This repository has been trending on GitHub. I appreciate your support.
Buy the book (Painless Docker):
Read this in other languages: English, Russian, Persian, Chinese
- Installation
- Docker Registries & Repositories
- Running Containers
- Starting & Stopping Containers
- Getting Information about Containers
- Networking
- Security
- Cleaning Docker
- Docker Swarm
- Notes
For more information, see here
curl -sSL https://get.docker.com/ | sh
For more information, see here
Use this link to download the dmg.
https://download.docker.com/mac/stable/Docker.dmg
Open the downloaded file and follow the installation instructions.
For more information, see here
Use the msi installer:
https://download.docker.com/win/stable/InstallDocker.msi
Open the downloaded file and follow the installation instructions.
docker login
docker login localhost:8080
docker logout
docker logout localhost:8080
docker search nginx
docker search --filter stars=3 --no-trunc nginx
docker image pull nginx
docker image pull eon01/nginx localhost:5000/myadmin/nginx
docker image push eon01/nginx
docker image push eon01/nginx localhost:5000/myadmin/nginx
-Start an ubuntu:latest image
- Bind the port
80
from the CONTAINER to port3000
on the HOST- Mount the current directory to
/data
on the CONTAINER- Note: on windows you have to change
-v ${PWD}:/data
to-v "C:\Data":/data
docker container run --name infinite -it -p 3000:80 -v ${PWD}:/data ubuntu:latest
docker container create -t -i eon01/infinite --name infinite
docker container run -it --name infinite -d eon01/infinite
docker container rename infinite infinity
docker container rm infinite
A container can be removed only after stopping it using docker stop
command. To avoid this, add the --rm
flag while running the container.
docker container update --cpu-shares 512 -m 300M infinite
docker exec -it infinite sh
In the example above, bash
can replace sh
as an alternative (if the above is giving an error).
docker container start nginx
docker container stop nginx
docker container restart nginx
docker container pause nginx
docker container unpause nginx
docker container wait nginx
docker container kill nginx
docker container kill -s HUP nginx
docker container attach nginx
Shortest way:
docker ps
Alternative:
docker container ls
docker ps -a
docker container ls -a
docker logs infinite
docker container logs infinite -f
docker container inspect infinite
docker container inspect --format '{{ .NetworkSettings.IPAddress }}' $(docker ps -q)
docker system events infinite
docker container port infinite
docker container top infinite
docker container stats infinite
docker container diff infinite
docker image ls
docker build .
docker build github.com/creack/docker-firefox
Instead of Specifying a Context, You Can Pass a Single Dockerfile in the URL or Pipe the File in via STDIN
docker build - < Dockerfile
docker build - < context.tar.gz
docker build -t eon/infinite .
docker build -f myOtherDockerfile .
curl example.com/remote/Dockerfile | docker build -f - .
docker image rm nginx
docker image load < ubuntu.tar.gz
docker image load --input ubuntu.tar
docker image save busybox > ubuntu.tar
docker image history
docker container commit nginx
docker image tag nginx eon01/nginx
docker image push eon01/nginx
docker network create -d overlay MyOverlayNetwork
docker network create -d bridge MyBridgeNetwork
docker network create -d overlay \
--subnet=192.168.0.0/16 \
--subnet=192.170.0.0/16 \
--gateway=192.168.0.100 \
--gateway=192.170.0.100 \
--ip-range=192.168.1.0/24 \
--aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
--aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
MyOverlayNetwork
docker network rm MyOverlayNetwork
docker network ls
docker network inspect MyOverlayNetwork
docker network connect MyOverlayNetwork nginx
docker container run -it -d --network=MyOverlayNetwork nginx
docker network disconnect MyOverlayNetwork nginx
Using Dockerfile, you can expose a port on the container using:
EXPOSE <port_number>
You can also map the container port to a host port using:
docker run -p $HOST_PORT:$CONTAINER_PORT --name <container_name> -t <image>
e.g.
docker run -p $HOST_PORT:$CONTAINER_PORT --name infinite -t infinite
- Prefer minimal base images
- Dedicated user on the image as the least privileged user
- Sign and verify images to mitigate MITM attacks
- Find, fix and monitor for open source vulnerabilities
- Donβt leak sensitive information to docker images
- Use fixed tags for immutability
- Use COPY instead of ADD
- Use labels for metadata
- Use multi-stage builds for small secure images
- Use a linter
You can find more nformation on Snyk's 10 Docker Image Security Best Practices blog post.
docker container rm nginx
docker container rm -v nginx
docker container rm $(docker container ls -a -f status=exited -q)
docker container rm `docker container ls -a -q`
docker image rm nginx
docker image rm $(docker image ls -f dangling=true -q)
docker image rm $(docker image ls -a -q)
docker image rm -f $(docker image ls | grep "^<none>" | awk "{print $3}")
docker container stop $(docker container ls -a -q) && docker container rm $(docker container ls -a -q)
docker volume rm $(docker volume ls -f dangling=true -q)
docker system prune -f
docker system prune -a
curl -ssl https://get.docker.com | bash
docker swarm init --advertise-addr 192.168.10.1
docker swarm join-token worker
docker swarm join-token manager
docker service ls
docker node ls
docker service create --name vote -p 8080:80 instavote/vote
docker service ps
docker service scale vote=3
docker service update --image instavote/vote:movies vote
docker service update --force --update-parallelism 1 --update-delay 30s nginx
docker service update --update-parallelism 5--update-delay 2s --image instavote/vote:indent vote
docker service update --limit-cpu 2 nginx
docker service update --replicas=5 nginx