Docker Guide

1. What is Docker?

Docker is a platform that allows you to develop, deploy, and manage applications in lightweight, isolated environments called containers. Containers bundle an application with all its dependencies, libraries, and configurations, making it easier to run the same application consistently across different environments.

2. Docker Installation on Manjaro Linux

Step 1: Install Docker

To install Docker on Manjaro, run the following command:

sudo pacman -S docker docker-compose docker-buildx ducker

Step 2: Enable and Start Docker Daemon

Once installed, start Docker and enable it to start on boot:

sudo systemctl enable docker.socket docker.service
sudo systemctl start docker.socket docker.service

Step 3: Add Your User to Docker Group (Optional)

To run Docker without using sudo for each command, add your user to the docker group:

sudo usermod -aG docker $USER

Then log out and back in for the changes to take effect, or run newgrp docker.

3. Quick Commands

Enable Docker

sudo systemctl enable docker.socket docker.service && sudo systemctl start docker.socket docker.service

Completely Clean Docker

sudo systemctl stop docker.socket; sudo systemctl stop docker.service

Completely Disable Docker

sudo systemctl disable docker.socket docker.service

Completely Disable Docker Autostart

(docker system prune; docker rmi $(docker images -q); docker volume prune; docker volume rmi $(docker volume ls -q)); xhr; docker system df

3. Basic Docker Commands

Check Docker Version

Verify your Docker installation by checking the version:

docker --version

Check Docker Status

To verify that Docker is running, use:

sudo systemctl status docker

List Containers

To see running containers:

docker ps

To list both running and stopped containers:

docker ps -a

Manage Docker Images

Download an image from Docker Hub:

docker pull <image_name>

List all downloaded Docker images:

docker images

Remove an image:

docker rmi <image_id>

Remove dangling images:

docker images -f dangling=true
docker image prune

Remove all images:

docker images -a
docker rmi $(docker images -a -q)

Stop all Docker connections and service:

# First, stop accepting new connections
sudo systemctl stop docker.socket

# Then stop the main service
sudo systemctl stop docker.service

# Now that everything is stopped, we can disable auto-start
sudo systemctl disable docker.socket docker.service

Run and Manage Containers

Run a container in interactive mode:

docker run -it <image_name> /bin/bash

Run a container in detached mode:

docker run -d <image_name>

Stop a running container:

docker stop <container_id>

Remove a stopped container:

docker rm <container_id>

4. Docker Volumes and Persistent Data

Docker volumes are the preferred mechanism for persisting data generated and used by Docker containers. They are completely managed by Docker and offer several advantages over bind mounts, including easier backup, restore, and migration between hosts.

Types of Docker Storage

Docker offers three main options for container storage:

Volumes: Docker-managed storage in the host filesystem (/var/lib/docker/volumes/ on Linux)
Bind Mounts: Direct mapping of host filesystem paths to container paths
tmpfs Mounts: Stored in host system memory only (Linux-specific)

Volumes are the recommended choice for most use cases.

Create and Use a Volume

Create a Docker volume:

docker volume create myvolume

Create a volume with a specific driver:

docker volume create --driver local \
  --opt type=nfs \
  --opt o=addr=192.168.1.1,rw \
  --opt device=:/path/to/dir \
  myvolume

Mount the volume to a container:

docker run -d -v myvolume:/data <image_name>

Alternatively, using the --mount flag (recommended for clarity):

docker run -d --mount source=myvolume,target=/data <image_name>

The --mount flag provides a more explicit and flexible way to define mounts, especially when additional options are needed.

Create and mount in a single command:

docker run -d -v new_volume:/data <image_name>

If new_volume doesn't exist, Docker will create it automatically.

List and Inspect Volumes

List all created volumes:

docker volume ls

Filter volumes by specific criteria:

docker volume ls --filter "driver=local" --filter "label=project=webapp"

Inspect a specific volume:

docker volume inspect myvolume

This command provides detailed information about the volume, including its mount point, driver, and usage details.

Delete Volumes

Delete a specific volume:

docker volume rm myvolume

Note: Docker will not remove a volume if it is currently in use by any container. Attempting to do so will result in an error.

Delete multiple volumes at once:

docker volume rm volume1 volume2 volume3

Force delete a volume (use with caution):

docker volume rm -f myvolume

Warning: Forcing the removal of a volume that is in use can lead to data loss and may cause containers using the volume to malfunction.

Prune Unused Volumes

Remove all unused volumes:

docker volume prune

This command removes all volumes not referenced by any containers. By default, it will prompt for confirmation.

Force prune without confirmation:

docker volume prune -f

Prune volumes with filters:

docker volume prune --filter "label!=keep"

This command removes all unused volumes except those with the label keep. Filters provide a way to fine-tune the pruning process.

Remove All Unused Resources

Remove all unused containers, networks, images, and optionally, volumes:

docker system prune

By default, this command does not remove volumes.

Include volumes in the prune operation:

docker system prune --volumes

Warning: This will remove all unused volumes, which may lead to data loss if not used carefully.

Force prune without confirmation:

docker system prune -f --volumes

Backing Up and Restoring Volumes

Backup a Docker volume:

docker run --rm -v myvolume:/source -v $(pwd):/backup \
  alpine tar -czf /backup/myvolume_backup.tar.gz -C /source .

This command mounts the volume to a temporary Alpine container and creates a compressed archive in the current directory.

Restore a Docker volume from backup:

docker run --rm -v myvolume:/target -v $(pwd):/backup \
  alpine sh -c "tar -xzf /backup/myvolume_backup.tar.gz -C /target"

Create a data volume container:

docker run -v myvolume:/data --name datacontainer busybox true

Mount the same volume in another container:

docker run --volumes-from datacontainer <image_name>

Using Volumes with Docker Compose

In a Docker Compose file (docker-compose.yml):

version: "3.9"

services:
  webapp:
    image: nginx:latest
    volumes:
      - web_data:/usr/share/nginx/html

  database:
    image: postgres:latest
    volumes:
      - db_data:/var/lib/postgresql/data

volumes:
  web_data:
    driver: local
  db_data:
    driver: local
    driver_opts:
      type: "nfs"
      o: "addr=192.168.1.1,rw"
      device: ":/path/to/dir"

Volume Drivers

Docker supports various volume drivers for different storage backends:

local: The default driver (local filesystem storage)
nfs: Network File System mounts
cifs: SMB/CIFS shares
aws-ebs: Amazon EBS volumes (for AWS)
azure-file: Azure File Storage (for Azure)
gce-pd: Google Compute Engine persistent disks
vsphere: VMware vSphere storage
Many third-party drivers (Portworx, Ceph, GlusterFS, etc.)

Create a volume with a specific driver:

docker volume create --driver nfs \
  --opt o=addr=192.168.1.10,rw \
  --opt device=:/nfs/data \
  nfs_volume

Best Practices for Docker Volumes

Use Named Volumes: Named volumes are easier to manage and can be reused across multiple containers.
Apply Labels: Use labels to organize volumes and implement more targeted pruning strategies.
```
docker volume create --label project=webapp --label environment=prod myvolume
```

Regularly Prune Unused Resources: Periodically clean up unused volumes and other resources to free up disk space.

Implement a Backup Strategy: Regularly backup important data stored in volumes using automation.
Mount Volumes with Read-Only Access When Possible:
```
docker run -v myvolume:/data:ro <image_name>
```

Use Volume Drivers Appropriate for Production: Local volumes may not be suitable for high-availability production deployments; consider distributed storage solutions.

Avoid Forcing Deletions: Use the -f flag with caution to prevent accidental data loss.
Define Clear Volume Lifecycle Policies: Determine when volumes should be created, backed up, and removed as part of your application lifecycle management.

5. Docker Networking

Network Types

Docker provides several network types:

Bridge (default)
Host
Overlay (for Docker Swarm)
Macvlan
None

Manage Networks

Create a custom network:

docker network create mynetwork

List available networks:

docker network ls

Inspect a network:

docker network inspect mynetwork

Connect Containers to Networks

Run a container and attach it to a custom network:

docker run -d --network=mynetwork --name mycontainer <image_name>

6. Docker Compose

Install Docker Compose

Install Docker Compose:

sudo pacman -S docker-compose

Create a docker-compose.yml File

Example docker-compose.yml:

version: '3.8'
services:
  web:
    image: nginx:latest
    ports:
      - "8080:80"
  db:
    image: postgres:13
    environment:
      POSTGRES_PASSWORD: example
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  postgres_data:

Use Docker Compose

Run services defined in docker-compose.yml:

docker-compose up -d

Stop and remove containers, networks, and volumes:

docker-compose down -v

7. Dockerfile

Create a Dockerfile

Example Dockerfile:

FROM node:14
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "start"]

Build and Run from Dockerfile

Build an image:

docker build -t myapp:latest .

Run a container from the built image:

docker run -d -p 3000:3000 myapp:latest

8. Docker Best Practices

Keep containers stateless and ephemeral.
Use official Docker images when possible.
Regularly clean up unused containers and images:

docker system prune

Use multi-stage builds to reduce image size.
Implement health checks in your Dockerfile or docker-compose.yml.
Use environment variables for configuration.
Limit container resources:

docker run -d --memory="256m" --cpus="1" <image_name>

9. Docker Security

Keep Docker and base images updated.
Scan images for vulnerabilities:

docker scan <image_name>

Use non-root users in Dockerfiles:

RUN useradd -m myuser
USER myuser

Enable Docker Content Trust:

export DOCKER_CONTENT_TRUST=1

Use secrets management for sensitive data.

10. Advanced Topics

Docker Swarm for orchestration
Docker Registry for private image hosting
CI/CD integration with Docker
Kubernetes for container orchestration at scale
Docker monitoring and logging solutions

Conclusion

This guide provides a comprehensive overview of Docker on Manjaro Linux. As Docker and its ecosystem continue to evolve, always refer to the official Docker documentation for the most up-to-date information and best practices.

1. What is Docker?​

2. Docker Installation on Manjaro Linux​

Step 1: Install Docker​

Step 2: Enable and Start Docker Daemon​

Step 3: Add Your User to Docker Group (Optional)​

3. Quick Commands​

Enable Docker​

Completely Clean Docker​

Completely Disable Docker​

Completely Disable Docker Autostart​

3. Basic Docker Commands​

Check Docker Version​

Check Docker Status​

List Containers​

Manage Docker Images​

Run and Manage Containers​

4. Docker Volumes and Persistent Data​

Types of Docker Storage​

Create and Use a Volume​

List and Inspect Volumes​

Delete Volumes​

Prune Unused Volumes​

Remove All Unused Resources​

Backing Up and Restoring Volumes​

Sharing Volumes Between Containers​

Using Volumes with Docker Compose​

Volume Drivers​

Best Practices for Docker Volumes​

5. Docker Networking​

Network Types​

Manage Networks​

Connect Containers to Networks​

6. Docker Compose​

Install Docker Compose​

Create a docker-compose.yml File​

Use Docker Compose​

7. Dockerfile​

Create a Dockerfile​

Build and Run from Dockerfile​

8. Docker Best Practices​

9. Docker Security​

10. Advanced Topics​

Conclusion​