Docker is an open-sourced project that uses containers instead of virtual machines to run server applications. This is a setup that uses fewer resources for development and hosting, so it’s no wonder that Docker is taking the development world by storm. You can even use Docker with ASP.NET, and of course, you can leverage Stackify’s Retrace with your existing stack, including Docker, for true app performance super-power.
Docker environment variables are key elements in this operation, storing data that is specific to each user account accessing the software. This can include:
External resource locations
Docker allows developers to set and manage environment variables in the command line interface (CLI) or an external file (.ENV).
Here are 50 variables that you might use in setting up and configuring applications. When you’re ready to dive into your next project, download our Ultimate Dev Toolbox for the low-down on all the tools you need for rapid dev improvement in one place.
The “CLASSPATH” variable sets access to third-party libraries and classes.
# default Tomcat environment in the image for versions 7 & 8 CATALINA_BASE: /usr/local/tomcat CATALINA_HOME: /usr/local/tomcat CATALINA_TMPDIR: /usr/local/tomcat/temp JRE_HOME: /usr CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Read this tutorial on how to build, test and run a Java application in Docker container. (@codefresh)
“COMPOSE_API_VERSION” can be used if you cannot immediately upgrade the server version.
ERROR: client and server don't have same version (client : 1.19, server: 1.18) # fix follows export COMPOSE_API_VERSION=1.18
What you need to know:
Read this discussion of how to fix the Docker error when “client and server don’t have same version.” (@StackOverflow) Runnable also has a useful primer on advanced Docker compose configuration. (@GetRunnable)
Users of Docker Machine and Docker Toolbox on Windows should always set the “COMPOSE_CONVERT_WINDOWS_PATHS” Docker environment variable.
ERROR: for db Cannot create container for service db: create <volume>: "<volume>" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed ERROR: Encountered errors while bringing up the project. # fix follows COMPOSE_CONVERT_WINDOWS_PATHS=0 # following also works COMPOSE_CONVERT_WINDOWS_PATHS=1
What you need to know:
Read this discussion of how to solve “Invalid volume specification” on Windows. (@StackOverflow) Check out this post from Yengas for more. (@YigitcanUCUM)
The “COMPOSE_FILE” variable specifies the path to the docker-compose.yml file — the Compose file which helps define and run multi-container Docker applications.
It is possible to set the path to multiple Compose files:
# one compose file COMPOSE_FILE=docker-compose.yml # two compose files COMPOSE_FILE=docker-compose.yml:docker-compose.prod.yml
What you need to know:
Read this discussion of how to solve issues with “COMPOSE_FILE.” (@StackOverflow) Or, read more about setting the COMPOSE_FILE variable here. (@adrianmouat)
“COMPOSE_HTTP_TIMEOUT” sets how much time (seconds) that a request to the Docker daemon has before it times out.
# set the timeout to 200 seconds COMPOSE_HTTP_TIMEOUT=200 docker-compose up
What you need to know:
Read this discussion of how to override the default value of “COMPOSE_HTTP_TIMEOUT.” (@StackOverflow)
“COMPOSE_PATH_SEPARATOR” sets the path separator used in “COMPOSE_FILE.”
# change the separator and use in COMPOSE_FILE COMPOSE_PATH_SEPARATOR=’^’ COMPOSE_FILE=first.yml^second.yml
What you need to know:
The “COMPOSE_PROJECT_NAME” environment variable sets the project name. This value will prepend with the service name to the container.
COMPOSE_PROJECT_NAME=newname docker-compose up # web service container will be named newname_web
What you need to know:
Read this discussion of how to use “COMPOSE_PROJECT_NAME”. (@Docker)
“COMPOSE_TLS_VERSION” sets the Transport Layer Security (TLS) version to be used for TLS communication with the Docker daemon.
COMPOSE_TLS_VERSION=TLSv1_2 # Docker will use TLS version 1.2
What you need to know:
Read this guide to using TLS with the Docker engine. (@Docker)
Resetting the “DOCKER_API_VERSION” variable can fix an error when the Docker client is not running the same version as the incompatible Docker API.
Error response from daemon: client is newer than server (client API version: x.xx, server API version: 1.23) # fix follows export DOCKER_API_VERSION=1.23
Read this discussion of solving incompatible Docker API and client. (@Docker)
“DOCKER_CERT_PATH” contains the location of the client configuration files used for TLS verification.
# Defaults to ~/.docker but the files can be moved $ export DOCKER_CERT_PATH=~/.docker/newdir/ $ docker --tlsverify ps
What you need to know:
Read this guide to protecting the Docker daemon socket. (@Docker)
“DOCKER_CONFIG” sets the location of the client configuration files.
# Defaults to ${HOME}/.docker but the files can be moved $ export DOCKER_CONFIG=${HOME}/.docker/newdir/
What you need to know:
Read this discussion of how to run multiple versions of Docker client on a machine or check out this tutorial. (@StackOverflow)
“DOCKER_CONTENT_TRUST” regulates whether content trust is enabled or not. Content trust verifies the integrity and the publisher of data received from a registry over any channel.
# Default is 0; Enable by setting to 1 $ export DOCKER_CONTENT_TRUST=1
What you need to know about “DOCKER_CONTENT_TRUST”:
The “DOCKER_CONTENT_TRUST_SERVER” variable sets where to find the Notary server. Consumers with the publisher’s public key can communicate with the Notary Server and receive trusted content.
# Default is 0; Enable by setting to 1 $ export DOCKER_CONTENT_TRUST=1 # Now set the Notary server URL $ export DOCKER_CONTENT_TRUST_SERVER=https://notaryserver:4443
Check this guide to creating a sandbox for experimenting with content trust.
What you need to know:
“DOCKER_DRIVER” specifies the graph driver that is used. The graph driver handles the relationships between the layers of content.
# When using services like dind # the overlay driver performs best $ export DOCKER_DRIVER=overlay
The image graphs available:
There is a fairly deep examination of storage drives in Docker. (@estesp) Check out more from the proof-of-concept project CRIU. (@__criu__)
“DOCKER_HIDE_LEGACY_COMMANDS” can be set to show only management commands in the Docker help output. This may become the default in future releases. Which means the “DOCKER_HIDE_LEGACY_COMMANDS” variable would be removed.
What you need to know:
Read about the Docker 1.13 management commands. (@couchbase)
“DOCKER_HOST” specifies the daemon socket to connect to.
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running? # Don’t forget to add the port $ export DOCKER_HOST=127.0.0.1:2375
What you need to know:
This guide explains how “DOCKER_HOST” can help secure the Docker daemon socket. (@Docker) Here’s some info on how to use it with Fabric8. (@fabric8io)
The “DOCKER_MACHINE_NAME” environment variable identifies the Docker machine to run commands.
$ env | grep DOCKER DOCKER_HOST=tcp://192.168.99.101:2376 DOCKER_CERT_PATH=/Users/nathanleclaire/.docker/machines/.client DOCKER_TLS_VERIFY=1 DOCKER_MACHINE_NAME=dev
Read this guide to Docker machine concepts. (@Docker) Or, check out this getting started guide from DevOps Cube. (@devopscube)
“DOCKER_NOWARN_KERNEL_VERSION” can be set to prevent warnings that your Linux kernel is unsuitable for Docker.
# turn off kernel version warning $ export DOCKER_NOWARN_KERNEL_VERSION=1
What you need to know:
Check out this helpful guide with info on this and other variables from Gerardnico.
“DOCKER_OPTS” allows the user to set options in the Docker configuration.
# Use DOCKER_OPTS to modify the daemon startup options DOCKER_OPTS = "--dns 8.8.8.8 --dns 8.8.4.4"
What you need to know:
Read this discussion of how to modify files to work with “DOCKER_OPTS.” (@StackOverflow) Here’s some useful info from CoreOS on customizing Docker. (@coreos)
The “DOCKER_RAMDISK” variable makes Docker work when root is on a ramdisk.
# tell native driver not tues pivot root $ export DOCKER_RAMDISK=true
What you need to know:
Read this discussion of how Docker could be run in memory. (@StackOverflow) Here’s a handy list of commands from TekSlate. (@Tekslate)
“DOCKER_TLS_VERIFY” enables Transport Layer Security (TLS) for the local Docker client
# configu export DOCKER_TLS_VERIFY="1" export DOCKER_HOST="tcp://0.0.0.0:2376" export DOCKER_CERT_PATH="/etc/docker/server.pem" export DOCKER_MACHINE_NAME=dev
What you need to know:
Read this discussion about how to set the “DOCKER_TLS_VERIFY” Docker environment variable. (@StackOverflow)
“DOCKER_TMPDIR” sets the location for temporary Docker files. The temporary files are created by operations such as build and load.
# move the subdirectory for temporary files $ export DOCKER_TMPDIR=/var/tmp
What you need to know:
Read this discussion of how Docker manages and stores files. (@StackOverflow)
The “HOME” variable stores the default location of Docker configuration files.
# code in a Dockerfile USER developer ENV HOME /home/developer
What you need to know:
Read this discussion about setting the “HOME” variable in a Dockerfile. (@StackOverflow) Then, check out this list of Docker tips and tricks from Nathan LeClaire. (@dotpem)
“HOSTNAME” sets the hostname associated with the container.
# code in a Dockerfile ENV HOSTNAME sandbox
What you need to know:
Read this explanation of how to handle a specific hostname in Dockerfile.
“HTTP_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Here’s another helpful tutorial on running Docker behind a proxy. (@crondevelopment)
“HTTPS_PROXY” is also a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Superuser also has some helpful info about allowing all Docker containers to use a proxy. (@super_user)
“JAVA_HOME” is used to set the home directory of the default Java to be used.
# Setting the Java version and its home directory ENV JAVA_VER 8 ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
What you need to know:
Read this tutorial on how to write a Dockerfile for a simple Java application. (@GetRunnable)
“JDK_HOME” is used to set the directory in which the Java Development Kit (JDK) is installed.
# set the environment variables ENV JDK_HOME /usr/lib/jvm/jdk1.8.0_101 ENV JAVA_HOME /usr/lib/jvm/jdk1.8.0_101 ENV PATH $PATH:$JAVA_HOME/bin
What you need to know:
Check out this documentation from Confluence on predefined build parameters. (@Confluence)
“JRE_HOME” is used to set the location of the Java Runtime Environment (JRE).
# default Tomcat environment in the image for versions 7 & 8 CATALINA_BASE: /usr/local/tomcat CATALINA_HOME: /usr/local/tomcat CATALINA_TMPDIR: /usr/local/tomcat/temp JRE_HOME: /usr CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
The “JRE_HOME” variable includes the location of the:
Read this article on how to fix “JRE_HOME” errors, as well as this helpful tutorial on configuring this and the JAVA_HOME variable on a Windows server. (@JAMFSoftware)
The “NAME” environment variable sets the container name.
# set the environment variable ENV NAME World
What you need to know:
Read this guide on the importance of naming Docker containers. (@Docker)
“NO_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors
# note the use of lower case ENV http_proxy <HTTP_PROXY> ENV https_proxy <HTTPS_PROXY> # replace with your office's proxy environment export "HTTP_PROXY=http://PROXY:PORT" export "HTTPS_PROXY=http://PROXY:PORT" # you can add more no_proxy with your environment. export "NO_PROXY=*.example.com"
What you need to know:
Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) OpenShift also provides some useful guidance on working with HTTP proxies. (@openshift)
“PATH” sets a directory on the local filesystem.
# update PATH ev in Docker container ENV PATH "$PATH:/new/path"
What you need to know:
Read this discussion on how to update “PATH.” (@StackOverflow) CloudBees also has some helpful information on controlling environment variables inside a Docker container. (@CloudBees)
“TERM” needs to be set when console programs that create text-based user interfaces are used.
# getting error msg TERM environment variable not set. ENV TERM xterm
What you need to know:
Read this discussion of how to fix terminal-related issues. (@StackOverflow) AndyK Docs offers some guidance on this, as well. (@andreaskoch)
“AWS_ACCESS_KEY_ID” sets the access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.
# use flags on the command line $ docker-machine create --driver amazonec2 --amazonec2-access-key AKI******* --amazonec2-secret-key 8T93C*******
What you need to know:
Read this guide to working with AWS credentials. (@awscloud) Here’s another discussion thread on the topic at CircleCI. (@circleci)
“AWS_SECRET_ACCESS_KEY” sets the secret access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.
# create during runtime docker run -e AWS_ACCESS_KEY_ID=AKI**** -e AWS_SECRET_ACCESS_KEY=shhhhhh myimage
What you need to know:
Read this guide to the AWS secret access key. (@awscloud) Also, check out kms-env, a tool for encrypting and decrypting variables using KMS to support passing them to Docker containers. (@npm_support)
“AWS_SESSION_TOKEN” sets temporary credentials for an Amazon Web Services (AWS) account.
# Access Key ID AWS_ACCESS_KEY_ID=AKID # Secret Access Key AWS_SECRET_ACCESS_KEY=SECRET # Session Token AWS_SESSION_TOKEN=TOKEN
What you need to know:
Read this guide to using temporary security credentials to request access to AWS resources. (@awscloud) Ryan Nickel also offers some useful information on playing with variables. (@rnickel)
“AWS_AMI” returns the Amazon Machine Image (AMI).
export AWS_AMI=ami-5189a661 #Ubuntu Server 14.04 LTS (HVM)
What you need to know:
Read this discussion of how Docker containers compare to the AMI images. (@Docker) Also, check out Yevgeniy Brikman’s in-depth tutorial on running Docker on AWS from the ground-up. (@brikis98)
“AWS_DEFAULT_REGION” sets where to make Amazon Web Services (AWS) calls against. This is usually the region closest to you, but it can be any region.
# set configuration export AWS_ACCESS_KEY_ID="TBD" export AWS_SECRET_ACCESS_KEY="TBD" export AWS_DEFAULT_REGION="eu-west-1"
What you need to know:
See the Region Table for the supported services per region. (@awscloud)
“AWS_VPC_ID” sets the name of the virtual private cloud (VPC) dedicated to the Amazon Web Services (AWS) account.
# set configuration $ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxx $ export AWS_ACCESS_KEY_ID=yyyyyyyyyy $ export AWS_VPC_ID=vpc-12345678
Read this guide to the Amazon virtual private cloud. (@awscloud)
“AWS_ZONE” sets the Amazon Web Services (AWS) availability zone to set the instance in. Availability zones are distinct locations that are engineered to be isolated from failures in other availability zones.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
Read this guide to regions and availability zones in Amazon Web Services (AWS). (@awscloud) Also, you might find this tutorial from PromptWorks on handling environment secrets in Docker on the AWS container service helpful. (@PromptWorks)
“AWS_SUBNET_ID” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) subnet ID.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
Read this guide to subnet basics in Amazon Web Services (AWS). (@awscloud) Also, check out this article on Medium about using Docker and AWS for a better dev/test experience. (@AWSstartups)
“AWS_SECURITY_GROUP” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) security group name.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_SUBNET_ID export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
Read this guide to Amazon Web Services (AWS) virtual private cloud (VPC) security groups. (@awscloud)
“AWS_TAGS” sets the Amazon Web Services (AWS) tag key-value pairs that can be passed with the instance provisioning.
# tags to use aws_tags key1,value1,key2,value2
What you need to know:
Read this guide to Amazon Web Services (AWS) tagging strategies. (@awscloud)
“AWS_INSTANCE_PROFILE” sets the Amazon Web Services (AWS) IAM role name to be used as the instance profile.
# create container export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_DEFAULT_REGION=ap-northeast-1 export AWS_ZONE=a export AWS_INSTANCE_PROFILE export AWS_INSTANCE_TYPE=c4.large export AWS_SECURITY_GROUP
What you need to know:
Read this guide to IAM best practices. (@awscloud) Lyft Engineering also provides some information on scoping AWS IAM roles to Docker containers in this Medium article. (@lyfteng)
“AWS_INSTANCE_TYPE” specifies the instance type to run.
# create machine “aws-test” docker-machine create -d amazonec2 \ --amazonec2-region us-west-2 \ --amazonec2-instance-type "t2.micro" \ --amazonec2-ssh-keypath ~/.ssh/ssh_key \ aws-test
What you need to know:
Check this list of Amazon EC2 instance types. (@awscloud)
The “AWS_DEVICE_NAME” variable specifies the EBS volume name to be attached to the instance.
# set up instance $ export AWS_AMI="ami-11c57862" $ export AWS_DEFAULT_REGION="eu-west-1" $ export AWS_DEVICE_NAME="/dev/xvda" $ export AWS_INSTANCE_TYPE="t2.small" $ export AWS_SSH_USER="admin"
What you need to know:
Read this discussion about creating an instance with the default device name. (@Docker)
“AWS_ROOT_SIZE” specifies the size of the disk to be attached to the instance in gigabytes.
# default values used for EC2 instances AWS_INSTANCE_TYPE=t2.micro AWS_ROOT_SIZE=16
What you need to know:
Read this guide to Amazon EC2 root device volumes. (@awscloud)
“AWS_VOLUME_TYPE” specifies the Amazon EBS volume type to be attached to the instance.
# default values AWS_INSTANCE_TYPE=t2.micro AWS_ROOT_SIZE=16 AWS_VOLUME_TYPE= gp2
What you need to know:
Read this guide to Amazon EBS volume types. (@awscloud)
“AWS_SSH_USER” specifies the SSH Login username.
# set up configuration export AWS_AMI="ami-971a65e0" export AWS_DEFAULT_REGION="eu-west-1" export AWS_VPC_ID="vpc-69c9a10c" export AWS_INSTANCE_TYPE="t1.micro" export AWS_SSH_USER="admin"
What you need to know:
Read this guide to connecting to an instance using SSH. (@awscloud)
“AWS_SSH_KEYPATH” specifies the path to the SSH private key file to use for the instance.
# where to find the SSH key file export AWS_SSH_KEYPATH = ~/.ssh/ssh_key
What you need to know:
Read this guide to generating an SSH key. (@awscloud) Here’s some additional information on configuring credentials from Docker. (@Docker)
What variables do you use most to set up and configure server applications? Share your thoughts with us in the comments below.
Try Stackify’s free code profiler, Prefix, to write better code on your workstation. Prefix works with .NET, Java, PHP, Node.js, Ruby, and Python.
If you would like to be a guest contributor to the Stackify blog please reach out to stackify@stackify.com