Common Docker Tips and Tricks
The following are some useful Docker commands and techniques that can help you manage your containers and images more effectively. Each section includes explanations of when and how to use these commands.
Install Docker
To install Docker on AnduinOS, please follow the instructions here.
Build an Image from a Dockerfile
docker build -t image_name:tag .
Explanation:
docker build
: Builds a Docker image from a Dockerfile.-t image_name:tag
: Tags the image with a name and an optional tag (default islatest
)..
: Specifies the build context (current directory).
When to use:
Use this command when you have a Dockerfile
defining your image and you want to build it into an image that you can run or push to a registry.
Run a Command Inside a Running Container
docker exec -it container_id_or_name bash
Explanation:
docker exec
: Runs a command in a running container.-it
: Makes the session interactive with a TTY.container_id_or_name
: The ID or name of the container.bash
: The command to run inside the container (opens a Bash shell).
When to use:
Use this command when you need to access the shell of a running container to inspect, debug, or modify the container's environment.
Map Ports Between Host and Container
docker run -p host_port:container_port image_name
Explanation:
docker run
: Runs a new container.-p host_port:container_port
: Maps a port on the host to a port inside the container.image_name
: The image to run.
When to use:
Use this command when you want to expose a service running inside the container (like a web server) to the host machine or external network.
Use Volumes to Persist Data
docker run -v /host/path:/container/path image_name
Explanation:
-v /host/path:/container/path
: Binds a directory from the host to the container./host/path
: The directory on the host machine./container/path
: The directory inside the container.
When to use:
Use volumes when you need to persist data generated by the container or share data between the host and the container.
Set Environment Variables in a Container
docker run -e VARIABLE_NAME=value image_name
Explanation:
-e VARIABLE_NAME=value
: Sets an environment variable inside the container.VARIABLE_NAME
: The name of the environment variable.value
: The value to assign to the environment variable.
When to use:
Use this command to pass configuration settings or sensitive information (though not secrets) to the containerized application.
Limit Container Resources
Limit CPU Usage:
docker run --cpus="1.5" image_name
Limit Memory Usage:
docker run --memory="500m" image_name
Explanation:
--cpus="1.5"
: Limits the container to use at most 1.5 CPU cores.--memory="500m"
: Limits the container to use at most 500 MB of RAM.
When to use:
Use resource limits to prevent a single container from consuming excessive resources on the host machine.
Check Container Logs
docker logs container_id_or_name
Explanation:
docker logs
: Fetches the logs of a container.container_id_or_name
: The ID or name of the container.
When to use:
Use this command to view the stdout and stderr output of a container, which is helpful for debugging and monitoring.
Remove Dangling Images
docker image prune -f
Explanation:
docker image prune
: Removes dangling images (images not tagged and not referenced by any container).-f
: Forces the prune operation without confirmation.
When to use:
Use this command to clean up unused images and free up disk space.
Inspect a Container or Image
Inspect a Container:
docker inspect container_id_or_name
Inspect an Image:
docker inspect image_name:tag
Explanation:
docker inspect
: Returns detailed information about a container or image in JSON format.
When to use:
Use this command when you need in-depth information about the configuration and state of a container or image.
Use docker-compose
to Manage Multi-Container Applications
docker-compose.yml
Example:
version: '3'
services:
web:
image: nginx:latest
ports:
- "80:80"
db:
image: postgres:latest
environment:
- POSTGRES_PASSWORD=example
Run the Application:
docker-compose up -d
Explanation:
docker-compose.yml
: Defines services, networks, and volumes for a Docker application.docker-compose up -d
: Builds, (re)creates, starts, and attaches to containers for a service in detached mode.
When to use:
Use docker-compose
when you need to run multi-container Docker applications with complex configurations.
Tag and Push an Image to a Registry
Tag the Image:
docker tag local_image:tag username/repository:tag
Push the Image:
docker push username/repository:tag
Explanation:
docker tag
: Creates a tag TARGET_IMAGE that refers to SOURCE_IMAGE.docker push
: Uploads an image to a registry.
When to use:
Use these commands when you want to share your image via a Docker registry like Docker Hub or a private registry.
Run a Container in Detached Mode
docker run -d image_name
Explanation:
-d
: Runs the container in the background (detached mode).
When to use:
Use detached mode when you want the container to run continuously in the background without tying up your terminal.
Remove All Stopped Containers
docker container prune -f
Explanation:
docker container prune
: Removes all stopped containers.-f
: Forces the prune operation without confirmation.
When to use:
Use this command to clean up stopped containers that are no longer needed.
Save and Load Docker Images
Save an Image to a File:
docker save -o image.tar image_name:tag
Load an Image from a File:
docker load -i image.tar
Explanation:
docker save
: Saves one or more images to a tar archive.docker load
: Loads an image from a tar archive or STDIN.
When to use:
Use these commands when you need to transfer images between systems without using a registry.
Pull the Latest Version of an Image
docker pull image_name:latest
Explanation:
docker pull
: Pulls an image or a repository from a registry.image_name:latest
: Specifies the image and thelatest
tag.
When to use:
Use this command to ensure you have the most recent version of an image from the registry.
Stop and Remove All Containers
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
Explanation:
docker ps -aq
: Lists all container IDs (quiet mode).docker stop
: Stops running containers.docker rm
: Removes containers.
When to use:
Use these commands when you need to quickly stop and remove all containers, such as during a cleanup process.
Run a Container with a Specific Restart Policy
docker run --restart unless-stopped image_name
Explanation:
--restart unless-stopped
: Restarts the container unless it is explicitly stopped.
When to use:
Use restart policies to control whether your containers start automatically when they exit or when Docker restarts.
Connect a Container to a Network
docker network create my_network
docker run --network my_network image_name
Explanation:
docker network create
: Creates a new network.--network my_network
: Connects the container tomy_network
.
When to use:
Use custom networks to allow containers to communicate with each other while isolating them from other containers and services.
Change the File Ownership in a Container
docker run --user $(id -u):$(id -g) image_name
Explanation:
--user $(id -u):$(id -g)
: Runs the container as the current host user and group.
When to use:
Use this option when you need the container to create files owned by the host user, avoiding permission issues with mounted volumes.
Initialize Docker Swarm as Admin
To initialize a Docker Swarm and advertise the manager node's IP address:
sudo docker swarm init --advertise-addr $(hostname -I | awk '{print $1}')
Explanation:
sudo docker swarm init
: Initializes a new Swarm cluster.--advertise-addr
: Specifies the address that other nodes in the swarm should use to connect to the manager node.$(hostname -I | awk '{print $1}')
: Fetches the primary IP address of the host machine.
When to use:
Use this command when setting up a new Docker Swarm cluster, ensuring that worker nodes can properly communicate with the manager node.
Copy Files Between Host and Container
To Container:
docker cp foo.txt container_id:/foo.txt
From Container:
docker cp container_id:/foo.txt foo.txt
Explanation:
docker cp
: Copies files or directories between a container and the local filesystem.foo.txt
: The file you want to copy.container_id:/foo.txt
: The destination path inside the container.
When to use:
Use these commands to transfer files into or out of a running container, such as configuration files, data files, or logs.
MySQL Docker Backup and Restore
Restore a MySQL Database:
sudo docker exec -i 9cc920668c42 sh -c 'exec mysql -u root -p"<root_password>" anduin' < ./Anduin.backup.sql
Restore a MariaDB Database:
sudo docker exec -i 9cc920668c42 sh -c 'exec mariadb -u root -p"<root_password>" anduin' < ./Anduin.backup.sql
Explanation:
sudo docker exec -i
: Runs a command inside a running container with interactive input.9cc920668c42
: The ID of the container running MySQL or MariaDB.mysql
ormariadb
: The database client to execute.-u root -p"<root_password>"
: Authentication parameters for the database.anduin
: The name of the database to restore.< ./Anduin.backup.sql
: Redirects the backup SQL file as input to the command.
When to use:
Use these commands when you need to restore a database from a SQL backup file into a MySQL or MariaDB instance running inside a Docker container.
Sort Containers by Resource Usage
RAM Usage:
sudo docker stats --no-stream --format "table {{.Name}}\t{{.Container}}\t{{.MemUsage}}" | sort -k 3 -h
CPU Usage:
sudo docker stats --no-stream --format "table {{.Name}}\t{{.Container}}\t{{.CPUPerc}}" | sort -k 3 -h
Image Size:
docker images --format "{{.ID}}\t{{.Size}}\t{{.Repository}}" | sort -k 2 -h
Explanation:
sudo docker stats --no-stream
: Displays a snapshot of container resource usage statistics.--format
: Formats the output to show specific fields.sort -k 3 -h
: Sorts the output based on the third column (RAM or CPU usage), handling human-readable numbers.docker images
: Lists all Docker images on the host.
When to use:
Use these commands to identify containers or images consuming the most resources, which is helpful for performance tuning and resource management.
Get Disk Space Usage
sudo docker system df
Explanation:
sudo docker system df
: Shows the disk space used by Docker images, containers, and volumes.
When to use:
Use this command to monitor and manage disk space usage, ensuring that Docker resources do not consume excessive storage.
Remove Useless Images and Delete Killed Containers and Volumes
sudo docker system prune -a --volumes -f
Explanation:
sudo docker system prune
: Removes unused data.-a
: Removes all unused images, not just dangling ones.--volumes
: Also removes all unused volumes.-f
: Forces the prune operation without confirmation.
When to use:
Use this command to clean up your Docker environment by deleting unused images, stopped containers, and volumes, which helps free up disk space.
Browse Image Content
sudo docker run -it --entrypoint sh image_name
Explanation:
sudo docker run -it
: Runs a container in interactive mode with a TTY.--entrypoint sh
: Overrides the default entrypoint to start a shell.image_name
: The name of the Docker image you want to explore.
When to use:
Use this command to inspect the filesystem of a Docker image interactively, which is useful for debugging or understanding the image's contents.
Output Secret Value
get_docker_secret() {
if [ -z "$1" ]; then
echo "Usage: get_docker_secret <secret_id>"
return 1
fi
secret_id=$1
service_name="secret-reader-$secret_id"
sudo docker service create --name "$service_name" --secret "$secret_id" alpine sh -c "cat /run/secrets/$secret_id && sleep 10"
sleep 2
sudo docker service logs "$service_name"
sudo docker service rm "$service_name"
}
Explanation:
This function retrieves the value of a Docker secret by:
- Checking if a secret ID is provided.
- Creating a temporary Docker service that mounts the secret.
- Outputting the secret's content to the logs.
- Removing the temporary service after retrieval.
When to use:
Use this function when you need to read the value of a Docker secret, especially in situations where you need to verify the secret's content.
Install tzdata
in Dockerfile
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y tzdata && \
echo "Etc/UTC" > /etc/timezone && \
ln -fs /usr/share/zoneinfo/UTC /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
Explanation:
- Installs the
tzdata
package without interactive prompts. - Sets the timezone to UTC.
- Reconfigures
tzdata
to apply the timezone settings.
When to use:
Include this in your Dockerfile when your application depends on correct timezone settings or requires tzdata
to function properly.
Install GUI Applications
You can install GUI applications in Docker containers. For example, here's how to install WeChat:
FROM hub.aiursoft.cn/aiursoft/internalimages/ubuntu:latest
# Install locales
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y libc-bin locales wget sudo && \
locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8
# Install tzdata
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y tzdata && \
echo "Etc/UTC" > /etc/timezone && \
ln -fs /usr/share/zoneinfo/UTC /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
# Necessary packages
RUN apt install -y dbus-x11 packagekit-gtk3-module
RUN dbus-uuidgen > /var/lib/dbus/machine-id
# Install the app
RUN wget -O- https://deepin-wine.i-m.dev/setup.sh | sh
RUN sudo apt install -y com.qq.weixin.deepin
ENTRYPOINT ["/opt/apps/com.qq.weixin.deepin/files/run.sh"]
# To build, run:
# sudo docker build -t nautilus .
# To run, run:
# xhost +local:docker
# sudo docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --device /dev/dri nautilus
Explanation:
- Base Image: Uses an Ubuntu-based image from a custom registry.
- Locales: Sets up locale configurations.
- Timezone: Installs and configures
tzdata
. - Dependencies: Installs packages required for GUI applications.
- DBus: Generates a machine ID for D-Bus.
- Install WeChat: Downloads and installs WeChat using the Deepin Wine installer.
- ENTRYPOINT: Specifies the command to run when the container starts.
How to Build and Run:
- Build the Image:
sudo docker build -t nautilus .
- Run the Container:
xhost +local:docker
sudo docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --device /dev/dri nautilus
When to use:
Use this Dockerfile when you need to run GUI applications inside a Docker container, such as for testing or development purposes. The setup allows the container to display GUI applications on the host's X server.