#dnf install docker-ce docker-ce-cli containerd.io -y
[root@docker boobalan]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@docker boobalan]# systemctl start docker
[root@docker boobalan]# systemctl start containerd
[root@docker boobalan]# docker version
Client: Docker Engine - Community
Version: 28.0.1
API version: 1.48
Go version: go1.23.6
Git commit: 068a01e
Built: Wed Feb 26 10:42:23 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.0.1
API version: 1.48 (minimum version 1.24)
Go version: go1.23.6
Git commit: bbd0a17
Built: Wed Feb 26 10:40:43 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.25
GitCommit: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
runc:
Version: 1.2.4
GitCommit: v1.2.4-0-g6c52b3f
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker boobalan]# which docker
/usr/bin/docker
//check the docker iamges
[root@docker boobalan]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL
nginx Official build of Nginx. 20651 [OK]
nginx/nginx-ingress NGINX and NGINX Plus Ingress Controllers fo… 100
nginx/nginx-prometheus-exporter NGINX Prometheus Exporter for NGINX and NGIN… 48
nginx/unit This repository is retired, use the Docker o… 65
nginx/nginx-ingress-operator NGINX Ingress Operator for NGINX and NGINX P… 2
nginx/nginx-quic-qns NGINX QUIC interop 1
nginx/unit-preview Unit preview features 0
nginx/nginxaas-loadbalancer-kubernetes 0
bitnami/nginx Bitnami container image for NGINX 196
ubuntu/nginx Nginx, a high-performance reverse proxy & we… 127
bitnamicharts/nginx Bitnami Helm chart for NGINX Open Source 0
rancher/nginx 2
//download docker image to our local machine from docker hub
[root@docker boobalan]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
7cf63256a31a: Pull complete
bf9acace214a: Pull complete
513c3649bb14: Pull complete
d014f92d532d: Pull complete
9dd21ad5a4a6: Pull complete
943ea0f0c2e4: Pull complete
103f50cb3e9f: Pull complete
Digest: sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
//in a way we can push our local image to docker hup
#docker push myimage
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
[root@docker boobalan]# docker info | grep -i "docker root dir"
Docker Root Dir: /var/lib/docker
///ok now we can create a container
[root@docker boobalan]# docker run nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2025/03/08 22:39:53 [notice] 1#1: using the "epoll" event method
////this is the correct way of run the container
[root@docker boobalan]# docker run -d --name mynginx nginx
aa2439459038286843e13037417a7b48a532fc20455dee9a51bd4dd39826881b
[root@docker boobalan]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa2439459038 nginx "/docker-entrypoint.…" 14 seconds ago Up 11 seconds 80/tcp mynginx
//to list all the containers in the docker host
[root@docker boobalan]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e9a558159612 nginx "/docker-entrypoint.…" 50 minutes ago Exited (0) 34 seconds ago affectionate_diffie
[root@docker boobalan]#
///ok once we run the image the container start , and until we exit , so we need to run it on background
//kill the docker process inside a container
[root@docker boobalan]# docker kill 2295b7556409
Error response from daemon: cannot kill container: 2295b7556409: container 2295b7556409743b255c3a85dc702daff13d4dd7aeb431f545d68bbac7a13f83 is not running
//remove a container
[root@docker boobalan]# docker rm 2295b7556409
2295b7556409
[root@docker boobalan]# docker rm e9a558159612
e9a558159612
///now we can run the container in the background
#docker stop container
#docker start container
#docker restart <container_id>
#docker top container
#docker inspect container
#docker inspect <container_id> | grep -i "ipaddress"
docker exec -it <container_id> /bin/bash
docker logs -f container_id
docker stats
docker network ls
docker volume ls
docker volume inspect <volume_name>
//to remove all unused containers, images and network
docker system prune -a
//////ok now we have sucessfully run the container with nginx image
///to further troubleshoot
[root@docker boobalan]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa2439459038 nginx "/docker-entrypoint.…" 14 seconds ago Up 11 seconds 80/tcp mynginx
///test the nginx on localhost
[root@docker boobalan]# docker exec -it mynginx curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.27.4
Date: Sat, 08 Mar 2025 23:48:28 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 05 Feb 2025 11:06:32 GMT
Connection: keep-alive
ETag: "67a34638-267"
Accept-Ranges: bytes
///login to the container
[root@docker boobalan]# docker exec -it mynginx /bin/bash
root@aa2439459038:/# whoami
root
root@aa2439459038:/# hostname
aa2439459038
//ok now logout and come to the host machine, here we can try access the nginx
#curl -I http://localhost
curl: (7) Failed to connect to localhost port 80: Connection refused
//now check the port 80 mappings
[root@docker boobalan]# docker inspect mynginx | grep -i "ipaddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
//check config file
[root@docker boobalan]# docker exec -it mynginx cat /etc/nginx/nginx.conf
///ok if still can't access from the host machine,
///remove and follow with port
[root@docker boobalan]# docker stop mynginx
mynginx
[root@docker boobalan]# docker rm mynginx
mynginx
[root@docker boobalan]# docker run -d --name mynginx -p 8080:80 nginx
90a9a8e27cf65a99c99d047506a8eb778aaaa3f7b6683e49a244a0037fdb66b3
[root@docker boobalan]# curl -I http://localhost:8080
HTTP/1.1 200 OK
Server: nginx/1.27.4
Date: Sun, 09 Mar 2025 00:05:23 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 05 Feb 2025 11:06:32 GMT
Connection: keep-alive
ETag: "67a34638-267"
Accept-Ranges: bytes
[root@docker boobalan]# ip -4 ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
altname enp2s1
inet 192.168.198.144/24 brd 192.168.198.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
///in above example explored nginx image, now we explore a container os
[root@docker boobalan]# docker search ubuntu
NAME DESCRIPTION STARS OFFICIAL
ubuntu Ubuntu is a Debian-based Linux operating sys… 17496 [OK]
ubuntu/squid Squid is a caching proxy for the Web. Long-t… 107
ubuntu/nginx Nginx, a high-performance reverse proxy & we… 127
[root@docker boobalan]# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
5a7813e071bf: Pull complete
Digest: sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782
Status: Downloaded newer image for ubuntu:latest
docker.io/library/ubuntu:latest
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
[root@docker boobalan]#
//now if i run the ubutu
[root@docker boobalan]# docker run -it ubuntu
root@fb07f022477e:/#
root@fb07f022477e:/# cat /etc/issue
Ubuntu 24.04.1 LTS \n \l
root@fb07f022477e:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
///once we exit from the machine the container will be exit
[root@docker boobalan]# docker run -d -it ubuntu
b51448faf3e74bd8a4a9e8a886e2e0afc9e419456029738d3f6bdbd99cc55319
//now the ubuntu container run in background
[root@docker boobalan]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b51448faf3e7 ubuntu "/bin/bash" 12 seconds ago Up 10 seconds keen_brattain
[root@docker boobalan]# docker exec -it keen_brattain /bin/bash
root@b51448faf3e7:/# cat /etc/issue
Ubuntu 24.04.1 LTS \n \l
//ok now we can check in out host machine where the container OCI files are there.
//once we ran the container it will give us the location like b5abkjakjfkjfdkj
//however we can check this form the host
//check the storage driver
[root@docker boobalan]# docker info | grep "Storage Driver"
Storage Driver: overlay2
[root@docker boobalan]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 871M 0 871M 0% /dev/shm
tmpfs 349M 5.3M 344M 2% /run
/dev/mapper/rl-root 27G 5.4G 22G 20% /
/dev/sda1 960M 407M 554M 43% /boot
tmpfs 175M 0 175M 0% /run/user/1000
overlay 27G 5.4G 22G 20% /var/lib/docker/overlay2/50e44b7928be5490622683e70ba5ec354c109a51d1254515475bc7c3388a1fc3/merged
///by inspecting the container with upper dir it clearly gives the exact location of the file system
[root@docker boobalan]# docker inspect keen_brattain | grep UpperDir
"UpperDir": "/var/lib/docker/overlay2/50e44b7928be5490622683e70ba5ec354c109a51d1254515475bc7c3388a1fc3/diff",
[root@docker boobalan]# ls /var/lib/docker/overlay2/50e44b7928be5490622683e70ba5ec354c109a51d1254515475bc7c3388a1fc3/
diff/ link lower merged/ work/
[root@docker boobalan]# ls /var/lib/docker/overlay2/50e44b7928be5490622683e70ba5ec354c109a51d1254515475bc7c3388a1fc3/merged/
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
ok let's understand the docker overlay file system how it works
Understanding overlay2 Structure
Docker uses the OverlayFS (Overlay Filesystem) storage driver to manage container layers efficiently. When you pull an image and run a container, Docker overlays multiple filesystem layers.
Breakdown of the directory:
-
diff/→ This contains the actual file system changes (diffs) made inside your running container.- If you modify or create files inside the container, they appear here.
- Example: If you install
viminside the container, its binary files will be stored indiff/.
-
link→ This is an internal Docker reference for performance optimization. -
lower→ This file contains metadata about lower read-only image layers.- The base Ubuntu image layers are stored elsewhere, and this points to them.
-
merged/→ This is the mount point where all the layers (including the writable layer) are combined.- When you
docker execinto a running container, you are essentially seeing this merged view.
- When you
-
work/→ A temporary work directory used by OverlayFS during filesystem operations.
////Let's add another machine and chek
[root@docker boobalan]# docker run -d -it --name mykali johnsandiford/kali
4c985df129b48b723085879d088cc1536317e296a398c91c8c9561f177619200
[root@docker boobalan]# df -h | grep "overlay"
overlay 27G 7.3G 20G 27% /var/lib/docker/overlay2/50e44b7928be5490622683e70ba5ec354c109a51d1254515475bc7c3388a1fc3/merged
overlay 27G 7.3G 20G 27% /var/lib/docker/overlay2/2d48dabd1df45ef451859cd1e1df5bae4af23057ddd44550721c703b74940ba6/merged
//now we have two overlay structure for two container os
//inspect to check which mount for which one
[root@docker boobalan]# docker inspect mykali | grep "UpperDir"
"UpperDir": "/var/lib/docker/overlay2/2d48dabd1df45ef451859cd1e1df5bae4af23057ddd44550721c703b74940ba6/diff",
///////now let see docker tag command
this is used to tag docker images , let's pull rockylinux:latest from docker hub, and we made some changes in the image by our side, we can make them into new version by using the tag command
///ourimaes
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
johnsandiford/kali latest 933dba39bb8f 6 years ago 1.85GB
///now i have made some changed in the nginx, that i wanted to use for next in our environment
[root@docker boobalan]# docker tag nginx:latest nginx:myv1
///now i can see myv1 new nginx image
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
nginx myv1 b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
johnsandiford/kali latest 933dba39bb8f 6 years ago 1.85GB
///next time if i wanted to run new nginx i can run nginx:myv1 will get the updated one
#docker run -d -it nginx:myv1
///////untag
[root@docker boobalan]# docker rmi nginx:myv1
Untagged: nginx:myv1
//it will remove the mentioned tag version
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
johnsandiford/kali latest 933dba39bb8f 6 years ago 1.85GB
//////docker build -t command is used for build our own images
///login hub.docker.com with an account, we can push our image to the docker hub
////lets's build own image
//ok let's pull rockylinux on top of that will make our own
[root@docker boobalan]# docker pull rockylinux:8
8: Pulling from library/rockylinux
9088cdb84e39: Pull complete
Digest: sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
Status: Downloaded newer image for rockylinux:8
docker.io/library/rockylinux:8
[root@docker boobalan]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
rockylinux 8 c79048e50f5f 15 months ago 198MB
johnsandiford/kali latest 933dba39bb8f 6 years ago 1.85GB
//we have a parent image - rocky linux 8
///follow the process
[root@docker boobalan]# mkdir myimage
[root@docker boobalan]# cd myimage/
[root@docker myimage]# touch Dockerfile ////it should be only Dockerfile like this
[root@docker myimage]# ls
Dockerfile
///in this myimage directory create some index.html file and edit the Dockerfile
[root@docker myimage]# vi index.html
[root@docker myimage]# cat index.html
<html>
<body>
<h1> welcome to my own image <h1>
<p> sucessfully hostted the application <p>
</body>
</html>
[root@docker myimage]# vi Dockerfile
[root@docker myimage]# cat Dockerfile
FROM rockylinux:8
MAINTAINER Boobalan
RUN yum -y install httpd
COPY index.html /var/www/html/
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
EXPOSE 80
[root@docker myimage]# ls
index.html Dockerfile
///now build the image
[root@docker myimage]# docker build -t myimage:1 . /////this . represent the current directory
[+] Building 26.9s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 187B 0.0s
=> WARN: MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2) 0.0s
=> [internal] load metadata for docker.io/library/rockylinux:8 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/3] FROM docker.io/library/rockylinux:8 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 157B 0.0s
=> [2/3] RUN yum -y install httpd 25.9s
=> [3/3] COPY index.html /var/www/html/ 0.0s
=> exporting to image 0.7s
=> => exporting layers 0.7s
=> => writing image sha256:12ff4b4bad58b3b3061c45bfed184271cc873e0929260cdf2ca2107b9bfbd980 0.0s
=> => naming to docker.io/library/myimage:1 0.0s
1 warning found (use docker --debug to expand):
- MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2)
////now we see our own image
[root@docker myimage]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myimage 1 12ff4b4bad58 35 seconds ago 279MB
nginx latest b52e0b094bc0 4 weeks ago 192MB
ubuntu latest a04dc4851cbc 5 weeks ago 78.1MB
rockylinux 8 c79048e50f5f 15 months ago 198MB
johnsandiford/kali latest 933dba39bb8f 6 years ago 1.85GB
//let's run
[root@docker myimage]# docker run -d -t --name myimage -p 8081:80 myimage:1
3656b0b4daac195f48e08ba3bc7e1e7da8ecc8246287c9f06860c34209eecba2
///so port 80 will be exposed to 8081, because 8080 already running with nginx
[root@docker myimage]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3656b0b4daac myimage:1 "/usr/sbin/httpd -D …" 7 seconds ago Up 7 seconds 0.0.0.0:8081->80/tcp, [::]:8081->80/tcp myimage
6c3828a0b8e0 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp mynginx
4c985df129b4 johnsandiford/kali "bash" About an hour ago Up About an hour mykali
b51448faf3e7 ubuntu "/bin/bash" 2 hours ago Up 2 hours keen_brattain
///side container
[root@docker myimage]# docker exec -it myimage curl I http://localhost
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
<html>
<body>
<h1> welcome to my own image <h1>
<p> sucessfully hostted the application <p>
</body>
</html>
//outside container - host machine
[root@docker myimage]# curl I http://localhost:8081
The content of the page cannot be displayed
<!--DMNDT_2--><html>
<body>
<h1> welcome to my own image <h1>
<p> sucessfully hostted the application <p>
</body>
</html>
//outside host machine
//so outside host machine the host IP is only for all container, we have to expose the port which we wanted to access outside world, in kubernetes we use ingress controller for many or there also we use expose the port to access outside.
0 Comments