Posts

By default, Compose pulls an image when it’s missing locally and uses the cached one otherwise. pull_policy lets you change that behavior per service. The policies services: web: image: nginx pull_policy: always Available values: missing (default when no build: is defined): pull only if the image is not present locally. Alias: if_not_present. Note: the latest tag is always pulled even with this policy. always: pull on every up, even if the local image is recent never: don’t pull, fail if the image is missing build: build the image, rebuilds even if it’s already present locally daily: check the registry if the last pull was more than 24 hours ago weekly: check the registry if the last pull was more than 7 days ago every_<duration>: check the registry if the last pull was older than the given duration. Units: w, d, h, m, s (or any combination, e.g. every_12h, every_30m, every_1d12h) When to use each always for development against a fast-moving tag: ...

Compose volumes default to local disk on the host running the container. When you need storage shared across hosts, a volume driver does the job. The built-in local driver already supports NFS through its options. Basic NFS mount Declare a volume that points to an NFS export: volumes: shared: driver: local driver_opts: type: nfs o: "addr=nfs-server.example.com,rw,nfsvers=4" device: ":/exports/shared" services: app: image: myapp volumes: - shared:/data The app service mounts /exports/shared from the NFS server at /data inside the container. Multiple containers (or even multiple Compose stacks on different hosts) can mount the same volume to share data. ...

By default, containers inherit DNS configuration from the Docker daemon. When you need to override that, three directives give you full control: dns:, dns_search:, and dns_opt:. Setting custom DNS servers dns: overrides which resolvers the container queries: services: app: image: myapp dns: - 1.1.1.1 - 8.8.8.8 The container now uses Cloudflare and Google DNS instead of whatever the host provides. Useful when: The host DNS is slow or unreliable for your use case You need a specific public DNS for content filtering (Pi-hole, NextDNS) A development environment must reach internal services through a corporate DNS server Search domains dns_search: adds search domains so short names resolve against them: ...

Need to grab a log file out of a container? Push a quick config change for a one-off test? Don’t redeploy with a bind mount, just use docker compose cp. Basic usage The syntax mirrors docker cp but resolves service names instead of container IDs: # Copy from container to host docker compose cp <service>:<container-path> <host-path> # Copy from host to container docker compose cp <host-path> <service>:<container-path> The direction is determined by which side has the service: prefix. ...

CPU and memory limits (Tip #16) cover the obvious resources. Two more options solve specific problems: ulimits for kernel limits and shm_size for shared memory. ulimits: kernel resource limits ulimits controls per-container limits the Linux kernel enforces: open file descriptors, processes, locked memory, and others. services: api: image: myapi ulimits: nofile: soft: 65536 hard: 65536 nproc: 4096 soft is the default, hard is the maximum the process can raise itself to. For most simple cases, set them equal. ...