Docker is a tool for containerization, enabling the sharing of development environments across various operating systems through containers. This accelerates development time and allows team members to share environments without dependency conflicts, as all dependencies are contained and isolated within the container.
Before the concept of containers and environment isolation, virtualization was the main solution for separating development environments from the host system. Users would allocate CPU, memory, and hard space resources to a virtual system, but this approach was not optimal because a significant amount of resources was consumed by the virtual operating system, resulting in slower processing speeds compared to the host system.
With the advent of containers, isolation and separation of different environments became more cost-effective and resource-efficient. Docker is one of the tools that can be used for building and managing containers. If you need to share your development/production environment with others, Docker facilitates this by allowing you to share your container skeleton file (image), speeding up the process. Additionally, other users don’t need to worry about resolving dependencies as they are already included in the container.
The Docker documentation provides comprehensive installation instructions for Linux systems. However, distributions based on Arch Linux are not officially supported and the installation is considered unstable.
Open your terminal and install Docker using the package manager:
sudo pacman -S docker
If you encounter the error
docker not found, make sure to update your repositories with the commandsudo pacman -Syu.
If you are using systemd as your init system, enable the Docker service with:
sudo systemctl enable --now docker.service
Add your username to the Docker group:
sudo usermod -aG docker $USER
To apply the changes, either log out and log back in or use the command
newgrp docker.
Verify the Docker installation by running the hello-world image:
docker run hello-world
The run command executes images, which are blueprints for containers that consist of predefined files and configurations.
To list the images on your system, use docker images.
To list active containers, use docker ps.
Docker Hub serves as Docker's default repository for downloading and uploading images.
For example, if you want to use nginx as your web server, you can download the nginx image from Docker Hub and create a container from it.
Log in to your Docker Hub account with:
docker login
If you don't have an account, create one here.
Download the latest nginx image with:
docker pull nginx
Unfortunately, Docker Hub is blocked in Iran. If you encounter a 403 error or connection timeout, it is likely due to these restrictions. Refer to the sanctions workaround to resolve this issue.
nginx web server has comprehensive documentation on Docker Hub about working with images and containers.
After downloading the image, create a container for nginx with:
docker run --name some-nginx -p 8080:80 -v /some/content:/usr/share/nginx/html:ro -d nginx
If you are using other mirrors like focker.ir to download images, replace
nginxwithfocker.ir/nginx.
docker run --name some-nginx -p 8080:80 -v /some/content:/usr/share/nginx/html:ro -d focker.ir/nginx
The --name flag assigns a name to the container, in this example, some-nginx.
The -v or --volume flag shares a (path on the host system) with (a path in the container).
In this example, the path
/some/contenton the host system is shared with/usr/share/nginx/htmlin the container. For instance, if you create a file namedname.txtin/some/contenton the host system, you can find the same file in/usr/share/nginx/htmlwithin the container.
The
roat the end of the volume flag, separated by:, stands for read-only. If you set it torw, it will be read and write.
The -p or --port flag maps a port from the host system to a port in the container.
In this example, port
8080on the host system is mapped to port80in the container.
The -d flag runs the process in the background.
To bypass sanctions, you can use the following methods:
The simplest method to bypass sanctions is to download images from other repositories, such as focker.ir and ArvanCloud.
ArvanCloud has published a comprehensive guide on this.
In summary, you can use the following command to download images from ArvanCloud:
docker pull docker.arvancloud.ir/<ImageName>
Similarly, for focker.ir:
docker pull focker.ir/<ImageName>
Several internal DNS services are available to bypass sanctions, including Shecan, 403, and Begzar.
/etc/resolv.conf
nameserver 185.55.226.26
nameserver 185.55.225.25
/etc/resolv.conf
nameserver 10.202.10.202
nameserver 10.202.10.102
/etc/resolv.conf
nameserver 178.22.122.100
nameserver 185.51.200.2
Docker Compose is one of Docker's most powerful tools, enabling you to define configurations for multiple containers in a single YAML file. This avoids the need to repeatedly type commands in the terminal or manually write scripts. Instead, you can run all the containers with a single command.
Docker provides a set of flags:
Displays usage information and commands for Docker.
Enables or disables debug mode.
Specifies the socket address for the Docker service.
Sets the log level (default is info).
Specifies whether to use TLS (default is false).
Ensures that the certificates are signed by the specified CA.
Specifies the client certificate file.
Specifies the client key file.
Enables TLS and verifies remote access.
Displays the current version of Docker.
Use docker --help to review the list of available commands.
Run a new container from an image.
docker run hello-world
Execute commands in a running container.
docker exec -it my_container bash
List running containers.
docker ps
Build a Docker image from a Dockerfile.
docker build -t my_image .
Download an image from Docker Hub.
docker pull nginx
Upload an image to Docker Hub.
docker push focker.ir/my_image
List available images.
docker images
Log in to Docker Hub.
docker login
Log out of Docker Hub.
docker logout
Search for images on Docker Hub.
docker search redis
Display the Docker version.
docker version
Display system-wide information.
docker info
Attach to a running container.
docker attach my_container
Create a new image from a container's changes.
docker commit my_container my_image
Copy files between a container and the host.
docker cp my_container:/path/in/container /path/on/host
Create a new container.
docker create --name my_container ubuntu
Inspect changes to files or directories on a container’s filesystem.
docker diff my_container
Get real-time events from the Docker server.
docker events
Export a container’s filesystem as a tar archive.
docker export my_container -o my_container.tar
Show the history of an image.
docker history ubuntu
Create an image from a tarball.
docker import my_container.tar my_image
Return low-level information on Docker objects.
docker inspect my_container
Kill a running container.
docker kill my_container
Load an image from a tar archive.
docker load -i my_image.tar
Fetch the logs of a container.
docker logs my_container
Pause all processes within one or more containers.
docker pause my_container
List port mappings or a specific mapping for the container.
docker port my_container
Rename a container.
docker rename my_container new_container_name
Restart a container.
docker restart my_container
Remove one or more containers.
docker rm my_container
Remove one or more images.
docker rmi my_image
Save one or more images to a tar archive.
docker save -o my_image.tar my_image
Start one or more stopped containers.
docker start my_container
Display a live stream of container(s) resource usage statistics.
docker stats my_container
Stop one or more running containers.
docker stop my_container
Create a tag for an image.
docker tag my_image my_repo/my_image:tag
Display the running processes of a container.
docker top my_container
Unpause all processes within one or more containers.
docker unpause my_container
Update configuration of one or more containers.
docker update --cpus=2 my_container
Block until one or more containers stop, then print their exit codes.
docker wait my_container