- gustavo's personal blog

Docker Mastery

My notes from the Udemy course: Docker Mastery.

Getting Docker

Go to the official documentation and add their APT repos to Ubuntu - this way you can get the latest stable releases.

  1. Docker
  2. Docker Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
  3. Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands.


Images & containers

CLI Process Monitoring

Docker commands

Containers will only run until the start command finishes.

Docker networks

Each container is connected to a private virtual network bridge, and they can talk to each other. You can create new virtual networks and attach containers to more than one virtual network (or none).

The bridge network is Docker’s default network.


Containers should not rely on IPs to communicate between each other, and because of that DNS is used in inter-container communication.

Container images

They are basically binnaries, dependencies and metadata about the image data and how to run it. It is not a complete OS - no kernel, or kernel modules, are included.

Docker Hub

Docker Hub ( hosts public images. Official images will not have a account name, only the image name (e.g.: nginx), and they are maintaned by Docker Inc.

Versions: the most current is always latest.

Image layers

Every image change creates a new image layer, each one with its own SHA hash. It helps Docker to work more efficiently because a image layer cache exists.

My Image

docker image inspect nginx will return image metadata. docker history nginx will return the image layers.


Dockerfile is unique to Docker. Remember that each command is a layer.

Structure of the Dockerfile

Always keep on top of the Dockerfile the things that change the least, and at the bottom the things that change more. This way you can always take advantage of Docker’s cache.

FROM sets the base image: FROM debian:jessie

ENV sets environment variables: ENV NGINX_VERSION 1.11.10-1-jessie

RUN executes shell commands inside the container: RUN apt-get update && apt-get install nginx=${NGINX_VERSION} Combining commands helps to save space.

Docker will handle error logging from /dev/stdout and /dev/stderr.

EXPOSE exposes the ports on the Docker internal network: EXPOSE 80 443

CMD is a required parameter that will be run every time the container is started/restarted. CMD ["nginx", "-g", "daemon off;"]

Running a Dockerfile

To run a Dockerfile in the directory:

docker image build -t <tag> .

Container lifetime & persistent data

Containers are usually immutable and ephemeral, the so-called “immutable infrastructure”.

There are two ways to persist data on Docker: Volumes and Bind Mounts.


Example: on MySQL official Dockerfile, we find:

VOLUME /var/lib/mysql

This creates a volume when the image is created, and it can only be removed manually.

Bind Mounts

Bind Mounting maps a host file or directory to a container file or directory. They cannot be used in Dockerfile, only at container run. E.g.:

docker container run -d --name nginx -p 80:80 -v $(pwd):/usr/share/nginx/html nginx

Binds the current directory in the host (pwd) to /usr/share/nginx/html on the container.

Docker Compose

Docker Compose helps us connecting containers together.

The YAML file

docker-compose.yml can be used with docker-compose (on dev/test environments) and with docker Swarm. You always need to start with a version property.

version: 3.1
services: # Containers
    image: nginx:latest
      - "8080:80"
      - ./project:/var/www:ro
      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:
      - php
      - URL=http://localhost
    depends_on: php
    image: php:7.3-fpm
      - ./project:/var/www
volumes: # Optional
networks: # Optional

<volume>:ro makes a volume read-only inside the container.

docker-compose CLI

Container Registries

Tag/Push/Pull images


What is the difference between ENTRYPOINT and CMD?

ENTRYPOINT will/may run a custom script (or a command) you can call before the container is run via CMD.

Common ending for

exec "$@" -> $@ refers to all of a shell script’s command-line arguments.

Change the USER in Docker files

Do not run your app inside the container as root, unless strictly necessary. It will narrow the attack surface.

Create a user: RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres

Change the user: USER postgres

You may need to chown some directories or files to make it work.