Docker Environment Variables: How to Set and Configure Server Applications
Whether you are new to Docker or have some experience, this extensive list of 50 Docker variables should introduce you to something new.
Join the DZone community and get the full member experience.
Join For FreeDocker is an open-sourced project that uses containers instead of virtual machines to run server applications. This is a setup that uses fewer resources for development and hosting, so it’s no wonder that Docker is taking the development world by storm. You can even use Docker with ASP.NET, and of course, you can leverage Stackify’s Retrace with your existing stack, including Docker, for true app performance super-power.
Docker environment variables are key elements in this operation, storing data that is specific to each user account accessing the software. This can include:
- Configuration settings
- Encryption keys
External Resource Locations
Docker allows developers to set and manage environment variables in the command line interface (CLI) or an external file (.ENV).
Here are 50 variables that you might use in setting up and configuring applications. When you’re ready to dive into your next project, download our Ultimate Dev Toolbox for the low-down on all the tools you need for rapid dev improvement in one place.
1. CLASSPATH
The “CLASSPATH” variable sets access to third-party libraries and classes.
# default Tomcat environment in the image for versions 7 & 8
CATALINA_BASE: /usr/local/tomcat
CATALINA_HOME: /usr/local/tomcat
CATALINA_TMPDIR: /usr/local/tomcat/temp
JRE_HOME: /usr
CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
2. COMPOSE_API_VERSION
“COMPOSE_API_VERSION” can be used if you cannot immediately upgrade the server version.
ERROR: client and server don't have same version (client : 1.19, server: 1.18) # fix follows export COMPOSE_API_VERSION=1.18
What you need to know:
- The “COMPOSE_API_VERSION” environment variable can be used when Docker shows the “client and server don’t have same version” error.
- Because of the mismatch between servers, some Docker features may not be supported.
- This workaround is not officially supported.
Read this discussion of how to fix the Docker error when “client and server don’t have same version.” (@StackOverflow) Runnable also has a useful primer on advanced Docker compose configuration. (@GetRunnable)
3. COMPOSE_CONVERT_WINDOWS_PATHS
Users of Docker Machine and Docker Toolbox on Windows should always set the “COMPOSE_CONVERT_WINDOWS_PATHS” Docker environment variable.
ERROR: for db Cannot create container for service db: create <volume>: "<volume>" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed ERROR: Encountered errors while bringing up the project. # fix follows COMPOSE_CONVERT_WINDOWS_PATHS=0 # following also works COMPOSE_CONVERT_WINDOWS_PATHS=1
What you need to know:
- The default is 0 (false).
- Enable by setting to 1 (true).
Read this discussion of how to solve “Invalid volume specification” on Windows. (@StackOverflow) Check out this post from Yengas for more. (@YigitcanUCUM)
4. COMPOSE_FILE
The “COMPOSE_FILE” variable specifies the path to the docker-compose.yml file — the Compose file which helps define and run multi-container Docker applications.
It is possible to set the path to multiple Compose files:
# one compose file COMPOSE_FILE=docker-compose.yml # two compose files COMPOSE_FILE=docker-compose.yml:docker-compose.prod.yml
What you need to know:
- Use “:” as the path separator for Linux and macOS machines.
- Use “;” as the path separator for Windows machines.
- Customize the path separator using COMPOSE_PATH_SEPARATOR.
Read this discussion of how to solve issues with “COMPOSE_FILE.” (@StackOverflow) Or, read more about setting the COMPOSE_FILE variable here. (@adrianmouat)
5. COMPOSE_HTTP_TIMEOUT
“COMPOSE_HTTP_TIMEOUT” sets how much time (seconds) that a request to the Docker daemon has before it times out.
# set the timeout to 200 seconds COMPOSE_HTTP_TIMEOUT=200 docker-compose up
What you need to know:
- The “COMPOSE_HTTP_TIMEOUT” Docker environment variable can be used in the CLI.
- Default is 60 seconds.
Read this discussion of how to override the default value of “COMPOSE_HTTP_TIMEOUT.” (@StackOverflow) Here’s another helpful tutorial on overriding it.
6. COMPOSE_PATH_SEPARATOR
“COMPOSE_PATH_SEPARATOR” sets the path separator used in “COMPOSE_FILE.”
# change the separator and use in COMPOSE_FILE COMPOSE_PATH_SEPARATOR=’^’ COMPOSE_FILE=first.yml^second.yml
What you need to know:
- Default path separator for Linux and macOS machines is “:”.
- Default path separator for Windows machines is “;”.
7. COMPOSE_PROJECT_NAME
The “COMPOSE_PROJECT_NAME” environment variable sets the project name. This value will prepend with the service name to the container.
COMPOSE_PROJECT_NAME=newname docker-compose up # web service container will be named newname_web
What you need to know:
- This is an optional setting.
- The default will be the basename of the current working directory.
Read this discussion of how to use “COMPOSE_PROJECT_NAME”. (@Docker)
8. COMPOSE_TLS_VERSION
“COMPOSE_TLS_VERSION” sets the Transport Layer Security (TLS) version to be used for TLS communication with the Docker daemon.
COMPOSE_TLS_VERSION=TLSv1_2 # Docker will use TLS version 1.2
What you need to know:
- The default is TLSv1. The other supported values are:
- TLSv1_1
- TLSv1_2
Read this guide to using TLS with the Docker engine. (@Docker)
9. DOCKER_API_VERSION
Resetting the “DOCKER_API_VERSION” variable can fix an error when the Docker client is not running the same version as the incompatible Docker API.
Error response from daemon: client is newer than server (client API version: x.xx, server API version: 1.23) # fix follows export DOCKER_API_VERSION=1.23
Read this discussion of solving incompatible Docker API and client. (@Docker) Ansible explains this and other common variables in this post. (@ansible)
10. DOCKER_CERT_PATH
“DOCKER_CERT_PATH” contains the location of the client configuration files used for TLS verification.
# Defaults to ~/.docker but the files can be moved $ export DOCKER_CERT_PATH=~/.docker/newdir/ $ docker --tlsverify ps
What you need to know:
- The “DOCKER_CERT_PATH” Docker environment variable configures the path to:
- ca.pem
- cert.pem
- key.pem
Read this guide to protecting the Docker daemon socket. (@Docker) This tutorial will help with Docker Toolbox setup on Windows. (@iRomin)
11. DOCKER_CONFIG
“DOCKER_CONFIG” sets the location of the client configuration files.
# Defaults to ${HOME}/.docker but the files can be moved $ export DOCKER_CONFIG=${HOME}/.docker/newdir/
What you need to know:
- The “–config” command line option overrides the “DOCKER_CONFIG” environment variable.
- This option could be used if there is a need to run multiple clients on one machine.
Read this discussion of how to run multiple versions of Docker client on a machine or check out this tutorial. (@StackOverflow)
12. DOCKER_CONTENT_TRUST
“DOCKER_CONTENT_TRUST” regulates whether content trust is enabled or not. Content trust verifies the integrity and the publisher of data received from a registry over any channel.
# Default is 0; Enable by setting to 1 $ export DOCKER_CONTENT_TRUST=1
What you need to know about “DOCKER_CONTENT_TRUST”:
- The default value is 0 — disabled.
- Content trust can be enabled by setting the value to 1.
Read a tutorial on how to work with Docker content trust. (@Docker) Here’s more info from Oracle. (@Oracle)
13. DOCKER_CONTENT_TRUST_SERVER
The “DOCKER_CONTENT_TRUST_SERVER” variable sets where to find the Notary server. Consumers with the publisher’s public key can communicate with the Notary Server and receive trusted content.
# Default is 0; Enable by setting to 1 $ export DOCKER_CONTENT_TRUST=1 # Now set the Notary server URL $ export DOCKER_CONTENT_TRUST_SERVER=https://notaryserver:4443
Check this guide to creating a sandbox for experimenting with content trust.
What you need to know:
- The default is the registry URL.
- Notary is a Docker project that allows people to publish and verify content. (@Docker)
14. DOCKER_DRIVER
“DOCKER_DRIVER” specifies the graph driver that is used. The graph driver handles the relationships between the layers of content.
# When using services like dind # the overlay driver performs best $ export DOCKER_DRIVER=overlay
The image graphs available:
- vfs
- aufs
- overlay
- overlay2
- btrfs
- zfs
- devicemapper
- windows
There is a fairly deep examination of storage drives in Docker. (@estesp) Check out more from the proof-of-concept project CRIU. (@__criu__)
15. DOCKER_HIDE_LEGACY_COMMANDS
“DOCKER_HIDE_LEGACY_COMMANDS” can be set to show only management commands in the Docker help output. This may become the default in future releases. Which means the “DOCKER_HIDE_LEGACY_COMMANDS” variable would be removed.
What you need to know:
- The “DOCKER_HIDE_LEGACY_COMMANDS” environment variable was created in Docker version 1.13.
- The setting will only show the new management commands available in Docker version 1.13.
Read about the Docker 1.13 management commands. (@couchbase)
16. DOCKER_HOST
“DOCKER_HOST” specifies the daemon socket to connect to.
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running? # Don’t forget to add the port $ export DOCKER_HOST=127.0.0.1:2375
What you need to know:
- “DOCKER_HOST” tells the client how to connect to the daemon.
- The default is a local socket.
This guide explains how “DOCKER_HOST” can help secure the Docker daemon socket. (@Docker) Here’s some info on how to use it with Fabric8. (@fabric8io)
17. DOCKER_MACHINE_NAME
The “DOCKER_MACHINE_NAME” environment variable identifies the Docker machine to run commands.
$ env | grep DOCKER DOCKER_HOST=tcp://192.168.99.101:2376 DOCKER_CERT_PATH=/Users/nathanleclaire/.docker/machines/.client DOCKER_TLS_VERIFY=1 DOCKER_MACHINE_NAME=dev
Read this guide to Docker machine concepts. (@Docker) Or, check out this getting started guide from DevOps Cube. (@devopscube)
18. DOCKER_NOWARN_KERNEL_VERSION
“DOCKER_NOWARN_KERNEL_VERSION” can be set to prevent warnings that your Linux kernel is unsuitable for Docker.
# turn off kernel version warning $ export DOCKER_NOWARN_KERNEL_VERSION=1
What you need to know:
- Docker 1.11 and above do not run on kernel versions earlier than 3.4.
- “DOCKER_NOWARN_KERNEL_VERSION” lets users run Docker at their own risk.
Check out this helpful guide with info on this and other variables from Gerardnico.
19. DOCKER_OPTS
“DOCKER_OPTS” allows the user to set options in the Docker configuration.
# Use DOCKER_OPTS to modify the daemon startup options DOCKER_OPTS = "--dns 8.8.8.8 --dns 8.8.4.4"
What you need to know:
- “DOCKER_OPTS” is often found in configuration files.
Read this discussion of how to modify files to work with “DOCKER_OPTS.” (@StackOverflow) Here’s some useful info from CoreOS on customizing Docker. (@coreos)
20. DOCKER_RAMDISK
The “DOCKER_RAMDISK” variable makes Docker work when root is on a ramdisk.
# tell native driver not tues pivot root $ export DOCKER_RAMDISK=true
What you need to know:
- If set, this will disable ‘pivot_root’.
- If set, Docker uses “chroot.”
Read this discussion of how Docker could be run in memory. (@StackOverflow) Here’s a handy list of commands from TekSlate. (@Tekslate)
21. DOCKER_TLS_VERIFY
“DOCKER_TLS_VERIFY” enables Transport Layer Security (TLS) for the local Docker client
# configu export DOCKER_TLS_VERIFY="1" export DOCKER_HOST="tcp://0.0.0.0:2376" export DOCKER_CERT_PATH="/etc/docker/server.pem" export DOCKER_MACHINE_NAME=dev
What you need to know:
- The “DOCKER_TLS_VERIFY” environment variable default is unset (0).
- Verifies the remote.
Read this discussion about how to set the “DOCKER_TLS_VERIFY” Docker environment variable. (@StackOverflow)
22. DOCKER_TMPDIR
“DOCKER_TMPDIR” sets the location for temporary Docker files. The temporary files are created by operations such as build and load.
# move the subdirectory for temporary files $ export DOCKER_TMPDIR=/var/tmp
What you need to know:
- The default is “/var/lib/docker/tmp”
Read this discussion of how Docker manages and stores files. (@StackOverflow)
23. HOME
The “HOME” variable stores the default location of Docker configuration files.
# code in a Dockerfile USER developer ENV HOME /home/developer
What you need to know:
- “HOME” is used in a Dockerfile.
- Docker sets automatically when new container is created
Read this discussion about setting the “HOME” variable in a Dockerfile. (@StackOverflow) Then, check out this list of Docker tips and tricks from Nathan LeClaire. (@dotpem)
24. HOSTNAME
“HOSTNAME” sets the hostname associated with the container.
# code in a Dockerfile ENV HOSTNAME sandbox
What you need to know:
- “HOSTNAME” is used in a Dockerfile.
- Docker sets automatically when new container is created.
Read this explanation of how to handle a specific hostname in Dockerfile.
25. HTTP_PROXY
“HTTP_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
- The “HTTP_PROXY” environment variable is case sensitive.
- “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Here’s another helpful tutorial on running Docker behind a proxy. (@crondevelopment)
26. HTTPS_PROXY
“HTTPS_PROXY” is also a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
- The “HTTP_PROXY” environment variable is case sensitive.
- “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Superuser also has some helpful info about allowing all Docker containers to use a proxy. (@super_user)
27. JAVA_HOME
“JAVA_HOME” is used to set the home directory of the default Java to be used.
# Setting the Java version and its home directory ENV JAVA_VER 8 ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
What you need to know:
- “JAVA_HOME” should be set in Docker instead of letting the system pick the location automatically.
- Set “JAVA_HOME” to the JDK root folder.
- The official repository has dockerfiles that tell Docker how to create an actual image.
Read this tutorial on how to write a Dockerfile for a simple Java application. (@GetRunnable)
28. JDK_HOME
“JDK_HOME” is used to set the directory in which the Java Development Kit (JDK) is installed.
# set the environment variables ENV JDK_HOME /usr/lib/jvm/jdk1.8.0_101 ENV JAVA_HOME /usr/lib/jvm/jdk1.8.0_101 ENV PATH $PATH:$JAVA_HOME/bin
What you need to know:
- Set “JDK_HOME” in Docker to the JDK root folder to make the package run faster.
Check out this documentation from Confluence on predefined build parameters. (@Confluence)
29. JRE_HOME
“JRE_HOME” is used to set the location of the Java Runtime Environment (JRE).
# default Tomcat environment in the image for versions 7 & 8 CATALINA_BASE: /usr/local/tomcat CATALINA_HOME: /usr/local/tomcat CATALINA_TMPDIR: /usr/local/tomcat/temp JRE_HOME: /usr CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
The “JRE_HOME” variable includes the location of the:
- Java Virtual Machine (JVM)
- Java platform core classes
- Supporting Java platform libraries
Read this article on how to fix “JRE_HOME” errors, as well as this helpful tutorial on configuring this and the JAVA_HOME variable on a Windows server. (@JAMFSoftware)
30. NAME
The “NAME” environment variable sets the container name.
# set the environment variable ENV NAME World
What you need to know:
- If a name is not provided, Docker will generate a random name.
Read this guide on the importance of naming Docker containers. (@Docker)
31. NO_PROXY
“NO_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
- The “HTTP_PROXY” environment variable is case sensitive.
- “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) OpenShift also provides some useful guidance on working with HTTP proxies. (@openshift)
32. PATH
“PATH” sets a directory on the local filesystem.
# update PATH ev in Docker container ENV PATH "$PATH:/new/path"
What you need to know:
- “PATH” is set automatically when a new container is created.
- When a relative path is set, it is relative to the location of the Compose file.
Read this discussion on how to update “PATH.” (@StackOverflow) CloudBees also has some helpful information on controlling environment variables inside a Docker container. (@CloudBees)
33. TERM
“TERM” needs to be set when console programs that create text-based user interfaces are used.
# getting error msg TERM environment variable not set. ENV TERM xterm
What you need to know:
- If the container was not started with the –tty option, then TERM needs to be manually set.
- –tty sets TERM to xterm
- Also, adding “ENV TERM xterm” to the Dockerfile will work.
- Terminals supported:
- xterm
- vt220
- xterm-color
- putty
- konsole
- Eterm
- rxvt
- gnome
- screen
- linux
- dumb
Read this discussion of how to fix terminal-related issues. (@StackOverflow) AndyK Docs offers some guidance on this, as well. (@andreaskoch)
34. AWS_ACCESS_KEY_ID
“AWS_ACCESS_KEY_ID” sets the access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.
# use flags on the command line $ docker-machine create --driver amazonec2 --amazonec2-access-key AKI******* --amazonec2-secret-key 8T93C*******
What you need to know:
- The “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY” variables are needed to create machines on AWS.
- AWS access credential variables can be stored in the file ~/.aws/credentials
Read this guide to working with AWS credentials. (@awscloud) Here’s another discussion thread on the topic at CircleCI. (@circleci)
35. AWS_SECRET_ACCESS_KEY
“AWS_SECRET_ACCESS_KEY” sets the secret access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.
# create during runtime docker run -e AWS_ACCESS_KEY_ID=AKI**** -e AWS_SECRET_ACCESS_KEY=shhhhhh myimage
What you need to know:
- The “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY” environment variables are needed to create machines on AWS.
- AWS access credential variables can be stored in the file ~/.aws/credentials
- AWS does not reset or retrieve secret access keys. They need to be recreated if lost.
Read this guide to the AWS secret access key. (@awscloud) Also, check out kms-env, a tool for encrypting and decrypting variables using KMS to support passing them to Docker containers. (@npm_support)
36. AWS_SESSION_TOKEN
“AWS_SESSION_TOKEN” sets temporary credentials for an Amazon Web Services (AWS) account.
# Access Key ID AWS_ACCESS_KEY_ID=AKID # Secret Access Key AWS_SECRET_ACCESS_KEY=SECRET # Session Token AWS_SESSION_TOKEN=TOKEN
What you need to know:
- “AWS_SESSION_TOKEN” is not required to be set.
- AWS access credential variables can be stored in the file ~/.aws/credentials
- Temporary credentials are valid from 15 minutes to 36 hours. Default: 12 hours.
Read this guide to using temporary security credentials to request access to AWS resources. (@awscloud) Ryan Nickel also offers some useful information on playing with variables. (@rnickel)
37. AWS_AMI
“AWS_AMI” returns the Amazon Machine Image (AMI).
export AWS_AMI=ami-5189a661 #Ubuntu Server 14.04 LTS (HVM)
What you need to know:
- Only the default Docker AWS AMI is supported.
- “AWS_AMI” refers to a virtual machine image.
- The default SSH username for the default AMIs is ubuntu.
Read this discussion of how Docker containers compare to the AMI images. (@Docker) Also, check out Yevgeniy Brikman’s in-depth tutorial on running Docker on AWS from the ground-up. (@brikis98)
38. AWS_DEFAULT_REGION
“AWS_DEFAULT_REGION” sets where to make Amazon Web Services (AWS) calls against. This is usually the region closest to you, but it can be any region.
# set configuration export AWS_ACCESS_KEY_ID="TBD" export AWS_SECRET_ACCESS_KEY="TBD" export AWS_DEFAULT_REGION="eu-west-1"
What you need to know:
- The “AWS_DEFAULT_REGION” default is “us-east-1.”
- Available regions are:
- ap-northeast-1 (ami-b36d4edd)
- ap-southeast-1 (ami-1069af73)
- ap-southeast-2 (ami-1d336a7e)
- ca-central-1 (ami-ca6ddfae)
- cn-north-1 (ami-79eb2214)
- eu-west-1 (ami-8aa67cf9)
- eu-central-1 (ami-ab0210c7)
- sa-east-1 (ami-185de774)
- us-east-1 (ami-26d5af4c)
- us-west-1 (ami-9cbcd2fc)
- us-west-2 (ami-16b1a077)
- us-gov-west-1 (ami-b0bad893)
See the Region Table for the supported services per region. (@awscloud)
39. AWS_VPC_ID
“AWS_VPC_ID” sets the name of the virtual private cloud (VPC) dedicated to the Amazon Web Services (AWS) account.
# set configuration $ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxx $ export AWS_ACCESS_KEY_ID=yyyyyyyyyy $ export AWS_VPC_ID=vpc-12345678
Read this guide to the Amazon virtual private cloud. (@awscloud) Check out Sedden’s tutorial on getting started with Docker Machine on Amazon EC2. (@sedden)
40. AWS_ZONE
“AWS_ZONE” sets the Amazon Web Services (AWS) availability zone to set the instance in. Availability zones are distinct locations that are engineered to be isolated from failures in other availability zones.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
- The “AWS_ZONE” default is a.
- AWS independently maps availability zones to identifiers for each account.
Read this guide to regions and availability zones in Amazon Web Services (AWS). (@awscloud) Also, you might find this tutorial from PromptWorks on handling environment secrets in Docker on the AWS container service helpful. (@PromptWorks)
41. AWS_SUBNET_ID
“AWS_SUBNET_ID” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) subnet ID.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
- Each subnet resides entirely within one availability zone and cannot span zones.
Read this guide to subnet basics in Amazon Web Services (AWS). (@awscloud) Also, check out this article on Medium about using Docker and AWS for a better dev/test experience. (@AWSstartups)
42. AWS_SECURITY_GROUP
“AWS_SECURITY_GROUP” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) security group name.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
- The “AWS_SECURITY_GROUP” default is docker-machine.
- The security group will be associated to the host.
- Following ports will be opened inbound:
- ssh (22/tcp)
- docker (2376/tcp)
- swarm (3376/tcp), only if the node is a swarm master
Read this guide to Amazon Web Services (AWS) virtual private cloud (VPC) security groups. (@awscloud)
43. AWS_TAGS
“AWS_TAGS” sets the Amazon Web Services (AWS) tag key-value pairs that can be passed with the instance provisioning.
# tags to use aws_tags key1,value1,key2,value2
What you need to know:
- “AWS_TAGS” separates keys and values by comma.
- The tags are stored as strings.
Read this guide to Amazon Web Services (AWS) tagging strategies. (@awscloud)
44. AWS_INSTANCE_PROFILE
“AWS_INSTANCE_PROFILE” sets the Amazon Web Services (AWS) IAM role name to be used as the instance profile.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_INSTANCE_PROFILE export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
- AWS Identity and Access Management (IAM) is a feature that manages users and their access to AWS resources.
- IAM role credentials automatically rotate about every 15 minutes. This prevents stolen credentials from being valid for long.
Read this guide to IAM best practices. (@awscloud) Lyft Engineering also provides some information on scoping AWS IAM roles to Docker containers in this Medium article. (@lyfteng)
45. AWS_INSTANCE_TYPE
“AWS_INSTANCE_TYPE” specifies the instance type to run.
# create machine “aws-test” docker-machine create -d amazonec2 \ --amazonec2-region us-west-2 \ --amazonec2-instance-type "t2.micro" \ --amazonec2-ssh-keypath ~/.ssh/ssh_key \ aws-test
What you need to know:
- The “AWS_INSTANCE_TYPE” Docker environment variable defaults to t2.micro.
- The instance type refers to the hardware configuration that determines resources available.
Check this list of Amazon EC2 instance types. (@awscloud)
46. AWS_DEVICE_NAME
The “AWS_DEVICE_NAME” variable specifies the EBS volume name to be attached to the instance.
# set up instance $ export AWS_AMI="ami-11c57862" $ export AWS_DEFAULT_REGION="eu-west-1" $ export AWS_DEVICE_NAME="/dev/xvda" $ export AWS_INSTANCE_TYPE="t2.small" $ export AWS_SSH_USER="admin"
What you need to know:
- “AWS_DEVICE_NAME” defaults to /dev/sda1.
Read this discussion about creating an instance with the default device name. (@Docker)
47. AWS_ROOT_SIZE
“AWS_ROOT_SIZE” specifies the size of the disk to be attached to the instance in gigabytes.
# default values used for EC2 instances AWS_INSTANCE_TYPE=t2.micro AWS_ROOT_SIZE=16
What you need to know:
- “AWS_ROOT_SIZE” defaults to 16 gigabytes.
Read this guide to Amazon EC2 root device volumes. (@awscloud)
48. AWS_VOLUME_TYPE
“AWS_VOLUME_TYPE” specifies the Amazon EBS volume type to be attached to the instance.
# default values AWS_INSTANCE_TYPE=t2.micro AWS_ROOT_SIZE=16 AWS_VOLUME_TYPE= gp2
What you need to know:
- “AWS_VOLUME_TYPE” defaults to gp2.
- The Amazon EBS volume types available:
- gp2 — General purpose solid-state drive.
- io1 — High performance solid state drive.
- st1 — Frequently accessed hard disk drive.
- sc1 — Less frequently accessed hard disk drive.
Read this guide to Amazon EBS volume types. (@awscloud)
49. AWS_SSH_USER
“AWS_SSH_USER” specifies the SSH Login username.
# set up configuration export AWS_AMI="ami-971a65e0" export AWS_DEFAULT_REGION="eu-west-1" export AWS_VPC_ID="vpc-69c9a10c" export AWS_INSTANCE_TYPE="t1.micro" export AWS_SSH_USER="admin"
What you need to know:
- The “AWS_SSH_USER” Docker environment variable is ubuntu.
- “AWS_SSH_USER” must match the default SSH user set in the AMI used.
Read this guide to connecting to an instance using SSH. (@awscloud)
50. AWS_SSH_KEYPATH
“AWS_SSH_KEYPATH” specifies the path to the SSH private key file to use for the instance.
# where to find the SSH key file export AWS_SSH_KEYPATH = ~/.ssh/ssh_key
What you need to know:
- If “AWS_SSH_KEYPATH” is not specified, Docker Machine will generate a new key for the current instance.
- Matching public key with .pub extension should exist.
Read this guide to generating an SSH key. (@awscloud) Here’s some additional information on configuring credentials from Docker. (@Docker)
What variables do you use most to set up and configure server applications? Share your thoughts with us in the comments below.
Published at DZone with permission of Angela Stringfellow, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments