Develop Reference

Bcrypt docker passwd using --admin-passwd

What is wrong with the following command? It is intended to create a portainer container with admin passwd 'portainer':
docker run --rm -d --name "portainer" -p "127.0.0.1:9001:9000" -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer --admin-password='$2a$10$0PW6gPY0TSeYzry2RSakl.7VUVmzdmD6mQPcemiG6i2vfJGGGePYu'
It leads to a Portainer container that will deny access for 'admin', saying that passwd 'portainer' is invalid. Details:
I put it into a .bat file. The thing runs on docker CE in Windows 10.
The longish crypt string within single quotes is a bcrypt equivalent of 'portainer', the designated admin password. I created and checked it here: https://www.javainuse.com/onlineBcrypt
Prior to running the command I stopped and removed an old portainer container, and even said docker volume rm portainer_data.
Doubling the "$" to "$$" did not solve the issue.
The command is deeply inspired by the official portainer docs: https://documentation.portainer.io/v2.0/deploy/initial/
For now I have a simple workaround: Simply drop that --admin-passwd parameter. Given that I grant a volume to portainer, I can just define a passwd at first start. However, I'd still prefer the script-only solution. Any ideas?

Here it is the solution you need:
docker run --detach \
--name=portainer-ce \
-p 8000:8000 \
-p 9000:9000 \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /volume1/docker/portainer-ce:/data \
portainer/portainer-ce \
--admin-password="$(htpasswd -nb -B admin adminpwPC | cut -d ':' -f 2)"

Traefik on Docker stripprefix / to current directory

I am trying to setup a simple stripprefix middleware using Docker Desktop with unix containers and i get a very wiered behavior.
The static traefik-config comes from environment-variables:
docker run -p 8080:8080 -p 80:80 -p 443:443 --rm \
-a STDOUT \
--name traefik \
--network elastic \
-e TRAEFIK_ACCESSLOG=false \
-e TRAEFIK_API_INSECURE=true \
-e TRAEFIK_PROVIDERS_DOCKER_ENDPOINT="tcp://docker.for.win.localhost:2375" \
-e TRAEFIK_PROVIDERS_DOCKER_NETWORK="elastic" \
-e TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=false \
-e TRAEFIK_LOG_LEVEL=DEBUG \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.crt:/ssl/traefik-server.crt \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.key:/ssl/traefik-server.key \
${custom_image}
I start a service using a middleware defined with labels like this:
-l traefik.http.routers.test.middlewares=test \
-l traefik.http.middlewares.test.stripprefix.prefixes=/test/my-service \
-l traefik.http.middlewares.test.stripprefix.forceslash=false
As a result i would expect a stripprefix-middleware with "/test/my-service" appear in traefik dashboard.
Instead
A stripprefix-middleware with "C:/dev/tools/git/" appears in the treafik dashboard. Appearently traefik somehow resolves the first "/" into the directory-path.
I start the whole thing using Git-Bash.
If anyone encountered something like this, i would really appreciate some pointers...
P.S.: i also tried all kinds of escaping and quoting i could think of

Maybe to prevent others wasting as much time....
... Turns out that git-bash for windows does some crazy stuff before handing the commands to docker.
Executing the exact same config using IntelliJ (docker-integration) or powershell does not replace the leading "/" with a windows path.

Run a Docker Container from a Desktop File Without Terminal GUI?

I have a couple of Docker images I've built for this and that;one for scanner program, another for a browser etc. Once I had them working, I created .desktop files that execute a bash run scripts I've created to run a container with them.
My question is: is there a way to run the .desktop file without the terminal GUI showing up? I've tried a couple of approaches with no success.
For instance, I've tried:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec=gnome-terminal -e
"/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh"
Type=Application
Terminal=false
As well as:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec="/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh"
Type=Application
Terminal=true
Both of these execute the scripts just fine of course, I'd just like it better if the application launched without a terminal GUI launching first.
Host System:
CentOS 7 - Gnome 3 Desktop
One example of a run script:
#!/bin/bash
HOST_UID=$(id -u)
HOST_GID=$(id -g)
XSOCK=/tmp/.X11-unix &&
XAUTH=/tmp/.docker.xauth &&
touch $XAUTH &&
xauth nlist :0 | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge - &&
#These are only run the first time a container is run from the image
#docker run -e NEW_USER="${USER}" -e NEW_UID="${HOST_UID}" -e
#NEW_GID="${HOST_GID}" hildy/gscan2pdf:v1
#LAST_CONTAINER=$(docker ps -lq) &&
#docker commit "${LAST_CONTAINER}" hildy/gscan2pdf:v1
docker run \
-ti \
--user $USER \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
-v $XAUTH:$XAUTH -v $XSOCK:$XSOCK -v /home/$USER:/home/$USER \
-e XAUTHORITY=$XAUTH -e DISPLAY \
--entrypoint "" hildy/gscan2pdf:v1 gscan2pdf &>/dev/null

I have found an answer to my question. The issue was that the command to run the container contained the -i option for an interactive terminal. #sneep was correct in the comments to the question when he said "It should work with Terminal=false." His technique to add a line to the script to create a log file is also a great technique, which I will certainly use in the future and it helped me to diagnose the issue.
I can also confirm that replacing -it with -d for detached mode, as suggested by #Oleg Skylar, works.
Amended Docker command for the run script:
docker run \
-t \
--user $USER \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
-v $XAUTH:$XAUTH -v $XSOCK:$XSOCK -v /home/$USER:/home/$USER \
-e XAUTHORITY=$XAUTH -e DISPLAY \
--entrypoint "" hildy/gscan2pdf:v1 gscan2pdf &>/dev/null
Amended .desktop file:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec=/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh
Type=Application
Terminal=false
StartupNotify=true

Why does my bash script move beyond "docker run" even tho docker is still running?

I am trying with a bash script to run a docker container then print a message. However the finished message is executed whilst the container is still running - I can exec into it and see PID 1 and multiple other processes.
How can I force the docker run command to complete first?
docker run --name registr \
-v ~/v1:/v1 \
-v ~/logging.yaml:/root/logging.yaml \
-v ~/.aws:/root/.aws \
-v ~/luigi.cfg:/root/luigi.cfg \
-v ~/params:/root/params \
-p 8082:8082 \
simonm3/registr
echo "docker finished"
The docker image has CMD ["python", "/root/worker/start.py"]

How to check whether a docker service is already running on UCP using shell script

I want to check whether a docker service is running or not.
if it's running I want to remove that service and create the new one
I am doing this task with shell script
I am providing the code snippet of my shell script where I am facing
Error response from daemon: service data-mapper-service not found
if [[ "$(docker service inspect ${DOCKER_SERVICE_NAME} 2> /dev/null)" != "" ]]; then
docker service rm ${DOCKER_SERVICE_NAME}
else echo "service doesn't exist or may have been removed manually"
fi
docker service create \
--name ${DOCKER_SERVICE_NAME} \
--network ${OVERLAY_NETWORK} \
--reserve-memory ${10} \
--constraint node.labels.run_images==yes \
--mode global \
--with-registry-auth \
--restart-condition any \
-p ${EXTERNAL_PORT}:${INTERNAL_PORT} \
-e "SPRING_PROFILES_ACTIVE="${SPRING_PROFILE} \
-e "JAVA_OPTS: -Xms256m -Xmx512m" \
${DTR_HOST_NAME}/${DTR_ORG_NAME}/${DTR_REP_NAME}:${BUILD_NUMBER}
I am getting the error on if statement line.
If the service is running and I trigger this shell script everything runs fine, But if the service is not running and I trigger this shell script I am facing above mention error.