Skip to content

Instantly share code, notes, and snippets.

@cgthayer cgthayer/
Last active Jan 30, 2020

What would you like to do?
Docker Notes for n00bs


Images are read-only templates, but you can diff and push them to save many versions. Containers are instances of images, that are also directories and usually a single running process.

Images can be layered, you start from a base and make changes. Containers are versioned so that you can make changes and save the filesystem state as a new Image.

You can poke around in a container before starting it running, and after it's died. You can attach or exec a shell into a container to find out what's going on.

Network is also virtualized so that several containers can communicate with each other, but this isn't visible outside unless configured to be.


# Dockerfile
docker build -t $IMAGE
docker images
docker rm $IMAGE

# find pre-made images
docker search $TERM


docker run --name $CONTAINER -it $IMAGE
docker ps
# see history
docker ps -a
docker stop $CONTAINER

docker container ls -a
docker rm $CONTAINER


docker logs $CONTAINER
docker attach $CONTAINER   # warning control-C kill
docker exec -it $CONTAINER /bin/bash  # if running

# quick little commands to inspect running container
docker exec CONTAINER env
docker exec CONTAINER ls
docker exec CONTAINER ps fax
docker exec CONTAINER ip addr show eth0

# if not running, starts a container and shells in
# note entrypoint before image!
docker run -it --entrypoint /bin/bash $CONTAINER

# same but as root
docker run -u root -it --entrypoint /bin/bash $IMAGE

docker exec CONTAINER apt install net-tools  # for netstat
docker exec CONTAINER netstat -natp
apt install -y binutils  # shell stuff
apt install -y busybox  # same but lighter
# others: procps, ..

# check on a container's port mapping
docker port $CONTAINER

# entrypoints often end with exec "$@" so they can run whatever, eg.
docker run -it $CONTAINER python migrate
docker run -it $CONTAINER python /bin/bash

# low-level details for many docker objects
# eg. volume mounts
docker inspect $CONTAINER

# general: hack up for debugging


docker diff $CONTAINER
docker commit $CONTAINER $IMAGE[:tag]
docker images
docker rmi $IMAGE


docker-compose build
docker-compose create
docker-compose start
docker-compose ps
docker-compose logs

# or just
docker-compose up
docker-compose down


  • Order of arguments is very important!
  • On dev if you have a docker-compose with a "volume" you don't need a full rebuild for changes to our code.
  • Warning: things have changed in docker and compose, so old tutorials are sometimes a bit wrong.
  • Permissions and users can be super confusing, beware. |-
  • Don't trust non-official pkgs, look closely


  • nginx: needs to run as root, then switches user on it's own, so be careful to use sudo in
  • CMD only runs the last one and silently ignores earlier. Also "CMD foo >" is "CMD ["sh", "-c", ..."


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.