Browse code

Adding info to faq per customer problem.

Signed-off-by: Mary Anthony <mary.anthony@docker.com>

Mary Anthony authored on 2015/02/20 02:11:22
Showing 1 changed files
... ...
@@ -1,15 +1,17 @@
1
-page_title: FAQ
2
-page_description: Most frequently asked questions.
1
+page_title: FAQ page_description: Most frequently asked questions.
3 2
 page_keywords: faq, questions, documentation, docker
4 3
 
5
-# FAQ
4
+# Frequently Asked Questions (FAQ)
5
+
6
+If you don't see your question here, feel free to submit new ones to
7
+<docs@docker.com>.  Or, you can fork [the
8
+repo](https://github.com/docker/docker) and contribute them yourself by editing
9
+the documentation sources.
6 10
 
7
-## Most frequently asked questions
8 11
 
9 12
 ### How much does Docker cost?
10 13
 
11
-Docker is 100% free. It is open source, so you can use it without
12
-paying.
14
+Docker is 100% free. It is open source, so you can use it without paying.
13 15
 
14 16
 ### What open source license are you using?
15 17
 
... ...
@@ -19,213 +21,194 @@ https://github.com/docker/docker/blob/master/LICENSE)
19 19
 
20 20
 ### Does Docker run on Mac OS X or Windows?
21 21
 
22
-Docker currently runs only on Linux, but you can use VirtualBox to run
23
-Docker in a virtual machine on your box, and get the best of both worlds.
24
-Check out the [*Mac OS X*](../installation/mac/#macosx) and [*Microsoft
25
-Windows*](../installation/windows/#windows) installation guides. The small
26
-Linux distribution boot2docker can be run inside virtual machines on these
27
-two operating systems.
22
+Docker currently runs only on Linux, but you can use VirtualBox to run Docker in
23
+a virtual machine on your box, and get the best of both worlds. Check out the
24
+[*Mac OS X*](../installation/mac/#macosx) and [*Microsoft
25
+Windows*](../installation/windows/#windows) installation guides. The small Linux
26
+distribution boot2docker can be run inside virtual machines on these two
27
+operating systems.
28 28
 
29 29
 {{ include "no-remote-sudo.md" }}
30 30
 
31 31
 ### How do containers compare to virtual machines?
32 32
 
33
-They are complementary. VMs are best used to allocate chunks of
34
-hardware resources. Containers operate at the process level, which
35
-makes them very lightweight and perfect as a unit of software
36
-delivery.
33
+They are complementary. VMs are best used to allocate chunks of hardware
34
+resources. Containers operate at the process level, which makes them very
35
+lightweight and perfect as a unit of software delivery.
37 36
 
38 37
 ### What does Docker add to just plain LXC?
39 38
 
40
-Docker is not a replacement for LXC. "LXC" refers to capabilities of
41
-the Linux kernel (specifically namespaces and control groups) which
42
-allow sandboxing processes from one another, and controlling their
43
-resource allocations. On top of this low-level foundation of kernel
44
-features, Docker offers a high-level tool with several powerful
45
-functionalities:
46
-
47
- - *Portable deployment across machines.*
48
-   Docker defines a format for bundling an application and all
49
-   its dependencies into a single object which can be transferred
50
-   to any Docker-enabled machine, and executed there with the
51
-   guarantee that the execution environment exposed to the
52
-   application will be the same. LXC implements process
53
-   sandboxing, which is an important pre-requisite for portable
54
-   deployment, but that alone is not enough for portable
55
-   deployment. If you sent me a copy of your application
56
-   installed in a custom LXC configuration, it would almost
57
-   certainly not run on my machine the way it does on yours,
58
-   because it is tied to your machine's specific configuration:
59
-   networking, storage, logging, distro, etc. Docker defines an
60
-   abstraction for these machine-specific settings, so that the
61
-   exact same Docker container can run - unchanged - on many
62
-   different machines, with many different configurations.
63
-
64
- - *Application-centric.*
65
-   Docker is optimized for the deployment of applications, as
66
-   opposed to machines. This is reflected in its API, user
67
-   interface, design philosophy and documentation. By contrast,
68
-   the `lxc` helper scripts focus on
69
-   containers as lightweight machines - basically servers that
70
-   boot faster and need less RAM. We think there's more to
71
-   containers than just that.
72
-
73
- - *Automatic build.*
74
-   Docker includes [*a tool for developers to automatically
75
-   assemble a container from their source
76
-   code*](../reference/builder/#dockerbuilder), with full control
77
-   over application dependencies, build tools, packaging etc.
78
-   They are free to use `make`, `maven`, `chef`, `puppet`, `salt,` 
79
-   Debian packages, RPMs, source tarballs, or any combination of the
80
-   above, regardless of the configuration of the machines.
81
-
82
- - *Versioning.*
83
-   Docker includes git-like capabilities for tracking successive
84
-   versions of a container, inspecting the diff between versions,
85
-   committing new versions, rolling back etc. The history also
86
-   includes how a container was assembled and by whom, so you get
87
-   full traceability from the production server all the way back
88
-   to the upstream developer. Docker also implements incremental
89
-   uploads and downloads, similar to `git pull`, so new versions
90
-   of a container can be transferred by only sending diffs.
91
-
92
- - *Component re-use.*
93
-   Any container can be used as a [*"base image"*](
94
-   ../terms/image/#base-image-def) to create more specialized components.
95
-   This can be done manually or as part of an automated build. For example
96
-   you can prepare the ideal Python environment, and use it as a base for
97
-   10 different applications. Your ideal Postgresql setup can be re-used for
98
-   all your future projects. And so on.
99
-
100
- - *Sharing.*
101
-   Docker has access to a [public registry](https://hub.docker.com) where
102
-   thousands of people have uploaded useful containers: anything from Redis,
103
-   CouchDB, Postgres to IRC bouncers to Rails app servers to Hadoop to
104
-   base images for various Linux distros. The
105
-   [*registry*](../reference/api/registry_index_spec/#registryindexspec)
106
-   also includes an official "standard library" of useful
107
-   containers maintained by the Docker team. The registry itself
108
-   is open-source, so anyone can deploy their own registry to
109
-   store and transfer private containers, for internal server
110
-   deployments for example.
111
-
112
- - *Tool ecosystem.*
113
-   Docker defines an API for automating and customizing the
114
-   creation and deployment of containers. There are a huge number
115
-   of tools integrating with Docker to extend its capabilities.
116
-   PaaS-like deployment (Dokku, Deis, Flynn), multi-node
117
-   orchestration (Maestro, Salt, Mesos, Openstack Nova),
118
-   management dashboards (docker-ui, Openstack Horizon,
119
-   Shipyard), configuration management (Chef, Puppet), continuous
120
-   integration (Jenkins, Strider, Travis), etc. Docker is rapidly
121
-   establishing itself as the standard for container-based
122
-   tooling.
39
+Docker is not a replacement for LXC. "LXC" refers to capabilities of the Linux
40
+kernel (specifically namespaces and control groups) which allow sandboxing
41
+processes from one another, and controlling their resource allocations. On top
42
+of this low-level foundation of kernel features, Docker offers a high-level tool
43
+with several powerful functionalities:
44
+
45
+ - *Portable deployment across machines.* Docker defines a format for bundling
46
+ an application and all its dependencies into a single object which can be
47
+ transferred to any Docker-enabled machine, and executed there with the
48
+ guarantee that the execution environment exposed to the application will be the
49
+ same. LXC implements process sandboxing, which is an important pre-requisite
50
+ for portable deployment, but that alone is not enough for portable deployment.
51
+ If you sent me a copy of your application installed in a custom LXC
52
+ configuration, it would almost certainly not run on my machine the way it does
53
+ on yours, because it is tied to your machine's specific configuration:
54
+ networking, storage, logging, distro, etc. Docker defines an abstraction for
55
+ these machine-specific settings, so that the exact same Docker container can
56
+ run - unchanged - on many different machines, with many different
57
+ configurations.
58
+
59
+ - *Application-centric.* Docker is optimized for the deployment of
60
+ applications, as opposed to machines. This is reflected in its API, user
61
+ interface, design philosophy and documentation. By contrast, the `lxc` helper
62
+ scripts focus on containers as lightweight machines - basically servers that
63
+ boot faster and need less RAM. We think there's more to containers than just
64
+ that.
65
+
66
+ - *Automatic build.* Docker includes [*a tool for developers to automatically
67
+ assemble a container from their source
68
+ code*](../reference/builder/#dockerbuilder), with full control over application
69
+ dependencies, build tools, packaging etc. They are free to use `make`, `maven`,
70
+ `chef`, `puppet`, `salt,` Debian packages, RPMs, source tarballs, or any
71
+ combination of the above, regardless of the configuration of the machines.
72
+
73
+ - *Versioning.* Docker includes git-like capabilities for tracking successive
74
+ versions of a container, inspecting the diff between versions, committing new
75
+ versions, rolling back etc. The history also includes how a container was
76
+ assembled and by whom, so you get full traceability from the production server
77
+ all the way back to the upstream developer. Docker also implements incremental
78
+ uploads and downloads, similar to `git pull`, so new versions of a container
79
+ can be transferred by only sending diffs.
80
+
81
+ - *Component re-use.* Any container can be used as a [*"base image"*](
82
+ ../terms/image/#base-image-def) to create more specialized components. This can
83
+ be done manually or as part of an automated build. For example you can prepare
84
+ the ideal Python environment, and use it as a base for 10 different
85
+ applications. Your ideal Postgresql setup can be re-used for all your future
86
+ projects. And so on.
87
+
88
+ - *Sharing.* Docker has access to a [public registry](https://hub.docker.com)
89
+ where thousands of people have uploaded useful containers: anything from Redis,
90
+ CouchDB, Postgres to IRC bouncers to Rails app servers to Hadoop to base images
91
+ for various Linux distros. The
92
+ [*registry*](../reference/api/registry_index_spec/#registryindexspec) also
93
+ includes an official "standard library" of useful containers maintained by the
94
+ Docker team. The registry itself is open-source, so anyone can deploy their own
95
+ registry to store and transfer private containers, for internal server
96
+ deployments for example.
97
+
98
+ - *Tool ecosystem.* Docker defines an API for automating and customizing the
99
+ creation and deployment of containers. There are a huge number of tools
100
+ integrating with Docker to extend its capabilities. PaaS-like deployment
101
+ (Dokku, Deis, Flynn), multi-node orchestration (Maestro, Salt, Mesos, Openstack
102
+ Nova), management dashboards (docker-ui, Openstack Horizon, Shipyard),
103
+ configuration management (Chef, Puppet), continuous integration (Jenkins,
104
+ Strider, Travis), etc. Docker is rapidly establishing itself as the standard
105
+ for container-based tooling.
123 106
 
124 107
 ### What is different between a Docker container and a VM?
125 108
 
126 109
 There's a great StackOverflow answer [showing the differences](
127
-http://stackoverflow.com/questions/16047306/how-is-docker-io-different-from-a-normal-virtual-machine).
110
+http://stackoverflow.com/questions/16047306/how-is-docker-io-different-from-a-
111
+normal-virtual-machine).
128 112
 
129 113
 ### Do I lose my data when the container exits?
130 114
 
131
-Not at all! Any data that your application writes to disk gets preserved
132
-in its container until you explicitly delete the container. The file
133
-system for the container persists even after the container halts.
115
+Not at all! Any data that your application writes to disk gets preserved in its
116
+container until you explicitly delete the container. The file system for the
117
+container persists even after the container halts.
134 118
 
135 119
 ### How far do Docker containers scale?
136 120
 
137
-Some of the largest server farms in the world today are based on
138
-containers. Large web deployments like Google and Twitter, and platform
139
-providers such as Heroku and dotCloud all run on container technology,
140
-at a scale of hundreds of thousands or even millions of containers
141
-running in parallel.
121
+Some of the largest server farms in the world today are based on containers.
122
+Large web deployments like Google and Twitter, and platform providers such as
123
+Heroku and dotCloud all run on container technology, at a scale of hundreds of
124
+thousands or even millions of containers running in parallel.
142 125
 
143 126
 ### How do I connect Docker containers?
144 127
 
145
-Currently the recommended way to link containers is via the link
146
-primitive. You can see details of how to [work with links
147
-here](/userguide/dockerlinks).
128
+Currently the recommended way to link containers is via the link primitive. You
129
+can see details of how to [work with links here](/userguide/dockerlinks).
148 130
 
149
-Also useful for more flexible service portability is the
150
-[Ambassador linking pattern](/articles/ambassador_pattern_linking/).
131
+Also useful for more flexible service portability is the [Ambassador linking
132
+pattern](/articles/ambassador_pattern_linking/).
151 133
 
152 134
 ### How do I run more than one process in a Docker container?
153 135
 
154 136
 Any capable process supervisor such as [http://supervisord.org/](
155
-http://supervisord.org/), runit, s6, or daemontools can do the trick.
156
-Docker will start up the process management daemon which will then fork
157
-to run additional processes. As long as the processor manager daemon continues
158
-to run, the container will continue to as well. You can see a more substantial
159
-example [that uses supervisord here](/articles/using_supervisord/).
137
+http://supervisord.org/), runit, s6, or daemontools can do the trick. Docker
138
+will start up the process management daemon which will then fork to run
139
+additional processes. As long as the processor manager daemon continues to run,
140
+the container will continue to as well. You can see a more substantial example
141
+[that uses supervisord here](/articles/using_supervisord/).
160 142
 
161 143
 ### What platforms does Docker run on?
162 144
 
163 145
 Linux:
164 146
 
165
- - Ubuntu 12.04, 13.04 et al
166
- - Fedora 19/20+
167
- - RHEL 6.5+
168
- - Centos 6+
169
- - Gentoo
170
- - ArchLinux
171
- - openSUSE 12.3+
147
+ - Ubuntu 12.04, 13.04 et al 
148
+ - Fedora 19/20+ 
149
+ - RHEL 6.5+ 
150
+ - Centos 6+ 
151
+ - Gentoo 
152
+ - ArchLinux 
153
+ - openSUSE 12.3+ 
172 154
  - CRUX 3.0+
173 155
 
174 156
 Cloud:
175 157
 
176
- - Amazon EC2
177
- - Google Compute Engine
158
+ - Amazon EC2 
159
+ - Google Compute Engine 
178 160
  - Rackspace
179 161
 
180 162
 ### How do I report a security issue with Docker?
181 163
 
182 164
 You can learn about the project's security policy
183
-[here](https://www.docker.com/security/) and report security issues to
184
-this [mailbox](mailto:security@docker.com).
165
+[here](https://www.docker.com/security/) and report security issues to this
166
+[mailbox](mailto:security@docker.com).
185 167
 
186 168
 ### Why do I need to sign my commits to Docker with the DCO?
187 169
 
188 170
 Please read [our blog post](
189
-http://blog.docker.com/2014/01/docker-code-contributions-require-developer-certificate-of-origin/)
190
-on the introduction of the DCO.
171
+http://blog.docker.com/2014/01/docker-code-contributions-require-developer-
172
+certificate-of-origin/) on the introduction of the DCO.
191 173
 
192 174
 ### When building an image, should I prefer system libraries or bundled ones?
193 175
 
194 176
 *This is a summary of a discussion on the [docker-dev mailing list](
195 177
 https://groups.google.com/forum/#!topic/docker-dev/L2RBSPDu1L0).*
196 178
 
197
-Virtually all programs depend on third-party libraries. Most frequently,
198
-they will use dynamic linking and some kind of package dependency, so
199
-that when multiple programs need the same library, it is installed only once.
200
-
201
-Some programs, however, will bundle their third-party libraries, because
202
-they rely on very specific versions of those libraries. For instance,
203
-Node.js bundles OpenSSL; MongoDB bundles V8 and Boost (among others).
204
-
205
-When creating a Docker image, is it better to use the bundled libraries,
206
-or should you build those programs so that they use the default system
207
-libraries instead?
208
-
209
-The key point about system libraries is not about saving disk or memory
210
-space. It is about security. All major distributions handle security
211
-seriously, by having dedicated security teams, following up closely
212
-with published vulnerabilities, and disclosing advisories themselves.
213
-(Look at the [Debian Security Information](https://www.debian.org/security/)
214
-for an example of those procedures.) Upstream developers, however,
215
-do not always implement similar practices.
216
-
217
-Before setting up a Docker image to compile a program from source,
218
-if you want to use bundled libraries, you should check if the upstream
219
-authors provide a convenient way to announce security vulnerabilities,
220
-and if they update their bundled libraries in a timely manner. If they
221
-don't, you are exposing yourself (and the users of your image) to
222
-security vulnerabilities.
179
+Virtually all programs depend on third-party libraries. Most frequently, they
180
+will use dynamic linking and some kind of package dependency, so that when
181
+multiple programs need the same library, it is installed only once.
182
+
183
+Some programs, however, will bundle their third-party libraries, because they
184
+rely on very specific versions of those libraries. For instance, Node.js bundles
185
+OpenSSL; MongoDB bundles V8 and Boost (among others).
186
+
187
+When creating a Docker image, is it better to use the bundled libraries, or
188
+should you build those programs so that they use the default system libraries
189
+instead?
190
+
191
+The key point about system libraries is not about saving disk or memory space.
192
+It is about security. All major distributions handle security seriously, by
193
+having dedicated security teams, following up closely with published
194
+vulnerabilities, and disclosing advisories themselves. (Look at the [Debian
195
+Security Information](https://www.debian.org/security/) for an example of those
196
+procedures.) Upstream developers, however, do not always implement similar
197
+practices.
198
+
199
+Before setting up a Docker image to compile a program from source, if you want
200
+to use bundled libraries, you should check if the upstream authors provide a
201
+convenient way to announce security vulnerabilities, and if they update their
202
+bundled libraries in a timely manner. If they don't, you are exposing yourself
203
+(and the users of your image) to security vulnerabilities.
223 204
 
224 205
 Likewise, before using packages built by others, you should check if the
225 206
 channels providing those packages implement similar security best practices.
226 207
 Downloading and installing an "all-in-one" .deb or .rpm sounds great at first,
227
-except if you have no way to figure out that it contains a copy of the
228
-OpenSSL library vulnerable to the [Heartbleed](http://heartbleed.com/) bug.
208
+except if you have no way to figure out that it contains a copy of the OpenSSL
209
+library vulnerable to the [Heartbleed](http://heartbleed.com/) bug.
229 210
 
230 211
 ### Why is `DEBIAN_FRONTEND=noninteractive` discouraged in Dockerfiles?
231 212
 
... ...
@@ -234,46 +217,48 @@ When building Docker images on Debian and Ubuntu you may have seen errors like:
234 234
     unable to initialize frontend: Dialog
235 235
 
236 236
 These errors don't stop the image from being built but inform you that the
237
-installation process tried to open a dialog box, but was unable to. 
238
-Generally, these errors are safe to ignore.
237
+installation process tried to open a dialog box, but was unable to. Generally,
238
+these errors are safe to ignore.
239 239
 
240
-Some people circumvent these errors by changing the `DEBIAN_FRONTEND` 
240
+Some people circumvent these errors by changing the `DEBIAN_FRONTEND`
241 241
 environment variable inside the Dockerfile using:
242 242
 
243 243
     ENV DEBIAN_FRONTEND=noninteractive
244 244
 
245
-This prevents the installer from opening dialog boxes during installation 
246
-which stops the errors.
245
+This prevents the installer from opening dialog boxes during installation which
246
+stops the errors.
247 247
 
248
-While this may sound like a good idea, it *may* have side effects. 
249
-The `DEBIAN_FRONTEND` environment variable will be inherited by all 
250
-images and containers built from your image, effectively changing
251
-their behavior. People using those images will run into problems when
252
-installing software interactively, because installers will not show
253
-any dialog boxes.
248
+While this may sound like a good idea, it *may* have side effects. The
249
+`DEBIAN_FRONTEND` environment variable will be inherited by all images and
250
+containers built from your image, effectively changing their behavior. People
251
+using those images will run into problems when installing software
252
+interactively, because installers will not show any dialog boxes.
254 253
 
255 254
 Because of this, and because setting `DEBIAN_FRONTEND` to `noninteractive` is
256 255
 mainly a 'cosmetic' change, we *discourage* changing it.
257 256
 
258
-If you *really* need to change its setting, make sure to change it
259
-back to its [default value](https://www.debian.org/releases/stable/i386/ch05s03.html.en) 
257
+If you *really* need to change its setting, make sure to change it back to its
258
+[default value](https://www.debian.org/releases/stable/i386/ch05s03.html.en)
260 259
 afterwards.
261 260
 
262
-### Can I help by adding some questions and answers?
261
+### Why do I get `Connection reset by peer` when making a request to a service running in a container?
262
+
263
+Typically, this message is returned if the service is already bound to your
264
+localhost. As a result, requests coming to the container from outside are
265
+dropped. To correct this problem, change the service's configuration on your
266
+localhost so that the service accepts requests from all IPs.
263 267
 
264
-Definitely! You can fork [the repo](https://github.com/docker/docker) and
265
-edit the documentation sources.
266 268
 
267 269
 ### Where can I find more answers?
268 270
 
269 271
 You can find more answers on:
270 272
 
271
-- [Docker user mailinglist](https://groups.google.com/d/forum/docker-user)
272
-- [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev)
273
-- [IRC, docker on freenode](irc://chat.freenode.net#docker)
274
-- [GitHub](https://github.com/docker/docker)
275
-- [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker)
273
+
274
+- [Docker user mailinglist](https://groups.google.com/d/forum/docker-user) 
275
+- [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev) 
276
+- [IRC, docker on freenode](irc://chat.freenode.net#docker) 
277
+- [GitHub](https://github.com/docker/docker) 
278
+- [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker) 
276 279
 - [Join the conversation on Twitter](http://twitter.com/docker)
277 280
 
278
-Looking for something else to read? Checkout the [User
279
-Guide](/userguide/).
281
+Looking for something else to read? Checkout the [User Guide](/userguide/).