DEV Community

Maksym
Maksym

Posted on

Comprehensive Docker Guide

Table of Contents

  1. Introduction to Docker
  2. Docker Architecture
  3. Installation
  4. Docker Images
  5. Docker Containers
  6. Dockerfile
  7. Docker Volumes
  8. Docker Networks
  9. Docker Compose
  10. Docker Registry
  11. Best Practices
  12. Troubleshooting
  13. Advanced Topics

Introduction to Docker

Docker is a containerization platform that packages applications and their dependencies into lightweight, portable containers. Containers ensure applications run consistently across different environments.

Key Benefits

  • Consistency: "It works on my machine" → "It works everywhere"
  • Portability: Run anywhere Docker is installed
  • Efficiency: Share OS kernel, lighter than VMs
  • Scalability: Easy to scale up/down
  • Isolation: Applications run in isolated environments

Containers vs Virtual Machines

Containers Virtual Machines
Share host OS kernel Each VM has full OS
Lightweight (MBs) Heavy (GBs)
Fast startup Slow startup
More efficient resource usage Resource overhead

Docker Architecture

Core Components

Docker Client: Command-line interface (docker command)
Docker Daemon: Background service managing containers
Docker Images: Read-only templates for containers
Docker Containers: Running instances of images
Docker Registry: Storage for Docker images (Docker Hub, etc.)

Docker Engine Architecture

┌─────────────────┐    ┌─────────────────┐
│   Docker CLI    │───▶│  Docker Daemon  │
└─────────────────┘    │   (dockerd)     │
                       └─────────┬───────┘
                                 │
                    ┌────────────┼────────────┐
                    │            │            │
            ┌───────▼───┐ ┌──────▼───┐ ┌─────▼─────┐
            │  Images   │ │Containers│ │  Networks │
            └───────────┘ └──────────┘ └───────────┘
Enter fullscreen mode Exit fullscreen mode

Installation

Linux (Ubuntu/Debian)

# Update package index
sudo apt-get update

# Install prerequisites
sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release

# Add Docker's GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Add Docker repository
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

# Add user to docker group (avoid using sudo)
sudo usermod -aG docker $USER
Enter fullscreen mode Exit fullscreen mode

macOS

# Install using Homebrew
brew install --cask docker
Enter fullscreen mode Exit fullscreen mode

Windows

Download Docker Desktop from docker.com and follow the installation wizard.

Verify Installation

docker --version
docker run hello-world
Enter fullscreen mode Exit fullscreen mode

Docker Images

Images are read-only templates used to create containers. They're built in layers using a Dockerfile.

Basic Image Commands

# List images
docker images
docker image ls

# Pull an image
docker pull ubuntu:20.04
docker pull nginx:alpine

# Remove an image
docker rmi ubuntu:20.04
docker image rm nginx:alpine

# Build an image
docker build -t myapp:1.0 .

# Image history
docker history ubuntu:20.04

# Image inspection
docker inspect ubuntu:20.04

# Search for images
docker search nginx
Enter fullscreen mode Exit fullscreen mode

Image Naming Convention

[registry-host[:port]/]username/repository:tag

Examples:
- nginx:latest
- ubuntu:20.04
- gcr.io/my-project/my-app:v1.0
- localhost:5000/myapp:dev
Enter fullscreen mode Exit fullscreen mode

Docker Containers

Containers are running instances of Docker images.

Container Lifecycle Commands

# Run a container
docker run ubuntu:20.04
docker run -d nginx:alpine  # Detached mode
docker run -it ubuntu:20.04 /bin/bash  # Interactive

# List containers
docker ps          # Running containers
docker ps -a       # All containers

# Stop a container
docker stop <container-id>
docker stop <container-name>

# Start a stopped container
docker start <container-id>

# Restart a container
docker restart <container-id>

# Remove a container
docker rm <container-id>
docker rm $(docker ps -aq)  # Remove all containers

# Execute commands in running container
docker exec -it <container-id> /bin/bash
Enter fullscreen mode Exit fullscreen mode

Container Options

# Port mapping
docker run -p 8080:80 nginx

# Volume mounting
docker run -v /host/path:/container/path ubuntu

# Environment variables
docker run -e MY_VAR=value ubuntu

# Container name
docker run --name my-container ubuntu

# Memory and CPU limits
docker run -m 512m --cpus="1.5" ubuntu

# Complete example
docker run -d \
  --name web-server \
  -p 8080:80 \
  -v /host/html:/usr/share/nginx/html \
  -e NGINX_HOST=example.com \
  nginx:alpine
Enter fullscreen mode Exit fullscreen mode

Container Management

# View container logs
docker logs <container-id>
docker logs -f <container-id>  # Follow logs

# Container statistics
docker stats
docker stats <container-id>

# Container processes
docker top <container-id>

# Container inspection
docker inspect <container-id>

# Copy files to/from container
docker cp file.txt <container-id>:/path/to/file.txt
docker cp <container-id>:/path/to/file.txt ./file.txt
Enter fullscreen mode Exit fullscreen mode

Dockerfile

A Dockerfile is a script containing instructions to build a Docker image.

Basic Dockerfile Structure

# Use official base image
FROM ubuntu:20.04

# Set metadata
LABEL maintainer="your-email@example.com"
LABEL version="1.0"

# Set working directory
WORKDIR /app

# Install packages
RUN apt-get update && apt-get install -y \
    python3 \
    python3-pip \
    && rm -rf /var/lib/apt/lists/*

# Copy files
COPY requirements.txt .
COPY . .

# Install Python dependencies
RUN pip3 install -r requirements.txt

# Expose port
EXPOSE 8000

# Set environment variables
ENV PYTHONPATH=/app
ENV FLASK_ENV=production

# Create user for security
RUN useradd -m appuser
USER appuser

# Command to run when container starts
CMD ["python3", "app.py"]
Enter fullscreen mode Exit fullscreen mode

Dockerfile Instructions

Instruction Purpose Example
FROM Base image FROM ubuntu:20.04
RUN Execute commands RUN apt-get update
COPY Copy files COPY . /app
ADD Copy + extract ADD archive.tar.gz /app
WORKDIR Set working directory WORKDIR /app
EXPOSE Expose ports EXPOSE 8000
ENV Environment variables ENV NODE_ENV=production
CMD Default command CMD ["python", "app.py"]
ENTRYPOINT Entry point ENTRYPOINT ["./start.sh"]
VOLUME Mount point VOLUME ["/data"]
USER Switch user USER appuser

Multi-stage Builds

# Build stage
FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

# Production stage
FROM node:16-alpine
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "start"]
Enter fullscreen mode Exit fullscreen mode

Build Image

# Build from current directory
docker build -t myapp:1.0 .

# Build with different Dockerfile
docker build -f Dockerfile.prod -t myapp:prod .

# Build with build args
docker build --build-arg VERSION=1.0 -t myapp .

# No cache
docker build --no-cache -t myapp .
Enter fullscreen mode Exit fullscreen mode

Docker Volumes

Volumes provide persistent data storage for containers.

Types of Volumes

  1. Named Volumes (Managed by Docker)
  2. Bind Mounts (Host filesystem)
  3. tmpfs Mounts (In memory)

Volume Commands

# Create a volume
docker volume create my-volume

# List volumes
docker volume ls

# Inspect volume
docker volume inspect my-volume

# Remove volume
docker volume rm my-volume

# Prune unused volumes
docker volume prune
Enter fullscreen mode Exit fullscreen mode

Using Volumes

# Named volume
docker run -v my-volume:/data ubuntu

# Bind mount
docker run -v /host/path:/container/path ubuntu
docker run -v $(pwd):/app ubuntu  # Current directory

# Read-only mount
docker run -v /host/path:/container/path:ro ubuntu

# tmpfs mount
docker run --tmpfs /tmp ubuntu
Enter fullscreen mode Exit fullscreen mode

Volume Examples

# Database with persistent storage
docker run -d \
  --name postgres-db \
  -e POSTGRES_PASSWORD=password \
  -v postgres-data:/var/lib/postgresql/data \
  postgres:13

# Development environment
docker run -it \
  -v $(pwd):/workspace \
  -w /workspace \
  node:16 /bin/bash
Enter fullscreen mode Exit fullscreen mode

Docker Networks

Networks enable communication between containers.

Network Types

  • bridge: Default network (containers can communicate)
  • host: Use host's network directly
  • none: No networking
  • overlay: Multi-host networking (Swarm)

Network Commands

# List networks
docker network ls

# Create network
docker network create my-network
docker network create --driver bridge my-bridge

# Inspect network
docker network inspect my-network

# Connect container to network
docker network connect my-network my-container

# Disconnect container from network
docker network disconnect my-network my-container

# Remove network
docker network rm my-network
Enter fullscreen mode Exit fullscreen mode

Using Networks

# Run container on specific network
docker run -d --network my-network --name web nginx
docker run -d --network my-network --name db postgres

# Containers can communicate by name
# web container can reach db container at hostname "db"
Enter fullscreen mode Exit fullscreen mode

Network Example

# Create custom network
docker network create --driver bridge app-network

# Run database
docker run -d \
  --name database \
  --network app-network \
  -e POSTGRES_PASSWORD=password \
  postgres:13

# Run web application
docker run -d \
  --name webapp \
  --network app-network \
  -p 8080:80 \
  my-web-app
Enter fullscreen mode Exit fullscreen mode

Docker Compose

Docker Compose manages multi-container applications using YAML files.

Installation

# Linux
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# Or install via pip
pip install docker-compose

# Verify installation
docker-compose --version
Enter fullscreen mode Exit fullscreen mode

docker-compose.yml Structure

version: '3.8'

services:
  web:
    build: .
    ports:
      - "8000:8000"
    volumes:
      - .:/app
    environment:
      - DEBUG=1
    depends_on:
      - db
      - redis
    networks:
      - app-network

  db:
    image: postgres:13
    environment:
      POSTGRES_PASSWORD: password
      POSTGRES_DB: myapp
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - app-network

  redis:
    image: redis:alpine
    networks:
      - app-network

volumes:
  postgres-data:

networks:
  app-network:
    driver: bridge
Enter fullscreen mode Exit fullscreen mode

Docker Compose Commands

# Start services
docker-compose up
docker-compose up -d  # Detached mode

# Stop services
docker-compose down
docker-compose down -v  # Remove volumes

# Build services
docker-compose build
docker-compose build --no-cache

# Scale services
docker-compose up -d --scale web=3

# View logs
docker-compose logs
docker-compose logs web

# Execute commands
docker-compose exec web /bin/bash

# List services
docker-compose ps

# Restart services
docker-compose restart
Enter fullscreen mode Exit fullscreen mode

Advanced Compose Example

version: '3.8'

services:
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
    depends_on:
      - web
    networks:
      - frontend

  web:
    build:
      context: .
      dockerfile: Dockerfile.prod
    environment:
      - DATABASE_URL=postgresql://user:pass@db:5432/app
      - REDIS_URL=redis://redis:6379
    depends_on:
      - db
      - redis
    networks:
      - frontend
      - backend
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure

  db:
    image: postgres:13
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: app
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - backend

  redis:
    image: redis:alpine
    networks:
      - backend

volumes:
  postgres-data:

networks:
  frontend:
  backend:
Enter fullscreen mode Exit fullscreen mode

Docker Registry

Docker Hub (Public Registry)

# Login to Docker Hub
docker login

# Tag image for Docker Hub
docker tag myapp:latest username/myapp:latest

# Push to Docker Hub
docker push username/myapp:latest

# Pull from Docker Hub
docker pull username/myapp:latest
Enter fullscreen mode Exit fullscreen mode

Private Registry

# Run local registry
docker run -d -p 5000:5000 --name registry registry:2

# Tag for local registry
docker tag myapp:latest localhost:5000/myapp:latest

# Push to local registry
docker push localhost:5000/myapp:latest

# Pull from local registry
docker pull localhost:5000/myapp:latest
Enter fullscreen mode Exit fullscreen mode

Registry Authentication

# Login to private registry
docker login myregistry.com

# Or specify credentials
echo "password" | docker login --username myuser --password-stdin myregistry.com
Enter fullscreen mode Exit fullscreen mode

Best Practices

Dockerfile Best Practices

  1. Use official base images
FROM node:16-alpine  # Official, minimal
Enter fullscreen mode Exit fullscreen mode
  1. Minimize layers
# Bad - multiple layers
RUN apt-get update
RUN apt-get install -y python3
RUN apt-get install -y python3-pip

# Good - single layer
RUN apt-get update && apt-get install -y \
    python3 \
    python3-pip \
    && rm -rf /var/lib/apt/lists/*
Enter fullscreen mode Exit fullscreen mode
  1. Use .dockerignore
node_modules
*.log
.git
.DS_Store
Enter fullscreen mode Exit fullscreen mode
  1. Don't run as root
RUN useradd -m appuser
USER appuser
Enter fullscreen mode Exit fullscreen mode
  1. Use multi-stage builds
FROM node:16 AS builder
# Build stage

FROM node:16-alpine
COPY --from=builder /app/dist ./dist
# Production stage
Enter fullscreen mode Exit fullscreen mode

Security Best Practices

  1. Scan images for vulnerabilities
docker scan myapp:latest
Enter fullscreen mode Exit fullscreen mode
  1. Use minimal base images
FROM alpine:latest  # Minimal
FROM scratch        # Empty base
Enter fullscreen mode Exit fullscreen mode
  1. Keep images updated
docker pull ubuntu:latest  # Get latest security patches
Enter fullscreen mode Exit fullscreen mode
  1. Use secrets management
# Don't put secrets in Dockerfile
# Use environment variables or secret management tools
Enter fullscreen mode Exit fullscreen mode

Performance Best Practices

  1. Optimize layer caching
# Copy dependencies first (changes less frequently)
COPY package.json .
RUN npm install

# Copy source code last (changes frequently)
COPY . .
Enter fullscreen mode Exit fullscreen mode
  1. Use .dockerignore
  2. Remove unnecessary files
RUN apt-get update && apt-get install -y package \
    && rm -rf /var/lib/apt/lists/*
Enter fullscreen mode Exit fullscreen mode
  1. Use appropriate image sizes
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
Enter fullscreen mode Exit fullscreen mode

Troubleshooting

Common Issues and Solutions

Container won't start

# Check logs
docker logs <container-id>

# Check container configuration
docker inspect <container-id>
Enter fullscreen mode Exit fullscreen mode

Port already in use

# Find process using port
lsof -i :8080

# Use different port
docker run -p 8081:80 nginx
Enter fullscreen mode Exit fullscreen mode

Permission denied

# Add user to docker group
sudo usermod -aG docker $USER

# Restart shell or logout/login
Enter fullscreen mode Exit fullscreen mode

Out of disk space

# Clean up containers
docker container prune

# Clean up images
docker image prune

# Clean up volumes
docker volume prune

# Clean up everything
docker system prune -a
Enter fullscreen mode Exit fullscreen mode

Debugging Commands

# System information
docker system info
docker system df  # Disk usage

# Container debugging
docker exec -it <container> /bin/bash
docker logs -f <container>
docker stats <container>

# Network debugging
docker network ls
docker network inspect bridge
Enter fullscreen mode Exit fullscreen mode

Advanced Topics

Docker Swarm (Orchestration)

# Initialize swarm
docker swarm init

# Join swarm
docker swarm join --token <token> <manager-ip>:2377

# Deploy stack
docker stack deploy -c docker-compose.yml myapp

# List services
docker service ls

# Scale service
docker service scale myapp_web=5
Enter fullscreen mode Exit fullscreen mode

Health Checks

HEALTHCHECK --interval=30s --timeout=3s --start-period=60s \
  CMD curl -f http://localhost:8000/health || exit 1
Enter fullscreen mode Exit fullscreen mode

Multi-platform Builds

# Create builder
docker buildx create --name mybuilder --use

# Build for multiple platforms
docker buildx build --platform linux/amd64,linux/arm64 -t myapp:latest --push .
Enter fullscreen mode Exit fullscreen mode

Docker Secrets (Swarm)

# Create secret
echo "mysecretpassword" | docker secret create db_password -

# Use in service
docker service create --secret db_password myapp
Enter fullscreen mode Exit fullscreen mode

Container Resource Limits

# Memory and CPU limits
docker run -m 512m --cpus="1.5" myapp

# In docker-compose.yml
services:
  web:
    image: myapp
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.5'
Enter fullscreen mode Exit fullscreen mode

Docker BuildKit

# syntax=docker/dockerfile:1
FROM ubuntu:20.04

# BuildKit features
RUN --mount=type=cache,target=/var/cache/apt \
    apt-get update && apt-get install -y python3
Enter fullscreen mode Exit fullscreen mode

Useful Commands Reference

Cleanup Commands

# Remove all stopped containers
docker container prune

# Remove all unused images
docker image prune -a

# Remove all unused volumes
docker volume prune

# Remove all unused networks
docker network prune

# Remove everything unused
docker system prune -a --volumes
Enter fullscreen mode Exit fullscreen mode

Monitoring Commands

# System-wide information
docker system info
docker system df

# Container statistics
docker stats
docker top <container>

# Event monitoring
docker events
Enter fullscreen mode Exit fullscreen mode

Backup and Restore

# Export container
docker export <container> > backup.tar

# Import container
docker import backup.tar myapp:backup

# Save image
docker save myapp:latest > myapp.tar

# Load image
docker load < myapp.tar
Enter fullscreen mode Exit fullscreen mode

This comprehensive guide covers Docker from basics to advanced usage. Practice with hands-on examples to solidify your understanding of containerization concepts and Docker workflows.

Top comments (0)