Raspberry Pi 4 with Docker

, updated January 20th, 2023 🔖 iot ⏲️ 2 minutes to read

I use Raspberry Pi 4s to host services for my home network, with Docker to keep things manageable in containers. Each Pi has a USB SSD as its boot drive running Raspberry Pi OS.

There's often a bit of boilerplate I need to keep track of to set up a new one, so I am documenting all of the snippets here for my future self.

  1. Increase Swap Size
  2. Disable DHCP for Virtual Ethernet Interfaces
  3. Install Docker
  4. Disable nftables
  5. Make SSH Secure
  6. Managing Docker Compose
  7. Passwordless Sudo
  8. Overclocking
  9. Temperature and Speed

Increase Swap Size

If you're using an SSD as a boot drive, the default 100MB limit for Swap doesn't make sense. There is a great article here documenting how to change this, but the key bits are:

sudo nano /etc/dphys-swapfile

Comment out CONF_SWAPSIZE, since it is explicitly set to 100. Commenting it out makes the OS manage it automatically, and in my case made the swap size 2GB.

#CONF_SWAPSIZE=100

Then restart the Swap service:

sudo /etc/init.d/dphys-swapfile restart

You can use free -m or htop to verify the change.

Disable DHCP for Virtual Ethernet Interfaces

Docker creates a lot of virtual ethernet interfaces, and they all start requesting IP addresses and it all ends very badly (the Pi will drop off the network at some point after being on for a while).

The fix is to tweak the DHCP config:

sudo nano /etc/dhcpcd.conf

Add the following to the very top of the file:

denyinterfaces veth*

Then restart the DCHP daemon:

sudo systemctl daemon-reload
sudo systemctl restart dhcpcd

Install Docker

The best thing to do to set up Docker for the first time is the following:

sudo apt-get update
sudo apt-get upgrade
sudo reboot

The reboot at the end is crucial, as I found some Docker installation errors when not rebooting.

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo reboot

That last reboot is just for good measure - it's probably not necessary. Then you're good to go!

Disable nftables

I ran into an issue where Raspberry Pi OS installed an update which bricked the Docker daemon, because the update forced a switch from iptables to nftables (Docker wanted iptables). I ended up fixing it by forcing the use of iptables, then re-installing docker.

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
sudo update-alternatives --set arptables /usr/sbin/arptables-legacy
sudo update-alternatives --set ebtables /usr/sbin/ebtables-legacy

Make SSH Secure

To make SSH more secure, we should disable username/password auth.

sudo nano /etc/ssh/sshd_config

Comment out every entry, so the file only has the following uncommented entries (you could delete the file contents and replace it with the below, but then you lose all of the documentation):

Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

Then restart SSH:

sudo systemctl restart ssh

Managing Docker Compose

To deploy a service with Docker Compose, go to the directory containing the docker-compose.yml file, then:

sudo docker compose up -d

To update a Docker compose service:

sudo docker compose pull

To remove the service:

sudo docker compose down

Passwordless Sudo

To enable passwordless sudo:

sudo visudo /etc/sudoers.d/010_pi-nopasswd

Then change the content to:

pi ALL=(ALL) ALL

Where pi is the username you're logging in with.

Overclocking

If you have adequate active cooling set up around your Pi, you can go for glory with the CPU clock speed:

sudo nano /etc/config.txt
#uncomment to overclock the arm. 700 MHz is the default.
over_voltage=6
arm_freq=2147

This clocks the CPU up to 2.1GHz.

Temperature and Speed

Measure the current CPU frequency in Hz:

vcgencmd measure_clock arm
frequency(48)=1800457088

Get the CPU temperature:

vcgencmd measure_temp
temp=59.4'C

Get the CPU temperature, but update live:

watch --interval 0.1 -- 'vcgencmd measure_temp'

🏷️ docker pi swap cpu raspberry ssh temperature file os dhcp ethernet interface install secure passwordless

⬅️ Previous post: Fixing UE5 Chaos Events at Runtime

➡️ Next post: Fixing UE5 Level Sequence Assertion

🎲 Random post: Git HTTP Username and Password in Environment Variables

Comments

Please click here to load comments.