Troubleshoot stopped containers

The stopped Docker containers are still available for troubleshooting. You can create an image of them and run them as new containers to inspect the log files and execute commands in them.

View the standard output of the failed container

docker logs MY_CONTAINER_ID

Run a failing container with a Bash terminal

If a container exists with an error within a few seconds, it can be beneficial to start a terminal window in it to view the log files and execute commands. We will override the entry point of the container to start a Bash terminal.

Create an image of the stopped container


Run the saved image as a new container and start a Bash terminal instead of the original entry point

docker run -it --entrypoint bash MY_NEW_IMAGE_NAME

Docker Swarm overview

Docker Swarm Hierarchy

  • image in the registry
  • container
  • task ( container and the command to run in it )
  • service ( one or multiple instances of the same task, like multiple copies of the same web API )
  • stack ( one or multiple services that belong together, like a front end web application, middle tier, and database server launch scripted in a .yml file )

The difference between the service and the stack is like docker run vs. docker compose, but in a Docker Swarm cluster.

Docker Swarm Services

Global service

Global services will run on every available node once.

Replicated service

The Manager distributes the given number of tasks ( containers and commands to run ) of the replicated services on the nodes based on the desired scale number, that can be one. Once a task is assigned to a node it cannot be moved, it will run on that node until stops or fails.

Docker Swarm Networking

Host network

Uses the host’s network stack without any namespace separation, and sharing all of the host’s interfaces.

Bridge network

Docker-managed Linux bridge on the Docker host. By default, all containers created on the same bridge can talk to each other.

Overlay network

An overlay network that may span over multiple Docker hosts. Uses the gossip protocol to communicate between hosts.


The container’s own network stack and namespace, without any interfaces. It stays isolated from every other network, and even its own host’s network.


Establishes connections between container interfaces and parent host interfaces. They can be used to assign IP addresses that are routable on physical networks to containers.

Docker Swarm Load Balancing

Internal load balancing

Internal load balancing is enabled by default. When a container contacts another container in the same Docker Swarm, the internal load balancer routes the request.

External ingress load balancing

To enable the external ingress load balancing, publish the port of the service with the –publish flag. Every node in the cluster starts to listen on the published port to answer incoming requests. If the service does not run a container on the node that received the request, the Routing Mesh will route the request to the node that runs the container on the Ingress Network.

Routing Mesh. Source:

Create a service with an image in a private registry

These instructions will pass the login token from your local client to the Docker Swarm nodes, so those are able to log into the registry and pull the image.

# Save the Docker Registry password in the PASSWORD environment variable 

# Log into the Docker Registry
echo $PASSWORD | docker login -u [user] --password-stdin

# Create the service
docker service create \
  --with-registry-auth \
  --name my_service \

Configure Visual Studio Code

Only tab should accept the suggestion

To force Visual Studio Code to only insert the suggested word with the Tab key, and configure the Enter key to always insert a new line

  • Open the settings page with Command-,
  • Search for tab
  • Set the Editor: Accept Suggestion On Enter to off

This enters “editor.acceptSuggestionOnEnter”: “off” into the setting.json file

Insert 2 spaces into the .yml and .yaml files when we press the tab key, use tabs in Makefile

  • Open the extensions page with Shift-Command-X
  • Install the EditorConfig for VS Code plugin
  • Save this .editorconfig file in the root of your project files above all projects ( for example in the ~/Git directory)
indent_style = tab

indent_style = space
indent_size = 2
  • Restart Visual Studio Code

Another setting for yml files, (maybe not necessary if the EditorConfig plugin is installed)

  1. Start Visual Studio Code
  2. Open the Settings page with Command-,
  3. Enter yml into the search field and press enter
  4. Click the Edit in settings.json link
  5. Enter into the settings.json file
    "[yml]": {
    "editor.insertSpaces": true,
    "editor.tabSize": 2,
    "editor.autoIndent": false
    "[yaml]": {
    "editor.insertSpaces": true,
    "editor.tabSize": 2,
    "editor.autoIndent": false

Start Visual Studio Code from the command line

  • Start Visual Studio Code
  • Open the Command Palette
    • On Mac
      • press Shift, Command, P
    • On Windows
      • press Shift, Control, P
  • Type shell command into the search box
  • Select the Shell Command: Install ‘code’ command in PATH from the list
  • Restart the terminal for the change to take effect
  • Type code in the terminal to start Visual Studio Code

Add trailing newline to every file

  • Start Visual Studio Code
  • Open Preferences -> Settings
  • Type insert final newline into the search bar
  • Check the Insert Final Newline checkbox

Useful extensions

  • EditorConfig for VS Code
  • GitLens — Git supercharged
  • Go ms-vscode.go
  • Terraform mauve.terraform
  • Bash Debug rogalmic.bash-debug

You must specify a region. You can also configure your region by running “aws configure”.

When we execute an AWS CLI command, we need to supply the AWS Region. If it is not specified, we get the error message:

You must specify a region. You can also configure your region by running “aws configure”.

We can add the region with the –region command line argument, or store it in the ~/.aws/config file.

The format of the ~/.aws/credentials file is

aws_access_key_id = …
aws_secret_access_key = …

aws_access_key_id = …
aws_secret_access_key = …

The format of the ~/.aws/config file is the following. Make sure to add the word “profile” within the square brackets for every profile you specified in the credentials file, except for the “default” one!!!

region = us-east-1
output = json

[profile my-account]
region = us-east-1
output = json

x509: certificate signed by unknown authority

I have built a Docker container with a Go application that used the Go AWS SDK. When my program tried to access an S3 bucket I got the error message

RequestError: send request failed
caused by: Get x509: certificate signed by unknown authority

To solve the problem I had to add the following line to the Dockerfile

On Ubuntu

RUN apt ca-certificates && rm -rf /var/cache/apk/*

On Alpine

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* 

Docker for Windows cannot start: “Hardware assisted virtualization and data execution protection must be enabled in the BIOS”

To start Docker on Windows, Hyper-V and the Hypervisor has to be enabled on Windows.

  1. Start a PowerShell window as administrator
  2. Enable Hyper-V
    dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All
  3. Enable the Hypervisor
    bcdedit /set hypervisorlaunchtype auto
  4. Restart the computer