Docker Compose Volumes Empty?

The problem is that you’re expecting files from the Container to be mounted on your host.
This is not the way it works: it’s the other way around:
Docker mounts your host folder in the container folder you specify. If you go inside the container, you will see that where there were supposed to be the init files, there will be nothing (or whatever was in your host folder(s)), and you can write a file in the folder and it will show up on your host.

Answer from: https://stackoverflow.com/questions/42395748/docker-compose-volume-is-empty-even-from-initialize

Why I no longer call them goals

Calling your goals, “goals”, leaves you at a disadvantage. From now on, I suggest that you call them outcomes.

Let me tell you why. An article in the New York Times spells it out clearly: names have power. The way in which we speak about things affects our brains.

The term “goals”, has multiple meanings, depending on the context. In one way it means where you’d like to be, but in many other instances, it can mean, dreams, vision or desire. A wish, far off, into the future. Goals also have you thinking about the end result and not so much on how to get there.

Calling your goal an outcome, automatically implies that, for something to come out, something must go in. Your mind starts to wonder about how, and as research has shown, we solve problems in our sleep. The more you think about your outcomes the more you are likely to work towards them.

I have made a decision. I will only put my dreams on my outcomes list if I have attached a new habit to it. Want to lose weight? Add the habits of a better diet and regular exercise. Want to earn more money? Attach the habit of developing your skills and reading. If the outcome is worth pursuing the habit is worth cultivating.

If what you are thinking about is truly a “goal”, try something more specific, like dream, vision or desire, but don’t call them goals.

Featured image by Andrey Larin https://unsplash.com/photos/Kodkas71tT8

Outstanding Advice from a tribe of mentors

This will be my final post covering tribe of mentors. If you are a little bit lost and not sure which direction to take you will find a lot of great advice and pointers from this book. It is a great reference book and I’d recommend it to all.

In a previous post, I wrote a quick review on the book Tribe of Mentors but I also wanted to give you some of the advice that stood out to me.

1- Personal Development and Routine

Discipline = Freedom. We are always between freedom and bondage. We move away from freedom when we lack discipline. Freedom to choose the life you want comes only by discipline. There are extreme cases where one really can’t choose, but for the average person, this is a fortunate choice to have.

To become the best you, you must work on your own weaknesses continuously.

2 – Learning

The best student wins. Make sure that you are a life long student, make sure you grow to become the best student.

All successful people read a lot. An example is Terry Cruise. He is a man of great depth who has an incredible reading list. You would think that comedians are just naturally good at telling stories that make people laugh. Now I know why some comedians make it in life: they read! See Trevor Noah’s favorite books as an example: https://www.nytimes.com/2016/11/11/t-magazine/entertainment/trevor-noah-favorite-books-list.html

Be in a hurry to learn, not to get validation. Embrace change and keep learning, the only way to stay relevant.

We arrive at certain destinations because of our decisions. Our choices are mostly a result of how we weighed our options. From Julia Galef’s interview, I learned that most advice is one size fits all but that the best advice helps one improve judgment.

Tom Peters stated, “The number one failings of CEOs: they don’t read enough”. I was so inspired by how much the mentors read and how many of them actually made time for reading in their schedule. Reading is absolutely critical. You can not avoid this if you desire growth. Reading is probably the most important career and life habit and is one strand that connects all the mentors. To be well prepared for all situations one must read a wide range of topics, even poetry.

3- Health.

In pursuit of success, you can’t ignore your health.  Resting is important, simply put: Uptime is as important as downtime and growth come from periods of rest.

Even if you don’t exercise you should at least make time to walk. Make it part of your life. Walk a little.

Eating healthy is critical and sugar is toxic. Avoid sugar especially soda and juice.

The important things in life must be done in parallel: relationships, health, religion, work.

4 – Success

No success came overnight. Even if that is what the media would like you to believe.

It is possible to out-prepare any competition.

To future proof yourself, focus on personal resilience and emotional intelligence.

Choose opportunities based on the people you get to work with. Skate to where the puck is going and remember persistence is greater than talent.

To reach success Tom Peters said: Become a superstar, all-pro listener, read up on it, work on it, have a mentor grade you on it.

Beware the “philosophologist”. Beware the one who has not been in the trenches. Seek wisdom from people who’ve done it, not the people who teach it.

5- People

On saying no: Have a yes list, for everything else say no.

Saying maybe, when you want to say no, is lying to yourself and others.

Say no to complaints, blame, and gossip.

Don’t underestimate languages. It is the doorway to another world.

There is so much to gain from being generous. Generosity elevates us all.

Avoid ego and embrace truth. Ego’s focus is: who is right. Truth focuses on what is right.

6 – Attitude and Personal Philosophy

Have a Gratitude Journal, write in it and read it. This gives you perspective.

Self-esteem, the reputation you have with yourself. Do not do things that erode that reputation.

Confidence is overrated and even irritating -try Courage. As you take courage and build up a track record of success, with yourself, genuine confidence grows.

Other Posts you may like:

Local Development: Secure Docker Sites.

This article targets Debian docker containers running on MacOS.

HTTP (hypertext transfer protocol) is a set of rules by which your browser retrieves web pages from the internet. HTTP is the same as HTTPS whit the difference being it retrieves pages from the internet in a secure way through a private communication channel.

In our modern age, most sites have this on by default.

When we are developing sites, specifically eCommerce sites, we assume that this would be turned on in the production environment. This post is an attempt to get your development environment even closer to production.

Step 1 – Generate Certificates

For your browser to recognize a site as trusted and secure, it needs to validate the site’s SSL certificate. We will start by creating certs locally. To do this, you need to have OpenSSL installed.

To confirm, type this into your terminal:

openssl version

You should get the currently installed version as a reply. If not in you will first need to install it. See google for further instructions on this.

Next, change to the root directory of your project, where your docker-compose.yml is. There enter:

openssl genrsa -des3 -out rootCA.key 2048.

You will be prompted for a password, make sure you remember what he is to avoid recreation. This rootCA.key file will be used to create a new root SSL certificate.

To create a new root SSL certificate, valid for 1024 days, type the following command into the terminal. Feel free to change the number of days.

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

You will be prompted for the password that you set earlier and then some details about your address. Make sure you fill in the qualified hostname as the domain you’re using for testing.

To confirm that all is in order type: ls | grep root. You should now see two files:

rootCA.key
rootCA.pem

Step 2 – Trust the Certificates Root

The files you’ve just created are certificate generator. Before we can trust the certificates we need to trust the generators. For us to trust the certificates generated by these files, we need to tell MacOS to trust the root files.

To trust the root files, open Keychain Access on your Mac. Press CMD+SPACE and type Keychain Access to open the program that allows you to manage your certificates. Click on the Certificates category in the bottom left sidebar. Now, import the rootCA.pem using `File > Import Items` from the top MacOS menu bar.

After the import, double click the imported certificate and under the “When using this certificate:” dropdown select “Always Trust”.

Step 3 – Generate Server Files

Create a file named server.csr.cnf. Edit this file and add the following content to it, be sure to change your domain name. This will help you avoid entering all the details manually:

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=RandomState
L=RandomCity
O=RandomOrganization
OU=RandomOrganizationUnit
emailAddress=hello@example.com
CN = localhost

Next, create a v3.ext file with the following content, in order to create a X509 v3 certificate. Notice how we’re specifying subjectAltName here. Also, make sure to change your domain name accordingly.

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost

Next, create a certificate signing request and sever key file for your domain using the configuration settings stored in server.csr.cnf. The command below will output server.csr and server.key:

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )

Next,  create the certificate file called server.crt. The .key and .crt files will both be used by the server. server.key is the private part. sever.crt will be shared with browsers and other clients. Remember the password from step one:

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.pem -days 500 -sha256 -extfile v3.ext

Step 4 – Add to your server

Apache

Apache comes with default SSL certificates. The aim is to find out where they are and replace them with your newly created files. We are not going to update configs as this is more complicated.

SSH into the machine. For me the command to do so is. You can find the image name where your server runs in the docker-compose.yml file

docker-compose exec --user root php bash

Next, there should be a list of sites enabled by default. Let’s look at the contents of the SSL specific config:

cat /etc/apache2/sites-enabled/default-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost
		DocumentRoot /var/www/html
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
		SSLEngine on
		SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

We are interested in these two files. They may be called differently on your system.

  • SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  • SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Now we must figure out how to get our files in these directories. If your docker container is mapped to your local file system you can simply navigate to these and copy them over and then renaming your files to match these names( overwriting theses files)

Lastly, after overwriting these files with your own you can restart apache and then load up your sit at it’s HTTP address.

  /etc/init.d/apache2 restart

If you’re still not getting this to work, try this post: https://www.linode.com/docs/security/ssl/ssl-apache2-debian-ubuntu/

Nginx

For Nginx let us find out which config file is used:

docker container exec <containern> nginx -t

If you are able to ssh into the container run: nginx -t.

Now let’s view the contents of the config file:

docker container exec woocommerce2test_nginx_1 cat /etc/nginx/nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

We are after the following lines:

ssl_certificate
ssl_certificate_key

In the conf file above you will see that there are no ssl_certificates, but towards the bottom of the output, you will see include /etc/nginx/conf.d/*.conf;. Looking inside this directory we will see: /etc/nginx/conf.d/default.conf;

Now looking at the output of default you will see the location of the default SSL certificates.

ssl_certificate /etc/nginx/certs/localhost.crt;
ssl_certificate_key /etc/nginx/certs/localhost.key;

Now you need to figure out a way to get your certs into that directory. In my case, this was mapped already but you can also manually map it by adding these locations to your docker-compose.yml file.

After adding and renaming your files to match the names above you can reload Nginx with this command:

docker container exec <container> nginx -s reload

In closing

I wrote it mainly for my future self, but I hope you benefit from it as well. Please leave comments if I’ve missed a step or if anything is unclear.

References

Comparing Software Engineering to RailRoads in the 1800’s

An amazing (biased) talk about the rust language by one of the core contributors. Comparing accidents in the rail road industry to computer programming and memory safety.

Getting air-breaks approved in passenger and freight trains took a long time.

I’m starting to consider Rust as my next language to learn. The idea is growing in me as Rust allows you to write software at a much lower systems level. The other languages I know (PHP, Javascript, GO) are more targeted at web and server technologies. I have yet to write code for an embedded system.

Have a listen to the talk. I found it very interesting and I’m sure you will too.