1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
Docker intro / quick reference
==============================
You might come across docker files supplied with web or even binary exploitation
challenges. Utilizing them will allow you to recreate a local copy of the
remote infrastructure to help troubleshoot an attack.
Sections in this doc are for various common situations you might find yourself
in. It is not necessary to read the whole thing top-to-bottom. Just start in
the section relevant to you and refer to external docs afterward if needed.
"Everything in Docker is system-wide - How do I check system status?"
---------------------------------------------------------------------
The four main "objects" you might deal with are containers, images, volumes,
and networks.
docker ps -a
docker images -a
docker volume ls
docker network ls
With a blank slate, all these lists should be empty - except for networks, which
shows the default "bridge", "host", and "none" networks.
To clean up:
docker stop <container-id> # if necessary, for each container
docker system prune --all --force # drop unused containers, images, networks
docker volume prune --all --force # drop unused volumes
Resources still in-use by a running container are not pruned by the above
commands.
"I have a docker-compose.yml file." (or equivalent)
---------------------------------------------------
In this case, you can likely skip most manual steps. Everything should happen
automatically when you attempt to run the services. Probably all you need to
do is:
docker compose up --detach --build
To build or pull the image then run a (set of) container(s) in the background.
If you omit `--detach`, the process will remain in the foreground and logs are
printed to the terminal. To shutdown:
docker compose down
Docker compose yaml file reference
https://docs.docker.com/compose/compose-file/compose-file-v3/
"I have a Dockerfile only."
---------------------------
`cd` to the directory with the Dockerfile and run:
docker build --tag <name> .
<name> will name the image. Names can be suffixed with `:<version>` if
desired. Now run a new container from this image in the foreground:
docker run --rm -it <name> [arguments...]
or the background:
docker run --rm -d <name> [arguments...]
Useful command-line options (specify before <name>):
-p hostport:containerport # expose port
-v hostpath:containerpath # mount fs volume
--rm # delete container on exit
-i # be interactive
-t # create TTY
-d # detach, run in background
"I have nothing - I want to create a Dockerfile."
-------------------------------------------------
The Dockerfile defines the recipe for building images, which themselves are the
baseline for spawning containers. Here's a stripped down skeleton for a basic
debian-based image:
FROM debian:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt install --yes \
package-one \
package-two \
package-three
COPY . /
CMD ["/bin/bash", "-c", "echo", "Hello world"]
When building this sample, files from the current working directory are copied
to "/" in the image, the listed packages are installed, and when run
"echo Hello world" is executed in bash.
Dockerfile reference
https://docs.docker.com/engine/reference/builder/
"I want to get a shell / run new command in existing container."
----------------------------------------------------------------
Get the container name or ID with:
docker ps -a
then:
docker exec -it <container-id> /bin/bash
Bash is probably preferred, but some distros don't include it and you'll need to
start /bin/sh instead.
"I want to copy a file to/from container and my host."
------------------------------------------------------
Get the container ID with:
docker ps -a
then:
docker cp <container-id>:<src_path> <dest_path>
docker cp <src_path> <container-id>:<dest_path>
|
