Docker Cheatsheet

I have compiled a small overview of things you need to know for your daily usage of Docker.


this should be an image

I find the old logo way more appealing

Basic terminology

Docker is a virtualization solution that isolites/separates software inside containers.

There are two words you need to know:

  • Image: An application (or multiple ; can be a whole software stack) is translated (build) into an image using a Dockerfile (recipe for the translation).
  • Container: An instance of an image. IMPORTANT: All changes made in the container are not persistent by default and will be gone if the container is restarted!

For naming things, you should only use: a - z and 0 - 9 without any special chars except -, _ and .

Administration


Images
  • Show all: docker image ls
  • Remove specific: docker image rm <id>

Container
  • Show all: docker container ls
  • Remove specific: docker container rm <id>

Working inside a container

Getting shell-access into a container:

  • On startup: docker run -it <container/image & other options> bash
  • After startup: docker exec -it <container-id/name> bash

The -it stands for interactive and bash simply opens a terminal inside the container.


Prune

Deletes unused resources (images, containers, volumes and networks):

  • docker image prune
  • docker container prune
  • docker volume prune
  • docker network prune

For deleting everything at once you can use: docker system prune

Mounting a host directory into a container

You have to define that every time you start the container (can't be defined a Dockerfile):
docker run <options> -v Path/on/Host/System:Path/inside/Container <image>

This will mount the host diretory with write access. Hint: If you are on a linux host and only have read-only access inside the container, try the following on the host: sudo chmod -R a+rw YOUR_LOCAL_FOLDER/

If you want the container to only have read only access, append :ro to the end of the path inside the container:
docker run <options> -v Path/on/Host/System:Path/inside/Container:ro <image>

Moving an image from host A to host B

  1. Save the image on host A into a .tar file: docker save image_name:tag_name > /path/to/save/image.tar
  2. Copy the .tar to host B.
  3. Import the image using: docker load < image.tar

Running a local registry

You can run your own, private registry for storing, pulling and distributing images in your own network.

The registry is a simple container and only needs to be pulled from the Docker-Hub:
docker run -d -p 5000:5000 --restart always --name registry registry:2
The -d runs the container in detached mode (meaning it will run it the background), the -p will expose the container port 5000 on the host on port 5000 and the rest should speak for itself.


Viewing the catalog of images

This example uses curl: curl -X GET http://localhost:5000/v2/_catalog


Pushing images
  1. docker tag your_docker_image your_hostname:5000/your_docker_image
  2. docker push your_hostname:5000/your_docker_image

Pulling images

Use this command: docker pull your_hostname:5000/your_docker_image


HTTPS

If you use HTTP for pulling, you will get this warning: http: server gave HTTP response to HTTPS client
To bypass that, go to /etc/docker/daemon.json and append the following to the JSON object (at root level): "insecure-registries": ["your_hostname:5000"]
After that, restart the docker daemon.

Networking

Usually there are multiple networks (bridged):

  • 172.17.0.0/16 Standard, the host has 172.17.0.1
  • 172.18.0.0/16, the host has 172.18.0.1

You can also define additional DNS entries for a container. Use the --add-host domain.tld:bind-ip-Parameter with docker run.

For firewalling, you have to take a look at iptables, because the well known and easy to use ufw sadly doesn't work in combination with Docker.