github.com/slene/docker@v1.8.0-rc1/docs/misc/faq.md (about) 1 <!--[metadata]> 2 +++ 3 title = "FAQ" 4 description = "Most frequently asked questions." 5 keywords = ["faq, questions, documentation, docker"] 6 [menu.main] 7 parent = "mn_about" 8 weight = 3 9 +++ 10 <![end-metadata]--> 11 12 # Frequently Asked Questions (FAQ) 13 14 If you don't see your question here, feel free to submit new ones to 15 <docs@docker.com>. Or, you can fork [the 16 repo](https://github.com/docker/docker) and contribute them yourself by editing 17 the documentation sources. 18 19 20 ### How much does Docker cost? 21 22 Docker is 100% free. It is open source, so you can use it without paying. 23 24 ### What open source license are you using? 25 26 We are using the Apache License Version 2.0, see it here: 27 [https://github.com/docker/docker/blob/master/LICENSE]( 28 https://github.com/docker/docker/blob/master/LICENSE) 29 30 ### Does Docker run on Mac OS X or Windows? 31 32 Docker currently runs only on Linux, but you can use VirtualBox to run Docker in 33 a virtual machine on your box, and get the best of both worlds. Check out the 34 [*Mac OS X*](../installation/mac/#macosx) and [*Microsoft 35 Windows*](../installation/windows/#windows) installation guides. The small Linux 36 distribution boot2docker can be run inside virtual machines on these two 37 operating systems. 38 39 > **Note:** if you are using a remote Docker daemon, such as Boot2Docker, 40 > then _do not_ type the `sudo` before the `docker` commands shown in the 41 > documentation's examples. 42 43 ### How do containers compare to virtual machines? 44 45 They are complementary. VMs are best used to allocate chunks of hardware 46 resources. Containers operate at the process level, which makes them very 47 lightweight and perfect as a unit of software delivery. 48 49 ### What does Docker add to just plain LXC? 50 51 Docker is not a replacement for LXC. "LXC" refers to capabilities of the Linux 52 kernel (specifically namespaces and control groups) which allow sandboxing 53 processes from one another, and controlling their resource allocations. On top 54 of this low-level foundation of kernel features, Docker offers a high-level tool 55 with several powerful functionalities: 56 57 - *Portable deployment across machines.* Docker defines a format for bundling 58 an application and all its dependencies into a single object which can be 59 transferred to any Docker-enabled machine, and executed there with the 60 guarantee that the execution environment exposed to the application will be the 61 same. LXC implements process sandboxing, which is an important pre-requisite 62 for portable deployment, but that alone is not enough for portable deployment. 63 If you sent me a copy of your application installed in a custom LXC 64 configuration, it would almost certainly not run on my machine the way it does 65 on yours, because it is tied to your machine's specific configuration: 66 networking, storage, logging, distro, etc. Docker defines an abstraction for 67 these machine-specific settings, so that the exact same Docker container can 68 run - unchanged - on many different machines, with many different 69 configurations. 70 71 - *Application-centric.* Docker is optimized for the deployment of 72 applications, as opposed to machines. This is reflected in its API, user 73 interface, design philosophy and documentation. By contrast, the `lxc` helper 74 scripts focus on containers as lightweight machines - basically servers that 75 boot faster and need less RAM. We think there's more to containers than just 76 that. 77 78 - *Automatic build.* Docker includes [*a tool for developers to automatically 79 assemble a container from their source 80 code*](../reference/builder/#dockerbuilder), with full control over application 81 dependencies, build tools, packaging etc. They are free to use `make`, `maven`, 82 `chef`, `puppet`, `salt,` Debian packages, RPMs, source tarballs, or any 83 combination of the above, regardless of the configuration of the machines. 84 85 - *Versioning.* Docker includes git-like capabilities for tracking successive 86 versions of a container, inspecting the diff between versions, committing new 87 versions, rolling back etc. The history also includes how a container was 88 assembled and by whom, so you get full traceability from the production server 89 all the way back to the upstream developer. Docker also implements incremental 90 uploads and downloads, similar to `git pull`, so new versions of a container 91 can be transferred by only sending diffs. 92 93 - *Component re-use.* Any container can be used as a [*"base image"*]( 94 ../terms/image/#base-image-def) to create more specialized components. This can 95 be done manually or as part of an automated build. For example you can prepare 96 the ideal Python environment, and use it as a base for 10 different 97 applications. Your ideal Postgresql setup can be re-used for all your future 98 projects. And so on. 99 100 - *Sharing.* Docker has access to a [public registry](https://hub.docker.com) 101 where thousands of people have uploaded useful containers: anything from Redis, 102 CouchDB, Postgres to IRC bouncers to Rails app servers to Hadoop to base images 103 for various Linux distros. The 104 [*registry*](../reference/api/registry_index_spec/#registryindexspec) also 105 includes an official "standard library" of useful containers maintained by the 106 Docker team. The registry itself is open-source, so anyone can deploy their own 107 registry to store and transfer private containers, for internal server 108 deployments for example. 109 110 - *Tool ecosystem.* Docker defines an API for automating and customizing the 111 creation and deployment of containers. There are a huge number of tools 112 integrating with Docker to extend its capabilities. PaaS-like deployment 113 (Dokku, Deis, Flynn), multi-node orchestration (Maestro, Salt, Mesos, Openstack 114 Nova), management dashboards (docker-ui, Openstack Horizon, Shipyard), 115 configuration management (Chef, Puppet), continuous integration (Jenkins, 116 Strider, Travis), etc. Docker is rapidly establishing itself as the standard 117 for container-based tooling. 118 119 ### What is different between a Docker container and a VM? 120 121 There's a great StackOverflow answer [showing the differences]( 122 http://stackoverflow.com/questions/16047306/how-is-docker-io-different-from-a-normal-virtual-machine). 123 124 ### Do I lose my data when the container exits? 125 126 Not at all! Any data that your application writes to disk gets preserved in its 127 container until you explicitly delete the container. The file system for the 128 container persists even after the container halts. 129 130 ### How far do Docker containers scale? 131 132 Some of the largest server farms in the world today are based on containers. 133 Large web deployments like Google and Twitter, and platform providers such as 134 Heroku and dotCloud all run on container technology, at a scale of hundreds of 135 thousands or even millions of containers running in parallel. 136 137 ### How do I connect Docker containers? 138 139 Currently the recommended way to link containers is via the link primitive. You 140 can see details of how to [work with links here](/userguide/dockerlinks). 141 142 Also useful for more flexible service portability is the [Ambassador linking 143 pattern](/articles/ambassador_pattern_linking/). 144 145 ### How do I run more than one process in a Docker container? 146 147 Any capable process supervisor such as [http://supervisord.org/]( 148 http://supervisord.org/), runit, s6, or daemontools can do the trick. Docker 149 will start up the process management daemon which will then fork to run 150 additional processes. As long as the processor manager daemon continues to run, 151 the container will continue to as well. You can see a more substantial example 152 [that uses supervisord here](/articles/using_supervisord/). 153 154 ### What platforms does Docker run on? 155 156 Linux: 157 158 - Ubuntu 12.04, 13.04 et al 159 - Fedora 19/20+ 160 - RHEL 6.5+ 161 - CentOS 6+ 162 - Gentoo 163 - ArchLinux 164 - openSUSE 12.3+ 165 - CRUX 3.0+ 166 167 Cloud: 168 169 - Amazon EC2 170 - Google Compute Engine 171 - Rackspace 172 173 ### How do I report a security issue with Docker? 174 175 You can learn about the project's security policy 176 [here](https://www.docker.com/security/) and report security issues to this 177 [mailbox](mailto:security@docker.com). 178 179 ### Why do I need to sign my commits to Docker with the DCO? 180 181 Please read [our blog post]( 182 http://blog.docker.com/2014/01/docker-code-contributions-require-developer-certificate-of-origin/) on the introduction of the DCO. 183 184 ### When building an image, should I prefer system libraries or bundled ones? 185 186 *This is a summary of a discussion on the [docker-dev mailing list]( 187 https://groups.google.com/forum/#!topic/docker-dev/L2RBSPDu1L0).* 188 189 Virtually all programs depend on third-party libraries. Most frequently, they 190 will use dynamic linking and some kind of package dependency, so that when 191 multiple programs need the same library, it is installed only once. 192 193 Some programs, however, will bundle their third-party libraries, because they 194 rely on very specific versions of those libraries. For instance, Node.js bundles 195 OpenSSL; MongoDB bundles V8 and Boost (among others). 196 197 When creating a Docker image, is it better to use the bundled libraries, or 198 should you build those programs so that they use the default system libraries 199 instead? 200 201 The key point about system libraries is not about saving disk or memory space. 202 It is about security. All major distributions handle security seriously, by 203 having dedicated security teams, following up closely with published 204 vulnerabilities, and disclosing advisories themselves. (Look at the [Debian 205 Security Information](https://www.debian.org/security/) for an example of those 206 procedures.) Upstream developers, however, do not always implement similar 207 practices. 208 209 Before setting up a Docker image to compile a program from source, if you want 210 to use bundled libraries, you should check if the upstream authors provide a 211 convenient way to announce security vulnerabilities, and if they update their 212 bundled libraries in a timely manner. If they don't, you are exposing yourself 213 (and the users of your image) to security vulnerabilities. 214 215 Likewise, before using packages built by others, you should check if the 216 channels providing those packages implement similar security best practices. 217 Downloading and installing an "all-in-one" .deb or .rpm sounds great at first, 218 except if you have no way to figure out that it contains a copy of the OpenSSL 219 library vulnerable to the [Heartbleed](http://heartbleed.com/) bug. 220 221 ### Why is `DEBIAN_FRONTEND=noninteractive` discouraged in Dockerfiles? 222 223 When building Docker images on Debian and Ubuntu you may have seen errors like: 224 225 unable to initialize frontend: Dialog 226 227 These errors don't stop the image from being built but inform you that the 228 installation process tried to open a dialog box, but was unable to. Generally, 229 these errors are safe to ignore. 230 231 Some people circumvent these errors by changing the `DEBIAN_FRONTEND` 232 environment variable inside the Dockerfile using: 233 234 ENV DEBIAN_FRONTEND=noninteractive 235 236 This prevents the installer from opening dialog boxes during installation which 237 stops the errors. 238 239 While this may sound like a good idea, it *may* have side effects. The 240 `DEBIAN_FRONTEND` environment variable will be inherited by all images and 241 containers built from your image, effectively changing their behavior. People 242 using those images will run into problems when installing software 243 interactively, because installers will not show any dialog boxes. 244 245 Because of this, and because setting `DEBIAN_FRONTEND` to `noninteractive` is 246 mainly a 'cosmetic' change, we *discourage* changing it. 247 248 If you *really* need to change its setting, make sure to change it back to its 249 [default value](https://www.debian.org/releases/stable/i386/ch05s03.html.en) 250 afterwards. 251 252 ### Why do I get `Connection reset by peer` when making a request to a service running in a container? 253 254 Typically, this message is returned if the service is already bound to your 255 localhost. As a result, requests coming to the container from outside are 256 dropped. To correct this problem, change the service's configuration on your 257 localhost so that the service accepts requests from all IPs. If you aren't sure 258 how to do this, check the documentation for your OS. 259 260 261 ### Where can I find more answers? 262 263 You can find more answers on: 264 265 266 - [Docker user mailinglist](https://groups.google.com/d/forum/docker-user) 267 - [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev) 268 - [IRC, docker on freenode](irc://chat.freenode.net#docker) 269 - [GitHub](https://github.com/docker/docker) 270 - [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker) 271 - [Join the conversation on Twitter](http://twitter.com/docker) 272 273 Looking for something else to read? Checkout the [User Guide](/userguide/).