Install Docker

wget -qO- | sudo bash



# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install the Docker package
sudo apt-get install -y docker-ce

Enable Remote API

cat <<EOF> /etc/docker/daemon.json
    "hosts": [
mkdir /etc/systemd/system/docker.service.d
cat <<EOF> /etc/systemd/system/docker.service.d/override.conf
systemctl daemon-reload
service docker restart
# ubuntu package
DOCKER_OPTS="-H tcp:// -H unix:///var/run/docker.sock"
# test API connection
docker --host info

Add user to docker group

sudo usermod -aG docker $USER
su - $USER
systemctl enable docker
systemctl status docker

List container / output format - Formating output

docker ps -a --filter 'exited=0'
docker images --format '{{.Repository}}:{{.Tag}}'
docker images --format '{{.Size}}\t{{.Repository}}\t{{.Tag}}\t{{.ID}}'
docker ps -a --filter status=exited --filter status=restarting --format "{{.ID}} {{.Names}}" | grep -v skydive
docker ps --format 'table {{.ID}}\t{{.Names}}\t{{.Command}}\t{{.CreatedAt}}'

Start all exited container

# start all containers
docker start $(docker ps -a -q -f status=exited)
# Stop all containers
docker stop $(docker ps -a -q)
# Delete all containers
docker rm $(docker ps -a -q) -f
# Delete exited containers
docker ps --filter status=exited --quiet | xargs docker rm
# Delete all images
docker rmi $(docker images -aq) -f
# fix missing btrf storage driver
sudo rm -rf /var/lib/docker/aufs
# autostart continer
docker update --restart unless-stopped redis

Debug / Run test container

docker info
docker run hello-world
#docker run -it centos bash
docker run -it ubuntu

Login to container

docker exec -it --user root CONTAINER bash
#docker run -i --rm ubuntu bash
sudo docker run -i -t --name dc-ubuntu ubuntu bash
sudo docker start -i dc-ubuntu
# wordpress
docker run -d --name dc-mysql -e MYSQL_ROOT_PASSWORD=mysqlpwd mysql
docker run -d --name dc-wordpress --link dc-mysql:mysql -p 7894:80 wordpress
# search
docker  search icinga
docker search --filter is-official=true ubuntu
docker pull phre/icinga
docker run --name dc-nginx -d -p 7890:80 nginx
docker logs dc-nginx
# images
sudo docker images
sudo docker rmi 3eXXXXx
apt-get install docker
docker run -t -i --rm ubuntu bash
docker run -i -t --name dc-ubuntu ubuntu bash
docker start -i dc-ubuntu
docker run --name dc-nginx -d -p 7890:80 nginx
docker logs dc-nginx
docker stop dc-nginx
docker rm dc-nginx
docker run --name dc-nginx -d -p 7890:80 -v /tmp/srv/:/usr/local/nginx/html:ro nginx
docker run --name dc-nginx-tmp -t -i nginx /bin/bash
docker commit dc-nginx-tmp img-mynginx
docker run --name dc-mynginx -d -p 7891:80 img-mynginx nginx
# view all cointainer (also inactive)
docker ps -a
# remove all container
docker ps -qa | xargs docker rm
FROM nginx
RUN echo '<html><body><p>Hello again!</p> </body></html>' > /usr/local/nginx/html/index.html
docker build -t=img-mynginx2 /tmp/dbuildtst/
docker run --name dc-mynginx2 -d -p 7892:80 img-mynginx2


# generate auth configuration for private remote docker repository
docker login -u user -p pass
AUTH=$(echo -n username:password | base64)
# auto login
# ~/.docker/config.json
	"auths": {
		"": {
			"auth": "$AUTH"
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.12.3-ce (linux)"
docker login

Registry Explorer

Run Docker inside LXC container

echo 'DOCKER_OPTS="--exec-driver=lxc"' | tee -a /etc/default/docker
service docker restart
# mysql container
sudo docker pull mysql
# build a container
# notes
docker run --lxc-conf="" my_image ifconfig
edit /etc/default/docker: DOCKER_OPTS="--dns -e lxc"
apt-get install lxc (lxc-docker is not enough)
docker run --lxc-conf="" -t myimage

# non root?

# quick & easy install
wget -qO- | sh

Docker under LXC

cat /var/lib/lxc/docker/config
lxc.aa_profile = unconfined
lxc.cgroup.devices.allow = a
lxc.cap.drop =

# 15 Quick Docker Tips


# list volumes
docker inspect -f '{{ .Mounts }}' CONTAINER
# get volume information
for VOLUME in $(docker volume ls -q); do
    docker volume inspect ${VOLUME}
# delete unused volumes
docker volume rm $(docker volume ls -qf dangling=true)
# show space used by volume
docker system df -v
# show volumes used by container
docker ps -q | xargs -L1 docker inspect -f '{{ .Mounts }}' | grep elasticsearch
# service


Docker Machine

Docker Compose

List content of docker repository

curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/_catalog | python -m json.tool

Create profile with connection to VLAN

lxc profile copy default mgmt-dev
# lxc profile list
lxc profile device set mgmt-dev eth0 nictype macvlan
lxc profile device set mgmt-dev eth0 parent mgmt-dev-v1234
lxc profile show mgmt-dev

Get registry packages

curl -X GET ${DOCKER_REPOSITORY_IP}/v2/_catalog | python -m json.tool
curl -X GET ${DOCKER_REPOSITORY_IP}/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool

Macvlan network driver

Disk usage

docker system df
docker system df -v
docker ps --size | grep GB
curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool


# manual login
docker login


for CONTAINER in $(docker ps -a --filter status=exited --filter status=restarting -q); do
    docker restart ${CONTAINER}
    sleep 10

restart all continer

for CONTAINER in $(docker ps -a -q); do
    docker ps | grep ${CONTAINER}
    docker restart ${CONTAINER}
    sleep 30

Enable autostart

# start a container
docker update --restart unless-stopped nginx
#docker login
# Disable autostart for all containers
docker update --restart=no $(docker ps -qa)
docker update --restart=on-failure:3 abebf7571666 foo_container_1
# Enable autostart for all currently running containers
docker update --restart=always $(docker ps -q)
# Show RestartPolicy
docker inspect --format '{{json .HostConfig.RestartPolicy.Name}}' ${CONTAINER_ID}
docker inspect ${CONTAINER_ID} | grep RestartPolicy -A3
# get container ID
docker ps -aq | xargs docker inspect {} | jq -r '.[] | (.Name + " " + .Id)' | grep 9e732c9816f05994d2863c68522b74b118556d7fea614c27a9e4a98418d656af
# set to unless-stopped on all containers
docker update --restart=unless-stopped $(docker ps -aq)
# show restart policy
docker ps -aq | xargs docker inspect {} | jq -r '.[] | (.Name + " " + .HostConfig.RestartPolicy.Name)'
# Start/run with a different entry point
docker run -ti --entrypoint=sh user/test_image

Docker and LXD on same host

# cat /etc/docker/daemon.json
    "iptables": false


docker stats


docker image prune --all -f
# system
docker system df
docker system prune -f
# find large files in overlay2
for OVERLAY_ID in $(du --human-readable --max-depth=1 --threshold=2G /var/lib/docker/overlay2 | cut -d"/" -f6); do
    docker inspect -f $'{{.Name}}\t{{.GraphDriver.Data.MergedDir}}' $(docker ps -aq) | grep ${OVERLAY_ID}
    find /var/lib/docker/overlay2/${OVERLAY_ID} -type f -size +1G -exec du -sh {} \;

Comparing Ingress controllers for Kubernetes


# /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
    "max-size": "10m",    
    "max-file": "3"    

Configure HTTP(S) proxy

# /etc/docker/daemon.json
  "proxies": {
    "http-proxy": "${http_proxy}",
    "https-proxy": "${https_proxy}",
    "no-proxy": ","

Configure HTTPS proxy

# configure https proxy
cat <<EOF> /etc/systemd/system/docker.service.d/http-proxy.conf
systemctl daemon-reload
systemctl restart docker
# find restarting nodes
docker ps -a --filter status=exited --filter status=restarting


# get docker version
docker version --format '{{.Client.APIVersion}}'
# get container name and image
docker ps -a --format "{{.Names}} {{.Image}}" | sort
# list container OS version
docker ps -a --format "{{.Names}}" | xargs -t -i docker exec -t {} cat /etc/os-release | grep VERSION_ID

How do I authenticate with the V2 API

Edit container configuration

docker stop inspect my-container
docker container inspect my-container | grep "Id"
vi /var/lib/docker/containers/${CONTAINER_ID}/config.v2.json
sudo systemctl restart docker

Cleanup / prune

docker image prune --all --force
docker volume prune --all --force
docker system prune --force