Skip to content

Docker Engine

Docker logo

Overview

Field Value
Purpose Run containerized infrastructure and business applications
Business function Shared application platform
Owner IT Operations
Criticality Critical
Host LXC 100 proxy, 192.168.2.20
Version Engine 29.5.0; Compose plugin v5.1.3

Architecture

Containers use two main bridge networks:

  • aproxy (172.18.0.0/16) for Traefik ingress
  • backend (172.19.0.0/16) for databases and internal service traffic

Installation

Docker runs natively inside an unprivileged Debian 12 LXC with nesting enabled. Deployments use Docker Compose under /root/<project>.

Configuration

  • Compose: /root/<project>/docker-compose.yml
  • Environment: /root/<project>/.env
  • Persistent data: /root/<project>/data or documented Docker volumes
  • Published host ports: 80, 443, 2222, 5432, and 8086

Operational Procedures

ssh docker
docker ps -a
cd /root/<project>
docker compose config
docker compose pull
docker compose up -d
docker compose logs --tail=200

Back up the compose file, .env, bind mounts, named volumes, and application-level database export before an update. Never use broad prune commands during routine maintenance.

Troubleshooting

  • Restart loop: docker inspect <container> --format '{{.State.Error}}' and docker logs --tail=200 <container>.
  • Ingress failure: confirm membership in aproxy and inspect Traefik labels.
  • Database failure: confirm membership in backend and test the database service name/port.
  • Missing deployment source: reconstruct and validate Compose before recreating the container.

References

  • Runtime captured June 9, 2026