基本指令操作

常用指令 
 # List running containers
docker ps

# ssh into the container
docker exec -it <container-name> /bin/sh

# Restart a container
docker restart <container-name>

#Show running container stats
docker stats

# Check docker daemon disk space usage
docker system df

# Purge those unused images, networks, containers and volumes 
docker system prune

# Check the container log
docker logs <container-name>

# Seacrh docker registry for image
docker search <image-name>

# Create and start a container
docker run -it <image-name> /bin/bash

# Check container's exposed ports
docker port {container-name} 
 線上求助 
 
 Docker Cheat-Sheet 
 
 man docker <command>
man docker build
man docker rmi 
 管理 Images 
 ## 搜尋 Docker Hub 上的 image name
docker search lamp

## 顯示已下載所有 image name
docker images

## 檢視既有 image 的詳細資訊
docker inspect <image-name>

## 網路下載 image
docker pull ubuntu:13.10

## 刪除已下載的 image
docker rmi <image-name>

## 刪除所有 images
docker rmi $(docker images -q)

## 刪除所有 images，除了 my-images 以外
docker rmi $(docker images | grep -v 'ubuntu\|my-image' | awk {'print $3'})

## 刪除所有 <none> 的有問題 images
docker rmi $(docker images -f "dangling=true" -q)

## 刪除與 myapp/myimage 相關的 <none> 的 images
docker rmi $(docker images myapp/myimage -f "dangling=true" -q)

## 列出所有 images 之間繼承的關係
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t 
 管理 Containers 
 ## 開啟並進入 container 的 console
docker run -it <image-name> /bin/bash
docker run -it --name <container-name> <image-name> /bin/bash

## 以 daemon 方式啟動 container
docker run -d -p 11180:80 <image-name>
docker run -d --name web <image-name>
TIP: 啟動 container 時可以自訂名稱以方便管理

docker run -d -p 80:80 --rm <image-name>
加上 --rm 時，當停止 container 時，會自動被刪除(與 docker rm 指令相同)，且無法使用啟動指令
(docker start) 只能使用 docker run 啟動。 

## 檢查目前已經啟動的 containers
docker ps
docker ps -a

## 檢視開啟中 container 的詳細資訊，包含 Volumes、IP、Hostname 等等
docker inspect <container-id>

## 刪除指定的 container
docker rm <container-id> 

## 刪除所有的 containers
NOTE: 小心，這也會刪除正在執行的 container
docker ps -a -q | xargs -n 1 docker rm
docker rm $(docker ps -aq) 

## 刪除所有已經終止的 container
docker ps -a | grep "Exited" | awk '{print $1}' | xargs docker rm
docker rm $(docker ps --all -q -f status=exited)
NOTE: 這常用於在重新啟動 container 或 rebuild image 時遇到錯誤訊息的解決方法。

## 停止 container
docker stop <container-id>

## Stop all containers
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
docker ps -aq | xargs docker stop

## 匯出 container
docker export <container-id> > ubuntu-mysql.tar 

## 匯入 container
cat ubuntu-mysql.tar | docker import - <image-name>

## 跳離目前開啟中的 container
按下 Ctrl P 後再按 Ctrl Q
NOTE: 如果無法成功跳離，原因可能是 Ctrl+P 是 Bash 內定的快捷鍵（回到前一個指令）

## 重新進入開啟中的 container
docker attach <container-id>
或
docker attach <container-name>
如果 container 是以 daemon 啟動，改用以下方式
docker exec -it <container-id/name> /bin/bash

## 儲存開啟中 container 內容
docker commit <container-id> <image-name> 

## 顯示指定 container 的 IP
docker inspect <container-id> | grep IPAddress | cut -d '"' -f 4 
 Check Container CPU and RAM Usage 
 docker stats
docker stats --no-stream
docker stats --no-stream -a
docker stats <container-name>
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemPerc}}"
docker ps --no-trunc --format "{{.Names}}\t{{.ID}}" 
 管理 Volumes 
 Docker 的 Data Volume 是一個很特別的目錄設計，主要用在不同 containers 之間的資料分享，永久保存資料等。 
 主要特點： 
 
 當 container 建立時，volume 目錄就會被產生。如果 base image 已經包含了 volume 的目錄名，該目錄內的原有的資料會被完整複製。 
 volume 目錄可以分享以及重複被使用。 
 當 image 被更新時(commit)，volume 目錄內的資料不會被更新。 
 即使 container 被移除，volume 目錄的資料也會被保留。 
 
 // 啟用 volume
docker run -t -i -p 80:80 -v ${PWD}/webapp:/webapp alang/centos5-lamp_php51 
 
 TIP: 格式：-v <host-dir>:<container-dir> 
 在 container 內會自動新增一個目錄名為 /webapp，儲存到這個目錄的所有資料都會被保留。 
 被保留的資料會儲存到 host 的某個特定目錄內，即使 container 被移除，這些資料還是會存在，要如何找到這個特定目錄: 
 docker inspect -f {{.Volumes}} <container-id> 
 一般預設會是 /var/lib/docker/vfs/dir/bfebd8cb6...... 
 
 檢查 Volume 路徑 
 docker inspect -f {{.Mounts}} <container-id>

docker inspect <container-id> | jq ".[].Mounts" 
 Volume 管理 
 
 手動新增 Volume 時的路徑為： /var/lib/docker/volumes/<volume-name>   
 新增指令： docker volume create <volume-name>   
 掛載方式： -v <volume-name>:<destination>:<options> , options 有 ro 與 rw 
 直接以新名字掛載，系統會自動建立 volume，路徑為 /var/lib/docker/volumes/target/_data/<volume-name>   
 
 # 手動新增 volume
# Usgae: docker volume create <volume-name>

docker volume create mydata

# 列出目前 Volumes
docker volume ls

# Container 掛載 Volume
# Usage: -v <name>:<destination>
docker run -it -v mydata:/opt/mydata

# 刪除 Volume
docker volume rm mydata 
 
 Docker Network 
 # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ccaf6119fa8 nginx:latest "nginx -g 'daemon of…" 2 days ago Up 39 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx_mysql_web_1
81a920bb51a6 nginx_mysql_php "docker-php-entrypoi…" 2 days ago Up 2 days 9000/tcp nginx_mysql_php_1
437a7501198f mariadb:10.3 "docker-entrypoint.s…" 2 days ago Up 2 days 3306/tcp nginx_mysql_db_1

# docker network ls
NETWORK ID NAME DRIVER SCOPE
852eff02220e bridge bridge local
334d2b8571a4 host host local
b97cae66a977 nginx_mysql_default bridge local
40d15afb34b4 none null local

# docker network inspect -f '{{json .IPAM.Config}}' bridge | jq -r .[].Subnet
# docker network inspect -f '{{json .IPAM.Config}}' bridge | jq -r .[].Gateway

# brctl show
bridge name bridge id STP enabled interfaces
br-b97cae66a977 8000.0242569e79ff no veth3ce8cbd
 veth5129652
 veth55dcdf7
docker0 8000.0242faff70bb no
 
 - 取得 container IP 
 ## Method #1: By inspecting the container
docker inspect <container_id> | grep -i ipaddr
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_id>

# get an IP address associated with a specific network
# docker container inspect -f '{{ .NetworkSettings.Networks.<NETWORK NAME>.IPAddress }}' <CONTAINER_ID_OR_NAME>
docker container inspect -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}' ubuntu-ip

## Method #2: Using the container's shell
docker exec -it <container-name> sh
> ip
or
> ifconfig

# if you get the errors with 'command not found', following the below steps to install the relevant packages.
> apt update -qq
> apt install iproute2 -yqq

## Method #3: By inspecting the network itself
# docker network inspect <NETWORK NAME>
docker network inspect bridge | jq .[].Containers
docker network inspect bridge | jq '.[].Containers."<CONTAINER ID>".IPv4Address'

docker network inspect -f '{{json .Containers}}' bridge | \
jq '..|if type == "object" and has("Name") then select(.Name=="<CONTAINER NAME>") | .IPv4Address else empty end' -r 
 管理 Docker 
 檢查版本資訊 
 # 檢查 Docker 版本
docker version

# Docker 更多資訊
docker info 
 host 與 container 間交換檔案 
 docker cp <container-name>:/etc/nginx/nginx.conf /data/web/conf
docker cp host_source_path my_container:destination_path
docker cp -a host_source_path my_container:destination_path 
 定期清除沒用的物件 
 # 這會清除所有已停止的 container，沒有在用的docker層網路介面與 <none> 不完整的 image。
docker images --quiet --filter "dangling=true"
docker system prune

# 上述指令會保留 volume 裡的資料，如果要一併清除，須加上 --volumes
docker system prune -a --volumes

# For volumes only
docker volume ls -f dangling=true
docker volume prune 
 清理指令 docker system prune 包含了以下程序 
 
  It deletes all stopped containers 
 It removes all unused networks 
 It deletes all dangling images (and with -a, all unused images) 
 Then it cleans up build cache and volumes (if --volumes is included) 
 
 Restart Policy 
 
 Beginner's Guide to Docker Restart Policy 
 
 自動啟動 container 
 # Add --restart=unless-stopped
docker run -d -p 4449:4449 --name myst --restart=unless-stopped 
 Docker Logging 
 
 Complete Beginner's Guide to Docker Logging 
 
 docker logs {container-name}
docker logs --tail 50 {container-name}
docker logs -f {container-name}
docker logs -f --tail 20 {container-name}

# View timestamp in Docker logs
docker logs -t {container-name}
docker -n=10 -t {container-name}

# Viewing Docker logs in a specified time period
docker logs --since 1440m -t {container-name}
docker logs --until 1440m -t {container-name}
docker logs --since 2021-07-28 -t {container-name} 
 Docker system service logs 
 sudo journalctl -u docker 
 Where are Docker logs stored 
 sudo ls -lh /var/lib/docker/containers 
 Log Rotation for Container 
 - 全域設定 
 Edit /etc/docker/daemon.json 
 {
 "log-driver": "json-file",
 "log-opts": {
 "max-size": "10m",
 "max-file": "3" 
 }
} 
 Restart Docker daemon 
 sudo systemctl restart docker 
 - 個別設定 
 # Disable logging
docker run --log-driver=none

# Limit logging
docker run --log-driver=json-file --log-opt max-size=10m --log-opt max-file=3

# Verify the configuration
docker inspect {CONTAINER-NAME} | jq .[].HostConfig.LogConfig 
 Disk Space Usage 
 avimanyu@iborg-desktop:~$ docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 4 4 1.065GB 0B (0%)
Containers 4 4 5.705kB 0B (0%)
Local Volumes 7 7 1.108GB 0B (0%)
Build Cache 0 0 0B 0B 
 avimanyu@iborg-desktop:~$ docker system df -v
Images space usage:

REPOSITORY TAG IMAGE ID CREATED SIZE SHARED SIZE UNIQUE SIZE CONTAINERS
ghost 4.32.0 b40265427368 8 weeks ago 468.8MB 0B 468.8MB 1
jrcs/letsencrypt-nginx-proxy-companion latest 037cc4751b5a 13 months ago 24.35MB 0B 24.35MB 1
jwilder/nginx-proxy latest 509ff2fb81dd 15 months ago 165MB 0B 165MB 1
mariadb 10.5.3 f5d2bcaf057b 20 months ago 407MB 0B 407MB 1

Containers space usage:

CONTAINER ID IMAGE COMMAND LOCAL VOLUMES SIZE CREATED STATUS NAMES
899cc90e85d9 ghost:4.32.0 "docker-entrypoint.s…" 1 0B 8 weeks ago Up 8 weeks ghost_ghost_6
17b58fdafbce jrcs/letsencrypt-nginx-proxy-companion "/bin/bash /app/entr…" 4 571B 3 months ago Up 2 months letsencrypt-proxy-companion
58f99f46ee03 jwilder/nginx-proxy "/app/docker-entrypo…" 5 5.13kB 3 months ago Up 2 months jwilder-nginx-proxy
fb907286b60e mariadb:10.5.3 "docker-entrypoint.s…" 1 2B 3 months ago Up 2 months ghost_db_1

Local Volumes space usage:

VOLUME NAME LINKS SIZE
ghostdb 1 434.7MB
jwilder-nginx-with-ssl_acme 2 36.09kB
jwilder-nginx-with-ssl_certs 2 25.12kB
jwilder-nginx-with-ssl_dhparam 1 1.525kB
jwilder-nginx-with-ssl_html 2 1.106kB
jwilder-nginx-with-ssl_vhost 2 556B
ghost 1 674MB

Build cache usage: 0B

CACHE ID CACHE TYPE SIZE CREATED LAST USED USAGE SHARED 
 avimanyu@iborg-desktop:~$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest beae173ccac6 6 weeks ago 1.24MB
ubuntu latest fb52e22af1b0 5 months ago 72.8MB
alpine latest 49f356fa4513 10 months ago 5.61MB
hello-world latest d1165f221234 11 months ago 13.3kB 
 avimanyu@iborg-desktop:~$ docker ps --size
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
1171dcfb7e06 alpine "sleep 10" 10 months ago Up 9 seconds 
 # Overlay2 is the default Docker storage driver on Ubuntu. 
# You can confirm this by running the 'docker info' command and looking for the Storage Drive
# To get the <<hash-named-directory> by the command 'docker inspect <image-name>'
sudo du -sh /var/lib/docker/overlay2/<hash-named-directory>/ 
 # Specific Volume Disk Usage
$ docker volume ls
DRIVER VOLUME NAME
local d502589845f7ae7775474bc01d8295d9492a6c26db2ee2c941c27f3cac4449d1
local e71ee3960cfef0a133d323d146a1382f3e25856480a727c037b5c81b5022cb1b
local test-data

$ sudo du -sh /var/lib/docker/volumes/test-data/_data
4.0K	/var/lib/docker/volumes/test-data/_data 
 Limit CPU & Memory 
 docker run --memory=512m --cpus=1 
 Docker Compose 
 services:
 app:
 image: myimage
 deploy:
 resources:
 limits:
 cpus: '0.50'
 memory: 256M 
 顯示 container 資源使用狀況 
 docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.PIDs}}" 
 
 FAQ 
 - 無法移除 image 
 
 rror response from daemon: conflict: unable to delete dd78a816fb76 (must be forced) - image is referenced in multiple repositories 
 
 Solution: 如果同一個 image id 有兩個不同 image 名稱，在刪除這個 image id 時可能會遇到類似的錯誤訊息，刪除指令可以改用 image 名稱試試。 
 root@greencloud-us-1TB:~/watchtower# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysteriumnetwork/myst latest 5c613786d102 39 hours ago 53.3MB
presearch/node latest 27216957eb08 10 days ago 69.8MB
storjlabs/storagenode latest 0ac3b4808897 3 weeks ago 124MB
lscr.io/linuxserver/transmission latest 8cad68f9dac4 7 months ago 95.7MB
containrrr/watchtower latest 333de6ea525a 8 months ago 16.9MB
jellyfin/jellyfin latest 0aa773b67433 13 months ago 717MB
presearch/auto-updater latest dd78a816fb76 17 months ago 16.4MB <===
containrrr/watchtower <none> dd78a816fb76 17 months ago 16.4MB <===
storjlabs/watchtower latest 6af6621e20c1 2 years ago 14.3MB
nate/dockviz latest 93b5259c1e18 4 years ago 6.61MB

root@greencloud-us-1TB:~/watchtower# docker rmi dd78a816fb76
Error response from daemon: conflict: unable to delete dd78a816fb76 (must be forced) - image is referenced in multiple repositories

root@greencloud-us-1TB:~/watchtower# docker rmi presearch/auto-updater containrrr/watchtower
Untagged: presearch/auto-updater:latest
Untagged: presearch/auto-updater@sha256:3283e0b5be326d77ff4f4e8b7a91d46aaa1d511c74877b5a32f161548812d00c
Untagged: containrrr/watchtower:latest
Untagged: containrrr/watchtower@sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3
Deleted: sha256:333de6ea525af9137e1f14a5c1bfaa2e730adca97ab97f74d738dfa99967f14f
Deleted: sha256:f493af3d0a518d307b430e267571c926557c85222217a8707c52d1cf30e3577e
Deleted: sha256:62651dc7e144aa8c238c2c2997fc499cd813468fbdc491b478332476f99af159
Deleted: sha256:83fe5af458237288fe7143a57f8485b78691032c8c8c30647f8a12b093d29343 
 - 無法存取 localhost 網頁 
 如果 container 啟用一個本地端的網站，從 host 端無法直接使用 http://localhost:XXX 方式存取；改用 http://host.docker.internal:XXX 網址。