How to enter/ssh into your docker container

If you want to debug or enter your docker container, you might think that you will easily run a sshd server and that's fine. But it's wrong and most of all: it's not necessary.

Like @jpetazzo explained in "Docker SSHD considered evil": containers run with only one executable as main process. So if you want to have a sshd next to your php-fpm, you will need monit or supervisor to launch them. That's already 3 services in total!

That's why: keep your docker image clean!

But how to enter the container? There is a little tool called "nsenter" (available with util-linux >= 2.24)

$ PID=$(docker inspect --format  <container_name_or_ID>)
$ sudo nsenter --target $PID --mount --uts --ipc --net --pid

There is also a wrapper for the nsenter command from the beginning, called docker-enter (available at https://github.com/jpetazzo/nsenter):

$ sudo docker-enter my_awesome_container ls -la

If you don't have nsenter available (e.g. it does not come with ubuntu, yet), you can install it like this:

$ # use jpetazzo container to build and cat nsenter to /usr/local/bin/nsenter on your local machine
$ sudo docker run jpetazzo/nsenter cat /nsenter > /usr/local/bin/nsenter

or build it on your own (needs the build-essential package):

$ cd /tmp
$ curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf-
$ cd util-linux-2.24
$ ./configure --without-ncurses
$ make nsenter
$ sudo cp nsenter /usr/local/bin/nsenter

Happy debugging.

In docker, open source, ubuntu, vm by
@ 09 Jul 2014, Comments at Reddit & Hackernews

Give something back

Were my blog posts useful to you? If you want to give back, support one of these charities, too!

Report hate in social media Campact e.V. With our technology and your help, we protect the oceans from plastic waste. Gesellschaft fur Freiheitsrechte e. V. The civil eye in the mediterranean

Recent Dev-Articles

Read recently

Recent Files