Docker Alpine Install

/ Comments off



If you want to shrink your Docker images, have your services start faster and be more secure then try Alpine out.

Sending build context to Docker daemon 109.6 kB Step 1: FROM ubuntu:14.04 - b549a9959a66 Step 2: RUN apt-get update -y - Using cache - 2c Step 3: RUN apt-get install -y git curl apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysql python3.4 python-pip - Running in 49252a6d0eb1 Reading package lists. Install Compose on Linux systems. On Linux, you can download the Docker Compose binary from the Compose repository release page on GitHub.Follow the instructions from the link, which involve running the curl command in your terminal to download the binaries. In this lab we will learn how to install certbot using the official nginx:alpine docker image and use it to create a SSL certificate for our domain. Note that in order to make it work you must own the domain for which you’ll be fetching a certificate and it must resolve to the public IP address where the docker container is exposed. The following multi-platform Docker images are available: gitlab/gitlab-runner:latest based on Ubuntu. Gitlab/gitlab-runner:alpine based on Alpine with much a smaller footprint (160/350 MB Ubuntu vs 45/130 MB Alpine compressed/decompressed). See GitLab Runner source for possible build instructions for both Ubuntu and Alpine images.

Quick Jump: Why Alpine?|The Main Benefit Is Shrinkage|Alpine Is Fast|Alpine is Secure

It’s no secret by now that Docker is heavily using Alpine as a base image for official Docker images. This movement started near the beginning of 2016.

Fast forward to today and nearly every official Docker image has a tag for Alpine.

You don’t just wake up one morning and decide to make a sweeping change like that. Especially not when the previous official base image of choice was Debian – which is well known for being super solid. What would cause such a move?

By the way, if you want, you can still use the Debian version of official Docker images today.

Why Alpine?

Alpine describes itself as:

Small. Simple. Secure. Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.

That sounds like it could be interesting, but what does that really mean for you and me, or anyone who uses Docker on a regular basis?

The Main Benefit Is Shrinkage

In most other contexts (such as doing laundry), “shrinkage” is a pretty bad thing, but in the world of Docker, you should look forward to it because it means your Docker images will be smaller.

The Dockerized version of Alpine 3.6 weighs in at 3.98MB.

For comparison, here’s how Alpine compares to other popular distributions of Linux:

DISTRIBUTIONVERSIONSIZE
DebianJessie123MB
CentOS7193MB
Fedora25231MB
Ubuntu16.04118MB
Alpine3.63.98MB

Wow, check out the difference in size. Alpine is about 30x smaller than Debian.

The Docker Hub has handled a ton of pulls. By investigating its public API we can see that Debian has gotten 35,555,107 pulls and Alpine has gotten 135,136,475 pulls at the time of this article.

Docker Alpine Install Gcc

Are all of these pulls resulting in every byte transferred? Probably not, but your guess is as good as mine. At the very least, it puts things into perspective.

Estimated costs for transferring Debian and Alpine ~35 million times over S3:

DISTRIBUTIONGIGS TRANSFERREDS3 TRANSFER COST
Debian4,373,278$416,310.72
Alpine141,509$17,832.06

So just to transfer Debian vs Alpine ~35 million times at a cost of S3’s pricing calculator, there’s a difference of nearly $400,000 USD.

I know you’re probably not operating at that scale (neither am I), but there is a real savings when it comes to transfer costs in the cloud at all levels of scale.

Being able to cut your image size down by over 100MB is a big deal.

In real world web applications which have lots of packages installed, I still see about a 2x or 3x savings in final image size with Alpine, so it’s not only useful in micro-benchmarks. The ~100MB savings is static regardless of what’s being built into your image.

Alpine Is Fast

Cost isn’t the only win when dealing with smaller Docker images.

Let’s say that you wanted to pull down a Docker image and install curl. How long would this take with Debian vs Alpine?

I’m going to perform 2 tests here:

  1. The first test will be on a fresh box where I need to download the base Docker image onto the system using a 30MB home grade cable connection and install curl.

  2. The second test will be the same as the above, except the system will already have the base Docker image on the machine before installing curl.

Test 1: Downloading the Base Image on a Fresh Machine

Debian

So we’re looking at about 28 real life seconds for it to pull down Debian, run an apt-get update and then install curl.

Alpine

On the other hand, with Alpine, it finished about 5x faster. Waiting 28 vs 5 seconds is no joke. That’s a substantial amount of time.

Think about how lame it is to wait for your programming tests to finish in 30 seconds or 5.

Test 2: The Machine Already Has the Docker Image Downloaded

Debian

Clearly my 30MB cable connection is the bottleneck, but it still took over 9 seconds just to run apt-get update and install curl.

Install

Alpine

On the other hand, Alpine zipped through it in 3 seconds flat. That’s about a 3x improvement.

What Does That Mean for You?

When pulling down new Docker images onto a fresh server, you can expect the initial pull to be quite a bit faster on Alpine. The slower your network is, the bigger the difference it will be.

If you’re in a position where you have auto-scaling in place and are spinning up A LOT of servers then this is a pretty big deal. It means your servers will be ready to accept traffic at a faster rate.

If you’re not spinning up a lot of servers then the speed benefit goes way down, but hey, you’re still saving over 100MB in data transfer and storage costs.

Alpine is Secure

Another perk of being much smaller in size is that the surface area to be attacked is much less.

When there’s not a lot of packages and libraries on your system, there’s very little that can go wrong.

A few years ago there was a nasty Bash exploit that let an attacker gain control over your machine if you were afflicted by what they named “ShellShock”.

Alpine was immune to that attack because Bash isn’t installed by default.

Batteries Available but Not Included

Also, most distributions run a ton of services by default. The ps aux output on a fresh Debian or Ubuntu system is a mile long. This might be reasonable for a non-Docker set up, but chances are your Dockerized application doesn’t need most of what’s started by default.

Alpine takes a much different approach. It doesn’t start too much up by default and expects you to only start the things you need. This is perfect for a Dockerized application.

Use the Best Tool for the Job

Alpine has also taken a strong stance on security in general. The dev team isn’t afraid to swap out certain packages for a more secure variant of it. For example they replaced OpenSSL with LibreSSL.

I really like this quote from the above link:

While OpenSSL is trying to fix the broken code, libressl has simply removed it.

I think that really sums up Alpine. It truly lives by what it promises, which is to be a small and secure Linux distribution. It’s the perfect combo to use with Docker when used as a base Docker image.

What do you think about Alpine?

Estimated reading time: 7 minutes

You can run Compose on macOS, Windows, and 64-bit Linux.

Prerequisites

Docker Compose relies on Docker Engine for any meaningful work, so make sure youhave Docker Engine installed either locally or remote, depending on your setup.

  • On desktop systems like Docker Desktop for Mac and Windows, Docker Compose isincluded as part of those desktop installs.

  • On Linux systems, first install theDocker Enginefor your OS as described on the Get Docker page, then come back here forinstructions on installing Compose onLinux systems.

  • To run Compose as a non-root user, see Manage Docker as a non-root user.

Install Compose

Follow the instructions below to install Compose on Mac, Windows, Windows Server2016, or Linux systems, or find out about alternatives like using the pipPython package manager or installing Compose as a container.

Install a different version

The instructions below outline installation of the current stable release(v1.28.6) of Compose. To install a different version ofCompose, replace the given release number with the one that you want. Composereleases are also listed and available for direct download on theCompose repository release page on GitHub.To install a pre-release of Compose, refer to the install pre-release buildssection.

Install Compose on macOS

Docker Desktop for Mac includes Compose alongwith other Docker apps, so Mac users do not need to install Compose separately.For installation instructions, see Install Docker Desktop on Mac.

Install Compose on Windows desktop systems

Docker Desktop for Windows includes Composealong with other Docker apps, so most Windows users do not need toinstall Compose separately. For install instructions, see Install Docker Desktop on Windows.

If you are running the Docker daemon and client directly on MicrosoftWindows Server, follow the instructions in the Windows Server tab.

Install Compose on Windows Server

Follow these instructions if you are running the Docker daemon and client directlyon Microsoft Windows Server and want to install Docker Compose.

  1. Start an “elevated” PowerShell (run it as administrator).Search for PowerShell, right-click, and chooseRun as administrator. When asked if you want to allow this appto make changes to your device, click Yes.

  2. In PowerShell, since GitHub now requires TLS1.2, run the following:

    Then run the following command to download the current stable release ofCompose (v1.28.6):

Note: On Windows Server 2019, you can add the Compose executable to $Env:ProgramFilesDocker. Because this directory is registered in the system PATH, you can run the docker-compose --version command on the subsequent step with no additional configuration.

  1. Test the installation.

Install Compose on Linux systems

On Linux, you can download the Docker Compose binary from theCompose repository release page on GitHub.Follow the instructions from the link, which involve running the curl commandin your terminal to download the binaries. These step-by-step instructions arealso included below.

For alpine, the following dependency packages are needed:py-pip, python3-dev, libffi-dev, openssl-dev, gcc, libc-dev, rust, cargo and make.

  1. Run this command to download the current stable release of Docker Compose:

    To install a different version of Compose, substitute 1.28.6with the version of Compose you want to use.

    If you have problems installing with curl, seeAlternative Install Options tab above.

  2. Apply executable permissions to the binary:

Note: If the command docker-compose fails after installation, check your path.You can also create a symbolic link to /usr/bin or any other directory in your path.

For example:

  1. Optionally, install command completion for thebash and zsh shell.

  2. Test the installation.

Alternative install options

Install using pip

For alpine, the following dependency packages are needed:py-pip, python3-dev, libffi-dev, openssl-dev, gcc, libc-dev, rust, cargo, and make.

Compose can be installed frompypi using pip. If you installusing pip, we recommend that you use avirtualenv because many operatingsystems have python system packages that conflict with docker-composedependencies. See the virtualenvtutorial to getstarted.

If you are not using virtualenv,

pip version 6.0 or greater is required.

Install as a container

Compose can also be run inside a container, from a small bash script wrapper. Toinstall compose as a container run this command:

Install pre-release builds

If you’re interested in trying out a pre-release build, you can download releasecandidates from the Compose repository release page on GitHub.Follow the instructions from the link, which involves running the curl commandin your terminal to download the binaries.

Pre-releases built from the “master” branch are also available for download athttps://dl.bintray.com/docker-compose/master/.

Docker Alpine Install Git

Pre-release builds allow you to try out new features before they are released,but may be less stable.

Upgrading

If you’re upgrading from Compose 1.2 or earlier, remove ormigrate your existing containers after upgrading Compose. This is because, as ofversion 1.3, Compose uses Docker labels to keep track of containers, and yourcontainers need to be recreated to add the labels.

Docker Alpine Install Centos

If Compose detects containers that were created without labels, it refusesto run, so that you don’t end up with two sets of them. If you want to keep usingyour existing containers (for example, because they have data volumes you wantto preserve), you can use Compose 1.5.x to migrate them with the followingcommand:

Alpine

Alternatively, if you’re not worried about keeping them, you can remove them.Compose just creates new ones.

Uninstallation

To uninstall Docker Compose if you installed using curl:

Docker alpine install centos

Docker Alpine Install Windows

To uninstall Docker Compose if you installed using pip:

Docker Alpine Install Gcc

Got a “Permission denied” error?

If you get a “Permission denied” error using either of the abovemethods, you probably do not have the proper permissions to removedocker-compose. To force the removal, prepend sudo to either of the abovecommands and run again.

Where to go next

compose, orchestration, install, installation, docker, documentation