====== erstes Docker Image selbst bauen ======
===== Pakete =====
=== Rocky Linux (10): ===
  dnf config-manager --enable crb
  dnf install -y epel-release
  dnf install -y debootstrap
=== Debian (ab 12) ===
  apt install -y debootstrap

===== Image bauen =====
(( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar ))
  sudo debootstrap --variant=minbase trixie ./debian http://debian/debian
(( unter RockyLinux ''--keyring'' ergänzen:
  sudo debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-trixie-stable.gpg trixie ./debian http://debian.linuxhotel.de/debian
))
  sudo tar cC debian/ . | docker image import - ingo/debian:trixie
Tag ''latest'' hinzufügen:
  docker image ls ingo/debian:trixie
-> id rauskopieren (z.B. ''dc9f1edde160'')
  docker image tag dc9f1edde160 ingo/debian:latest

==== testen ====
  docker container run ingo/debian echo hello world
-> ''hello world''
====== Dockerfile - Docker Images weiterbauen ======
  mkdir nginx
  cd nginx
++++ podman |
bei Podman darf die Datei auch ''Containerfile'' heißen
++++
<file txt Dockerfile>
FROM ingo/debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
RUN set -eux; \
  apt-get -qq update; \
  apt-get install -y --no-install-recommends nginx
RUN echo 'A warm welcome from your Dockerfile' > /var/www/html/index.html
EXPOSE 80
ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"]

ARG REFRESHED_AT=2026-01-07
LABEL version="0.0.1"
LABEL maintainer="me@example.com"
LABEL org.opencontainers.image.authors="me@example.com"
LABEL org.opencontainers.image.created=$REFRESHED_AT
</file> (( https://docs.docker.com/reference/dockerfile/ ))
++++ ENTRYPOINT / CMD / run-Command |
^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^
|<code>["script.sh"]</code>|                          |                        | <code>script.sh</code> |
|<code>["script.sh"]</code>|                          | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
|<code>["script.sh"]</code>| <code>["httpd"]</code>   |                        | <code>script.sh httpd</code> |
|<code>["script.sh"]</code>| <code>["httpd"]</code>   | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
|                          | <code>["/bin/sh"]</code> |                        | <code>/bin/sh</code>   |
|                          | <code>["/bin/sh"]</code> | <code>/bin/dash</code> | <code>/bin/dash</code> |
|                          |                          |                        | <code>/bin/bash</code> (( https://docs.docker.com/reference/dockerfile/#understand-how-cmd-and-entrypoint-interact sagt ''error, not allowed''. Docker Version 20.10.24+dfsg1 hat ''bash'' ausgeführt.)) |
++++
Image mit den Erweiterungen aus dem ''Dockerfile'' bauen:
  docker build -t='ingo/nginx:0.0.1' .
Image anzeigen:
  docker image ls ingo/nginx:0.0.1
-> id rauskopieren (z.B. ''5879d7773761'')
Image taggen:
  docker image tag 5879d7773761 ingo/nginx:latest
Container starten:
  docker container run -d -p 80:80 --name my_nginx ingo/nginx
Zugriff auf nginx testen:
  curl -s http://localhost:80
-> im Browser http://localhost öffnen

====== Docker Image aktualisieren ======
<file txt Dockerfile>
…
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log
…
</file>

  docker build --no-cache --pull -t='ingo/nginx:0.0.2' .

++++ podman |
  podman build --no-cache -t='ingo/nginx:0.0.2' .
-> allerdings werden dann alle 12 STEPs neu gebaut. 

TODO: liegt das an dem fehlenden --pull? 
AI Slop Vermutung: 
Docker built your image without errors because it keeps un-namespaced local images as-is. In contrast, Podman automatically prefixes locally built or untagged registry images with localhost/ to prevent collisions with official registries. 
When you use the --pull flag, Podman is forced to try downloading a fresh version of that base image from an external source. Because it sees localhost/ingo/debian:trixie, Podman literally looks for a web-facing registry running on your actual machine (https://localhost/v2/). Since you don't have a container registry service actively running on port 443 of your host machine, the network request fails with "connection refused"

Unter Debian mit Docker version 26.1.5+dfsg1, build a72d7cd klappt ''--pull'' auch nicht.
ERROR: failed to solve: ingo/debian:trixie: failed to resolve source metadata for docker.io/ingo/debian:trixie: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
++++

Jetzt noch mal Container starten und 
  docker logs
ansehen.

Bauen mit einem Release Zeitstempel:

<code shell>
REFRESHED_AT=$(date '+%Y-%m-%d')
docker build --no-cache --pull \
  --build-arg REFRESHED_AT=$REFRESHED_AT \
  -t='ingo/nginx:0.0.2' \
  -t=ingo/nginx:$REFRESHED_AT .
</code>


Nginx as Systemd:

<code bash>
mkdir ~/ubi9-nginx && cd ~/ubi9-nginx
cat >Dockerfile <<EOR
FROM registry.access.redhat.com/ubi9/ubi-init
RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/9/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

RUN dnf -y install nginx \
 && dnf clean all \
 && systemctl enable nginx
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]
EOR

docker build -t ubi9-nginx-systemd:0.0.1 .
docker run --name ubi9-nginx --privileged -d -p 8090:80 ubi9-nginx-systemd:0.0.1
docker exec -it ubi9-nginx nginx -v
docker exec -it ubi9-nginx systemctl status
docker exec -it ubi9-nginx journalctl -u nginx
# ups..
docker logs ubi9-nginx
</code>

<code bash>
# build with compose
cat >compose.yml <<EOR
services:
  nginx:
    build: .
    privileged: true
    ports:
      - "8090:80"    
    tmpfs:
      - /run
      - /run/lock
      - /tmp
    stop_signal: SIGRTMIN+3
EOR
docker compose build
docker compose up -d
docker compose exec nginx ps -ef
docker compose down
</code>

++++ this doesn't solve the console logging problem |

<code bash>

cat >Dockerfile <<EOR
FROM registry.access.redhat.com/ubi9/ubi-init
RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/9/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

RUN dnf -y install nginx \
 && dnf clean all

# nginx logs to files (important for tail)
RUN mkdir -p /var/log/nginx

# systemd override for nginx
RUN mkdir -p /etc/systemd/system/nginx.service.d && \
    cat <<'EOF' >/etc/systemd/system/nginx.service.d/override.conf
[Service]
StandardOutput=journal
StandardError=journal
EOF

# log forwarder service
RUN cat <<'EOF' >/etc/systemd/system/nginx-log-forwarder.service
[Unit]
Description=Nginx log forwarder
After=nginx.service
Requires=nginx.service
[Service]
Type=simple
ExecStart=/bin/sh -c '/usr/bin/tail -F /var/log/nginx/access.log /var/log/nginx/error.log'
Restart=always
[Install]
WantedBy=multi-user.target
EOF

RUN systemctl enable nginx \
 && systemctl enable nginx-log-forwarder
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]
EOR

# docker 
docker compose build
docker compose up -d
curl 127.0.0.1:8090
docker compose exec nginx systemctl status nginx-log-forwarder
docker compose exec nginx journalctl -u nginx-log-forwarder
# see access logs
docker logs nginx_nginx_1

# podman
podman compose build
podman compose up -d
curl 127.0.0.1:8090
podman compose exec nginx systemctl status nginx-log-forwarder
podman compose exec nginx journalctl -u nginx-log-forwarder
# see access logs
podman logs nginx_nginx_1
# no logging output!
</code>

++++