{ "schemaVersion": "1.0", "item": { "slug": "container-debug", "name": "Container Debug", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/gitgoodordietrying/container-debug", "canonicalUrl": "https://clawhub.ai/gitgoodordietrying/container-debug", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/container-debug", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=container-debug", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "container-debug", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-02T02:13:03.721Z", "expiresAt": "2026-05-09T02:13:03.721Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=container-debug", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=container-debug", "contentDisposition": "attachment; filename=\"container-debug-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "container-debug" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/container-debug" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/container-debug", "agentPageUrl": "https://openagent3.xyz/skills/container-debug/agent", "manifestUrl": "https://openagent3.xyz/skills/container-debug/agent.json", "briefUrl": "https://openagent3.xyz/skills/container-debug/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Container Debug", "body": "Debug running Docker containers and Compose services. Covers logs, exec, networking, resource inspection, multi-stage builds, health checks, and common failure patterns." }, { "title": "When to Use", "body": "Container exits immediately or crashes on start\nApplication inside container behaves differently than on host\nContainers can't communicate with each other\nContainer is using too much memory or CPU\nMulti-stage Docker build produces unexpected results\nHealth checks are failing\nCompose services start in wrong order or can't connect" }, { "title": "View and filter logs", "body": "# Last 100 lines\ndocker logs --tail 100 my-container\n\n# Follow (stream) logs\ndocker logs -f my-container\n\n# Follow with timestamps\ndocker logs -f -t my-container\n\n# Logs since a time\ndocker logs --since 30m my-container\ndocker logs --since \"2026-02-03T10:00:00\" my-container\n\n# Logs between times\ndocker logs --since 1h --until 30m my-container\n\n# Compose: logs for all services\ndocker compose logs -f\n\n# Compose: logs for specific service\ndocker compose logs -f api db\n\n# Redirect logs to file for analysis\ndocker logs my-container > container.log 2>&1\n\n# Separate stdout and stderr\ndocker logs my-container > stdout.log 2> stderr.log" }, { "title": "Inspect log driver", "body": "# Check what log driver a container uses\ndocker inspect --format='{{.HostConfig.LogConfig.Type}}' my-container\n\n# If json-file driver, find the actual log file\ndocker inspect --format='{{.LogPath}}' my-container\n\n# Check log file size\nls -lh $(docker inspect --format='{{.LogPath}}' my-container)" }, { "title": "Interactive shell", "body": "# Bash (most common)\ndocker exec -it my-container bash\n\n# If bash isn't available (Alpine, distroless)\ndocker exec -it my-container sh\n\n# As root (even if container runs as non-root user)\ndocker exec -u root -it my-container bash\n\n# With specific environment variables\ndocker exec -e DEBUG=1 -it my-container bash\n\n# Run a single command (no interactive shell)\ndocker exec my-container cat /etc/os-release\ndocker exec my-container ls -la /app/\ndocker exec my-container env" }, { "title": "Debug a crashed container", "body": "# Container exited? Check exit code\ndocker inspect --format='{{.State.ExitCode}}' my-container\ndocker inspect --format='{{.State.Error}}' my-container\n\n# Common exit codes:\n# 0 = clean exit\n# 1 = application error\n# 137 = killed (OOM or docker kill) — 128 + signal 9\n# 139 = segfault — 128 + signal 11\n# 143 = terminated (SIGTERM) — 128 + signal 15\n\n# Start a stopped container to debug it\ndocker start -ai my-container\n\n# Or override the entrypoint to get a shell\ndocker run -it --entrypoint sh my-image\n\n# Copy files out of a stopped container\ndocker cp my-container:/app/error.log ./error.log\ndocker cp my-container:/etc/nginx/nginx.conf ./nginx.conf" }, { "title": "Debug without a shell (distroless / scratch images)", "body": "# Use docker cp to extract files\ndocker cp my-container:/app/config.json ./\n\n# Use nsenter to get a shell in the container's namespace (Linux)\nPID=$(docker inspect --format='{{.State.Pid}}' my-container)\nnsenter -t $PID -m -u -i -n -p -- /bin/sh\n\n# Attach a debug container to the same namespace\ndocker run -it --pid=container:my-container --net=container:my-container busybox sh\n\n# Docker Desktop: use debug extension\ndocker debug my-container" }, { "title": "Inspect container networking", "body": "# Show container IP address\ndocker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-container\n\n# Show all network details\ndocker inspect -f '{{json .NetworkSettings.Networks}}' my-container | jq\n\n# List all networks\ndocker network ls\n\n# Inspect a network (see all connected containers)\ndocker network inspect bridge\ndocker network inspect my-compose-network\n\n# Show port mappings\ndocker port my-container" }, { "title": "Test connectivity between containers", "body": "# From inside container A, reach container B\ndocker exec container-a ping container-b\ndocker exec container-a curl http://container-b:8080/health\n\n# DNS resolution inside container\ndocker exec my-container nslookup db\ndocker exec my-container cat /etc/resolv.conf\ndocker exec my-container cat /etc/hosts\n\n# Test if port is reachable\ndocker exec my-container nc -zv db 5432\ndocker exec my-container wget -qO- http://api:3000/health\n\n# If curl/ping not available in container, install or use a debug container:\ndocker run --rm --network container:my-container curlimages/curl curl -s http://localhost:8080" }, { "title": "Common networking issues", "body": "# \"Connection refused\" between containers\n# 1. Check the app binds to 0.0.0.0, not 127.0.0.1\ndocker exec my-container netstat -tlnp\n# If listening on 127.0.0.1 — fix the app config\n\n# 2. Check containers are on the same network\ndocker inspect -f '{{json .NetworkSettings.Networks}}' container-a | jq 'keys'\ndocker inspect -f '{{json .NetworkSettings.Networks}}' container-b | jq 'keys'\n\n# 3. Check published ports vs exposed ports\n# EXPOSE only documents, it doesn't publish\n# Use -p host:container to publish\n\n# \"Name not found\" — DNS not resolving container names\n# Container names resolve only on user-defined networks, NOT the default bridge\ndocker network create my-net\ndocker run --network my-net --name api my-api-image\ndocker run --network my-net --name db postgres\n# Now \"api\" and \"db\" resolve to each other" }, { "title": "Capture network traffic", "body": "# tcpdump inside a container\ndocker exec my-container tcpdump -i eth0 -n port 8080\n\n# If tcpdump not available, use a sidecar\ndocker run --rm --net=container:my-container nicolaka/netshoot tcpdump -i eth0 -n\n\n# netshoot has: tcpdump, curl, nslookup, netstat, iperf, etc.\ndocker run --rm --net=container:my-container nicolaka/netshoot bash" }, { "title": "Real-time stats", "body": "# All containers\ndocker stats\n\n# Specific containers\ndocker stats api db redis\n\n# One-shot (no streaming)\ndocker stats --no-stream\n\n# Formatted output\ndocker stats --format \"table {{.Name}}\\t{{.CPUPerc}}\\t{{.MemUsage}}\\t{{.NetIO}}\"" }, { "title": "Memory investigation", "body": "# Check memory limit\ndocker inspect --format='{{.HostConfig.Memory}}' my-container\n# 0 means unlimited\n\n# Check if container was OOM-killed\ndocker inspect --format='{{.State.OOMKilled}}' my-container\n\n# Memory usage breakdown (Linux cgroups)\ndocker exec my-container cat /sys/fs/cgroup/memory.current 2>/dev/null || \\\ndocker exec my-container cat /sys/fs/cgroup/memory/memory.usage_in_bytes\n\n# Process memory inside container\ndocker exec my-container ps aux --sort=-%mem | head -10\ndocker exec my-container top -bn1" }, { "title": "Disk usage", "body": "# Overall Docker disk usage\ndocker system df\ndocker system df -v\n\n# Container filesystem size\ndocker inspect --format='{{.SizeRw}}' my-container\n\n# Find large files inside container\ndocker exec my-container du -sh /* 2>/dev/null | sort -rh | head -10\ndocker exec my-container find /tmp -size +10M -type f\n\n# Check for log file bloat\ndocker exec my-container ls -lh /var/log/" }, { "title": "Multi-stage build debugging", "body": "# Build up to a specific stage\ndocker build --target builder -t my-app:builder .\n\n# Inspect what's in the builder stage\ndocker run --rm -it my-app:builder sh\ndocker run --rm my-app:builder ls -la /app/\ndocker run --rm my-app:builder cat /app/package.json\n\n# Check which files made it to the final image\ndocker run --rm my-image ls -laR /app/\n\n# Build with no cache (fresh build)\ndocker build --no-cache -t my-app .\n\n# Build with progress output\ndocker build --progress=plain -t my-app ." }, { "title": "Image inspection", "body": "# Show image layers (size of each)\ndocker history my-image\ndocker history --no-trunc my-image\n\n# Inspect image config (entrypoint, cmd, env, ports)\ndocker inspect my-image | jq '.[0].Config | {Cmd, Entrypoint, Env, ExposedPorts, WorkingDir}'\n\n# Compare two images\ndocker history image-a --format \"{{.Size}}\\t{{.CreatedBy}}\" > layers-a.txt\ndocker history image-b --format \"{{.Size}}\\t{{.CreatedBy}}\" > layers-b.txt\ndiff layers-a.txt layers-b.txt\n\n# Find what changed between builds\ndocker diff my-container\n# A = added, C = changed, D = deleted" }, { "title": "Define and debug health checks", "body": "# In Dockerfile\nHEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \\\n CMD curl -f http://localhost:8080/health || exit 1\n\n# Check health status\ndocker inspect --format='{{.State.Health.Status}}' my-container\n# \"healthy\", \"unhealthy\", or \"starting\"\n\n# See health check log (last 5 results)\ndocker inspect --format='{{json .State.Health}}' my-container | jq\n\n# Run health check manually\ndocker exec my-container curl -f http://localhost:8080/health\n\n# Override health check at run time\ndocker run --health-cmd \"curl -f http://localhost:8080/health || exit 1\" \\\n --health-interval 10s my-image\n\n# Disable health check\ndocker run --no-healthcheck my-image" }, { "title": "Service startup issues", "body": "# Check service status\ndocker compose ps\n\n# See why a service failed\ndocker compose logs failed-service\n\n# Start with verbose output\ndocker compose up --build 2>&1 | tee compose.log\n\n# Start a single service (with dependencies)\ndocker compose up db\n\n# Start without dependencies\ndocker compose up --no-deps api\n\n# Recreate containers from scratch\ndocker compose up --force-recreate --build\n\n# Check effective config (after variable substitution)\ndocker compose config" }, { "title": "Service dependency and startup order", "body": "# docker-compose.yml\nservices:\n api:\n depends_on:\n db:\n condition: service_healthy\n redis:\n condition: service_started\n\n db:\n image: postgres:16\n healthcheck:\n test: [\"CMD-SHELL\", \"pg_isready -U postgres\"]\n interval: 5s\n timeout: 5s\n retries: 5\n\n redis:\n image: redis:7\n healthcheck:\n test: [\"CMD\", \"redis-cli\", \"ping\"]\n interval: 5s\n timeout: 5s\n retries: 5\n\n# Wait for a service to be healthy before running commands\ndocker compose up -d db\ndocker compose exec db pg_isready # Polls until ready\ndocker compose up -d api" }, { "title": "Cleanup", "body": "# Remove stopped containers\ndocker container prune\n\n# Remove unused images\ndocker image prune\n\n# Remove everything unused (containers, images, networks, volumes)\ndocker system prune -a\n\n# Remove volumes too (WARNING: deletes data)\ndocker system prune -a --volumes\n\n# Remove dangling build cache\ndocker builder prune" }, { "title": "Tips", "body": "docker logs -f is the first thing to check. Most container failures are visible in the logs.\nExit code 137 means OOM-killed. Increase the memory limit or fix the memory leak.\nApps inside containers must bind to 0.0.0.0, not 127.0.0.1. Localhost inside a container is isolated.\nContainer names only resolve via DNS on user-defined networks, not the default bridge. Always create a custom network for multi-container setups.\ndocker exec only works on running containers. For crashed containers, use docker cp to extract logs or override the entrypoint with docker run --entrypoint sh.\nnicolaka/netshoot is the Swiss Army knife for container networking. It has every networking tool pre-installed.\n--progress=plain during builds shows full command output, which is essential for debugging build failures.\nHealth checks with start-period prevent false unhealthy status during slow application startup." } ], "body": "Container Debug\n\nDebug running Docker containers and Compose services. Covers logs, exec, networking, resource inspection, multi-stage builds, health checks, and common failure patterns.\n\nWhen to Use\nContainer exits immediately or crashes on start\nApplication inside container behaves differently than on host\nContainers can't communicate with each other\nContainer is using too much memory or CPU\nMulti-stage Docker build produces unexpected results\nHealth checks are failing\nCompose services start in wrong order or can't connect\nContainer Logs\nView and filter logs\n# Last 100 lines\ndocker logs --tail 100 my-container\n\n# Follow (stream) logs\ndocker logs -f my-container\n\n# Follow with timestamps\ndocker logs -f -t my-container\n\n# Logs since a time\ndocker logs --since 30m my-container\ndocker logs --since \"2026-02-03T10:00:00\" my-container\n\n# Logs between times\ndocker logs --since 1h --until 30m my-container\n\n# Compose: logs for all services\ndocker compose logs -f\n\n# Compose: logs for specific service\ndocker compose logs -f api db\n\n# Redirect logs to file for analysis\ndocker logs my-container > container.log 2>&1\n\n# Separate stdout and stderr\ndocker logs my-container > stdout.log 2> stderr.log\n\nInspect log driver\n# Check what log driver a container uses\ndocker inspect --format='{{.HostConfig.LogConfig.Type}}' my-container\n\n# If json-file driver, find the actual log file\ndocker inspect --format='{{.LogPath}}' my-container\n\n# Check log file size\nls -lh $(docker inspect --format='{{.LogPath}}' my-container)\n\nExec Into Containers\nInteractive shell\n# Bash (most common)\ndocker exec -it my-container bash\n\n# If bash isn't available (Alpine, distroless)\ndocker exec -it my-container sh\n\n# As root (even if container runs as non-root user)\ndocker exec -u root -it my-container bash\n\n# With specific environment variables\ndocker exec -e DEBUG=1 -it my-container bash\n\n# Run a single command (no interactive shell)\ndocker exec my-container cat /etc/os-release\ndocker exec my-container ls -la /app/\ndocker exec my-container env\n\nDebug a crashed container\n# Container exited? Check exit code\ndocker inspect --format='{{.State.ExitCode}}' my-container\ndocker inspect --format='{{.State.Error}}' my-container\n\n# Common exit codes:\n# 0 = clean exit\n# 1 = application error\n# 137 = killed (OOM or docker kill) — 128 + signal 9\n# 139 = segfault — 128 + signal 11\n# 143 = terminated (SIGTERM) — 128 + signal 15\n\n# Start a stopped container to debug it\ndocker start -ai my-container\n\n# Or override the entrypoint to get a shell\ndocker run -it --entrypoint sh my-image\n\n# Copy files out of a stopped container\ndocker cp my-container:/app/error.log ./error.log\ndocker cp my-container:/etc/nginx/nginx.conf ./nginx.conf\n\nDebug without a shell (distroless / scratch images)\n# Use docker cp to extract files\ndocker cp my-container:/app/config.json ./\n\n# Use nsenter to get a shell in the container's namespace (Linux)\nPID=$(docker inspect --format='{{.State.Pid}}' my-container)\nnsenter -t $PID -m -u -i -n -p -- /bin/sh\n\n# Attach a debug container to the same namespace\ndocker run -it --pid=container:my-container --net=container:my-container busybox sh\n\n# Docker Desktop: use debug extension\ndocker debug my-container\n\nNetworking\nInspect container networking\n# Show container IP address\ndocker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-container\n\n# Show all network details\ndocker inspect -f '{{json .NetworkSettings.Networks}}' my-container | jq\n\n# List all networks\ndocker network ls\n\n# Inspect a network (see all connected containers)\ndocker network inspect bridge\ndocker network inspect my-compose-network\n\n# Show port mappings\ndocker port my-container\n\nTest connectivity between containers\n# From inside container A, reach container B\ndocker exec container-a ping container-b\ndocker exec container-a curl http://container-b:8080/health\n\n# DNS resolution inside container\ndocker exec my-container nslookup db\ndocker exec my-container cat /etc/resolv.conf\ndocker exec my-container cat /etc/hosts\n\n# Test if port is reachable\ndocker exec my-container nc -zv db 5432\ndocker exec my-container wget -qO- http://api:3000/health\n\n# If curl/ping not available in container, install or use a debug container:\ndocker run --rm --network container:my-container curlimages/curl curl -s http://localhost:8080\n\nCommon networking issues\n# \"Connection refused\" between containers\n# 1. Check the app binds to 0.0.0.0, not 127.0.0.1\ndocker exec my-container netstat -tlnp\n# If listening on 127.0.0.1 — fix the app config\n\n# 2. Check containers are on the same network\ndocker inspect -f '{{json .NetworkSettings.Networks}}' container-a | jq 'keys'\ndocker inspect -f '{{json .NetworkSettings.Networks}}' container-b | jq 'keys'\n\n# 3. Check published ports vs exposed ports\n# EXPOSE only documents, it doesn't publish\n# Use -p host:container to publish\n\n# \"Name not found\" — DNS not resolving container names\n# Container names resolve only on user-defined networks, NOT the default bridge\ndocker network create my-net\ndocker run --network my-net --name api my-api-image\ndocker run --network my-net --name db postgres\n# Now \"api\" and \"db\" resolve to each other\n\nCapture network traffic\n# tcpdump inside a container\ndocker exec my-container tcpdump -i eth0 -n port 8080\n\n# If tcpdump not available, use a sidecar\ndocker run --rm --net=container:my-container nicolaka/netshoot tcpdump -i eth0 -n\n\n# netshoot has: tcpdump, curl, nslookup, netstat, iperf, etc.\ndocker run --rm --net=container:my-container nicolaka/netshoot bash\n\nResource Usage\nReal-time stats\n# All containers\ndocker stats\n\n# Specific containers\ndocker stats api db redis\n\n# One-shot (no streaming)\ndocker stats --no-stream\n\n# Formatted output\ndocker stats --format \"table {{.Name}}\\t{{.CPUPerc}}\\t{{.MemUsage}}\\t{{.NetIO}}\"\n\nMemory investigation\n# Check memory limit\ndocker inspect --format='{{.HostConfig.Memory}}' my-container\n# 0 means unlimited\n\n# Check if container was OOM-killed\ndocker inspect --format='{{.State.OOMKilled}}' my-container\n\n# Memory usage breakdown (Linux cgroups)\ndocker exec my-container cat /sys/fs/cgroup/memory.current 2>/dev/null || \\\ndocker exec my-container cat /sys/fs/cgroup/memory/memory.usage_in_bytes\n\n# Process memory inside container\ndocker exec my-container ps aux --sort=-%mem | head -10\ndocker exec my-container top -bn1\n\nDisk usage\n# Overall Docker disk usage\ndocker system df\ndocker system df -v\n\n# Container filesystem size\ndocker inspect --format='{{.SizeRw}}' my-container\n\n# Find large files inside container\ndocker exec my-container du -sh /* 2>/dev/null | sort -rh | head -10\ndocker exec my-container find /tmp -size +10M -type f\n\n# Check for log file bloat\ndocker exec my-container ls -lh /var/log/\n\nDockerfile Debugging\nMulti-stage build debugging\n# Build up to a specific stage\ndocker build --target builder -t my-app:builder .\n\n# Inspect what's in the builder stage\ndocker run --rm -it my-app:builder sh\ndocker run --rm my-app:builder ls -la /app/\ndocker run --rm my-app:builder cat /app/package.json\n\n# Check which files made it to the final image\ndocker run --rm my-image ls -laR /app/\n\n# Build with no cache (fresh build)\ndocker build --no-cache -t my-app .\n\n# Build with progress output\ndocker build --progress=plain -t my-app .\n\nImage inspection\n# Show image layers (size of each)\ndocker history my-image\ndocker history --no-trunc my-image\n\n# Inspect image config (entrypoint, cmd, env, ports)\ndocker inspect my-image | jq '.[0].Config | {Cmd, Entrypoint, Env, ExposedPorts, WorkingDir}'\n\n# Compare two images\ndocker history image-a --format \"{{.Size}}\\t{{.CreatedBy}}\" > layers-a.txt\ndocker history image-b --format \"{{.Size}}\\t{{.CreatedBy}}\" > layers-b.txt\ndiff layers-a.txt layers-b.txt\n\n# Find what changed between builds\ndocker diff my-container\n# A = added, C = changed, D = deleted\n\nHealth Checks\nDefine and debug health checks\n# In Dockerfile\nHEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \\\n CMD curl -f http://localhost:8080/health || exit 1\n\n# Check health status\ndocker inspect --format='{{.State.Health.Status}}' my-container\n# \"healthy\", \"unhealthy\", or \"starting\"\n\n# See health check log (last 5 results)\ndocker inspect --format='{{json .State.Health}}' my-container | jq\n\n# Run health check manually\ndocker exec my-container curl -f http://localhost:8080/health\n\n# Override health check at run time\ndocker run --health-cmd \"curl -f http://localhost:8080/health || exit 1\" \\\n --health-interval 10s my-image\n\n# Disable health check\ndocker run --no-healthcheck my-image\n\nDocker Compose Debugging\nService startup issues\n# Check service status\ndocker compose ps\n\n# See why a service failed\ndocker compose logs failed-service\n\n# Start with verbose output\ndocker compose up --build 2>&1 | tee compose.log\n\n# Start a single service (with dependencies)\ndocker compose up db\n\n# Start without dependencies\ndocker compose up --no-deps api\n\n# Recreate containers from scratch\ndocker compose up --force-recreate --build\n\n# Check effective config (after variable substitution)\ndocker compose config\n\nService dependency and startup order\n# docker-compose.yml\nservices:\n api:\n depends_on:\n db:\n condition: service_healthy\n redis:\n condition: service_started\n\n db:\n image: postgres:16\n healthcheck:\n test: [\"CMD-SHELL\", \"pg_isready -U postgres\"]\n interval: 5s\n timeout: 5s\n retries: 5\n\n redis:\n image: redis:7\n healthcheck:\n test: [\"CMD\", \"redis-cli\", \"ping\"]\n interval: 5s\n timeout: 5s\n retries: 5\n\n# Wait for a service to be healthy before running commands\ndocker compose up -d db\ndocker compose exec db pg_isready # Polls until ready\ndocker compose up -d api\n\nCleanup\n# Remove stopped containers\ndocker container prune\n\n# Remove unused images\ndocker image prune\n\n# Remove everything unused (containers, images, networks, volumes)\ndocker system prune -a\n\n# Remove volumes too (WARNING: deletes data)\ndocker system prune -a --volumes\n\n# Remove dangling build cache\ndocker builder prune\n\nTips\ndocker logs -f is the first thing to check. Most container failures are visible in the logs.\nExit code 137 means OOM-killed. Increase the memory limit or fix the memory leak.\nApps inside containers must bind to 0.0.0.0, not 127.0.0.1. Localhost inside a container is isolated.\nContainer names only resolve via DNS on user-defined networks, not the default bridge. Always create a custom network for multi-container setups.\ndocker exec only works on running containers. For crashed containers, use docker cp to extract logs or override the entrypoint with docker run --entrypoint sh.\nnicolaka/netshoot is the Swiss Army knife for container networking. It has every networking tool pre-installed.\n--progress=plain during builds shows full command output, which is essential for debugging build failures.\nHealth checks with start-period prevent false unhealthy status during slow application startup." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/gitgoodordietrying/container-debug", "publisherUrl": "https://clawhub.ai/gitgoodordietrying/container-debug", "owner": "gitgoodordietrying", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/container-debug", "downloadUrl": "https://openagent3.xyz/downloads/container-debug", "agentUrl": "https://openagent3.xyz/skills/container-debug/agent", "manifestUrl": "https://openagent3.xyz/skills/container-debug/agent.json", "briefUrl": "https://openagent3.xyz/skills/container-debug/agent.md" } }