Docker is a platform for developing, shipping, and running applications using containerization. Containers package an application with all its dependencies, ensuring it runs consistently across different environments.
┌─────────────────────────────┐ │ Docker Architecture │ ├─────────────────────────────┤ │ ┌──────────────┐ ┌──────────────┐ │ │ │ Client │►►►│ Daemon │ │ │ │ (CLI) │ │ (dockerd) │ │ │ └──────────────┘ └──────────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────┐ │ │ │ Containers │ │ │ │ Images │ │ │ │ Volumes │ │ │ │ Networks │ │ │ └──────────────┘ │ │ └───────────► Registry │ │ (Docker Hub) │ └─────────────────────────────┘
Docker Client: CLI tool to interact with Docker
Docker Daemon: Background service managing containers
Docker Registry: Repository for storing images (Docker Hub, private registries)
A Docker image is a read-only template used to create containers. Images are built from Dockerfiles and consist of multiple layers stacked on top of each other.
┌─────────────────────────┐ │ Application Layer │ ← Your app code ├─────────────────────────┤ │ Dependencies Layer │ ← npm/pip packages ├─────────────────────────┤ │ Runtime Layer │ ← Node.js, Python... ├─────────────────────────┤ │ OS Layer │ ← Alpine, Ubuntu... └─────────────────────────┘
docker build -t myapp:latest .
docker tag myapp:latest myapp:v1.0.0
docker push myapp:latest
docker pull nginx:latest
docker rmi myapp:latest
| Action | Command |
|---|---|
| List all images | docker images |
| Inspect image details | docker inspect image:tag |
| View image history | docker history image:tag |
| Save image to tar | docker save -o image.tar image:tag |
| Load image from tar | docker load -i image.tar |
A container is a running instance of an image. Containers are isolated, lightweight, and share the host OS kernel.
Created → Running → Paused → Stopped → Removed │ │ │ │ │ │ │ │ │ └─ docker rm │ │ │ └─ docker stop │ │ └─ docker pause/unpause │ └─ docker start └─ docker create
docker run -d --name mycontainer nginx:latest
docker run -it ubuntu:latest /bin/bash
docker run -d -p 8080:80 nginx:latest
docker run -d -e DB_HOST=localhost -e DB_PORT=5432 myapp
| Action | Command |
|---|---|
| List running containers | docker ps |
| List all containers | docker ps -a |
| Stop container | docker stop container_name |
| Start container | docker start container_name |
| Remove container | docker rm container_name |
| View logs | docker logs container_name |
| Execute command | docker exec -it container_name /bin/bash |
A Dockerfile is a text file containing instructions to build a Docker image. Each instruction creates a new layer.
FROM node:18-alpine
WORKDIR /app
COPY package.json .
COPY . .
RUN npm install
RUN apt-get update && apt-get install -y curl
ENV NODE_ENV=production
ENV PORT=3000
EXPOSE 3000
CMD ["npm", "start"]
ENTRYPOINT ["node", "server.js"]
# Node.js Application Dockerfile FROM node:18-alpine # Set working directory WORKDIR /app # Copy package files COPY package*.json ./ # Install dependencies RUN npm ci --only=production # Copy application code COPY . . # Set environment variables ENV NODE_ENV=production ENV PORT=3000 # Expose port EXPOSE 3000 # Health check HEALTHCHECK --interval=30s --timeout=3s \ CMD node healthcheck.js # Run application CMD ["node", "server.js"]
# Build stage FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build # Production stage FROM node:18-alpine WORKDIR /app COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules COPY package*.json ./ EXPOSE 3000 CMD ["node", "dist/server.js"]
Volumes provide persistent storage for containers. Data in volumes persists even after containers are removed.
Managed by Docker, stored in Docker's directory
docker volume create myvolume
Mount host directory into container
-v /host/path:/container/path
Stored in host memory (temporary)
--tmpfs /tmp
docker volume create mydata
docker run -d -v mydata:/data nginx:latest
docker run -d -v /host/data:/container/data nginx:latest
| Action | Command |
|---|---|
| List volumes | docker volume ls |
| Inspect volume | docker volume inspect mydata |
| Remove volume | docker volume rm mydata |
| Remove unused volumes | docker volume prune |
Docker networks enable communication between containers and with external networks. Containers can be isolated or connected.
docker network create mynetwork
docker run --network=mynetwork nginx
docker run --network=host nginx
docker run --network=none nginx
docker network create --driver overlay myoverlay
| Action | Command |
|---|---|
| List networks | docker network ls |
| Create network | docker network create mynetwork |
| Inspect network | docker network inspect mynetwork |
| Connect container | docker network connect mynetwork container |
| Disconnect container | docker network disconnect mynetwork container |
| Remove network | docker network rm mynetwork |
# Create network docker network create app-network # Run containers on same network docker run -d --name web --network app-network nginx docker run -d --name db --network app-network postgres # Containers can communicate using container names # From web container: curl http://db:5432
Docker Compose is a tool for defining and running multi-container Docker applications using a YAML file.
version: '3.8'
services:
web:
build: .
ports:
- "3000:3000"
environment:
- NODE_ENV=production
volumes:
- ./app:/app
depends_on:
- db
networks:
- app-network
db:
image: postgres:14
environment:
- POSTGRES_DB=mydb
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pass
volumes:
- db-data:/var/lib/postgresql/data
networks:
- app-network
volumes:
db-data:
networks:
app-network:
driver: bridge
docker-compose up -d
docker-compose down
docker-compose logs -f
docker-compose up -d --scale web=3
docker-compose build
node_modules
.git
*.log
FROM node:18.17.0-alpine
RUN apt-get update && apt-get install -y \
curl && rm -rf /var/lib/apt/lists/*
RUN useradd -m appuser
USER appuser
docker scan myimage:tag
docker run --memory="512m" --cpus="1.0" myapp
docker system prune -a