[Generated by AI](https://www.bing.com/images/create/a-nice-logo-for-a-blog-post-about-file-system-in-c/1-65ef5d10460f428181c3ff8bcc359936?id=goqww%2bR2QLJoCYN4XjxV2w%3d%3d&view=detailv2&idpp=genimg&idpclose=1&thId=OIG2.yF78KU7PXi.xzuZrKVJa&FORM=SYDBIC)

Best practices for writing Dockerfiles - Follow "Filesystem Hierarchy Standard"

When it comes to building Docker images, adhering to the “Filesystem Hierarchy Standard”12 can greatly enhance the organization and maintainability of your containers. Unfortunately, it’s not uncommon to encounter Docker images where files are haphazardly scattered across directories, leading to confusion and unnecessary complications. Let’s delve into some best practices to ensure your Dockerfiles follow the FHS guidelines, thus avoiding common pitfalls and streamlining your container development process. Below you can find the most important directories, from the perspective of Docker images....

2024-03-11 · 3 min · timor
[Cloudflare Pages](https://pages.cloudflare.com) and [Hugo](https://gohugo.io)

Optimizing Hugo static site redirects with Cloudflare Pages

I used to utilize GitHub Pages to serve static content for my blog. I secured it behind Cloudflare to employ a custom domain and automate HTTPS certificate management. Additionally, I utilized a few Page Rules to implement redirects: From www.* to non-www, From HTTP to HTTPS, And for some SEO renaming. Unfortunately, in the Free plan from Cloudflare, you are limited to: 3 Page Rules (with simple glob matching), 10 Transformation Rules (no regex rules), 10 Redirect Rules (no regex)....

2024-03-04 · 3 min · timor
[Renovate Bot](https://github.com/renovatebot/renovate)

Automatic updates of Docker images with Renovate Bot

I’ve been writing recently about best practices for patching and deprecating Docker images , but today I want to show how to automate a huge part of this process. You might already hear about Dependabot1, it’s a Github’s way to notify developers about security vulnerabilities in their projects. Renovate2 is similar tool3, but doesn’t require Github. For my professional work I use Bitbucket, so Renovate feels more universal as can be used anywhere....

2024-03-01 · 4 min · timor
[xkcd.com](https://xkcd.com/349/)

Keeping Docker afloat - Best practices for patching and deprecating images

Intro One of the biggest benefits of Docker images is their immutability. Once they’re built, they don’t change. Built once, would work forever… That’s how nightmares of security guys starts 🤣 We have then two contradictory concepts: flowchart LR id1(Keep it stable) <---> id2(Keep is up to date and secure) For day to day work, usually first concept wins. You want your builds stable and try to avoid tempting distractions of upgrading log4j to latest version… Who knows what might break....

2024-02-09 · 7 min · timor

Tuning PipeWire for best audio quality on Ubuntu

TL;DR If you’re not interested in the “story of my life”, go directly to “Tuning PipeWire ” section. I’m not an audiophile, but I spent whole days in the headphones and I like when sound sounds good. I like slight bass boost, which adds this kick to the melody, but won’t overwhelm me after an hour of listening. I like when high tones are clear, but I get annoyed if they’re too strong....

2024-01-28 · 8 min · timor
[Cloudflare](https://www.cloudflare.com)

Maximizing page performance and security with Cloudflare tuning

Info I use free tier of Cloudflare and all recommendations assume only those are available. Why to cache statically generated blog? My Blog is statically generated website served from Github Pages  external link . As Github don’t allow to easily set my own domain (at least in free version), I needed some kind of proxy that: can serve page from my domain, will provide valid certificate for HTTPS. Info...

2024-01-11 · 8 min · timor
[Photo by RealToughCandy.com from Pexels](https://www.pexels.com/photo/a-person-holing-a-sticker-in-close-up-photography-11035380/)

The best way to get NVM working in CI/CD systems

TL;DR While reasoning is important, readers may not be interested in all the frustrations I experienced while figuring out how to get things done. If you’re looking for a quick solution, skip to the “What eventually worked?” section. However, if you’re interested in the thought process behind the solution, keep reading. Why? Some might bother why the hell I’d like to make my life so hard? 🤣 We used to use nodeenv  external link for that purpose....

2023-04-25 · 10 min · timor
[Photo by Lu Li from Pexels](https://www.pexels.com/photo/men-in-horses-raising-cattles-8916937/)

Change configuration of Docker daemon in Rancher Desktop

I switched recently from Docker Desktop  external link on my MacBook to Rancher Desktop  external link . The most important reason for me to do it, was possibility to gently switch between docker and containerd runtimes. There’s still one feature that I miss on Rancher Desktop - possibility to change Docker daemon configuration. I used to enable experimental features1 and BuildKit2. Sadly, there’s no easy way to do it on Rancher… But there’s a magical way3....

2023-03-23 · 1 min · timor
[Photo by Ghasiq Anjum from Pexels](https://www.pexels.com/photo/metal-trash-bin-on-the-side-of-the-street-12841982/)

Best practices for writing Dockerfiles - Use VOLUME for all mutable, temporary file locations

IMO people don’t understand how VOLUME1 works so they don’t use it. It’s generally used far too rarely! In short VOLUME means two things: Whatever is left in directory marked as VOLUME, stays there and can’t be changed in later layers (actually it can be changed but changes won’t be persistent). Volumes are not part of layered image FS. They’re mounted as anonymous volumes located on standard file system. This means they’re working much faster....

2022-09-12 · 2 min · timor
[Photo by Tom Fisk from Pexels](https://www.pexels.com/photo/birds-eye-view-photo-of-freight-containers-2226458/)

Best practices for writing Dockerfiles - Use .dockerignore

People often complain, that building Docker image takes a long time. “I just added a single jar package” they say… Really? They often don’t remember that whole “build context”1 is uploaded to Docker daemon during build, which often means they’re not only adding “single jar”, but also all sources, test results and whatever they have in working directory. Solution is simple - to use .dockerignore file2. Syntax is similar to ....

2022-09-11 · 1 min · timor