Show Docker logs on Ubuntu 16.04+:

journalctl -u docker.service

Security benchmark:

docker run --name docker-bench --rm -it --net host --pid host --userns host --cap-add audit_control -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker_bench_security docker/docker-bench-security

Move volume data to another volume (rename volume):

# Will create new volume and copy data to it from old volume
# FROM  - old volume
# TO    - new volume
export FROM=<v_1> TO=<v_2> && docker volume create --name $TO && docker run --rm -it -v $FROM:/from -v $TO:/to alpine ash -c "cd /from; cp -arv . /to"

Clear container logs:

> $(docker inspect --format='{{.LogPath}}' <CONTAINER>)

To use node_modules locally, but ignore it in the docker container using the following syntax in the docker-compose.yml. So everything in ./angularApp is mapped to /opt/app and then I create another mount volume /opt/app/node_modules/ which is now empty directory - even if in my local machine ./angularApp/node_modules is not empty:

   - './angularApp:/opt/app'
   - /opt/app/node_modules/

File .dockerignore:


Exit without stopped:

Ctrl+p, Ctrl+q

The TERM environment variable is unset!:

export TERM=xterm
docker ps       # show running containers
          -a    # show all containers
          -l    # show last started container

docker search <image>        # search images

docker pull <image>:<tag>    # pull to local copy

docker run -t -i <image>:<tag> [comand]
            -ti <image>                          # run end get TTY
            -ti <image> [command]                # run command
            -d <image> [command]                 # run on background
            -P ...                               # open all required ports
            -p 80:5000 -p 85:5005  ...           # 80 -> 5000
            --name <some_name>                   # add name for container
            --env MYVAR2=foo                     # add env variable
            --env-file ./env.list                # add env file
            -v /etc/localtime:/etc/localtime:ro  # mount volume or file

            --log-opt syslog-address=udp://<address>:514

docker images                   # show local images
              -q                # show only IDs
              -f dangling=true  # show trash images

docker rmi $(docker images -f dangling=true -q)    # remove trash images

docker port <name>         # show opens ports
                   [port]  # show port

docker logs <name>         # Shows us the standard output of a container.
            -f <name>      # tail -f

docker stop <name>         # stop running container. return name of stopped

docker start <name>        # start stopping container. return name of started
               -i <name>   # and in

docker atach <name>    # atach to running container

docker rm <name> <name> ...       # remove container if stopped
          -f <name> <name> ...    # remove container!

docker rmi training/sinatra       # remove images

docker cp <container>:<src_path_in_container> <dest_local_path>    # cp files and directories. Example: backup data

docker top <name>        # top for container

docker inspect <name>    # return json information
               -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <name>

docker commit -m "message" -a "John Smith" 0b2616b0e5a8 ouruser/sinatra:v2    # save current state of image

docker tag 5db5f8471261 ouruser/sinatra:devel    # add new tag

Images that use the v2 or later format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the –digests flag:

docker images --digests | head
docker pull ouruser/sinatra@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf

docker push ouruser/sinatra

Docker monitoring



wget -O ctop
sudo mv ctop /usr/local/bin/
sudo chmod +x /usr/local/bin/ctop

Run via docker:

docker run -ti --name ctop --rm -v /var/run/docker.sock:/var/run/docker.sock