• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Docker is a popular tool to build and run containerized applications. It is available for multiple platforms and used as one of the back-end container technologies in Kubernetes.

    In Docker, you either build your own images to run your application as a container, or you can pull and use thousands of public images from the Docker repository and use them in your project. Once your image is ready, you can launch your containers using those images. A container is a running instance of a Docker image.

    Managing Docker containers is one of the most important aspects to look after as a system administrator who manages Docker hosts/containers.

    In this article, we’ll be focusing on managing containers using docker command.

    run Command

    docker run command is used to run a container from an image by specifying the Image ID or the Repository and/or Tag name.

    $ docker run {image}

    Example:

    $ docker run nginx

    The above command runs an instance of <span class="NormalTextRun SpellingErrorV2 SCXW251451022 BCX0">nginx</span> application on a docker host, if it already exists. If it doesn’t exist on the Docker host, it goes out to the docker hub (by default) and pulls the image down. But this is done the only first time. For subsequent times the same image is reused.

    If you want to run a particular version of an image, specify its version separated by a colon. This is known as Tag. In case you don’t specify any tag, docker will consider it by default as the latest.

    Further, if you want to run the container in the background in a detached mode so that you get back to the prompt after Docker launches the container, use -d flag.

    Example:

    $ docker run nginx
    Unable to find image 'nginx:latest' locally
    latest: Pulling from library/nginx
    33847f680f63: Pull complete
    dbb907d5159d: Pull complete
    8a268f30c42a: Pull complete
    b10cf527a02d: Pull complete
    c90b090c213b: Pull complete
    1f41b2f2bf94: Pull complete
    Digest: sha256:8f335768880da6baf72b70c701002b45f4932acae8d574dedfddaf967fc3ac90
    Status: Downloaded newer image for nginx:latest
    /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
    /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
    10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
    10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
    /docker-entrypoint.sh: Configuration complete; ready for start up
    2021/08/15 12:13:23 [notice] 1#1: using the "epoll" event method
    2021/08/15 12:13:23 [notice] 1#1: nginx/1.21.1
    2021/08/15 12:13:23 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
    2021/08/15 12:13:23 [notice] 1#1: OS: Linux 5.8.0-1039-azure
    2021/08/15 12:13:23 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
    2021/08/15 12:13:23 [notice] 1#1: start worker processes
    2021/08/15 12:13:23 [notice] 1#1: start worker process 33
    2021/08/15 12:13:23 [notice] 1#1: start worker process 34

    ps Command

    docker ps command lists all running containers and some basic information about them. Like container ID, name of image, time container is created, current status, and name of the container. Each container gets a random name (if not specified explicitly) and ID.

    Example:

    $ docker ps 
    CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS     NAMES 
    133f5e0267a5   nginx     "/docker-entrypoint.…"   10 seconds ago   Up 10 seconds   80/tcp    jolly_elion 

    To list all the running and not running/exited containers at once, you can use:

    $ docker ps -a

    Example:

    $ docker ps -a 
    CONTAINER ID   IMAGE         COMMAND                  CREATED        STATUS                    PORTS     NAMES 
    fcec129f0eb4   nginx         "/docker-entrypoint.…"   46 hours ago   Exited (0) 46 hours ago             interesting_ishizaka 
    6e8b1e441aa6   hello-world   "/hello"                 2 days ago     Exited (0) 2 days ago               keen_shirley 

    ls Command

    Like ps command, ls can also be used for listing containers. -a flag can be used to list all containers (not just the running ones).

    $ docker container ls

    Example:

    $ docker container ls
    CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS      NAMES
    15796e91c30b   redis     "docker-entrypoint.s…"   2 seconds ago    Up 1 second     6379/tcp   flamboyant_neumann
    904390b65d45   nginx     "/docker-entrypoint.…"   14 minutes ago   Up 14 minutes   80/tcp     nginx_new
    $

    stop Command

    docker stop command is used to stop a running container. Here we need to put container name or ID along with this.

    $ docker stop {container-id}

    On success, it would return the docker name or ID.

    Example:

    $ docker ps 
    CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS     NAMES 
    133f5e0267a5   nginx     "/docker-entrypoint.…"   50 seconds ago   Up 49 seconds   80/tcp    jolly_elion 

    This will return the CONTAINER ID which you can use to stop the container.

    $ docker stop 133f5 
    133f5

    For this example and the coming ones, do note that you don’t need to specify a complete value of CONTAINER ID. It’ll accept up to the part, which makes it unique among other running containers as Docker knows which container to stop.

    rm Command

    docker rm command removes a stopped or exited container.

    $ docker rm {CONTAINER NAME or ID}

    Example:

    $ docker rm 133f5
    133f5
    $

    exec Command

    We can use exec command to go inside a running container. This is useful to debug running containers or do some stuff within a container.

    $ docker exec –it {container} {command}

    Example:

    Suppose you want to launch bash shell (assuming the image has Bash available, you can use other available shells as well) within a container named unruffled_meninsky in interactive mode, use:

    $ docker exec –it unruffled_meninsky /bin/bash

    This should land you inside the container on a bash shell. Here the flag -i stands for interactive mode and -t for the terminal. If you just wish to execute one or more commands and exit out from the container, you can use:

    $ docker exec unruffled_meninsky cat /etc/hosts
    127.0.0.1	localhost 
    ::1	localhost ip6-localhost ip6-loopback 
    fe00::0	ip6-localnet 
    ff00::0	ip6-mcastprefix 
    ff02::1	ip6-allnodes 
    ff02::2	ip6-allrouters 
    172.17.0.2	cd2eed4acf34 

    logs Command

    In case a container is launched in detached mode, and we want to see its logs, we can use logs command to review its logs:

    $ docker logs {CONTAINER NAME or ID}

    Example:

    $ docker logs 7da6dcebaf9c
    /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
    /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
    10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
    10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
    /docker-entrypoint.sh: Configuration complete; ready for start up
    2021/08/15 12:14:09 [notice] 1#1: using the "epoll" event method
    2021/08/15 12:14:09 [notice] 1#1: nginx/1.21.1
    2021/08/15 12:14:09 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
    2021/08/15 12:14:09 [notice] 1#1: OS: Linux 5.8.0-1039-azure
    2021/08/15 12:14:09 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
    2021/08/15 12:14:09 [notice] 1#1: start worker processes
    2021/08/15 12:14:09 [notice] 1#1: start worker process 31
    2021/08/15 12:14:09 [notice] 1#1: start worker process 32
    $

    cp Command

    To copy files between a container and localhost filesystem, you can use cp command.

    $ docker container cp {CONTAINER NAME or ID:SRC_PATH} {DEST_PATH}|-

    Example:

    $ docker container cp quirky_cray:/etc/nginx/nginx.conf nginx.conf.bkp

    export Command

    Docker container command offers an option to export the filesystem of a container as a TAR file.

    $ docker container export {CONTAINER NAME or ID}

    inspect Command

    We can check detailed information about a container using inspect command as:

    $ docker inspect {CONTAINER NAME or ID}

    OR

    $ docker container inspect {CONTAINER NAME or ID}

    kill Command

    A running container can be killed using kill command with an optional --signal or -s flag. Multiple containers can be specified to kill them in one go.

    $ docker kill {CONTAINER NAME or ID} [--signal VAL]

    Example:

    $ docker kill cd9005a0b5d2 -s 9
    cd9005a0b5d2
    $

    stats Command

    To display a live stream of a container’s resource usage, you can use stats command:

    $ docker container stats {CONTAINER NAME or ID}

    Example:

    $ docker container stats thirsty_volhard
    CONTAINER ID   NAME              CPU %     MEM USAGE / LIMIT     MEM %     NET I/O       BLOCK I/O     PIDS
    904390b65d45   thirsty_volhard   0.00%     3.406MiB / 7.775GiB   0.04%     1.02kB / 0B   0B / 8.19kB   3

    top Command

    Like top command in Linux, we can use it with Docker to get a list of running processes.

    $ docker container top {CONTAINER NAME or ID}

    Example:

    $ docker container top thirsty_volhard
    UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
    root                2603                2582                0                   12:34               ?                   00:00:00            nginx: master process nginx -g daemon off;
    systemd+            2659                2603                0                   12:34               ?                   00:00:00            nginx: worker process
    systemd+            2660                2603                0                   12:34               ?                   00:00:00            nginx: worker process
    $

    rename Command

    To rename an existing container, use rename command.

    $ docker container rename {OLD CONTAINER NAME} {NEW CONTAINER NAME}

    Example:

    $ docker ps
    CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
    904390b65d45   nginx     "/docker-entrypoint.…"   7 minutes ago   Up 7 minutes   80/tcp    nginx_container
    $ docker container rename nginx_container nginx_new
    $ docker ps
    CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
    904390b65d45   nginx     "/docker-entrypoint.…"   7 minutes ago   Up 7 minutes   80/tcp    nginx_new
    $

    diff Command

    We can inspect changes to files or directories on a container’s filesystem with diff command.

    $ docker container diff {CONTAINER NAME or ID}

    Example:

    $ docker container diff nginx_new
    C /var
    C /var/cache
    C /var/cache/nginx
    A /var/cache/nginx/uwsgi_temp
    A /var/cache/nginx/client_temp
    A /var/cache/nginx/fastcgi_temp
    A /var/cache/nginx/proxy_temp
    A /var/cache/nginx/scgi_temp
    C /etc
    C /etc/nginx
    C /etc/nginx/conf.d
    C /etc/nginx/conf.d/default.conf
    C /run
    A /run/nginx.pid
    $

    Summary

    To conclude, Doker offers an extensive set of commands to manage containers from their creation to destruction. We’ve covered some of the important commands and their usage in this article which should give you a good idea on managing docker containers.

    Next, find out some of the resources to learn DevOps.