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Tools\firefox-docker.ps1"

Every time the shortcut is used, the old container is destroyed and a fresh one is created, so history, cookies and downloads are wiped automatically. It works well.

Question 1: Could Windows 10 LTSC 1809 be causing performance issues?

I've noticed the browser feels a bit slow sometimes. My theory is that Windows 10 LTSC 1809 forces Docker Desktop to use an older version (mine is 20.10.21) because newer versions of Docker Desktop require a higher Windows build. Since I'm stuck on Hyper-V instead of WSL2, I'm also missing the performance improvements WSL2 provides for running Linux containers.

Is this correct? Would upgrading to Windows 10 LTSC 2021 (build 19044) noticeably improve Docker performance? Has anyone benchmarked Docker on Hyper-V vs WSL2 for this kind of use case?

Question 2: How to automatically wipe the container on a schedule, not just on shortcut launch?

Right now the container only gets wiped when the user clicks the shortcut again. If a user leaves the browser open for hours without closing it, the session keeps accumulating data.

I want to set up an automatic reset every X minutes or hours, for example every 30 minutes, so even if no one touches the shortcut the container gets destroyed and recreated on a schedule.

My idea would be to use Windows Task Scheduler to run the .ps1 script periodically, but I'm not sure if that would cause issues if the user is actively browsing when the reset happens, since it would kill Firefox mid-session.

Has anyone implemented something like this? Is Task Scheduler the right approach or is there a cleaner way, maybe using Docker itself to handle the scheduled restart? Any advice on how to handle the case where a user is actively browsing when the reset triggers would be appreciated too.

Thanks in advance!

Hey everyone, I've been running Firefox inside a Linux Docker container (jlesage/firefox) on Windows 10 LTSC 1809 for a hotel reception kiosk setup. It works, but performance is poor due to the lack of GPU acceleration, which makes sense since the logs explicitly say:

Hardware acceleration via GPU not supported: device directory /dev/dri not exposed to the container.

Someone suggested I look into running Firefox as a native Windows container via hostprocess and psexec, which apparently should allow proper graphics acceleration without the VM overhead. They mentioned it's not well documented but should work.

My constraints are:

• Windows 10 LTSC 1809, can't switch to Linux (management decision)
• Need throwaway session behavior: everything wiped on every session (history, cookies, downloads)
• Need a full Firefox GUI, not a headless browser
• Docker Desktop with Hyper-V backend

Has anyone actually done this? Specifically I'd love to know:

1. How to run Firefox inside a native Windows container with hostprocess
2. Whether throwaway session behavior is achievable the same way as --tmpfs in Linux containers
3. Any documentation, repos or examples to get started

Any help appreciated, even if it's just pointing me in the right direction. Thanks!

See docker made it easy but let's think of a world where docker doesn't exist. Actually that exists most small vps users and even AWS EC2 users don't use docker. I saw users ssh-ing into their server running git clones, install dependency, and all kinds of stuffs.

what I noticed is that even if someone uses docker they just run it normally.

but what about code changes how the new commits will sync to the currently running codebase.

I usually use my self made tool which is nothing but a webhook listener on my server which when GitHub pushes it do git fetch and stream logs to web dashboard. i don't need to even login.

so tell us how you handle this?

let's learn from the actual industry people not books.

been throwing whole numbers at it for years, turns out 0.5 or 1.5 just works fine

Hi everyone,

I’d like to get your opinions and feedback regarding “best practices” for deploying Docker containers on a NAS.

First of all, I haven’t managed to allow Docker management access to a regular “user” account. I can fine-tune permissions for directories, but Docker management itself (the app) is only accessible to “admin” accounts.

So for now, Docker is managed by an admin account, which gives it (and especially the containers) more privileges than necessary. That said, I only bind the strictly necessary directories and resources.

How can I make this setup cleaner and more secure?

I imagine the simplest solution would be to create dedicated users, but to what extent?

• One user per stack?
• One user for Docker in general?

I can refine permissions for directories, but not for Docker management itself, so I’m a bit lost.

Thanks in advance!

Hi there,

Since I am currently doing a lot of testing with Docker in my homelab and trying to learn it on my own, I was wondering if you could recommend any business-relevant training courses or certifications. I would simply like to build up more knowledge regarding Docker.

Thanks for your help.

Looking for resources to learn Docker .

Would really appreciate if anyone could share beginner-friendly resources that helped you learn.

Could be YouTube videos, courses, docs, roadmaps, or small projects to practice with.

I’m currently learning Docker and backend development, and I’m trying to decide on the best setup for my environment.

Right now I’m using Windows. Should I:

• Keep Windows and run Docker inside a VM (like Ubuntu on VirtualBox/VMware), or
• Just switch completely to Linux for development?

I want to learn Docker properly and eventually work with backend/DevOps tools in a more production-like environment.

I'm playing around with the docker network, exploring how it is setup through the virtual bridges.

This is my setup:

- Docker network 1 - 172.17.0.0/16

- Docker network 2 - 172.18.0.0/16

I have one container running in each of those networks.

The host is plugged to the network-1 with the IP 172.17.0.1 and plugged to network-2 with the IP 172.18.0.1.

If I deploy an HTTP server in my host network namespace bound to 0.0.0.0 and port 8000, I can reach it from the docker containers.

```
# from inside the container
curl 172.17.0.1:8000 # for example.
# reaches the service running in the host.
```

I expected the host network to be isolated from the containers by allowing packets to be forwarded through the host in the forward chain, but blocked from reaching the host processes in the input chain.

So... Why does Docker allow containers to reach the host network by default but blocks containers from reaching each other between container networks? It's like they said "security is important so we don't allow containers to reach each other in different docker networks" but then said "uhhh, let's allow containers to talk to the host just because".

Would be nice if someone explain why they chose this design. To me it seems like bad isolation. What if I want to have a process in my host that I don't want these containers to reach? I'd expect the default behavior to be "there's no access. If you want to enable it, you need to do it explicitly". Instead of "all the services in the host are accessible, if you want to figure out how to close them, good luck finding the right iptables rules that don't break the docker network".

my NAS is a walled off ecosystem unfortunately and i need an image thats located in the github container repository. i do not have access to SSH or a terminal so i cannot just use docker pull. i can only add .tar images locally so i just want to know if i can generate that from a link.

I am moving all my dockers from unraid to LXCs on proxmox and while doing so, I am cleaning up a little at the same time.

A lot of dockers require databases and I am a little unsure if I should just create one huge postgress database and then a lot of smaller ones in that... or if it is better to have more smaller databases.

Sorry if the terminology is incorrect.

We have finally dockerized our project TadreebLMS.

However it was done mostly by trial and error, own learning.

I am not a developer / technical person, just a project manager. So in this case need recommendation what we can do to improvise it as well as feedback on how smooth and simple is it to install and run the project.

https://tadreeblms.com/docs/installation/docker_deployment_guide_tadreeb_lms

https://github.com/Tadreeb-LMS

EDIT: Thanks so much for the feedback, It was really helpful, key summarized points from community:

1. Must have storage outside defined --- Very Very critical and helpful,

2. Memory and other limits to be configured.

3. Re-configure the permissions from Root to seperate user

4. Must have docker file mentioned in the git repo readme file.

I have a secret called `~/.git-credentials`. I need to pass it into a container such that the container can use the secret the way I do. There are hard limitations to this:

- the secret cannot be a part of any image. neither can any part of my user environment (gid/uid) be

- no changes to secret permissions on the host (the secret has 600 permissions, owned by host user)

- container runs the payload as a non-root user inside container

- has to be a no-code solution outside the container: i.e. I cannot build a script around reading the secret on host and passing to container stdin, etc

- no silly bypassing of the previous rule: I cannot build a microservice to serve this secret from a different container... you get it

What I tried:

- bind mount results in insufficient permissions because container uid does not match my uid. When I `ls` the mounted secret it simply shows uid/gid of my user on the host

- compose secrets have the same issue as bind mount

- chatbot suggested swarm but it probably violates the last two rules? not sure