This post summarizes some common docker commands, operations, and tasks.
Some related posts:
- Collection for Interesting Docker Images
- Collection for Cyber Security Related Dockers
- Collection for Cloud Storage and Downloading Docker
- Docker Usage Introduction (Tips and Tricks)
- Portainer Usage Introduction
Table of Contents
Docker Installation
root@Ubuntu18:/# curl -sSL https://get.docker.com/ | sh
#Ubuntu 20.04
sudo apt install docker.io
Install Docker
#CentOS 6
#CentOS 6
Or , references of my posts:
- Simplest Steps to Install Docker and Docker Compose into Ubuntu (16.04,18.04) and CentOS 7New
- Portainer and Docker UsageNew
Install Docker Compose
curl -L “https://get.daocloud.io/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)–$(uname -m)“ -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
note: Check the latest version of docker-compose from https://docs.docker.com/compose/release-notes/
#Ubuntu 20.04
sudo apt install docker-compose
Or you can play docker at Play with Docker online.
Common Docker Commands
- docker –version
- docker pull <image name>
- docker run -it -d <image name>
- docker ps
- docker ps -a //show all the running and exited containers
- docker exec -it <container name> /bin/bash
- or docker exec -it <container name> sh
- docker stop
- docker kill //kills the container by stopping its execution immediately
- docker commit //creates a new image of an edited container on the local system
- docker login //login to the docker hub repository
- docker push <username/image name> //push an image to the docker hub repository
- docker images //lists all the locally stored docker images
- docker rm <container id>
- docker rmi <image-id>
- docker build <path to docker file> //build an image from a specified docker file
- docker log <container-id> // show logs about your container, for troubleshooting
[root@shadowdaemon compose]# docker logs –tail 50 –follow –timestamps compose_db_1
2020-03-17T15:24:42.758002000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied
2020-03-17T15:24:43.410251000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied
Backup image and load the backup
root@Ubuntu18-Docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx latest ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker save -o /root/nginx.tar nginx
root@Ubuntu18-Docker:~# ls
nginx.tar snap
root@Ubuntu18-Docker:~#
You can load this tar file into other machine’s image list:
root@controller:~# docker load -i /root/nginx.tar
Export Container / Import to Image
docker export / docker import and docker save / docker load serve different purposes.docker export (and import) are commands to export/import a container’s root filesystem; from the command’s “help” output;Export a container's filesystem as a tar archive
When running these commands, you’ll only get an archive of the container’s filesystem, but not the image’s configuration (such as the
CMD, ENTRYPOINT and ENV).
The
docker save / docker load commands on the other hand, allow you to save/load an image, including their configuration. From the command description;Using those commands, you can transfer an image between docker hosts (without using a registry), and preserve the layers and image configuration.root@Ubuntu18-Docker:~# docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f2118c12a0f nginx:latest "nginx -g 'daemon of…" 7 days ago Up 7 days 0.0.0.0:80->80/tcp, 443/tcp Nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker stop Nginx1
Nginx1
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f2118c12a0f nginx:latest "nginx -g 'daemon of…" 7 days ago Exited (0) 14 seconds ago Nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker export Nginx1 > /root/Container-Nginx1.tar
root@Ubuntu18-Docker:~# docker rm Nginx1
Nginx1
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker import /root/Container-Nginx1.tar Nginx1
invalid reference format: repository name must be lowercase
root@Ubuntu18-Docker:~# docker import /root/Container-Nginx1.tar nginx1
sha256:df44fea67db399580e7cbdd5d09bd882c91bfe96d43c4b0c0f639aa7f74c9e20
root@Ubuntu18-Docker:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx1 latest df44fea67db3 7 minutes ago 143MB
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx latest ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker run -d --name Nginx1 --restart=always -p 80:80 nginx1
docker: Error response from daemon: No command specified.
See 'docker run --help'.
Create Own Image Using Your Container
root@Ubuntu18-Docker:~# docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0457b6159da9 nginx:latest "nginx -g 'daemon of…" 16 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp nginx1
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~# docker commit nginx1 nginx1netsec
sha256:0cf3a7c347f9bca870bd97b9e40bfc11e959e8220e4529d49e4f452cd5de8e68
root@Ubuntu18-Docker:~# docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx1netsec latest 0cf3a7c347f9 6 seconds ago 145MB
nginx latest e791337790a6 3 days ago 127MB
wordpress latest 0d205d4886fe 2 weeks ago 540MB
nginx <none> ed21b7a8aee9 2 weeks ago 127MB
mysql 5.7 413be204e9c3 2 weeks ago 456MB
mariadb latest 37f5f0a258bf 4 weeks ago 356MB
portainer/portainer latest 2869fc110bf7 4 weeks ago 78.6MB
root@Ubuntu18-Docker:~# docker stop nginx1
nginx1
root@Ubuntu18-Docker:~# docker run --name nginx2 --restart=always -p 80:80 -d nginx1netsec
5fbe841d1f407db372ef8a69fe5295900b3b5b8eeea7d6d7be45f7eed247a19c
root@Ubuntu18-Docker:~#
root@Ubuntu18-Docker:~# docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fbe841d1f40 nginx1netsec "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp nginx2
58984786a347 wordpress:latest "docker-entrypoint.s…" 7 days ago Up 7 days 0.0.0.0:10000->80/tcp 51sec_wordpress_1
986469bf37d1 mysql:5.7 "docker-entrypoint.s…" 7 days ago Up 7 days 3306/tcp, 33060/tcp 51sec_db_1
e1965b3d6e1f portainer/portainer:latest "/portainer" 7 days ago Up 7 days 0.0.0.0:9000->9000/tcp portainer
root@Ubuntu18-Docker:~#
In this way, even portainer will be still able to manage this new container.
=========================================================================
Here is an example how to download a image from DockerHub and how to push it to your own repository:
docker pull devisty/xssh:v2
docker image list
Create a new repository xssh from your Dockerhub’s johnyan2 account.
docker tag devisty/xssh:v2 johnyan2/xssh:latest
docker push
Publish Your Own Docker Image to Docker Hub
root@Ubuntu18-Docker:~# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: johnyan2
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@Ubuntu18-Docker:~# docker tag nginx1netsec johnyan2/nginx1netsec:latest
root@Ubuntu18-Docker:~# docker push johnyan2/nginx1netsec:latest
The push refers to repository [docker.io/johnyan2/nginx1netsec]
a0ad3b8aa236: Pushed
be91fceb796e: Pushed
919b6770519b: Pushed
b60e5c3bcef2: Pushed
latest: digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28 size: 1160
Pull and run your own Docker:
$ docker pull johnyan2/nginx1netsec
Using default tag: latest
latest: Pulling from johnyan2/nginx1netsec
123275d6e508: Already exists
6cd6a943ce27: Already exists
a50b5ac4a7fb: Already exists
75facb91406e: Pull complete
Digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28
Status: Downloaded newer image for johnyan2/nginx1netsec:latest
docker.io/johnyan2/nginx1netsec:latest
[node1] (local) [email protected] ~
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
johnyan2/nginx1netsec latest 0cf3a7c347f9 11 hours ago 145MB
nginx latest e791337790a6 4 days ago 127MB
[node1] (local) [email protected] ~
$ docker run -p 80:80 --name Nginx1 -d johnyan2/nginx1netsec
a4e00ef3a26aede705f6519d34baeab2045b31153a4ad2b1a75bb1ec928d27f5
[node1] (local) [email protected] ~
$ netstat -lantp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:35667 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 36/sshd
tcp 0 0 :::22 :::* LISTEN 36/sshd
tcp 0 0 :::2375 :::* LISTEN 20/dockerd
tcp 0 0 :::80 :::* LISTEN 2283/docker-proxy
tcp 0 0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39999 ESTABLISHED 20/dockerd
tcp 0 0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39823 ESTABLISHED 20/dockerd
[node1] (local) [email protected] ~
You also can download an image to local then push it to your own repository:
Run Scheduled Task in Docker
For example , use Certbo command to renew HTTPS/SSL certificate in Docker:
Run it from host( certbotdocker is container ‘s name):
Put it into
crontab -e :Clean Docker Images and Volumes
1 Delete All Images and Vulumes (even it is running)
Save follow code to docker-cleanup.sh:
Run .sh file:
2 Only Delete non-running volumes and images
You will get an error message for those running dockers, but will not be deleted.
Write Inputs into a File
Using cat command to directly write keyboard inputs into a file.
root@8a14b324cde5:/etc/nginx/conf.d# cat > portainer.conf <<EOF
> server {
> listen 80;
> server_name awsportainer.51sec.org;
>
> location / {
> proxy_pass http://aws.51sec.org:9000;
> proxy_redirect off;
> proxy_http_version 1.1;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> }
> }
> EOF
In this way, you will not need to install nano or vi into your docker.
Note: $ will be omitted from the file. If you will need to enter $, you might still need install nano or vi.
Docker Networking
1)Create a new network
2)Connect container into network
or join existing docker into network
3)ping docker with its name
Ps:需要注意的是,如果容器没有指定名称(–name),那么就只能用id。
64 bytes from c1 (172.18.0.4): icmp_seq=1 ttl=64 time=0.137 ms
64 bytes from c1 (172.18.0.4): icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from c1 (172.18.0.4): icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from c1 (172.18.0.4): icmp_seq=4 ttl=64 time=0.074 ms
请参阅文档的此部分;
注意:与旧版本不同links,新网络将不会创建环境变量,也不会与其他容器共享环境变量。
此功能当前不支持别名
4)Disconnect from default bridge network
由于容器仍然连接着默认bridge docker0,而现在我们已经不需要它,所以应该将容器与docker0的连接断开,执行以下操作:
docker network Doc:https://docs.docker.com/network/
[root@centos-nextcloud-aria2 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d2daf16b85d2 bridge bridge local
ced0ba273013 host host local
5bbc16718b13 none null local
[root@centos-nextcloud-aria2 ~]# docker network create mynetwork
118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93
[root@centos-nextcloud-aria2 ~]# docker network connect mynetwork nginx
[root@centos-nextcloud-aria2 ~]# docker network connect mynetwork portainer
[root@centos-nextcloud-aria2 ~]# docker network inspect mynetwork
[
{
"Name": "mynetwork",
"Id": "118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93",
"Created": "2021-04-20T16:04:26.972255453Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2533d99553373027929bdddd7db0de20b8d1bce8fdfc3dca07be28996960b1b8": {
"Name": "nginx",
"EndpointID": "13caa8d46093ecd672827998c9a0637f95136b900f846327db50edffb312d20b",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"312eec9453fbf1856dfafe3320fcc7518d15fd2a678e4f60711c1ec2dd9bdb4c": {
"Name": "portainer",
"EndpointID": "e115dcf5fc70366ff1e10951fd36879be76979ed78c51f15fb9d25765218eaac",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
You might need to install ping utility first using comand
apt update & apt install iputils-ping
[root@centos-nextcloud-aria2 ~]# docker exec -it nginx ping portainer
PING portainer (172.18.0.3) 56(84) bytes of data.
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=3 ttl=64 time=0.050 ms
^C
--- portainer ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.050/0.071/0.083/0.018 ms
[root@centos-nextcloud-aria2 ~]# docker network disconnect bridge nginx
[root@centos-nextcloud-aria2 ~]# docker network disconnect bridge portainer
[root@centos-nextcloud-aria2 ~]#
Troubleshooting
[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
docker: Error response from daemon: path /var/data is mounted on / but it is not a shared mount.
[node1] (local) [email protected] ~
$ mount --make-shared /
[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
[node1] (local) [email protected] ~
Free Docker Playground
1. PWD https://labs.play-with-docker.com/
$ apk add virt-what
$ sudo apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
v3.16.2-203-g16a4499ea3 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.2-202-ge26245aea1 [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 17053 distinct packages available
[node1] (local) [email protected] ~
$ sudo apk add git
OK: 395 MiB in 156 packages
[node1] (local) [email protected] ~
$ git --version
git version 2.36.2
[node1] (local) [email protected] ~
$
Note: If you are using PWD (Play with docker), the copy shortcut key is ctrl+insert, paste is ctrl+shift+v or shift+insert.
2. https://www.koyeb.com/
References
