Docker & LXD support

Last updated: March 30th 2021

Docker support in Webdock

At long last we have gotten full Docker compatibility with Docker in our LXD containers after much kernel tweaking and upstream fixes.

The steps required to get Docker running in our VPS's are as follows:

1. Provision a Webdock Ubuntu (latest available version) base image, create a sudo shell user and connect via SSH

- You should not create a Micro container as there will be too little disk space available for Docker to function. Go for Micro+ or larger.

2. Follow the official instructions on how to install Docker-CE 

3. Test that Docker works :)

docker run --name some-wordpress -p 80:80 -d wordpress

If you are using docker-compose, you may need to tell it where the Docker daemon lives:

export DOCKER_HOST=http+unix://var/run/docker.sock

If you get an error of some kind please be in touch with Webdock support as Docker should really "just work" on Webdock.

LXD Support in Webdock

Webdock now fully supports nested LXD containers. LXD is similar in functionality to Docker, and is a great alternative.

To create an LXD container in your Webdock server, simply initialize LXD and accept all the defaults (comes pre-installed on all our Ubuntu systems) and off you go. The setup process would look something like the following. Please note the security.nesting=true in the launch / init command parameters:

root@testnesting:~# lxc init ubuntu c2 -c security.nesting=true 
If this is your first time running LXD on this machine, you should also run: lxd init 
To start your first container, try: lxc launch ubuntu:16.04 

Creating c2 
The local image 'ubuntu' couldn't be found, trying 'ubuntu:' instead. 
Error: Failed container creation: No storage pool found. Please create a new storage pool. 
root@testnesting:~# lxd init 
Would you like to use LXD clustering? (yes/no) [default=no]:  
Do you want to configure a new storage pool? (yes/no) [default=yes]:  
Name of the new storage pool [default=default]:  
Would you like to connect to a MAAS server? (yes/no) [default=no]:  
Would you like to create a new local network bridge? (yes/no) [default=yes]:  
What should the new bridge be called? [default=lxdbr0]:  
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:  
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:  

We detected that you are running inside an unprivileged container. 
This means that unless you manually configured your host otherwise, 
you will not have enough uids and gids to allocate to your containers. 

LXD can re-use your container's own allocation to avoid the problem. 
Doing so makes your nested containers slightly less safe as they could 
in theory attack their parent container and gain more privileges than 
they otherwise would.                                                                                                              
Would you like to have your containers share their parent's allocation? (yes/no) [default=yes]:                                    
Would you like LXD to be available over the network? (yes/no) [default=no]:                                                        
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]                                             
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:                                                     
root@testnesting:~# lxc launch ubuntu c2 -c security.nesting=true 
Creating c2 
The local image 'ubuntu' couldn't be found, trying 'ubuntu:' instead. 
Starting c2                                  
root@testnesting:~# lxc ls 
| NAME |  STATE  |        IPV4        |                     IPV6                      |    TYPE    | SNAPSHOTS | 
| c2   | RUNNING | (eth0) | fd42:4e3c:4243:492c:216:3eff:fee0:dffd (eth0) | PERSISTENT | 0         | 
root@testnesting:~# lxc exec c2 bash 
root@c2:~# ping 
PING ( 56(84) bytes of data. 
64 bytes from ( icmp_seq=1 ttl=52 time=29.9 ms
We use cookies. Please see our Privacy Policy.