10 Tips for Using Docker Like a Pro

10 Tips for Using Docker Like a Pro

I enjoy working with Docker. I am running Docker in production environment and it gives me great performance. Today I decided to build a list of 10 commands and tips that I consider most valuable.

Tip 1: docker run –rm container

After executing Docker container, –rm flag will make sure to clean container leftovers. So for example, when you start a container with specific name, it will be automatically deleted when you decided to create a new one with the same name.

Tip 2:  docker rename old new

Docker rename command can be used to rename existing containers. This command works both with stopped and with running containers. It is very useful for example when you start a container and later decided to name it.

Tip 3: Show container name and it’s IP address

If you add the following code to the end of your ~/.bashrc file, you will be able to run “docker-ip” command to list all dockers with assigned IP addresses or “docker-ip container-name” to show IP assigned to that container.

docker-ip() {
if [ -z "$@" ]; then
docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
else
docker inspect --format '{{ .NetworkSettings.IPAddress }}' "$@"
fi
}

Tip 4: docker copy file-name container-name:/dir

The above command is useful if you want to copy a file from the root computer to your Docker container.

Tip 5: Running bash inside container

If your container starts a service, for example, PostgreSQL, you can still connect to the container shell and perform some maintenance task. For this you need to use the following syntax:

docker exec -it running-name bash

Tip 6: Management tool

Portainer is a great tool to get visibility into your container environment. You can read about it here: https://portainer.io/
10 Tips for Using Docker Like a Pro

It is very easy to install and run:

docker pull portainer/portainer
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

Tip 7: docker ps -f “status=exited”

The above command will show you a list of images that are offline. You can easily delete the one you want by running “docker rm image-id”.

Tip 8: Remove all stopped containers

You can use the following script to remove all stopped containers:

docker ps -f “status=exited” | gawk ‘{print “docker rm “$1}’ | bash

Tip 9: Docker inside Docker

You can start a Docker inside a Docker. So, for example, the Continuous Integration agent can spawn a new Docker container to do actual build. This is the most secure way of running internal containers. Another option is to mount docker socket inside the Docker container, so, the internal tool can launch a new Docker container asking the root computer to do it. For this, you need to add the argument-v /var/run/docker.sock:/var/run/docker.sock when running docker exec. It is considered less secure.

Tip 10: View container log

Docker has a great command to view docker log. You can simply run docker logs container. In addition, you have a follow mode like “tail -f”. For docker you need to run: docker logs container -f.

If you know other great command, please list them here, so everyone can benefit

About the author

Yuli Stremovsky
Yuli StremovskyCloud Security & Blockchain Architect
For the past 15 years I’ve been leading the evolution of startups and enterprises to achieve the highest level of security and compliance. Throughout my career I’ve been a Cyber Security expert and advanced solutions architect with many years of hands on experience both on offensive and defensive side. Knowledgeable at the highest level in application development, networking, data and databases, web applications, large scale Software as a Service solutions, cloud security and blockchain technologies.

I’ve been working with CISO’s of international enterprises, helping them set Information Security strategy, and overseeing the implementation of these recommendations. As part of these projects, I’ve been assisting companies to achieve compliance in GDPR, PCI, HIPAA and SOX.

Among my credits, I was a founder of a database security company GreenSQL/Hexatier which was acquired by Huawei and I’ve co-founded Kesem.io, Secure multi-signature Crypto wallet.

Specialties: Software and cloud architecture, Compliance (GDPR, HIPAA, PCI, SOX), blockchain technologies, software development, secure architectures, project management and low level research.