Try Documentalist, my app that offers fast, offline access to 190+ programmer API docs.

docker commands
run
docker run --rm -it --name=name -p <host>:<container> -v <host>:<container> <image> <cmd>
Options:
  • —rm : delete when finished running
  • -it : interactive and allocate tty (needed when running interactive commands like bash)
  • -d : run in background
  • -p : expose port inside container to host e.g. -p 3333:80 exposes port 80 inside the container as port 3333 in the host
  • -v : mount a host directory inside the container e.g. -v $(pwd)/..:/opt/script:ro
    • ro stands for read-only; can also be rw for read-write
  • --privileged=true : run as root
Notes:
  • —rm and -it are often used to run ad-hoc commands
  • -d is used for running long-lived containers (e.g. a database). those can be stopped with docker stop <container>
start
docker start ${containerId} : start a container that exited/is stopped
stop
docker stop ${containerId} : stops a container
exec
docker exec -it <container> /bin/bash
  • -t : allocate tty (needed for interactive programs like bash)
  • -i : interactive mode
images
docker images : list images
  • -a : include intermediary containers
build
docker build : build an image from Dockerfile description
  • -f : name of docker file (Dockerfile by default)
  • -t : tag with ${repository}:${tag}, ${tag} is optional
ps
docker ps : list containers
  • -a : list exited containers
rm
docker rm ${containerId} : remove a container
rmi
docker rmi ${image} : remove an image
inspect
docker inspect ${containerId} : list info about a container as json
docker concepts
image
  • is built from description in Dockerfile, e.g.: docker build -t ${imageTag} -f Dockerfile .
  • if specified by name and not present locally, will be downloaded from docker store e.g. docker run ubuntu:18:04 will download ubuntu image from https://store.docker.com/images/ubuntu
  • list local images: docker images
  • delete with docker rmi ${imageTag}
  • delete untagged (likely stale) images: docker rmi $(docker images | grep none | awk '{print $3}')
interesting images
container
  • an image that is running
multi-stage builds for smaller images
Basically a single docker file can have stages, first stage builds the thing, second stage copies only needed files to a fresh image. Available since 17.05.0 (currently requires beta channel on Mac)
# build stage
FROM golang:alpine AS build-env
ADD . /src
RUN cd /src && go build -o goapp

# final stage
FROM alpine
WORKDIR /app
COPY --from=build-env /src/goapp /app/
EXPOSE 80
ENTRYPOINT ./goapp
Example multi-stage docker for Go program that uses cgo: https://github.com/h2non/imaginary/blob/master/Dockerfile
smallest image for Go (scratch)
https://github.com/OpenBazaar/openbazaar-go/blob/98c9ac8ff6ad4b84674134398e890d3dc8912bb6/Dockerfile is an example of using 2 stage to build in golang image and run in scratch image
networking
articles
https://www.wezm.net/technical/2019/02/alpine-linux-docker-infrastructure/ : an example of using docker-compose to run multiple things
https://fn.lc/post/docker-scratch/ : Running Untrusted Code in a Secure Docker Container from Scratch
delete untagged images
docker rmi $(docker images | grep none | awk '{print $3}')
remove stopped containers
docker rm $(docker ps -a | awk '{print $1}')
tips
allowing 2 containers to communicate i.e. networking
Scenario: container-2 needs to talk to a port exposed by container-1
Version 1:
Version 2:
  • container-1: expose the port with --expose ${port}
  • container-2: docker run --link="container-1" . This adds /etc/hosts entry for container-1 with the right ip address so that container-2 can use container1:${port} as ip address
Version 3:
  • container-1: docker run --expose ${port} --net-alias="container-1". This exposes container ip under name container-1 in the network so container-2 can use it. Only valid in

Feedback about page:

Feedback:
Optional: your email if you want me to get back to you:

Need fast, offline access to 190+ programmer API docs? Try my app Documentalist for Windows