DOCKER COMMANDS​

____________________________​

Command: apt install docker.io​

​
This command installs the Docker software on a Linux system using the
Advanced Package Tool (APT). It ensures that you have Docker installed
and ready to use.
​
Command: docker ps
​
This command lists all the currently running Docker containers. It provides
information such as the container ID, image name, status, ports, etc., for
the active containers.

Command: docker ps -a
​
Similar to the docker ps command, but it lists all containers, including those
that are not currently running. It provides a history of all containers that
have been created.
Command: docker pull alpine
​
This command downloads the official alpine docker image from the Docker
Hub repository. It fetches the image and stores it locally on your system so
that you can create containers from it.​
​
Command: docker images or docker image ls

This command lists all the Docker images that are available on your local
system. These images serve as the basis for creating containers.

Command: docker create --name nginx01 alpine:nginx

​
This command creates a new Docker container with the specified name
("nginx01") from the "alpine" image. However, this container has not started
yet.
​
Command: docker create alpine
Similar to the previous command, it creates a Docker container from the
"alpine" image but without specifying a name. Docker will automatically
assign a random name to the container.​
​
Command: docker start 5706093ca838(container id) Or
docker start dreamy_liskov(container name)
These commands start Docker containers with specific names or container
IDs, respectively.The containers must have been previously created using
docker create or a similar command.
Command: docker run -dit --name ubuntu03 ubuntu
​
This command creates and starts a new Docker container named
"ubuntu03" from the "ubuntu" image. The dit flags are used to run the
container in interactive mode, allocate a terminal, and detach it from the
terminal session.​
​
Command: docker exec -it ubuntu03 /bin/bash
This command allows you to execute a command (in this case, /bin/bash)
within a running container named "ubuntu03." It opens an interactive shell
within the container.​
​
Command: docker history alpine
​
This command displays the history of layers that make up a Docker image
named "alpine." It shows how the image was constructed, including the
commands that were executed at each layer during its build process.

Command: docker info

This command provides detailed information about the Docker system,
including the number of containers and images, storage driver, execution
driver, and other system-related information.

Command: docker search <image name>

This command allows you to search the Docker Hub repository for Docker
images with the
specified name or keyword. It returns a list of matching images that you can
potentially pull
and use.
Command: docker rmi <image name:tag>
This command removes (deletes) a specific Docker image from your local
system. You can specify the image name and, optionally, a tag to identify
the image.
​
Command: docker rmi <image name:tag> -f
The -f flag, which stands for "force," is used to forcefully remove a Docker
image, even if it is in use by containers. Be cautious when using this option
as it can lead to data loss if not used carefully.
​
Command: docker stop <container_name>
This command stops a running Docker container with the specified name.
The container is gracefully terminated, allowing processes inside it to clean
up.
​
Command: docker rm <container_name>
This command removes (deletes) a specific Docker container by name. It
deletes the container instance and all associated data, including its
filesystem.docker events This command allows you to monitor Docker
events in real-time. It displays a stream of events related to containers and
images, such as container start, stop, image pulls, etc.
​
Command: docker attach <container_name>
This command attaches your terminal to a running Docker container,
allowing you to interact with its processes. It's similar to SSH-ing into the
container but less flexible.

Command: docker exec <container_name> <command>

This command allows you to execute a specific command within a running
Docker container. It doesn't require attaching to the container's terminal,
making it useful for running one-off commands inside a container.
Command: docker inspect <container_name_or_id>
The docker inspect command is used to retrieve detailed information about
a specific Docker container or image. You provide the name or ID of the
container or image as an argument, and it returns a JSON-formatted output
containing various details, such as configuration, networking, volumes, and
more.
​
Command: docker start $(docker ps -a -q)
This command is a combination of Docker commands using shell scripting.
It starts all stopped Docker containers on your system. Here's what each
part does:

docker ps-a-q: This part lists all containers, including those that are
stopped (-a flag) and outputs only their IDs (-q flag).

$(...) is used to execute the docker ps -a -q command and pass its output
as an argument to the docker start command.

docker start is then applied to each container ID obtained from the previous
command, effectively starting all stopped
containers.
​
Command: docker stop $(docker ps -a -q)
Similar to the previous command, this one stops all running Docker
containers. It uses the same pattern:

docker ps-a-q lists all containers and outputs their IDs.

$(...) executes the docker ps-a-q command and passes its output as an
argument to the docker stop command.

docker stop is applied to each container ID obtained from the previous

command,stopping all running containers.
Command: docker rm $(docker ps -a -q)
This command removes (deletes) all stopped Docker containers from your
system. It follows the same pattern as the previous two:​
​
docker ps -a -q lists all containers and outputs their IDs.

$(...) executes the docker ps -a -q command and passes its output as an

argument to the docker rm command.

docker rm is applied to each container ID obtained from the previous

command, effectively removing all stopped containers.

Command: docker image inspect <image_name_or_id>

The docker image inspect command is used to retrieve detailed information
about a specific Docker image. You provide the name or ID of the image as
an argument, and it returns a JSON-formatted output containing various
details, such as image metadata, layers, labels, and more. This command
can be helpful for inspecting the properties of an image before using it to
create containers.
​
Command: docker network inspect <network_name_or_id>
The docker network inspect command is used to retrieve detailed
information about a
specific Docker network. You provide the name or ID of the network as an
argument, and it returns a JSON-formatted output containing information
about the network's configuration, connected containers, and more. This
command is useful for understanding how containers are connected to
networks and for troubleshooting network-related issues in Docker.

Command: docker volume inspect <volume_name_or_id>

The docker volume inspect command is used to retrieve detailed
information about a specific Docker volume. You provide the name or ID of
the volume as an argument, and it returns a JSON-formatted output
containing information about the volume's configuration,mount points, and
other details. Docker volumes are used to persist data between container
runs, and this command can help you understand the properties of a
volume and how it's being used by containers.

Command: docker exec:

The docker exec command is primarily used to run a specific command
within a running container. It allows you to execute commands in an
existing container's environment without attaching them to its interactive
terminal.

Command: docker attach:

The docker attach command is used to attach your terminal to an already
running container's interactive terminal. It allows you to interact with the
processes running in the container as if you were connected directly to its
terminal.

Command: docker run -d -p 8080:80 --name web01 nginx

docker run: This is the basic command to create and run a Docker
container.

-d: This flag stands for "detached" mode. When you run a container in
detached mode, it runs in the background, and the container's output is not
displayed in your current terminal. This is useful for long-running services
or applications.

-p 8080:80: This flag is used to map ports between the host machine and
the container. It specifies that port 8080 on the host should be mapped to
port 80 on the container. In other words, if you access port 8080 on the
host machine, it will be forwarded to port 80 inside the container. This is
commonly used for exposing services running inside containers to the host
machine and external networks.

--name web01: This flag assigns a custom name to the container. In this
case, the name"web01" is given to the container. Container names provide
a more user-friendly way to identify and manage containers than using
container IDs.

nginx: This is the name of the Docker image that you want to use to create
the container. In this case, it's the official Nginx image from the Docker Hub
repository. Nginx is a popular web server and reverse proxy server.

Docker Network Commands​

To inspect network
Command: docker network inspect <network name>​
​
To list all networks available in docker hosts
Command: docker network ls
​
By default there are three drivers available in any docker hosts
– bridge
– host
– none​
​
If you use the “ifconfig” command, you will also notice that this network
interface is called "docker0": is nothing but a bridge.​

All Docker installations have this network. If you run a container, say, Nginx,
it will be attached by default to the bridge network:
​
docker run -dit --name nginx nginx:latest
​
You can check the containers running inside a network, by using the
"inspect" command: docker network inspect bridge
​
Docker uses a software-based bridge network which allows containers
connected to the same bridge network to communicate while isolating them
from other containers not running in the same bridge network.
Let's see how containers running in the same bridge network can connect
to each other.
Let's create two containers for testing purposes:
​
docker run -dit --name srv1 centos​

docker run -dit --name srv2 centos

These are the IP addresses of the containers:​

​
docker inspect srv1 | jq -r '.[0].NetworkSettings.IPAddress'
docker inspect srv2 | jq -r '.[0].NetworkSettings.IPAddress'
​
Let's try to ping a container from another one using one of these IP
addresses. For example, ping the container named "srv1" from "srv2",
using its IP.​
​
docker exec -it srv1 ping 172.17.0.3

So, containers on the same bridge can see each other using their IPs. ​
​
What if I want to use the containers' name instead of the IP.
​
docker exec -it srv1 ping srv2
​
---ping: bad address 'srv2'
​
docker exec -it srv1 ping ip address of srv2
​
We can understand that containers running on the same bridge network are
able to see each other using their IP addresses. On the other hand, the
default bridge network does not support automatic service discovery.
​
User-defined Bridge Networks
​
Using the Docker CLI, it is possible to create other networks. You can
create a second bridge network using:
​
To create a new network
​
docker network create my_bridge1 --driver bridge
​
Create one more network
​
docker network create my_bridge2 --driver bridge

Create two more instances and attach them to my_bridge1

​
docker run -dit --name srv10 --network=my_bridge1 centos
​
docker run -dit --name srv11 --network=my_bridge1 centos
​
Create another two containers and attach them to my_bridge2
​
docker run -dit --name srv20 --network=my_bridge1 centos
​
docker run -dit --name srv21 --network=my_bridge1 centos

Now try pinging them from one another using

docker exec -it srv10 ping srv11

​
docker exec -it srv11 ping srv10

docker exec -it srv20 ping srv21

​
docker exec -it srv21 ping srv20

We can conclude that only user-defined bridge networks support automatic

service discovery. If you need to use service discovery with containers,
don't use the default bridge, create a new one.
​
Now how to connect these bridge networks together?
​
Iptables -L --> to list the current firewall rules
​
here source ip and destination may change in your case, get them from
docker network
​
inspect <network name> command for your networks​

Iptables -I FORWARD -s 172.24.131.0/24 -d 172.24.132.0/24 -j ACCEPT​

Iptables -I FORWARD -d 172.24.131.0/24 -s 172.24.132.0/24 -j ACCEPT

​
Now try pinging them from one another using IP addresses between
bridge networks.
​
docker exec -it srv10 ping ipaddress of srv11
docker exec -it srv11 ping ipaddress of srv10

docker exec -it srv20 ping ipaddress of srv21

docker exec -it srv21 ping ipaddress of srv20
​
The Host Network​
​
No isolation between host and containers on this network, to the outside
world they are on the same network.
​
A container running in the host network matches the networking
configurations of the host.
​
If we take the example of an Nginx image, we can notice that it exposes the
port 80.
​
EXPOSE 80
​
If we run the container, we should normally publish the port 80 on another
port, say 8080.
​
docker run -dit -p 8080:80 nginx:latest
The container is now accessible on port 8080 as the default bridge. We can
access it using
​
docker_host_ip:8080
​
But When we run the same container on the host network, published ports
will be ignored since the port 80 of the host will be used in all cases. If you ​
run:​
​
docker run -dit --name nginx01 --network host -p 8080:80 nginx:latest
​
Docker will show a warning:
​
WARNING: Published ports are discarded when using host network mode
​
Let's remove this container and re-run it without publishing its ports:
​
docker run -dit --name nginx01 --network host nginx
​
We can access it using docker_host_ip
​
Try creating one more container using httpd which also uses the same port
as nginx.
​
docker run -dit --name httpd01 --network host httpd
​
so as nginx is already running and port 80 is being used by it we cannot
access httpd01 using
​
docker_host_ip in this case.​
​
Now lets stop nginx01, start httpd01 and then verify using docker_host_ip,
this time httpd01 responds. At any point of time only one container with
same port can be accessed
Since there is no network address translation (NAT), running a container on
the host network can optimize performance. When you run a container on
the host network, its network will not be isolated from the host, and it will
not get its own IP; these are the limits of this type of network.