Docker Environment Variables Tips and Best Practices

Docker Environment Variables: How to Set and Configure Server Applications

Stackify Developer Tips, Tricks & Resources Leave a Comment

Docker is an open-sourced project that uses containers instead of virtual machines to run server applications. This is a setup that uses fewer resources for development and hosting, so it’s no wonder that Docker is taking the development world by storm. You can even use Docker with ASP.NET, and of course, you can leverage Stackify’s Retrace with your existing stack, including Docker, for true app performance super-power.

Docker environment variables are key elements in this operation, storing data that is specific to each user account accessing the software. This can include:

  • Configuration settings
  • Encryption keys

External resource locations

Docker allows developers to set and manage environment variables in the command line interface (CLI) or an external file (.ENV).

Here are 50 variables that you might use in setting up and configuring applications. When you’re ready to dive into your next project, download our Ultimate Dev Toolbox for the low-down on all the tools you need for rapid dev improvement in one place.

1. CLASSPATH

The “CLASSPATH” variable sets access to third-party libraries and classes.

# default Tomcat environment in the image for versions 7 & 8

CATALINA_BASE: /usr/local/tomcat

CATALINA_HOME: /usr/local/tomcat

CATALINA_TMPDIR: /usr/local/tomcat/temp

JRE_HOME: /usr

CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

Read this tutorial on how to build, test and run a Java application in Docker container. (@codefresh)

2. COMPOSE_API_VERSION

“COMPOSE_API_VERSION” can be used if you cannot immediately upgrade the server version.

ERROR: client and server don't have same version (client : 1.19, server: 1.18)

# fix follows

export COMPOSE_API_VERSION=1.18

What you need to know:

  • The “COMPOSE_API_VERSION” environment variable can be used when Docker shows the “client and server don’t have same version” error.
  • Because of the mismatch between servers, some Docker features may not be supported.
  • This workaround is not officially supported.

Read this discussion of how to fix the Docker error when “client and server don’t have same version.” (@StackOverflow) Runnable also has a useful primer on advanced Docker compose configuration. (@GetRunnable)

3. COMPOSE_CONVERT_WINDOWS_PATHS

Users of Docker Machine and Docker Toolbox on Windows should always set the “COMPOSE_CONVERT_WINDOWS_PATHS” Docker environment variable.

ERROR: for db Cannot create container for service db: create <volume>: "<volume>" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed

ERROR: Encountered errors while bringing up the project.

# fix follows

COMPOSE_CONVERT_WINDOWS_PATHS=0

# following also works

COMPOSE_CONVERT_WINDOWS_PATHS=1

What you need to know:

  • The default is 0 (false).
  • Enable by setting to 1 (true).

Read this discussion of how to solve “Invalid volume specification” on Windows. (@StackOverflow) Check out this post from Yengas for more. (@YigitcanUCUM)

4. COMPOSE_FILE

The “COMPOSE_FILE” variable specifies the path to the docker-compose.yml file — the Compose file which helps define and run multi-container Docker applications.

It is possible to set the path to multiple Compose files:

# one compose file

COMPOSE_FILE=docker-compose.yml

# two compose files

COMPOSE_FILE=docker-compose.yml:docker-compose.prod.yml

What you need to know:

  • Use “:” as the path separator for Linux and macOS machines.
  • Use “;” as the path separator for Windows machines.
  • Customize the path separator using COMPOSE_PATH_SEPARATOR.

Read this discussion of how to solve issues with “COMPOSE_FILE.” (@StackOverflow) Or, read more about setting the COMPOSE_FILE variable here. (@adrianmouat)

5. COMPOSE_HTTP_TIMEOUT

“COMPOSE_HTTP_TIMEOUT” sets how much time (seconds) that a request to the Docker daemon has before it times out.

# set the timeout to 200 seconds

COMPOSE_HTTP_TIMEOUT=200 docker-compose up

What you need to know:

  • The “COMPOSE_HTTP_TIMEOUT” Docker environment variable can be used in the CLI.
  • Default is 60 seconds.

Read this discussion of how to override the default value of “COMPOSE_HTTP_TIMEOUT.” (@StackOverflow) Here’s another helpful tutorial on overriding it.

6. COMPOSE_PATH_SEPARATOR

“COMPOSE_PATH_SEPARATOR” sets the path separator used in “COMPOSE_FILE.”

# change the separator and use in COMPOSE_FILE

COMPOSE_PATH_SEPARATOR=’^’

COMPOSE_FILE=first.yml^second.yml

What you need to know:

  • Default path separator for Linux and macOS machines is “:”.
  • Default path separator for Windows machines is “;”.

7. COMPOSE_PROJECT_NAME

The “COMPOSE_PROJECT_NAME” environment variable sets the project name. This value will prepend with the service name to the container.

COMPOSE_PROJECT_NAME=newname docker-compose up

# web service container will be named newname_web

What you need to know:

  • This is an optional setting.
  • The default will be the basename of the current working directory.

Read this discussion of how to use “COMPOSE_PROJECT_NAME”. (@Docker)

8. COMPOSE_TLS_VERSION

“COMPOSE_TLS_VERSION” sets the Transport Layer Security (TLS) version to be used for TLS communication with the Docker daemon.

COMPOSE_TLS_VERSION=TLSv1_2

# Docker will use TLS version 1.2

What you need to know:

  • The default is TLSv1. The other supported values are:
    • TLSv1_1
    • TLSv1_2

Read this guide to using TLS with the Docker engine. (@Docker)

9. DOCKER_API_VERSION

Resetting the “DOCKER_API_VERSION” variable can fix an error when the Docker client is not running the same version as the incompatible Docker API.

Error response from daemon: client is newer than server

(client API version: x.xx, server API version: 1.23)

# fix follows

export DOCKER_API_VERSION=1.23

Read this discussion of solving incompatible Docker API and client. (@Docker) Ansible explains this and other common variables in this post. (@ansible)

10. DOCKER_CERT_PATH

“DOCKER_CERT_PATH” contains the location of the client configuration files used for TLS verification.

# Defaults to ~/.docker but the files can be moved

$ export DOCKER_CERT_PATH=~/.docker/newdir/

$ docker --tlsverify ps

What you need to know:

  • The “DOCKER_CERT_PATH” Docker environment variable configures the path to:
    • ca.pem
    • cert.pem
    • key.pem

Read this guide to protecting the Docker daemon socket. (@Docker) This tutorial will help with Docker Toolbox setup on Windows. (@iRomin)

11. DOCKER_CONFIG

“DOCKER_CONFIG” sets the location of the client configuration files.

# Defaults to ${HOME}/.docker but the files can be moved

$ export DOCKER_CONFIG=${HOME}/.docker/newdir/

What you need to know:

  • The “–config” command line option overrides the “DOCKER_CONFIG” environment variable.
  • This option could be used if there is a need to run multiple clients on one machine.

Read this discussion of how to run multiple versions of Docker client on a machine or check out this tutorial. (@StackOverflow)

12. DOCKER_CONTENT_TRUST

“DOCKER_CONTENT_TRUST” regulates whether content trust is enabled or not. Content trust verifies the integrity and the publisher of data received from a registry over any channel.

# Default is 0; Enable by setting to 1

$ export DOCKER_CONTENT_TRUST=1

What you need to know about “DOCKER_CONTENT_TRUST”:

  • The default value is 0 — disabled.
  • Content trust can be enabled by setting the value to 1.

Read a tutorial on how to work with Docker content trust. (@Docker) Here’s more info from Oracle. (@Oracle)

13. DOCKER_CONTENT_TRUST_SERVER

The “DOCKER_CONTENT_TRUST_SERVER” variable sets where to find the Notary server. Consumers with the publisher’s public key can communicate with the Notary Server and receive trusted content.

# Default is 0; Enable by setting to 1

$ export DOCKER_CONTENT_TRUST=1

# Now set the Notary server URL

$ export DOCKER_CONTENT_TRUST_SERVER=https://notaryserver:4443

Check this guide to creating a sandbox for experimenting with content trust.

What you need to know:

14. DOCKER_DRIVER

“DOCKER_DRIVER” specifies the graph driver that is used. The graph driver handles the relationships between the layers of content.

# When using services like dind

# the overlay driver performs best

$ export DOCKER_DRIVER=overlay

The image graphs available:

  • vfs
  • aufs
  • overlay
  • overlay2
  • btrfs
  • zfs
  • devicemapper
  • windows

There is a fairly deep examination of storage drives in Docker. (@estesp) Check out more from the proof-of-concept project CRIU. (@__criu__)

15. DOCKER_HIDE_LEGACY_COMMANDS

“DOCKER_HIDE_LEGACY_COMMANDS” can be set to show only management commands in the Docker help output. This may become the default in future releases. Which means the “DOCKER_HIDE_LEGACY_COMMANDS” variable would be removed.

What you need to know:


Free Download

  • The “DOCKER_HIDE_LEGACY_COMMANDS” environment variable was created in Docker version 1.13.
  • The setting will only show the new management commands available in Docker version 1.13.

Read about the Docker 1.13 management commands. (@couchbase)

16. DOCKER_HOST

“DOCKER_HOST” specifies the daemon socket to connect to.

ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?

# Don’t forget to add the port

$ export DOCKER_HOST=127.0.0.1:2375

What you need to know:

  • “DOCKER_HOST” tells the client how to connect to the daemon.
  • The default is a local socket.

This guide explains how “DOCKER_HOST” can help secure the Docker daemon socket. (@Docker) Here’s some info on how to use it with Fabric8. (@fabric8io)

17. DOCKER_MACHINE_NAME

The “DOCKER_MACHINE_NAME” environment variable identifies the Docker machine to run commands.

$ env | grep DOCKER

DOCKER_HOST=tcp://192.168.99.101:2376

DOCKER_CERT_PATH=/Users/nathanleclaire/.docker/machines/.client

DOCKER_TLS_VERIFY=1

DOCKER_MACHINE_NAME=dev

Read this guide to Docker machine concepts. (@Docker) Or,  check out this getting started guide from DevOps Cube. (@devopscube)

18. DOCKER_NOWARN_KERNEL_VERSION

“DOCKER_NOWARN_KERNEL_VERSION” can be set to prevent warnings that your Linux kernel is unsuitable for Docker.

# turn off kernel version warning

$ export DOCKER_NOWARN_KERNEL_VERSION=1

What you need to know:

  • Docker 1.11 and above do not run on kernel versions earlier than 3.4.
  • “DOCKER_NOWARN_KERNEL_VERSION” lets users run Docker at their own risk.

Check out this helpful guide with info on this and other variables from Gerardnico.

19. DOCKER_OPTS

“DOCKER_OPTS” allows the user to set options in the Docker configuration.

# Use DOCKER_OPTS to modify the daemon startup options

DOCKER_OPTS = "--dns 8.8.8.8 --dns 8.8.4.4"

What you need to know:

  • “DOCKER_OPTS” is often found in configuration files.

Read this discussion of how to modify files to work with “DOCKER_OPTS.”  (@StackOverflow) Here’s some useful info from CoreOS on customizing Docker. (@coreos)

20. DOCKER_RAMDISK

The “DOCKER_RAMDISK” variable makes Docker work when root is on a ramdisk.

# tell native driver not tues pivot root

$ export DOCKER_RAMDISK=true

What you need to know:

Read this discussion of how Docker could be run in memory. (@StackOverflow) Here’s a handy list of commands from TekSlate. (@Tekslate)

21. DOCKER_TLS_VERIFY

“DOCKER_TLS_VERIFY” enables Transport Layer Security (TLS) for the local Docker client

# configu

export DOCKER_TLS_VERIFY="1"

export DOCKER_HOST="tcp://0.0.0.0:2376"

export DOCKER_CERT_PATH="/etc/docker/server.pem"

export DOCKER_MACHINE_NAME=dev

What you need to know:

  • The “DOCKER_TLS_VERIFY” environment variable default is unset (0).
  • Verifies the remote.

Read this discussion about how to set the “DOCKER_TLS_VERIFY” Docker environment variable. (@StackOverflow)

22. DOCKER_TMPDIR

“DOCKER_TMPDIR” sets the location for temporary Docker files. The temporary files are created by operations such as build and load.

# move the subdirectory for temporary files

$ export DOCKER_TMPDIR=/var/tmp

What you need to know:

  • The default is “/var/lib/docker/tmp”

Read this discussion of how Docker manages and stores files. (@StackOverflow)

23. HOME

The “HOME” variable stores the default location of Docker configuration files.

# code in a Dockerfile

USER developer

ENV HOME /home/developer

What you need to know:

  • “HOME” is used in a Dockerfile.
  • Docker sets automatically when new container is created

Read this discussion about setting the “HOME” variable in a Dockerfile. (@StackOverflow) Then, check out this list of Docker tips and tricks from Nathan LeClaire. (@dotpem)

24. HOSTNAME

“HOSTNAME” sets the hostname associated with the container.

# code in a Dockerfile

ENV HOSTNAME sandbox

What you need to know:

  • “HOSTNAME” is used in a Dockerfile.
  • Docker sets automatically when new container is created.

Read this explanation of how to handle a specific hostname in Dockerfile.

25. HTTP_PROXY

“HTTP_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.

# note the use of lower case

ENV http_proxy <HTTP_PROXY>

ENV https_proxy <HTTPS_PROXY>

# replace with your office's proxy environment

export "HTTP_PROXY=http://PROXY:PORT"

export "HTTPS_PROXY=http://PROXY:PORT"

# you can add more no_proxy with your environment.

export "NO_PROXY=*.example.com"

What you need to know:

  • The “HTTP_PROXY” environment variable is case sensitive.
  • “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests

Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Here’s another helpful tutorial on running Docker behind a proxy. (@crondevelopment)

26. HTTPS_PROXY

“HTTPS_PROXY” is also a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors.

# note the use of lower case

ENV http_proxy <HTTP_PROXY>

ENV https_proxy <HTTPS_PROXY>

# replace with your office's proxy environment

export "HTTP_PROXY=http://PROXY:PORT"

export "HTTPS_PROXY=http://PROXY:PORT"

# you can add more no_proxy with your environment.

export "NO_PROXY=*.example.com"

What you need to know:

  • The “HTTP_PROXY” environment variable is case sensitive.
  • “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests

Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) Superuser also has some helpful info about allowing all Docker containers to use a proxy. (@super_user)

27. JAVA_HOME

“JAVA_HOME” is used to set the home directory of the default Java to be used.

# Setting the Java version and its home directory

ENV JAVA_VER 8

ENV JAVA_HOME /usr/lib/jvm/java-8-oracle

What you need to know:

Read this tutorial on how to write a Dockerfile for a simple Java application. (@GetRunnable)

28. JDK_HOME

“JDK_HOME” is used to set the directory in which the Java Development Kit (JDK) is installed.

# set the environment variables

ENV JDK_HOME /usr/lib/jvm/jdk1.8.0_101

ENV JAVA_HOME /usr/lib/jvm/jdk1.8.0_101

ENV PATH $PATH:$JAVA_HOME/bin

What you need to know:

  • Set “JDK_HOME” in Docker to the JDK root folder to make the package run faster.

Check out this documentation from Confluence on predefined build parameters. (@Confluence)

29. JRE_HOME

“JRE_HOME” is used to set the location of the Java Runtime Environment (JRE).

# default Tomcat environment in the image for versions 7 & 8

CATALINA_BASE: /usr/local/tomcat

CATALINA_HOME: /usr/local/tomcat

CATALINA_TMPDIR: /usr/local/tomcat/temp

JRE_HOME: /usr

CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

The “JRE_HOME” variable includes the location of the:

  • Java Virtual Machine (JVM)
  • Java platform core classes
  • Supporting Java platform libraries

Read this article on how to fix “JRE_HOME” errors, as well as this helpful tutorial on configuring this and the JAVA_HOME variable on a Windows server. (@JAMFSoftware)

30. NAME

The “NAME” environment variable sets the container name.

# set the environment variable

ENV NAME World

What you need to know:

  • If a name is not provided, Docker will generate a random name.

Read this guide on the importance of naming Docker containers. (@Docker)

31. NO_PROXY

“NO_PROXY” is a Go environment variable. If Docker is installed on a system using a corporate network using an HTTP proxy, there may be connectivity errors

# note the use of lower case

ENV http_proxy <HTTP_PROXY>

ENV https_proxy <HTTPS_PROXY>

# replace with your office's proxy environment

export "HTTP_PROXY=http://PROXY:PORT"

export "HTTPS_PROXY=http://PROXY:PORT"

# you can add more no_proxy with your environment.

export "NO_PROXY=*.example.com"

What you need to know:

  • The “HTTP_PROXY” environment variable is case sensitive.
  • “HTTPS_PROXY” takes precedence over “HTTP_PROXY” for https requests

Read this discussion about how to build Docker images behind “HTTP_PROXY.” (@golang) OpenShift also provides some useful guidance on working with HTTP proxies. (@openshift)

32. PATH

“PATH” sets a directory on the local filesystem.

# update PATH ev in Docker container

ENV PATH "$PATH:/new/path"

What you need to know:

  • “PATH” is set automatically when a new container is created.
  • When a relative path is set, it is relative to the location of the Compose file.

Read this discussion on how to update “PATH.” (@StackOverflow) CloudBees also has some helpful information on controlling environment variables inside a Docker container. (@CloudBees)

33. TERM

“TERM” needs to be set when console programs that create text-based user interfaces are used.

# getting error msg

TERM environment variable not set.

ENV TERM xterm

What you need to know:

  • If the container was not started with the –tty option, then TERM needs to be manually set.
    • –tty sets TERM to xterm
  • Also, adding “ENV TERM xterm” to the Dockerfile will work.
  • Terminals supported:
    • xterm
    • vt220
    • xterm-color
    • putty
    • konsole
    • Eterm
    • rxvt
    • gnome
    • screen
    • linux
    • dumb

Read this discussion of how to fix terminal-related issues. (@StackOverflow) AndyK Docs offers some guidance on this, as well. (@andreaskoch)

34. AWS_ACCESS_KEY_ID

“AWS_ACCESS_KEY_ID” sets the access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.

# use flags on the command line

$ docker-machine create --driver amazonec2 --amazonec2-access-key AKI******* --amazonec2-secret-key 8T93C*******

What you need to know:

  • The “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY” variables are needed to create machines on AWS.
  • AWS access credential variables can be stored in the file ~/.aws/credentials

Read this guide to working with AWS credentials. (@awscloud) Here’s another discussion thread on the topic at CircleCI. (@circleci)

35. AWS_SECRET_ACCESS_KEY

“AWS_SECRET_ACCESS_KEY” sets the secret access key ID for the Amazon Web Services (AWS) API. This is needed to make programmatic requests to AWS.

# create during runtime

docker run -e AWS_ACCESS_KEY_ID=AKI**** -e AWS_SECRET_ACCESS_KEY=shhhhhh myimage

What you need to know:

  • The “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY” environment variables are needed to create machines on AWS.
  • AWS access credential variables can be stored in the file ~/.aws/credentials
  • AWS does not reset or retrieve secret access keys. They need to be recreated if lost.

Read this guide to the AWS secret access key. (@awscloud) Also, check out kms-env, a tool for encrypting and decrypting variables using KMS to support passing them to Docker containers. (@npm_support)

36. AWS_SESSION_TOKEN

“AWS_SESSION_TOKEN” sets temporary credentials for an Amazon Web Services (AWS) account.

# Access Key ID

AWS_ACCESS_KEY_ID=AKID

# Secret Access Key

AWS_SECRET_ACCESS_KEY=SECRET

# Session Token

AWS_SESSION_TOKEN=TOKEN

What you need to know:

  • “AWS_SESSION_TOKEN” is not required to be set.
  • AWS access credential variables can be stored in the file ~/.aws/credentials
  • Temporary credentials are valid from 15 minutes to 36 hours. Default: 12 hours.

Read this guide to using temporary security credentials to request access to AWS resources. (@awscloud) Ryan Nickel also offers some useful information on playing with variables. (@rnickel)

37. AWS_AMI

“AWS_AMI” returns the Amazon Machine Image (AMI).

export AWS_AMI=ami-5189a661 #Ubuntu Server 14.04 LTS (HVM)

What you need to know:

  • Only the default Docker AWS AMI is supported.
  • “AWS_AMI” refers to a virtual machine image.
  • The default SSH username for the default AMIs is ubuntu.

Read this discussion of how Docker containers compare to the AMI images. (@Docker) Also, check out Yevgeniy Brikman’s in-depth tutorial on running Docker on AWS from the ground-up. (@brikis98)

38. AWS_DEFAULT_REGION

“AWS_DEFAULT_REGION” sets where to make Amazon Web Services (AWS) calls against. This is usually the region closest to you, but it can be any region.

# set configuration

export AWS_ACCESS_KEY_ID="TBD"

export AWS_SECRET_ACCESS_KEY="TBD"

export AWS_DEFAULT_REGION="eu-west-1"

What you need to know:

  • The “AWS_DEFAULT_REGION” default is “us-east-1.”
  • Available regions are:
    • ap-northeast-1 (ami-b36d4edd)
    • ap-southeast-1 (ami-1069af73)
    • ap-southeast-2 (ami-1d336a7e)
    • ca-central-1 (ami-ca6ddfae)
    • cn-north-1 (ami-79eb2214)
    • eu-west-1 (ami-8aa67cf9)
    • eu-central-1 (ami-ab0210c7)
    • sa-east-1 (ami-185de774)
    • us-east-1 (ami-26d5af4c)
    • us-west-1 (ami-9cbcd2fc)
    • us-west-2 (ami-16b1a077)
    • us-gov-west-1 (ami-b0bad893)

See the Region Table for the supported services per region.  (@awscloud)

39. AWS_VPC_ID

“AWS_VPC_ID” sets the name of the virtual private cloud (VPC) dedicated to the Amazon Web Services (AWS) account.

# set configuration

$ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxx

$ export AWS_ACCESS_KEY_ID=yyyyyyyyyy

$ export AWS_VPC_ID=vpc-12345678

Read this guide to the Amazon virtual private cloud.  (@awscloud) Check out Sedden’s tutorial on getting started with Docker Machine on Amazon EC2. (@sedden)

40. AWS_ZONE

“AWS_ZONE” sets the Amazon Web Services (AWS) availability zone to set the instance in. Availability zones are distinct locations that are engineered to be isolated from failures in other availability zones.

# create container

export AWS_ACCESS_KEY_ID

export AWS_SECRET_ACCESS_KEY

export AWS_DEFAULT_REGION=ap-northeast-1

export AWS_ZONE=a

export AWS_SUBNET_ID

export AWS_INSTANCE_TYPE=c4.large

export AWS_SECURITY_GROUP

What you need to know:

  • The “AWS_ZONE” default is a.
  • AWS independently maps availability zones to identifiers for each account.

Read this guide to regions and availability zones in Amazon Web Services (AWS). (@awscloud) Also, you might find this tutorial from PromptWorks on handling environment secrets in Docker on the AWS container service helpful. (@PromptWorks)

41. AWS_SUBNET_ID

“AWS_SUBNET_ID” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) subnet ID.

# create container

export AWS_ACCESS_KEY_ID

export AWS_SECRET_ACCESS_KEY

export AWS_DEFAULT_REGION=ap-northeast-1

export AWS_ZONE=a

export AWS_SUBNET_ID

export AWS_INSTANCE_TYPE=c4.large

export AWS_SECURITY_GROUP

What you need to know:

  • Each subnet resides entirely within one availability zone and cannot span zones.

Read this guide to subnet basics in Amazon Web Services (AWS). (@awscloud) Also, check out this article on Medium about using Docker and AWS for a better dev/test experience. (@AWSstartups)

42. AWS_SECURITY_GROUP

“AWS_SECURITY_GROUP” identifies the Amazon Web Services (AWS) virtual private cloud (VPC) security group name.

# create container

export AWS_ACCESS_KEY_ID

export AWS_SECRET_ACCESS_KEY

export AWS_DEFAULT_REGION=ap-northeast-1

export AWS_ZONE=a

export AWS_SUBNET_ID

export AWS_INSTANCE_TYPE=c4.large

export AWS_SECURITY_GROUP

What you need to know:

  • The “AWS_SECURITY_GROUP” default is docker-machine.
  • The security group will be associated to the host.
  • Following ports will be opened inbound:
    • ssh (22/tcp)
    • docker (2376/tcp)
    • swarm (3376/tcp), only if the node is a swarm master

Read this guide to Amazon Web Services (AWS) virtual private cloud (VPC) security groups. (@awscloud)

43. AWS_TAGS

“AWS_TAGS” sets the Amazon Web Services (AWS) tag key-value pairs that can be passed with the instance provisioning.

# tags to use

aws_tags key1,value1,key2,value2

What you need to know:

  • “AWS_TAGS” separates keys and values by comma.
  • The tags are stored as strings.

Read this guide to Amazon Web Services (AWS) tagging strategies. (@awscloud)

44. AWS_INSTANCE_PROFILE

“AWS_INSTANCE_PROFILE” sets the Amazon Web Services (AWS) IAM role name to be used as the instance profile.

# create container

export AWS_ACCESS_KEY_ID

export AWS_SECRET_ACCESS_KEY

export AWS_DEFAULT_REGION=ap-northeast-1

export AWS_ZONE=a

export AWS_INSTANCE_PROFILE

export AWS_INSTANCE_TYPE=c4.large

export AWS_SECURITY_GROUP

What you need to know:

  • AWS Identity and Access Management (IAM) is a feature that manages users and their access to AWS resources.
  • IAM role credentials automatically rotate about every 15 minutes. This prevents stolen credentials from being valid for long.

Read this guide to IAM best practices. (@awscloud) Lyft Engineering also provides some information on scoping AWS IAM roles to Docker containers in this Medium article. (@lyfteng)

45. AWS_INSTANCE_TYPE

“AWS_INSTANCE_TYPE” specifies the instance type to run.

# create machine “aws-test”

docker-machine create -d amazonec2 \

--amazonec2-region us-west-2 \

--amazonec2-instance-type "t2.micro" \

--amazonec2-ssh-keypath ~/.ssh/ssh_key \

aws-test

What you need to know:

  • The “AWS_INSTANCE_TYPE” Docker environment variable defaults to t2.micro.
  • The instance type refers to the hardware configuration that determines resources available.

Check this list of Amazon EC2 instance types. (@awscloud)

46. AWS_DEVICE_NAME

The “AWS_DEVICE_NAME” variable specifies the EBS volume name to be attached to the instance.

# set up instance

$ export AWS_AMI="ami-11c57862"

$ export AWS_DEFAULT_REGION="eu-west-1"

$ export AWS_DEVICE_NAME="/dev/xvda"

$ export AWS_INSTANCE_TYPE="t2.small"

$ export AWS_SSH_USER="admin"

What you need to know:

  • “AWS_DEVICE_NAME” defaults to /dev/sda1.

Read this discussion about creating an instance with the default device name. (@Docker)

47. AWS_ROOT_SIZE

“AWS_ROOT_SIZE” specifies the size of the disk to be attached to the instance in gigabytes.

# default values used for EC2 instances

AWS_INSTANCE_TYPE=t2.micro

AWS_ROOT_SIZE=16

What you need to know:

  • “AWS_ROOT_SIZE” defaults to 16 gigabytes.

Read this guide to Amazon EC2 root device volumes. (@awscloud)

48. AWS_VOLUME_TYPE

“AWS_VOLUME_TYPE” specifies the Amazon EBS volume type to be attached to the instance.

# default values

AWS_INSTANCE_TYPE=t2.micro

AWS_ROOT_SIZE=16

AWS_VOLUME_TYPE= gp2

What you need to know:

  • “AWS_VOLUME_TYPE” defaults to gp2.
  • The Amazon EBS volume types available:
    • gp2 — General purpose solid-state drive.
    • io1 — High performance solid state drive.
    • st1 — Frequently accessed hard disk drive.
    • sc1 — Less frequently accessed hard disk drive.

Read this guide to Amazon EBS volume types. (@awscloud)

49. AWS_SSH_USER

“AWS_SSH_USER” specifies the SSH Login username.

# set up configuration

export AWS_AMI="ami-971a65e0"

export AWS_DEFAULT_REGION="eu-west-1"

export AWS_VPC_ID="vpc-69c9a10c"

export AWS_INSTANCE_TYPE="t1.micro"

export AWS_SSH_USER="admin"

What you need to know:

  • The “AWS_SSH_USER” Docker environment variable is ubuntu.
  • “AWS_SSH_USER” must match the default SSH user set in the AMI used.

Read this guide to connecting to an instance using SSH. (@awscloud)

50. AWS_SSH_KEYPATH

“AWS_SSH_KEYPATH” specifies the path to the SSH private key file to use for the instance.

# where to find the SSH key file

export AWS_SSH_KEYPATH = ~/.ssh/ssh_key

What you need to know:

  • If “AWS_SSH_KEYPATH” is not specified, Docker Machine will generate a new key for the current instance.
  • Matching public key with .pub extension should exist.

Read this guide to generating an SSH key. (@awscloud) Here’s some additional information on configuring credentials from Docker. (@Docker)

What variables do you use most to set up and configure server applications? Share your thoughts with us in the comments below.

About Stackify

Stackify provides developer teams with unparalleled visibility and insight into application health and behavior, both proactively in a monitoring role as well as reactively in a troubleshooting role, while eliminating the need to login to servers and other resources in order to investigate application problems.