tags, Dustin Fontaine

Understanding Docker, A Comprehension

I was looking for documentation for Docker recently to help someone understand how they were trying to set up their app, and most of what I came across was either too little information or much more detailed than what I was looking for. So I’m making this for those who are somewhere in the middle and trying to bridge the gap. If you went through my Nextcloud setup and had some issues, this will help you understand what you were doing and will enable you to troubleshoot it a bit on your own.

First you need to understand what docker IS though. Docker is an engine that allows you to containerize applications into their own space, without affecting the rest of the system. If you’re familiar with virtualization you already somewhat understand the concept, only you don’t have to spin up and build a whole virtual machine, this application actually runs using your host kernel and resources. It just creates kind of its own file system space that is separate from your host.

This post is going to strictly cover Linux because it’s 1:1 on how the containers are managed. You can run Docker on Windows and Mac too, but there are other factors at play. I’m not going into that for the sake of simplicity.

Now, let’s look at a real practical use. I’m going to use the Nextcloud image that we used in my Personal Cloud post now. You’ll notice that these images all mention tags, this is just the version number. The actual Nextcloud container supports putting tags on to bind your server to a particular version number, but the Linux Server people have theirs set up a bit more simply. We’ll just stick with latest.

Ok, now let’s look at the basic command:

docker run -d \
  --name=nextcloud \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -p 443:443 \
  -v /path/to/appdata:/config \
  -v /path/to/data:/data \
  --restart unless-stopped \
  ghcr.io/linuxserver/nextcloud:latest

It’s important to note, the backslash (\) is a word wrap indicator in Linux. So you can open a text editor and put your command in as many lines as you want, just put that at the end. In reality that command reads as:

docker run -d --name=nextcloud -e PUID=1000 -e PGID=1000 -e TZ=Europe/London -p 443:443 -v /path/to/appdata:/config -v /path/to/data:/data --restart unless-stopped ghcr.io/linuxserver/nextcloud:latest

Just, don’t put spaces AFTER the slash, the command will break entirely.

The ‘-d’ in the command just means to run as detached, otherwise you would be running your command and it will run in real time until you hit CTRL^C which will kill the process as well. If you plan on your image running by itself, you should make sure to add this option.

Another important thing to note is the PUID and PGID, which is entirely dependent on your system. If you are the only admin there is a 99% chance that this will be 1000 because there are other types of “system accounts” that are used prior to that. You can verify by typing this into your command line (do not invoke sudo, run as yourself):

id $user

You will see the uid and gid come back with a numerical value and a name value. This will also probably show you all the gid’s that you are a part of. When you set these values, you are effectively saying: “Whatever the admin account is in the container is equal to this account on the host.” This will effectively declare that you are the owner of that container. This is really useful in creating persistent data, which we’ll get to in a bit. You’ll notice 1000 was taken by autologin when I set up this machine, and my GID is 1001, this is precisely why this is an important step. Don’t worry though, I have a disk encryption passphrase that is supposed to take a quindecillion years to break (90 zeros).

Name and time zone are relatively self-explanatory, if you don’t specify a name it will generate one using two random words. Time zone is UNIX epoch format so you’ll likely need to consult a list like this in order to find that. I’ll cheat a bit though and tell you that CST is America/Chicago. Skipping to the end, you’ll see the restart parameter, which should also be pretty self-explanatory. I pick unless-stopped instead of always (another option) because if there are issues and you need to troubleshoot it’s much easier when the container just stays off when you want it to.

Next comes the part that can trip people up. This is the bindings that relate between the host and container. Now obviously you do not have an actual folder path to /path/to/data. You would instead maybe have that data in /mnt/nextcloud/data so you would fill in your own values. The important part is you figure out which side is the host and container. I am going to borrow the “righty tighty” line and just remember that containers are TIGHT-knit isolated spaces. I’ll let you look back at the command and see if you can visualize that.

Did you get it? Ok cool so /mnt/nextcloud/data on my host has some files (ls -la will show permissions and hidden), if I enter the container using:

docker exec -it nextcloud bash

Then I view the files located at /data they should be precisely the same thing. But if you look in your container, you won’t see yourself as the user, you’ll see “abc” because that is the admin account they use inside the container.

This is where that UID stuff comes into play. Now abc owns the data as far as the container is concerned, and you have translated that account to mean your own on the host, so now you running that container, give yourself permission to manipulate the data. Otherwise you’ll have probably docker owning the data (960) and that isn’t even a real user.

The port is where you actually go to get to the admin side. You can keep 443 as the port, OR if you use a lot of apps with a reverse proxy, you might specify something like this:

-p 8081:80 \
-p 4341:443 \

Your container will then use the values as it’s prompted by the reverse proxy but you can get to it locally using the IP and specified port in order to get to that point.

That’s essentially the basic makeup of how Docker works. There is a lot more to it, even my personal cloud post mentions creating a network – but if you just want to get going running your own containerized apps either by self-hosting or developing, you’ll be going in the right direction.

Organize Your Email With Delimiters

How many unread messages do you have in your email box right now? If you are like many people, that number has several digits. You may find yourself in a situation that might very well only be resolved by creating an entirely new email – and I know that is not an easy task – I’ve done it a few times (and helped others through the process). Whether you decide to keep on keeping on or start fresh I’m going to give you a great method to help organize the clutter.

Most of the more modern email providers, Gmail, Outlook, Office 365 support a feature that goes by many names (plus addressing, tags, disposable addresses, delimeters). It’s the simple art of extending your existing email and adding a tag that will identify the source of where you are receiving emails. The best part is you don’t even have to do anything special to enable it (in most cases)!

Note: If it’s not turned on in your 365 tenant, an admin will need to run this command in Exchange Online Powershell:

Set-OrganizationConfig -AllowPlusAddressInRecipients $true

The downside is – there are some services that for some reason just cannot comprehend the idea that people might actually use this. When you update your favorite sites, make sure you can receive a test email from them before committing fully on a very important site (like a bank). Some mail providers will at least let you create aliases if a site cannot handle tags. And of course while I don’t prefer to use the base email, sometimes I just have no choice.

So now the idea: Let’s say I have an email of Dustin@Gmail.com. If I want to create a special email for Twitter, I would sign up (or change) my email to:

Dustin+Twitter@Gmail.com

Gmail supports plus addressing and Twitter can comprehend plus addressing so there should be no problem in receiving this mail to my inbox.

This one example by itself isn’t very impressive of course, but what if we consistently do this for various sites? What if we subscribe to several newsletter sites that we don’t want cluttering our mailbox but we still want the content of those newsletters?

Dustin+Newsletter@Gmail.com

Or:

Dustin+MagazineSiteName@Gmail.com

And now we create a folder under our Inbox called Newsletters and create a rule (unless you opt for RSS feeds). The way rules are handled vary by your mail provider but essentially the outcome we want is:

IF: TO= Dustin+Newsletters@Gmail.com ; 
THEN: Move to Folder= Newsletters

Now we have a nice little folder where all these newsletters automatically get placed. We can browse them at our leisure and when we need to view important information at a glance, they aren’t in the way. This can apply to any number of scenarios:

+Bank1
+CreditCard2
+Spam
+Auto
+Amazon
+Bills
+Receipts

And the list goes on. Create rules for all of these, flag Bills as important as soon as it comes in, automatically move Spam to your Junk folder. The possibilities are endless! At this point your mailbox is basically cleaning itself. Not only can you create tons of rules, but it makes searching for the content you need so much faster:

Search: "Best Buy Receipts"

Since you know you gave the +Receipts address to use for your emailed invoices, the search will return more focused results.

This methodology is also great at protecting your accounts from vulnerabilities. If Twitter were to become compromised, attackers would have my email and password, BUT that email is not my real email, and that password was generated by my password manager. Most attacks are generally automated and a list of compromised accounts is spammed at a site, so that information is basically useless for trying to gain access to really anything else, much less the more important accounts.

Words Of Wisdom

You may just decide your current mess is too far from redemption. I’ve seen many people finally go through all the trouble of creating a new account, and then set up a universal forward for all their old mail. Don’t do this. This is precisely what will cause your 9999+ emails to appear in your fresh new account. You may be in the moment with your new address and be adamant about unsubscribing and cleaning things up as they come in, but this will wear off and that new car smell will go away.

Update all your important accounts with your new address (with tags if possible), and forget about the rest for now. There is nothing stopping you from checking in on your old account from time to time – possibly creating rules from SPECIFIC senders to forward (with tags) to your new address. You can always go in later and update destination emails to those less important sites as time permits.