# Docker tricks

### Nsenter
I often wish to use networking utilities to investigate Docker problems without having to install them inside my containers or, worse, having to bake them into my images. Enter Nsenter:

```sh
# Show the listening TCP sockets in the Docker container named 'boop'.
sudo nsenter --net --target "$(sudo docker inspect -f {{.State.Pid}} boop)" \
    ss -ltnp

# Identify all established HTTP connections to Bunnyinfo.local from the first
# container associated with the 'bunnyfacts' Swarm service.
sudo nsenter --net \
    --target "$(sudo docker inspect -f {{.State.Pid}} \
                    "$(sudo docker ps -qfname=bunnyfacts | head -1)")" \
    conntrack -L -d "$(getent hosts bunnyinfo.local. |
                           awk '{ print $1; exit }')" \
        -p tcp --dport 80 --state ESTABLISHED
```

This works with the other user namespaces too.

## Navigation
=> index.gmi Site index
=> gemini://sdf.org/nepeta/docker.gmi Gemini permalink for this page
=> http://nepeta.chaosnet.org/docker.html HTTP permalink for this page