Skip to content

🐳 Docker Tutorial

docker-banner

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications.

💻 Commands

🐋 Docker

View and manage images/containers

docker ps                                   # list running containers
docker images                               # list local images
docker system df                            # shows docker disk usage summary
docker tag myimage:v1 repos/hello-world:v1  # tag an existing image for a target repository
docker pull hello-world                     # download an image from Docker Hub (or other registry)
docker push repos/hello-world:v1            # upload an image to a registry
docker history --no-trunc <image>           # show all the commands used to generate this image

Run and interact with containers

docker run hello-world                # create and start a container from an image
docker exec -ti <container_id> sh     # run an interactive shell in a running container
docker logs <container_id> -f -n 50   # show the last 50 lines of logs of a container and keep reading them
docker debug <container_id>           # starts a debugging session using a special debug image preloaded with common tools (e.g., vi, nano)
docker scout <container_id>           # scan a container for vulnerabilities and best-practice issues

Remove unused resources and cleanup

docker container rm <container_id>  # remove a stopped container
docker system prune -a --volumes    # remove all unused containers, networks, volumes, images (incl. unused), and build cache

Advanced Docker filtering commands

# show container ID(s) matching name filter
docker ps --filter "name=<container>" --format "{{.ID}}"

# list all mounts of the container
docker inspect --format '{{json .Mounts}}' <container> | jq .

# find which docker-compose.yml was used to start the container
docker inspect --format '{{json .Config.Labels}}' <container> | jq .

🧩 Docker Compose

List of useful Docker Compose commands

docker compose config                   # validate and view the resolved configuration (including env vars)
docker compose pull                     # pull service images (even if a build section exists, images are fetched)
docker compose up -d                    # create and start containers in detached mode using compose.yml
docker compose up -d --force-recreate   # recreate containers without reusing existing ones
docker compose up --build -d            # build, create and start containers in detached mode using compose.yml
docker compose down                     # stop and remove containers, networks, volumes, and images created by 'up'
docker compose start                    # start existing stopped containers for the defined services
docker compose stop                     # stop running containers without removing them

To Upgrade a Docker Container

cd docker-container
docker compose down
docker compose pull
docker compose up -d

Compose.yml port exposure

By default, all services defined in the same compose.yml file are attached to a common Docker network. This means they can reach each other directly using their service name, without exposing ports to the host.

For example, if a service depends on PostgreSQL (default port 5432), you usually do not need to publish the database port like this:

ports:
  - "5432:5432"

The database will still be reachable internally from other services in the Compose stack (e.g. postgres:5432).

Publishing database ports is usually unnecessary and can be a security risk:
mapping a port with ports: makes the service reachable from outside the container.

Only publish ports when a service must be accessible outside the Compose network.

Make healthchecks faster during startup

During container startup, healthchecks are often the main factor that delays dependent services (especially when using depends_on: condition: service_healthy).

To make readiness detection faster, set a short start_interval so Docker runs healthchecks more frequently during startup. Use start_period as a grace window: failures are ignored while the service initializes, and the shorter start_interval applies only during this startup phase. Once the container is running normally, Docker switches to the steady-state interval, reducing overhead after the service is healthy.

healthcheck:
  test: ["CMD", "pg_isready", "-U", "${PG_USERNAME}", "-d", "${PG_DATABASE_NAME}"]
  start_period: 180s
  start_interval: 5s
  interval: 60s
  timeout: 1s
  retries: 3

In this example, Docker checks every 5 seconds while the container is starting, then switches to every 60 seconds once running normally.