# Docker tricks

### Nsenter
I often wish to use networking utilities to investigate Docker problems without having to install them inside my containers or, worse, having to bake them into my images. Enter Nsenter:

```sh
# Show the listening TCP sockets in the Docker container named 'boop'.
sudo nsenter --net --target "$(sudo docker inspect -f {{.State.Pid}} boop)" \
   ss -ltnp

# Identify all established HTTP connections to Bunnyinfo.local from the first
# container associated with the 'bunnyfacts' Swarm service.
sudo nsenter --net \
   --target "$(sudo docker inspect -f {{.State.Pid}} \
                   "$(sudo docker ps -qfname=bunnyfacts | head -1)")" \
   conntrack -L -d "$(getent hosts bunnyinfo.local. |
                          awk '{ print $1; exit }')" \
       -p tcp --dport 80 --state ESTABLISHED
```

This works with the other user namespaces too.

## Navigation
=> index.gmi Site index
=> gemini://sdf.org/nepeta/docker.gmi Gemini permalink for this page
=> http://nepeta.chaosnet.org/docker.html HTTP permalink for this page

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.