Docker Engine
Overview
| Field | Value |
|---|---|
| Purpose | Run containerized infrastructure and business applications |
| Business function | Shared application platform |
| Owner | IT Operations |
| Criticality | Critical |
| Host | LXC 100 proxy, 192.168.2.20 |
| Version | Engine 29.5.0; Compose plugin v5.1.3 |
Architecture
Containers use two main bridge networks:
aproxy(172.18.0.0/16) for Traefik ingressbackend(172.19.0.0/16) for databases and internal service traffic
Installation
Docker runs natively inside an unprivileged Debian 12 LXC with nesting enabled. Deployments use Docker Compose under /root/<project>.
Configuration
- Compose:
/root/<project>/docker-compose.yml - Environment:
/root/<project>/.env - Persistent data:
/root/<project>/dataor documented Docker volumes - Published host ports:
80,443,2222,5432, and8086
Operational Procedures
ssh docker
docker ps -a
cd /root/<project>
docker compose config
docker compose pull
docker compose up -d
docker compose logs --tail=200
Back up the compose file, .env, bind mounts, named volumes, and application-level database export before an update. Never use broad prune commands during routine maintenance.
Troubleshooting
- Restart loop:
docker inspect <container> --format '{{.State.Error}}'anddocker logs --tail=200 <container>. - Ingress failure: confirm membership in
aproxyand inspect Traefik labels. - Database failure: confirm membership in
backendand test the database service name/port. - Missing deployment source: reconstruct and validate Compose before recreating the container.
Related Systems
References
- Runtime captured June 9, 2026