🐋 Docker Containerization Guide
Master Docker containerization - from basic concepts to production-ready deployments.
1. Docker Overview
Docker is a platform for developing, shipping, and running applications in containers. Containers package applications with all dependencies, ensuring consistency across environments.
Key Benefits:
- Consistent environments across development, testing, and production
- Lightweight and fast compared to virtual machines
- Easy application deployment and scaling
- Isolation and security
- Efficient resource utilization
2. Installation
2.1 Ubuntu/Debian
# Update package index
sudo apt update
# Install dependencies
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
# Add Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Add Docker repository
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Add user to docker group
sudo usermod -aG docker $USER
# Verify installation
docker --version
docker run hello-world2.2 RHEL/CentOS
# Install using yum
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker3. Essential Docker Commands
3.1 Container Lifecycle
# Run a container
docker run nginx # Run nginx
docker run -d nginx # Detached mode
docker run -d -p 8080:80 nginx # Port mapping
docker run -d --name my-nginx nginx # Named container
docker run -it ubuntu bash # Interactive terminal
# List containers
docker ps # Running containers
docker ps -a # All containers
docker ps -q # Only IDs
# Stop/start containers
docker stop container_id
docker start container_id
docker restart container_id
# Remove containers
docker rm container_id
docker rm -f container_id # Force remove running
docker container prune # Remove all stopped
# Execute commands in running container
docker exec -it container_id bash
docker exec container_id ls /app3.2 Image Management
# Pull images
docker pull nginx
docker pull nginx:1.21
docker pull ubuntu:22.04
# List images
docker images
docker image ls
# Remove images
docker rmi image_id
docker image prune # Remove unused images
docker image prune -a # Remove all unused
# Tag images
docker tag nginx:latest myrepo/nginx:v1.0
# Push to registry
docker push myrepo/nginx:v1.0
# Search images
docker search nginx
# Inspect image
docker inspect nginx
docker history nginx3.3 Container Operations
# View logs
docker logs container_id
docker logs -f container_id # Follow logs
docker logs --tail 100 container_id # Last 100 lines
# View stats
docker stats
docker stats container_id
# Inspect container
docker inspect container_id
# Copy files
docker cp file.txt container_id:/app/
docker cp container_id:/app/file.txt ./
# View port mappings
docker port container_id4. Dockerfile Best Practices
4.1 Basic Dockerfile
# Use official base image
FROM node:18-alpine
# Set working directory
WORKDIR /app
# Copy package files
COPY package*.json ./
# Install dependencies
RUN npm install --production
# Copy application code
COPY . .
# Expose port
EXPOSE 3000
# Set environment variables
ENV NODE_ENV=production
# Run application
CMD ["node", "server.js"]4.2 Multi-Stage Build
# Build stage
FROM node:18 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
# Production stage
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY package*.json ./
EXPOSE 3000
CMD ["node", "dist/server.js"]4.3 Python Application
FROM python:3.11-slim
WORKDIR /app
# Install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application
COPY . .
# Create non-root user
RUN useradd -m -u 1000 appuser && \
chown -R appuser:appuser /app
USER appuser
EXPOSE 8000
CMD ["python", "app.py"]4.4 Build and Run
# Build image
docker build -t myapp:latest .
docker build -t myapp:v1.0 -f Dockerfile.prod .
# Build with build args
docker build --build-arg VERSION=1.0 -t myapp .
# Run built image
docker run -d -p 3000:3000 --name myapp myapp:latest5. Docker Volumes and Data Persistence
5.1 Volume Types
# Named volumes (recommended)
docker volume create mydata
docker run -d -v mydata:/app/data nginx
# Bind mounts (local directory)
docker run -d -v /host/path:/container/path nginx
docker run -d -v $(pwd):/app node:18
# tmpfs (temporary, in memory)
docker run -d --tmpfs /app/cache nginx5.2 Volume Management
# List volumes
docker volume ls
# Inspect volume
docker volume inspect mydata
# Remove volume
docker volume rm mydata
# Remove unused volumes
docker volume prune
# Backup volume
docker run --rm -v mydata:/data -v $(pwd):/backup alpine tar czf /backup/backup.tar.gz /data
# Restore volume
docker run --rm -v mydata:/data -v $(pwd):/backup alpine tar xzf /backup/backup.tar.gz -C /6. Docker Networking
6.1 Network Types
# Create custom network
docker network create mynetwork
# List networks
docker network ls
# Run container on network
docker run -d --network mynetwork --name web nginx
docker run -d --network mynetwork --name db postgres
# Inspect network
docker network inspect mynetwork
# Remove network
docker network rm mynetwork6.2 Network Modes
# Bridge (default)
docker run -d nginx
# Host network (container uses host network)
docker run -d --network host nginx
# None (no networking)
docker run -d --network none nginx
# Connect to existing container's network
docker run -d --network container:web alpine6.3 Port Publishing
# Publish single port
docker run -d -p 8080:80 nginx
# Publish all exposed ports
docker run -d -P nginx
# Publish to specific host IP
docker run -d -p 127.0.0.1:8080:80 nginx
# Publish multiple ports
docker run -d -p 80:80 -p 443:443 nginx7. Docker Compose
7.1 Basic docker-compose.yml
version: '3.8'
services:
web:
image: nginx:latest
ports:
- "80:80"
volumes:
- ./html:/usr/share/nginx/html
networks:
- webnet
restart: unless-stopped
app:
build: ./app
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- DB_HOST=db
depends_on:
- db
networks:
- webnet
db:
image: postgres:15
volumes:
- pgdata:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=secretpass
- POSTGRES_DB=myapp
networks:
- webnet
networks:
webnet:
driver: bridge
volumes:
pgdata:7.2 Compose Commands
# Start services
docker compose up
docker compose up -d # Detached mode
docker compose up --build # Rebuild images
# Stop services
docker compose down # Stop and remove
docker compose down -v # Remove volumes too
docker compose stop # Stop without removing
# View logs
docker compose logs
docker compose logs -f web # Follow specific service
# Scale services
docker compose up -d --scale app=3
# Execute command
docker compose exec web bash
docker compose exec db psql -U postgres
# View running services
docker compose ps8. Best Practices
Docker Best Practices:
- ✅ Use official base images
- ✅ Use specific tags, not
latest - ✅ Multi-stage builds for smaller images
- ✅ Minimize layers - combine RUN commands
- ✅ Don't run as root - create non-root user
- ✅ Use .dockerignore file
- ✅ Scan images for vulnerabilities
- ✅ Use health checks
- ✅ Keep containers ephemeral
- ✅ One process per container
8.1 .dockerignore Example
# .dockerignore
node_modules
npm-debug.log
.git
.gitignore
README.md
.env
.env.local
dist
coverage
.vscode
.idea
*.md8.2 Security Scanning
# Scan image for vulnerabilities
docker scan myapp:latest
# Use Trivy for scanning
docker run aquasec/trivy image myapp:latest
# Scan with Snyk
snyk container test myapp:latest9. Troubleshooting
9.1 Common Issues
| Issue | Diagnosis | Solution |
|---|---|---|
| Container exits immediately | docker logs container_id |
Check logs for errors, verify CMD/ENTRYPOINT |
| Cannot connect to container | docker port container_iddocker inspect container_id |
Verify port mapping, check firewall |
| Out of disk space | docker system df |
docker system prune -a |
| Permission denied | Check user groups | sudo usermod -aG docker $USERLogout and login |
9.2 Cleanup Commands
# Remove all stopped containers
docker container prune
# Remove all unused images
docker image prune -a
# Remove all unused volumes
docker volume prune
# Remove all unused networks
docker network prune
# Remove everything unused
docker system prune -a --volumes
# View disk usage
docker system df
docker system df -v