Docker Essentials

Learn containerization fundamentals and master Docker from scratch

What is Docker?

Docker is a platform for developing, shipping, and running applications using containerization. Containers package applications with their dependencies, ensuring consistency across different environments. Docker solves the "it works on my machine" problem by creating isolated, portable environments.

Containers are lightweight compared to virtual machines because they share the host OS kernel. They start quickly, use fewer resources, and provide excellent isolation. Docker has become essential for modern application development and deployment. For orchestration, see our Kubernetes guide.

Core Concepts

Images

Read-only templates used to create containers. Images are built from Dockerfiles and stored in registries like Docker Hub.

Containers

Running instances of images. Containers are isolated environments with their own filesystem, network, and process space.

Dockerfile

Text file containing instructions for building images. Defines base image, dependencies, and application setup.

Registry

Repository for storing and distributing images. Docker Hub is the default public registry, but you can use private registries.

Basic Docker Commands

Working with Images

# Pull an image from registry
docker pull nginx

# List local images
docker images

# Build image from Dockerfile
docker build -t myapp:latest .

# Remove an image
docker rmi myapp:latest

Working with Containers

# Run a container
docker run -d -p 8080:80 nginx

# List running containers
docker ps

# List all containers
docker ps -a

# Stop a container
docker stop container_id

# Start a stopped container
docker start container_id

# Remove a container
docker rm container_id

# View container logs
docker logs container_id

Dockerfile Best Practices

Example Dockerfile

# Use official base image
FROM node:18-alpine

# Set working directory
WORKDIR /app

# Copy package files
COPY package*.json ./

# Install dependencies
RUN npm ci --only=production

# Copy application code
COPY . .

# Expose port
EXPOSE 3000

# Run application
CMD ["node", "server.js"]

Optimization Tips

Use Multi-Stage Builds

Multi-stage builds reduce final image size by using intermediate stages for building and a minimal final stage for runtime.

Layer Caching

Order Dockerfile instructions from least to most frequently changing. Copy dependency files before application code to leverage layer caching.

Use .dockerignore

Create a .dockerignore file to exclude unnecessary files from the build context, reducing build time and image size.

Minimal Base Images

Use Alpine Linux or distroless images for smaller sizes and improved security. Only include what's necessary for runtime.

Docker Compose

Docker Compose allows you to define and run multi-container applications using a YAML file. It simplifies managing complex applications with multiple services, networks, and volumes. 

version: '3.8'
services:
  web:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
    depends_on:
      - db
  
  db:
    image: postgres:14
    environment:
      - POSTGRES_PASSWORD=password
    volumes:
      - db_data:/var/lib/postgresql/data

volumes:
  db_data:

Networking

Docker provides networking capabilities for container communication. Default networks, custom networks, and bridge networks enable containers to communicate securely. 

# Create a network
docker network create mynetwork

# Connect container to network
docker run --network=mynetwork myapp

# Inspect network
docker network inspect mynetwork

Volumes and Data Persistence

Containers are ephemeral - data is lost when containers are removed. Volumes provide persistent storage that survives container lifecycle. 

# Create a volume
docker volume create mydata

# Use volume in container
docker run -v mydata:/data myapp

# Mount host directory
docker run -v /host/path:/container/path myapp

Security Best Practices

Run as Non-Root

Use USER directive in Dockerfile to run containers as non-root users, reducing security risks.

Scan Images

Regularly scan images for vulnerabilities using tools like Docker Scout or Trivy.

Minimize Attack Surface

Use minimal base images and only install necessary packages. Remove package managers after installation.

Secrets Management

Never hardcode secrets in Dockerfiles. Use Docker secrets, environment variables, or secret management services. For security, see our Security Fundamentals guide.

Next Steps

Now that you understand Docker basics, continue learning with:

Kubernetes Orchestration

Orchestrate containers at scale

DevOps & Infrastructure

Complete DevOps practices

DevOps Engineer Path

Master containerization and DevOps

Cloud Container Services

Deploy containers on cloud platforms