Parte 5 - Cheatsheet
Referinta rapida la comenzile uzuale.
Docker
# Build
docker build -t myapp . # build cu tag "myapp:latest"
docker build -t myapp:1.0 --no-cache . # rebuild fara cache
# Run
docker run myapp # foreground
docker run -d --name myapp myapp # background, denumit
docker run -d -p 8080:80 myapp # mapeaza port host:container
docker run -d -e KEY=value myapp # env var
docker run -d -v /host:/container myapp # volume bind
docker run -it myapp sh # interactiv, shell
# Inspect
docker ps # containere active
docker ps -a # toate containerele
docker images # imagini locale
docker logs <container> # logs istorice
docker logs -f --tail=100 <container> # tail follow
docker exec -it <container> sh # shell intr-un container running
docker inspect <container> # config detaliat
# Cleanup
docker stop <container>
docker rm <container>
docker rmi <imagine>
docker system prune -a -f # sterge tot ce nu e folosit (atenție!)
docker system df # cat ocupa
Docker Compose
# Pornire / oprire
docker compose up -d # background
docker compose up -d --build # rebuild imagini local
docker compose up -d --force-recreate # recreaza containerele chiar daca config nu s-a schimbat
docker compose down # opreste, pastreaza volumes
docker compose down -v # opreste, șterge volumes (DB pierdut!)
docker compose down --rmi local # sterge si imaginile build-uite local
# Inspect
docker compose ps # status servicii
docker compose logs -f # logs toate serviciile
docker compose logs -f api # logs unui singur serviciu
docker compose top # procese din containere
# Operations
docker compose restart api # restart un serviciu
docker compose exec api sh # shell intr-un container
docker compose exec db psql -U user db # ruleaza comanda intr-un container
docker compose run --rm api dotnet ef database update # one-shot
# Build
docker compose build # build doar (nu porneste)
docker compose build --no-cache # rebuild fara cache
Postgres
# Conectare in container
docker compose exec db psql -U newsportal newsportal
# In psql:
\dt # list tables
\du # list roles (users)
\l # list databases
\d articles # describe table articles
\? # help comenzi psql
\q # quit
# Backup (pe host)
docker compose exec db pg_dump -U newsportal newsportal > backup.sql
# Restore
docker compose exec -T db psql -U newsportal newsportal < backup.sql
nginx in container
# Test config syntax (NU reload)
docker compose exec proxy nginx -t
# Reload config (fara restart - keepalive connections nu se rup)
docker compose exec proxy nginx -s reload
# Logs
docker compose logs -f proxy
Server (Ubuntu)
# Resurse
df -h # disk usage per partitie
free -h # RAM
htop # processes interactiv (sau top)
docker stats # containere - CPU, RAM, network
# Cleanup
sudo apt autoremove -y # șterge packages inutile
sudo journalctl --vacuum-time=7d # log rotation
docker system prune -a -f # docker cleanup
# UFW
sudo ufw status verbose # reguli active
sudo ufw allow 8080/tcp # adauga regula
sudo ufw delete allow 8080 # sterge regula
# fail2ban
sudo fail2ban-client status sshd # IP-uri banate
sudo fail2ban-client set sshd unbanip 1.2.3.4 # unban manual
DNS
dig +short myapp.example.com # cea mai simpla
dig myapp.example.com any # toate inregistrarile
dig myapp.example.com +trace # arata path-ul de rezolvare
dig @1.1.1.1 myapp.example.com # foloseste alt resolver
nslookup myapp.example.com # vechi, dar functional
host myapp.example.com # alternativa
whois example.com # info domeniu (proprietar, expirare)
TLS / OpenSSL
# Self-signed cert pentru localhost
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes -subj "/CN=localhost"
# Verifica un cert
openssl x509 -in server.crt -text -noout
# Verifica cert remote (cu HTTPS)
echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates
# Verifica chain pana la CA
echo | openssl s_client -connect example.com:443 -showcerts 2>/dev/null | grep -E '^subject|^issuer'
Git Actions / SSH
# Genereaza ssh key dedicata pentru deploy
ssh-keygen -t ed25519 -f ~/.ssh/deploy_key -N ""
# Copy publica pe server
cat ~/.ssh/deploy_key.pub | ssh user@server 'cat >> ~/.ssh/authorized_keys'
# Privata se pune in GitHub Secrets ca SSH_PRIVATE_KEY (nu o commit-ati!)
cat ~/.ssh/deploy_key
# Test conexiune
ssh -i ~/.ssh/deploy_key user@server 'echo OK'
Linkuri esentiale
- Docker: docs.docker.com (oficial), labs.play-with-docker.com (sandbox interactiv)
- Compose: docs.docker.com/compose
- nginx: nginx.org/en/docs (reference) + ssl-config.mozilla.org (generator config secure)
- Let’s Encrypt: certbot.eff.org, letsencrypt.org/docs
- DNS: cloudflare.com/learning/dns (explicat clar)
- TLS: badssl.com (test browser pe diverse cert-uri rele)
- Security checks: securityheaders.com (analiza headers), ssllabs.com/ssltest (analiza TLS)
- Container scanning: trivy.dev, github.com/docker/scout-cli
- Românești: deployhandbook.com (practic), networkchuck youtube (didactic)
Cand ceva nu merge
# Containerul pleaca instant - vedeti logs ultimul exit
docker compose logs --tail=100 api
# Containerul nu raspunde - vedeti healthcheck
docker inspect <container> | grep -A 20 Health
# Network issues intre containere
docker compose exec api ping db # alpine nu are ping default
docker compose exec api wget -O- http://db:5432 # alternativa
# Process din container vede ce-a fost mountat
docker compose exec proxy ls /etc/nginx/conf.d/
# Imaginea s-a build-uit corect?
docker image history myapp # vedeti layer-ele si dimensiunile