KDK

# Infrastructure

# Docker

Check why Docker service does not start:

systemctl status docker.service
dockerd

Remove untaged/intermediate images generated by builds:

docker rmi $(docker images | grep "<none>" | awk '{print $3}')

Follow-up logs while running a container:

docker logs container_name -f --tail 100

Get detailed healthcheck status for a running container:

docker inspect -f '{{json .State.Health.Status}}' container_name

Find the location of the log file of a container:

docker inspect --format='{{.LogPath}}' container_name

Find the location of a named volume of a container:

docker volume inspect volume_name

Export the logs with errors in a file:

docker logs aktnmap > aktnmap.log 2>&1

Quick container fix:

// Perform configuration changes inside the container then exit
docker exec -it container_name bash
// Or copy configuration files to host then back to container
docker cp container_name:/conf/config_file .
// Edit config file
docker cp config_file container_name:/conf
docker commit container_name repository:tag
docker-compose down ...
docker-compose up ...

Check why a swarm service did not start (empty logs, no replica):

docker service ps --no-trunc {serviceName}

To access host in Docker Desktop Edition on Windows (opens new window) or Mac (opens new window) use the special DNS name host.docker.internal.

# Traefik

Extract access logs for a given date time: cat access.log | grep "10/Mar/2020:02" > access-10-03-2020-03.log Check access logs for a given HTTP error code: cat access.log | grep "1.0\" 404" or cat access.log | grep "2.0\" 404" Gzip access logs: gzip -c access.log > access.log.gz

# Scaleway

A step-by-step configuration (opens new window) of a new server with Docker and a single logical volume.

# Networking

List all running ssh sessions: netstat -tnpa | grep 'ESTABLISHED.*sshd'

List all ssh session attempts: cat /var/log/auth.log

# Development domains

Some development tasks like OAuth2 authentication have strict security concerns so that you cannot use localhost, non-standard ports or need to enforce HTTPS in all URLs. Here is how to setup a "fake" domain on your host.

Let's say we have our app running on localhost:8080 in HTTP or localhost:8083 in HTTPS. First, edit the hosts file (/etc/hosts under Linux or C:\Windows\System32\drivers\etc\hosts under Windows) and add this line to redirect the domain to local host:

127.0.0.1 test.airbusoidc.com

Then, since the hosts file does not allow to manage port redirections we need to do so using the operating system network tools.

# Windows

To see what is currently running:

netstat -a -n -p TCP | grep "LISTENING"

To add port redirection for HTTP:

netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.0.0.1 connectport=8080 connectaddress=127.0.0.1

To add port redirection for HTTPS:

netsh interface portproxy add v4tov4 listenport=443 listenaddress=127.0.0.1 connectport=8083 connectaddress=127.0.0.1

To see running proxied port:

netsh interface portproxy show v4tov4

To see remove proxied port:

netsh interface portproxy delete v4tov4 listenport=80 listenaddress=127.0.0.1

# Linux

First enable port redirection:

echo "1" > /proc/sys/net/ipv4/ip_forward

Then add port redirect:

iptables -t nat -A PREROUTING -s 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to 8080`
iptables -t nat -A OUTPUT -s 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to 8080`

To remove simply replace in the previous command the -D switch instead of the -A switch.