Common Docker Tips and Tricks

The following are some useful Docker commands and techniques that can help you manage your containers and images more effectively. Each section includes explanations of when and how to use these commands.

Build an Image from a Dockerfile

docker build -t image_name:tag .

Explanation:

• docker build: Builds a Docker image from a Dockerfile.
• -t image_name:tag: Tags the image with a name and an optional tag (default is latest).
• .: Specifies the build context (current directory).

When to use:

Use this command when you have a Dockerfile defining your image and you want to build it into an image that you can run or push to a registry.

Run a Command Inside a Running Container

docker exec -it container_id_or_name bash

Explanation:

• docker exec: Runs a command in a running container.
• -it: Makes the session interactive with a TTY.
• container_id_or_name: The ID or name of the container.
• bash: The command to run inside the container (opens a Bash shell).

When to use:

Use this command when you need to access the shell of a running container to inspect, debug, or modify the container's environment.

Map Ports Between Host and Container

docker run -p host_port:container_port image_name

Explanation:

• docker run: Runs a new container.
• -p host_port:container_port: Maps a port on the host to a port inside the container.
• image_name: The image to run.

When to use:

Use this command when you want to expose a service running inside the container (like a web server) to the host machine or external network.

Use Volumes to Persist Data

docker run -v /host/path:/container/path image_name

Explanation:

• -v /host/path:/container/path: Binds a directory from the host to the container.
• /host/path: The directory on the host machine.
• /container/path: The directory inside the container.

When to use:

Use volumes when you need to persist data generated by the container or share data between the host and the container.

Set Environment Variables in a Container

docker run -e VARIABLE_NAME=value image_name

Explanation:

• -e VARIABLE_NAME=value: Sets an environment variable inside the container.
• VARIABLE_NAME: The name of the environment variable.
• value: The value to assign to the environment variable.

When to use:

Use this command to pass configuration settings or sensitive information (though not secrets) to the containerized application.

Limit Container Resources

Limit CPU Usage:

docker run --cpus="1.5" image_name

Limit Memory Usage:

docker run --memory="500m" image_name

Explanation:

• --cpus="1.5": Limits the container to use at most 1.5 CPU cores.
• --memory="500m": Limits the container to use at most 500 MB of RAM.

When to use:

Use resource limits to prevent a single container from consuming excessive resources on the host machine.

Check Container Logs

docker logs container_id_or_name

Explanation:

• docker logs: Fetches the logs of a container.
• container_id_or_name: The ID or name of the container.

When to use:

Use this command to view the stdout and stderr output of a container, which is helpful for debugging and monitoring.

Remove Dangling Images

docker image prune -f

Explanation:

• docker image prune: Removes dangling images (images not tagged and not referenced by any container).
• -f: Forces the prune operation without confirmation.

When to use:

Use this command to clean up unused images and free up disk space.

Inspect a Container or Image

Inspect a Container:

docker inspect container_id_or_name

Inspect an Image:

docker inspect image_name:tag

Explanation:

• docker inspect: Returns detailed information about a container or image in JSON format.

When to use:

Use this command when you need in-depth information about the configuration and state of a container or image.

Use docker-compose to Manage Multi-Container Applications

docker-compose.yml Example:

version: '3'
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
  db:
    image: postgres:latest
    environment:
      - POSTGRES_PASSWORD=example

Run the Application:

docker-compose up -d

Explanation:

• docker-compose.yml: Defines services, networks, and volumes for a Docker application.
• docker-compose up -d: Builds, (re)creates, starts, and attaches to containers for a service in detached mode.

When to use:

Use docker-compose when you need to run multi-container Docker applications with complex configurations.

Tag and Push an Image to a Registry

Tag the Image:

docker tag local_image:tag username/repository:tag

Push the Image:

docker push username/repository:tag

Explanation:

• docker tag: Creates a tag TARGET_IMAGE that refers to SOURCE_IMAGE.
• docker push: Uploads an image to a registry.

When to use:

Use these commands when you want to share your image via a Docker registry like Docker Hub or a private registry.

Run a Container in Detached Mode

docker run -d image_name

Explanation:

• -d: Runs the container in the background (detached mode).

When to use:

Use detached mode when you want the container to run continuously in the background without tying up your terminal.

Remove All Stopped Containers

docker container prune -f

Explanation:

• docker container prune: Removes all stopped containers.
• -f: Forces the prune operation without confirmation.

When to use:

Use this command to clean up stopped containers that are no longer needed.

Save and Load Docker Images

Save an Image to a File:

docker save -o image.tar image_name:tag

Load an Image from a File:

docker load -i image.tar

Explanation:

• docker save: Saves one or more images to a tar archive.
• docker load: Loads an image from a tar archive or STDIN.

When to use:

Use these commands when you need to transfer images between systems without using a registry.

Pull the Latest Version of an Image

docker pull image_name:latest

Explanation:

• docker pull: Pulls an image or a repository from a registry.
• image_name:latest: Specifies the image and the latest tag.

When to use:

Use this command to ensure you have the most recent version of an image from the registry.

Stop and Remove All Containers

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)

Explanation:

• docker ps -aq: Lists all container IDs (quiet mode).
• docker stop: Stops running containers.
• docker rm: Removes containers.

When to use:

Use these commands when you need to quickly stop and remove all containers, such as during a cleanup process.

Run a Container with a Specific Restart Policy

docker run --restart unless-stopped image_name

Explanation:

• --restart unless-stopped: Restarts the container unless it is explicitly stopped.

When to use:

Use restart policies to control whether your containers start automatically when they exit or when Docker restarts.

Connect a Container to a Network

docker network create my_network
docker run --network my_network image_name

Explanation:

• docker network create: Creates a new network.
• --network my_network: Connects the container to my_network.

When to use:

Use custom networks to allow containers to communicate with each other while isolating them from other containers and services.

Change the File Ownership in a Container

docker run --user $(id -u):$(id -g) image_name

Explanation:

• --user $(id -u):$(id -g): Runs the container as the current host user and group.

When to use:

Use this option when you need the container to create files owned by the host user, avoiding permission issues with mounted volumes.

Initialize Docker Swarm as Admin

To initialize a Docker Swarm and advertise the manager node's IP address:

sudo docker swarm init --advertise-addr $(hostname -I | awk '{print $1}')

Explanation:

• sudo docker swarm init: Initializes a new Swarm cluster.
• --advertise-addr: Specifies the address that other nodes in the swarm should use to connect to the manager node.
• $(hostname -I | awk '{print $1}'): Fetches the primary IP address of the host machine.

When to use:

Use this command when setting up a new Docker Swarm cluster, ensuring that worker nodes can properly communicate with the manager node.

Copy Files Between Host and Container

To Container:

docker cp foo.txt container_id:/foo.txt

From Container:

docker cp container_id:/foo.txt foo.txt

Explanation:

• docker cp: Copies files or directories between a container and the local filesystem.
• foo.txt: The file you want to copy.
• container_id:/foo.txt: The destination path inside the container.

When to use:

Use these commands to transfer files into or out of a running container, such as configuration files, data files, or logs.

MySQL Docker Backup and Restore

Restore a MySQL Database:

sudo docker exec -i 9cc920668c42 sh -c 'exec mysql   -u root -p"<root_password>" anduin' < ./Anduin.backup.sql

Restore a MariaDB Database:

sudo docker exec -i 9cc920668c42 sh -c 'exec mariadb -u root -p"<root_password>" anduin' < ./Anduin.backup.sql

Explanation:

• sudo docker exec -i: Runs a command inside a running container with interactive input.
• 9cc920668c42: The ID of the container running MySQL or MariaDB.
• mysql or mariadb: The database client to execute.
• -u root -p"<root_password>": Authentication parameters for the database.
• anduin: The name of the database to restore.
• < ./Anduin.backup.sql: Redirects the backup SQL file as input to the command.

When to use:

Use these commands when you need to restore a database from a SQL backup file into a MySQL or MariaDB instance running inside a Docker container.

Sort Containers by Resource Usage

RAM Usage:

sudo docker stats --no-stream --format "table {{.Name}}\t{{.Container}}\t{{.MemUsage}}" | sort -k 3 -h 

CPU Usage:

sudo docker stats --no-stream --format "table {{.Name}}\t{{.Container}}\t{{.CPUPerc}}" | sort -k 3 -h

Image Size:

docker images --format "{{.ID}}\t{{.Size}}\t{{.Repository}}" | sort -k 2 -h

Explanation:

• sudo docker stats --no-stream: Displays a snapshot of container resource usage statistics.
• --format: Formats the output to show specific fields.
• sort -k 3 -h: Sorts the output based on the third column (RAM or CPU usage), handling human-readable numbers.
• docker images: Lists all Docker images on the host.

When to use:

Use these commands to identify containers or images consuming the most resources, which is helpful for performance tuning and resource management.

Get Disk Space Usage

sudo docker system df

Explanation:

• sudo docker system df: Shows the disk space used by Docker images, containers, and volumes.

When to use:

Use this command to monitor and manage disk space usage, ensuring that Docker resources do not consume excessive storage.

Remove Useless Images and Delete Killed Containers and Volumes

sudo docker system prune -a --volumes -f

Explanation:

• sudo docker system prune: Removes unused data.
• -a: Removes all unused images, not just dangling ones.
• --volumes: Also removes all unused volumes.
• -f: Forces the prune operation without confirmation.

When to use:

Use this command to clean up your Docker environment by deleting unused images, stopped containers, and volumes, which helps free up disk space.

Browse Image Content

sudo docker run -it --entrypoint sh image_name

Explanation:

• sudo docker run -it: Runs a container in interactive mode with a TTY.
• --entrypoint sh: Overrides the default entrypoint to start a shell.
• image_name: The name of the Docker image you want to explore.

When to use:

Use this command to inspect the filesystem of a Docker image interactively, which is useful for debugging or understanding the image's contents.

Output Secret Value

get_docker_secret() {
  if [ -z "$1" ]; then
    echo "Usage: get_docker_secret <secret_id>"
    return 1
  fi
  secret_id=$1
  service_name="secret-reader-$secret_id"
  sudo docker service create --name "$service_name" --secret "$secret_id" alpine sh -c "cat /run/secrets/$secret_id && sleep 10"
  sleep 2
  sudo docker service logs "$service_name"
  sudo docker service rm "$service_name"
}

Explanation:

This function retrieves the value of a Docker secret by:

• Checking if a secret ID is provided.
• Creating a temporary Docker service that mounts the secret.
• Outputting the secret's content to the logs.
• Removing the temporary service after retrieval.

When to use:

Use this function when you need to read the value of a Docker secret, especially in situations where you need to verify the secret's content.

Install tzdata in Dockerfile

RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
    apt-get install -y tzdata && \
    echo "Etc/UTC" > /etc/timezone && \
    ln -fs /usr/share/zoneinfo/UTC /etc/localtime && \
    dpkg-reconfigure -f noninteractive tzdata

Explanation:

• Installs the tzdata package without interactive prompts.
• Sets the timezone to UTC.
• Reconfigures tzdata to apply the timezone settings.

When to use:

Include this in your Dockerfile when your application depends on correct timezone settings or requires tzdata to function properly.

Install GUI Applications

You can install GUI applications in Docker containers. For example, here's how to install WeChat:

FROM hub.aiursoft.cn/aiursoft/internalimages/ubuntu:latest

# Install locales
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
    apt-get install -y libc-bin locales wget sudo && \
    locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Install tzdata
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
    apt-get install -y tzdata && \
    echo "Etc/UTC" > /etc/timezone && \
    ln -fs /usr/share/zoneinfo/UTC /etc/localtime && \
    dpkg-reconfigure -f noninteractive tzdata

# Necessary packages
RUN apt install -y dbus-x11 packagekit-gtk3-module
RUN dbus-uuidgen > /var/lib/dbus/machine-id

# Install the app
RUN wget -O- https://deepin-wine.i-m.dev/setup.sh | sh
RUN sudo apt install -y com.qq.weixin.deepin

ENTRYPOINT ["/opt/apps/com.qq.weixin.deepin/files/run.sh"]

# To build, run:
# sudo docker build -t nautilus .

# To run, run:
# xhost +local:docker
# sudo docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --device /dev/dri nautilus

Explanation:

• Base Image: Uses an Ubuntu-based image from a custom registry.
• Locales: Sets up locale configurations.
• Timezone: Installs and configures tzdata.
• Dependencies: Installs packages required for GUI applications.
• DBus: Generates a machine ID for D-Bus.
• Install WeChat: Downloads and installs WeChat using the Deepin Wine installer.
• ENTRYPOINT: Specifies the command to run when the container starts.

How to Build and Run:

• Build the Image:

  sudo docker build -t nautilus .
  

• Run the Container:

  xhost +local:docker
  sudo docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --device /dev/dri nautilus
  

When to use:

Use this Dockerfile when you need to run GUI applications inside a Docker container, such as for testing or development purposes. The setup allows the container to display GUI applications on the host's X server.