Docker on Michele Bologna

How a Terraform + Salt + Kubernetes GitOps infrastructure enabled a zero downtime hosting provider switch

Sat, 25 Apr 2020 00:00:00 +0000

The switch Link to heading

It has been a busy weekend: I switched the hosting provider of my whole cloud infrastructure from DigitalOcean to Hetzner. If you are reading this it means that the switch is completed and you are being served by the Hetzner cloud.

TLS-terminated Bitlbee with custom protocols

Sat, 18 Apr 2020 00:00:00 +0000

Five years ago I started a small GitHub project aimed to run Bitlbee seamlessly in a container.

Why Bitlbee?

Back in the day, I was relying heavily on IRC for my daily communications and the plethora of other protocols that were starting to get traction was too much: I wanted to have a bridge between my IRC client and the other protocols to be able to communicate only by using my IRC client without installing any resource consuming monster (enough said).

Startup order in Docker containers

Mon, 07 Oct 2019 00:00:00 +0000

Motivation Link to heading

I recently dealt with an application that is comprised of multiple services running in containers. Even though every part of this application is correctly split into each separated microservice, the independence of each service is not enforced. This lack of independence has several drawbacks, one of which is that containers must be started by following a pre-defined startup order. Otherwise, some containers might be terminated due to an application error (the application breaks when an unexpected error occurs, e.g. it is relying on another linked service that is not ready to accept the connection).

Send an email from a Docker container through an external MTA with ssmtp

Mon, 04 Feb 2019 00:00:00 +0000

I packaged a standard application (think of it as a standard PHP or ) into a Docker container. So far, it was working flawlessly, but then a problem arose: send an email from the Docker container (the event is triggered within the container).

Preventing Docker from manipulating iptables rules

Mon, 06 Aug 2018 00:00:00 +0000

By default, Docker manipulates iptables rules to provide network isolation:

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0

[...]

Chain DOCKER (1 references)
target prot opt source destination

I don’t mind having my iptables rules for forwarding manipulated, but there is a caveat: when you expose a container (with -p), then the port will be exposed to every network interface (which means the whole Internet too). Let’s make an example:

Automatically update your Docker base images with watchtower

Fri, 09 Feb 2018 00:00:00 +0000

I’m an avid user of Docker containers, using base images pulled from the public registry DockedHub. As you may know, Docker containers are based on Docked base images, e.g. I run postgres containers that are based on Postgres base image.

Reverse engineer a Docker run command from an existing container

Fri, 15 Dec 2017 00:00:00 +0000

During my usual backup routine, I wanted to gather how a Docker container I started a while ago was run, especially the docker run command; this is required in case I need to re-run that container and I want to preserve the options (e.g. env variables, ports, etc.).

Playing with Docker: tips and tricks to write effective Dockerfiles

Wed, 01 Jul 2015 00:00:00 +0000

Recently I have been playing with Docker containers, and I am sure you already know what Docker is. In this post I will describe what I have learnt while using Docker containers and preparing Dockerfiles.