Basic Docker

Containers share the host kernel; VMs include a full guest OS—containers start faster and use less overhead.

dockerd runs containers; containerd manages runtimes; images layer on union filesystems.

Install Docker Engine on Linux or Docker Desktop for local dev.

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

Images are immutable templates; tags point to digests in registries.

Multi-stage builds shrink attack surface and image size.

FROM node:20-alpine AS build
WORKDIR /app
COPY . .
RUN npm ci && npm run build
FROM nginx:alpine
COPY --from=build /app/dist /usr/share/nginx/html

Tag with registry URL; push after docker login.

docker build -t myregistry.io/app:v1 .
docker push myregistry.io/app:v1

docker run starts containers; -d detaches; --rm cleans up on exit.

Bridge networks isolate apps; publish ports with -p host:container.

Named volumes persist data beyond container lifecycle.

docker volume create app-data
docker run -v app-data:/data myapp

Run as non-root; scan images with Trivy; pin base image digests.

Order Dockerfile layers from least to most frequently changed.

Set --cpus and --memory to prevent noisy neighbors.

docker run --cpus="1.5" --memory="512m" myapp