Practical Docker at Home
Being the core infrastructure nerd I am, I need projects to have a purpose and while I want to learn more about Docker and Kubernetes, I need a practical project to actually use around the house. I’ve been researching a few things and I have started by using an extra Raspberry Pi 2 I had laying around- this project will probably migrate to my Pi 3 as I test more containers or get another Pi. My two goals were to have a containerized version of Pi-Hole and something to monitor it with. This guide will get you to a working state and you will probably learn something along the way!
Step 1
Flash Raspbian Light to an SD card – I’m using 8gb, size shouldn’t matter too much – get a Class 10 card though – a slow card will be noticeable! I use Etcher and it works great.
Note that if you don’t plan on hooking up a monitor and keyboard that you will need to enable ssh prior to booting up. After flashing the card, browse to the boot volume and create a single file named ssh. Once that is done boot it up on your pi and find it on your network by poking around your DHCP clients in your router.
Once you find it you can ssh to it using PuTTY or another ssh client. The user name is pi and the password is raspberry
Once you are logged in run sudo raspi-config
From here you can change the host name to something clever and you will also want to expand the filesystem to use your entire card. It is also wise to change the pi user password. You should also setup a static IP address for the pi but whether you do that here or in your router that is up to you. You may also want to set your time zone so you have some sanity in your life. Once this is done, reboot and log back in to the pi!
Step 2
Now we need to install Docker:
curl -sSL get.docker.com | sh
This command should take a few minutes to download and install everything. Once that is complete you will also want to run the following command to allow the pi user to execute Docker commands:
sudo usermod pi -aG docker
Docker is installed! Now you can run a few handy commands:
docker info – get information about the install
docker ps – list running containers and status
docker images – list images you have pulled down
These shouldn’t display anything right now since you don’t have any containers running, but lets fix that! Lets deploy a test container to make sure everything is working:
docker run -d -p 80:80 hypriot/rpi-busybox-httpd
This will run a web server on port 80 and once its running you can browse to http://(your pi IP address) (Setting a static IP is the way to go!)
Once that is working you can run docker ps and then see the running container. Take note of the docker container name and then run
docker stop
Now if you try to refresh that webpage you will see it doesn’t work anymore since we stopped the container.
Step 3
Now lets download the Pi-Hole container so we can have some ad-blocking goodness on your network.
Run docker pull diginc/pi-hole-multiarch:debian_armhf
This will pull the arm flavored version of Pi-Hole for use.
Now we will run this handy dandy script to configure the environmentals for Pi-Hole:
# !/bin/bash
# Lookups may not work for VPN / tun0
IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"
IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
# Just hard code these to your docker server's LAN IP if lookups aren't working
IP="${IP:-$IP_LOOKUP}" # use $IP, if set, otherwise IP_LOOKUP
IPv6="${IPv6:-$IPv6_LOOKUP}" # use $IPv6, if set, otherwise IP_LOOKUP
# Default of directory you run this from, update to where ever.
DOCKER_CONFIGS="$(pwd)"
echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"
# Default ports + daemonized docker container
docker run -d \
--name pihole \
-p 53:53/tcp -p 53:53/udp \
-p 67:67/udp \
-p 80:80 \
-p 443:443 \
-v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
-v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
-e ServerIP="${IP}" \
-e ServerIPv6="${IPv6}" \
--restart=unless-stopped \
diginc/pi-hole-multiarch:debian_armhf
Run docker ps and you should see container named pihole. You can browse to the admin section by going to http://(your pi IP address)/admin
We need to set an administrative password so you can login:
docker exec pihole pihole -a -p
Now for a quick rabbit hole: lets break down that command – docker exec passes commands to a running container specifically the ‘pihole’ container then it executes the command “pihole -a -p” which is the same command you would use if you had Pi-Hole natively installed and not running in a container. Neat!
Now switch over to your browser and login to your Pi-Hole admin section at http://(your pi IP address)/admin
You can refer to the Pi-Hole documentation for any other settings!
If you want to stop the Pi-Hole container you can run
docker stop pihole and then to start it up run docker start pihole – it remembers the settings previously used so you are good to go!
Enabling this DNS server to be configured on your network is out of scope here so check your router’s configuration or use OpenWRT and I can help you.
Step 4
Now that we have a container running, how do we monitor it? Let’s setup another container called Portainer that will help manage this Docker installation.
Lets grab the Portainer image for arm:
docker pull portainer/portainer:arm (note that tag :arm specifies this architecture or you would get an x86 image that wouldn’t work on your Raspberry Pi)
Portainer needs a volume to store data in so lets create that:
docker volume create portainer_data (this file will be stored in /var/lib/docker/volumes if you are curious)
Now lets run the container:
docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer:arm
This will start the Portainer container and you can now administrate Docker from a browser- just browse to http://(your pi IP address:9000) and it will prompt you to set a password and connect to the local instance of Docker. You can also pull images and look at statistics of running containers:
Step 5
Profit! And now you have a working Pi-Hole system running on Docker that you can administrate without ssh. I’ll be continuing to research and share more containers that have a useful purpose at home because we all need more Docker in our lives. Hopefully I’ll have some Kubernetes working soon…