Docker (software)

From David's Wiki
Jump to navigation Jump to search
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

Docker is a service for creating and managing linux containers.
Containers are the application layer of an OS and whatever software you're trying to run.

The container itself contains the code to be run along with the environment.
Anything which needs state is mounted as a volume to the container.




Install Script
# Uninstall old docker
sudo apt-get remove docker docker-engine containerd runc

# Update repos
sudo apt update

# Install prerequisites
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \

# Add official gpg key
curl -fsSL | sudo apt-key add -

# Add docker repo
sudo add-apt-repository \
   "deb [arch=amd64] \
   $(lsb_release -cs) \

# Install
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli


  • Upgrade Windows to 2004 or newer
  • Install and enable WSL2
  • Install Docker Desktop


Get Started

CLI Usage


For the most part, you don't need to worry about images as docker run and docker-compose will download and build images for you as needed.

# List images.
docker image ls

# Prune unused images.
docker image prune -a

# Copy image.
docker tag $SOURCE $TARGET
docker push $TARGET
  • Pruning with docker system prune will also delete images.
  • Omitting -a will only prune dangling (untagged) images.


docker container ls


docker run <container>
  • -p hostport:containerport to do port forwarding
    • To restrict listing to localhost use -p
  • -it to be interactive with a pseudo-tty


docker stats Returns information about container cpu usage, memory usage, network usage, and disk usage.


The default mode for networking is bridge. You should leave this for most of your containers.


In bridge mode, the docker service acts as a NAT and gives each container a separate local IP along with the docker host.
On linux, you can type ip a to see the ip address of the docker0 network interface.
On my server, it is

To access services running on the host (such as MySQL or Postgres), you will need to make these services listen on this network interface and allow it through your firewall. I suggest using qoomon/docker-host which can redirect network traffic to the host.

When using docker-compose, services can access each other using their service name as the hostname. However, the port needs to be exposed in the compose file.


In this mode, docker processes have full access to your network. This can cause port conflicts if you are not careful. Furthermore, your docker service will have full access to your localhost. I do not recommend using this mode for most things.


See docker guide


  1. Go to nvidia-container-runtime and add the repo
  2. Install nvidia-container-runtime


Add --gpus all to your docker run command.


See issue.

            - capabilities:
              - gpu


Notes on using docker with windows

Git bash paths

When mounting paths using git bash, you need to prepend a / to $(pwd)


Docker compose allows you to specify multiple docker services into a single docker-compose.yml file and run them all together.
You can also use it to setup docker commands instead of listing options in a shell script.

# Create a folder for your service and cd into it
# Make the docker-compose file.

# Run (i.e. build, create, and start)
docker-compose up -d

# Stop
docker-compose down

# Upgrade
docker-compose pull # Optional, reduces downtime
docker-compose up --force-recreate --build -d
docker image prune -f
  • Note that docker-compose restart will just restart existing containers. It will not recreate them.

Compose file reference

Compose file

See compose-file specs

Previously, the Compose file (docker-compose.yml) required a version. Version 2 and version 3 had different options and not all options from version 2 were available in version 3. However, as of docker-compose v1.27+, you should no longer specify a version and options from both versions are supported.

Accessing the Host

Sometimes you may have services running on the host which you want to access from a container.
See docker-host for a container which can access the host.

Add the following to your docker compose to expose port 8201 to other containers:

    image: qoomon/docker-host
      - NET_ADMIN
      - NET_RAW
  • You do not need to add expose.

Set the following in /etc/docker/daemon.json:


Then restart your docker: sudo systemctl restart docker and prune networks docker network prune.
This will force docker to assign subnets from to instead of to
Thus it won't overflow to
Next, in your firewall, allow connections to your localhost from

ufw allow from to any comment "from_docker"