The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.
Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
The existing page is focused on listing a set of requirements for
proposing a new repository. This information has become outdated and is
duplicated in the `docker-library/official-images` and
`docker-library/docs` GitHub repositories. This PR rewrites the
Official Repositories page to describe what they actually are, and
defers to GitHub/IRC for the subset of users that are interested in
contributing. I also removed the requirement to contact
partners@docker.com and made it optional to reduce the barrier to entry.
Signed-off-by: Peter Salvatore <peter@psftw.com>
We now advise people to configure docker group and
add to sudo. Mac shouldn't use sudo. Removed sudo
from command examples. Left in installation to be removed
in installation doc sweep -- removing requires finer
grain control.
Signed-off-by: Mary Anthony <mary@docker.com>
This patch adds detail on how the host's `/etc/resolv.conf` file is
filtered when creating the copy for the container.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
The overlay filesystem does not support inotify at this time. The
resolv.conf updater test was passing on overlay-based Jenkins because of
a fluke--because it was DIND, /etc/resolv.conf on the "host" was really
a bind-mounted resolv.conf from the outer container, which means a watch
directly on that file worked as it was not overlay backed. The new test
(from #10703) unmounts the bind-mounted copy to test create and modify
code-paths, which caused us to hit the issue.
This PR also adds a note to the docs about the lack of auto-update when
using the overlay storage driver.
See https://lkml.org/lkml/2012/2/28/223 for more info on inotify and
overlay.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Use `-it` combination in example instead of `-ti`, because this is how it used everywhere in examples.
Update dockerfile_best-practices.md
Fix typo in command name
Signed-off-by: Dmitry Gusev <dmitry.gusev@gmail.com>
1. Docker require to run before redis container run.
2. 'start' command can not accept more options like "run -e xx ..."
3. Remove wrong command 'Author='
Signed-off-by: Daniel YC Lin <dlin.tw@gmail>
Despite being wrong we are kinda calling our users dumb, I feel it is a bit
demeaning. As well as just wrong.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Fixes: #10701
Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`. Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.
Also conformed all use of addresses to the same doc range per @MalteJ's
commit.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
Make the install script independent from the ubuntu keyserver by using
the sks-keyservers pool instead.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
subjectAltName=IP:x.x.x.x
this allows for connecting to the docker server from docker client
using the dns name OR using the IP address (lots of docker stuff
prefers IP addresses)
Signed-off-by: Greg Fausak <greg@tacodata.com>
