Basic Concepts
1) Container
A container is like a lightweight box that bundles everything an application needs to run.
- Application code
- Runtime (for example Java or Python)
- Dependency libraries
- Basic system tools
Compared with virtual machines, containers do not carry the overhead of a full guest operating system. They are smaller, start faster, and typically use resources more efficiently.
2) Image
An image is the template or blueprint used to create containers.
- It is essentially a snapshot of a filesystem plus some metadata and configuration.
- Images are built in layers.
- When you run
docker run <image>, Docker creates a container from that image and adds a writable layer on top.
3) Registry
A registry is where images are stored and distributed. Think of it as an “image warehouse”.
- Public registries: Docker Hub, Aliyun Container Registry, and others.
- Private registries: company-hosted registries for internal images.
Common operations:
- Pull an image:
docker pull <registry>/<image>:<tag> - Push an image:
docker push <registry>/<image>:<tag>
How containers, images, and registries relate
Common Commands
# 1) Image management
docker images # list local images
docker pull nginx:latest # pull an image from a registry
docker rmi nginx:latest # remove a local image
# 2) Container management
docker run -d --name web nginx # start an nginx container named "web" in background
docker ps # list running containers
docker ps -a # list all containers (including stopped ones)
docker stop web # stop the "web" container
docker start web # start a stopped container
docker rm web # remove a stopped container
# 3) Build an image
docker build -t myapp:1.0 . # build an image from Dockerfile in current directory
# 4) Logs and monitoring
docker logs web # view container logs
docker stats web # realtime resource usage
Docker Networking
Docker creates several default networks:
- bridge: default network (NAT + virtual bridge)
- host: container shares the host network stack
- none: no networking
Common commands:
# List networks
docker network ls
# Inspect a network
docker network inspect bridge
# Create a custom bridge network
docker network create --driver bridge my-net
# Start a container and attach it to the custom network
docker run -d --name db --network my-net mysql
# Connect an already-running container to a network
docker network connect my-net web
# Disconnect a container from a network
docker network disconnect my-net web
Why custom networks are useful:
- Containers on the same user-defined network can reach each other by container name.
- Better isolation between environments and services.
Inspecting Container Details
When you need detailed container configuration (port mappings, volumes, environment variables, etc.), use:
docker inspect web
The output is JSON. Useful fields include:
-
HostConfig.PortBindings: port mappings -
Mounts: volume mounts -
Config.Env: environment variables -
NetworkSettings: networking
If you only want specific parts, combine with jq (or simple grep):
# Only port bindings
docker inspect web | jq '.[0].HostConfig.PortBindings'
# Only mounts
docker inspect web | jq '.[0].Mounts'
Tips
- Layered images: every Dockerfile change usually creates a new layer. Layer caching makes builds faster.
- Data persistence: in production, mount databases and logs to the host using volumes so data is not lost when containers are recreated.
- Environment isolation: custom networks + private registries help isolate dev, test, and prod environments more cleanly.
Top comments (0)