My host system is Arch Linux, and the Docker image is "base/arch" (archlinux) with my own modifications. Unbound is installed on a committed image, but I don't quite know how to launch the container with the service running since SystemD is not meant to run in Docker.
How do I actually launch the container with Unbound running as a service?
I've gone through some basic tutorials, but most of them cover launching pre-built containers:
Dockers basic course.
Digital Ocean overview.
For this answer, I'm assuming that you've installed Unbound by simply installing the
community/unbound package via pacman.
You can inspect the systemd unit files that are installed alongside the package to determine how to actually start the server. Have a look at
[Unit] Description=Unbound DNS Resolver After=network.target [Service] ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ PIDFile=/run/unbound.pid ExecStart=/usr/bin/unbound -d ExecReload=/bin/kill -HUP $MAINPID Restart=always [Install] WantedBy=multi-user.target
Most important is the
ExecStart line. This describes the command that systemd uses to actually start the service. According to
unbound's help (
unbound -h), the
-d switch means do not fork into the background (which is a good thing because that's also exactly what you need to start Unbound in a Docker contaier).
ExecStartPre command can be a simple
RUN step when building the image.
In conclusion, you can translate this into a Dockerfile similar to this:
FROM base/arch # <omitted> RUN /bin/cp -f /etc/trusted-key.key /etc/unbound/ CMD ["/usr/bin/unbound", "-d"]