How to run Docker containers on Linux | Containers & Docker Tutorial

How to Run Docker Containers on Linux: A Complete Guide Docker has revolutionized the way we deploy and manage applications by providing lightweight, portable containers that can run consistently across different environments. Linux, being Docker's native platform, offers the most robust and feature-complete Docker experience. This comprehensive guide will walk you through everything you need to know about running Docker containers on Linux, from basic concepts to advanced deployment strategies. Whether you're a system administrator looking to modernize your infrastructure, a developer seeking consistent development environments, or an IT professional exploring containerization technologies, this guide will provide you with the knowledge and practical skills needed to effectively run Docker containers on Linux systems. Table of Contents 1. [Understanding Docker Containers](#understanding-docker-containers) 2. [Prerequisites and System Requirements](#prerequisites-and-system-requirements) 3. [Installing Docker on Linux](#installing-docker-on-linux) 4. [Basic Docker Container Operations](#basic-docker-container-operations) 5. [Working with Docker Images](#working-with-docker-images) 6. [Advanced Container Management](#advanced-container-management) 7. [Networking and Storage](#networking-and-storage) 8. [Monitoring and Logging](#monitoring-and-logging) 9. [Security Best Practices](#security-best-practices) 10. [Troubleshooting Common Issues](#troubleshooting-common-issues) 11. [Performance Optimization](#performance-optimization) 12. [Best Practices and Tips](#best-practices-and-tips) Understanding Docker Containers Docker containers are lightweight, standalone packages that include everything needed to run an application: code, runtime, system tools, libraries, and settings. Unlike virtual machines, containers share the host operating system's kernel, making them more efficient in terms of resource usage and startup time. Key Benefits of Docker Containers on Linux - Resource Efficiency: Containers use fewer resources than traditional virtual machines - Portability: Applications run consistently across different Linux distributions - Scalability: Easy horizontal scaling of applications - Isolation: Applications are isolated from each other and the host system - Version Control: Container images can be versioned and rolled back - Microservices Architecture: Perfect for breaking down monolithic applications Prerequisites and System Requirements Before diving into running Docker containers, ensure your Linux system meets the following requirements: System Requirements - Linux Kernel Version: 3.10 or higher (recommended 4.0+) - Architecture: 64-bit (x86_64, arm64, or armhf) - RAM: Minimum 1GB (4GB+ recommended for production) - Storage: At least 10GB free space for Docker images and containers - Root Access: Administrative privileges for installation and configuration Supported Linux Distributions Docker officially supports the following Linux distributions: - Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS - Debian 9, 10, 11 - CentOS 7, 8 - Red Hat Enterprise Linux (RHEL) 7, 8, 9 - Fedora 34, 35, 36 - Amazon Linux 2 - SUSE Linux Enterprise Server Checking System Compatibility Before installation, verify your system's compatibility: ```bash Check kernel version uname -r Check architecture uname -m Check available disk space df -h Check available memory free -h Verify if your system supports virtualization egrep -c '(vmx|svm)' /proc/cpuinfo ``` Installing Docker on Linux The installation process varies slightly depending on your Linux distribution. Here's how to install Docker on the most popular distributions: Ubuntu/Debian Installation ```bash Update package index sudo apt update Install packages to allow apt to use a repository over HTTPS sudo apt install apt-transport-https ca-certificates curl gnupg lsb-release Add Docker's official GPG key curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg Set up the stable repository echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null Update package index again sudo apt update Install Docker Engine sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin ``` CentOS/RHEL/Fedora Installation ```bash Install required packages sudo yum install -y yum-utils Add Docker repository sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Install Docker Engine sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin Start and enable Docker service sudo systemctl start docker sudo systemctl enable docker ``` Post-Installation Steps After installation, perform these essential configuration steps: ```bash Add your user to the docker group (avoid using sudo for docker commands) sudo usermod -aG docker $USER Log out and log back in, or run: newgrp docker Verify installation docker --version docker run hello-world ``` Basic Docker Container Operations Now that Docker is installed, let's explore the fundamental operations for running and managing containers. Running Your First Container The most basic command to run a container is `docker run`: ```bash Run a simple container docker run hello-world Run an interactive Ubuntu container docker run -it ubuntu:20.04 /bin/bash Run a web server in the background docker run -d -p 8080:80 --name my-nginx nginx ``` Understanding Docker Run Options The `docker run` command has numerous options for customizing container behavior: ```bash Common docker run options docker run \ -d \ # Run in detached mode (background) --name my-container \ # Assign a name to the container -p 8080:80 \ # Map host port 8080 to container port 80 -v /host/path:/container/path \ # Mount a volume -e ENV_VAR=value \ # Set environment variable --restart unless-stopped \ # Restart policy nginx:latest # Image name and tag ``` Container Lifecycle Management Managing container states is crucial for effective Docker operations: ```bash List running containers docker ps List all containers (including stopped) docker ps -a Stop a running container docker stop container_name_or_id Start a stopped container docker start container_name_or_id Restart a container docker restart container_name_or_id Remove a container docker rm container_name_or_id Remove a running container forcefully docker rm -f container_name_or_id ``` Executing Commands in Running Containers Often you need to interact with running containers: ```bash Execute a command in a running container docker exec -it container_name /bin/bash Run a specific command docker exec container_name ls -la /app Execute as a specific user docker exec -u root -it container_name /bin/bash ``` Working with Docker Images Docker images are the templates used to create containers. Understanding image management is essential for effective Docker usage. Pulling Images from Docker Hub ```bash Pull the latest version of an image docker pull nginx Pull a specific version docker pull nginx:1.21-alpine Pull from a different registry docker pull registry.gitlab.com/my-project/my-image:latest ``` Listing and Managing Images ```bash List all local images docker images List images with specific filters docker images nginx Remove an image docker rmi image_name:tag Remove unused images docker image prune Remove all unused images (including tagged ones) docker image prune -a ``` Building Custom Images Create a `Dockerfile` to build custom images: ```dockerfile Example Dockerfile FROM ubuntu:20.04 Set working directory WORKDIR /app Install dependencies RUN apt-get update && apt-get install -y \ python3 \ python3-pip \ && rm -rf /var/lib/apt/lists/* Copy application files COPY . . Install Python dependencies RUN pip3 install -r requirements.txt Expose port EXPOSE 5000 Define entry point CMD ["python3", "app.py"] ``` Build the image: ```bash Build image from Dockerfile docker build -t my-python-app:latest . Build with specific context docker build -t my-app:v1.0 -f Dockerfile.prod . ``` Advanced Container Management Container Resource Management Control resource usage to prevent containers from consuming excessive system resources: ```bash Limit memory usage docker run -d --memory="1g" --name limited-nginx nginx Limit CPU usage docker run -d --cpus="1.5" --name cpu-limited nginx Limit both memory and CPU docker run -d --memory="512m" --cpus="0.5" nginx Set memory and swap limits docker run -d --memory="1g" --memory-swap="2g" nginx ``` Health Checks and Monitoring Implement health checks to ensure container reliability: ```bash Run container with health check docker run -d \ --health-cmd="curl -f http://localhost/ || exit 1" \ --health-interval=30s \ --health-timeout=10s \ --health-retries=3 \ nginx ``` Add health checks to Dockerfile: ```dockerfile HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://localhost/ || exit 1 ``` Container Logs and Debugging Effective logging and debugging are crucial for production environments: ```bash View container logs docker logs container_name Follow logs in real-time docker logs -f container_name View last N lines docker logs --tail 50 container_name View logs with timestamps docker logs -t container_name View container resource usage docker stats container_name Inspect container configuration docker inspect container_name ``` Networking and Storage Docker Networking Docker provides several networking options for containers: ```bash List networks docker network ls Create a custom network docker network create my-network Run containers on custom network docker run -d --network my-network --name app1 nginx docker run -d --network my-network --name app2 nginx Connect existing container to network docker network connect my-network existing_container ``` Network Types - Bridge: Default network driver for standalone containers - Host: Remove network isolation between container and host - Overlay: Connect multiple Docker daemons together - Macvlan: Assign MAC address to containers ```bash Create different network types docker network create --driver bridge my-bridge-network docker network create --driver host my-host-network docker network create --driver overlay my-overlay-network ``` Volume Management Persistent data storage is essential for stateful applications: ```bash Create a named volume docker volume create my-volume List volumes docker volume ls Run container with volume docker run -d -v my-volume:/data --name data-container nginx Mount host directory docker run -d -v /host/path:/container/path nginx Read-only mount docker run -d -v /host/path:/container/path:ro nginx Remove unused volumes docker volume prune ``` Bind Mounts vs Volumes ```bash Bind mount (host directory) docker run -d -v /home/user/data:/app/data nginx Named volume (managed by Docker) docker run -d -v app-data:/app/data nginx Anonymous volume docker run -d -v /app/data nginx ``` Monitoring and Logging Container Monitoring Monitor container performance and resource usage: ```bash Real-time container statistics docker stats Monitor specific containers docker stats container1 container2 Export statistics to file docker stats --no-stream > container_stats.txt ``` Centralized Logging Configure logging drivers for centralized log management: ```bash Configure logging driver docker run -d \ --log-driver=json-file \ --log-opt max-size=10m \ --log-opt max-file=3 \ nginx Use syslog driver docker run -d \ --log-driver=syslog \ --log-opt syslog-address=tcp://logserver:514 \ nginx ``` System Monitoring Monitor Docker daemon and system resources: ```bash Docker system information docker system info Docker system events docker system events Docker system disk usage docker system df Clean up system docker system prune ``` Security Best Practices Running Containers as Non-Root Always run containers with non-privileged users when possible: ```dockerfile In Dockerfile FROM ubuntu:20.04 RUN useradd -m -u 1001 appuser USER appuser ``` ```bash At runtime docker run -u 1001:1001 nginx ``` Security Scanning Regularly scan images for vulnerabilities: ```bash Scan image with Docker Scout (if available) docker scout cves nginx:latest Use third-party tools like Trivy trivy image nginx:latest ``` Limiting Container Capabilities Remove unnecessary capabilities: ```bash Drop all capabilities and add only required ones docker run -d \ --cap-drop=ALL \ --cap-add=NET_BIND_SERVICE \ nginx Run without privileged access docker run -d --security-opt=no-new-privileges nginx ``` Network Security Implement network security measures: ```bash Disable inter-container communication docker network create --driver bridge --internal secure-network Use custom bridge with specific subnet docker network create \ --driver bridge \ --subnet=172.20.0.0/16 \ --ip-range=172.20.240.0/20 \ isolated-network ``` Troubleshooting Common Issues Container Won't Start Common reasons and solutions: ```bash Check container logs docker logs container_name Inspect container configuration docker inspect container_name Check if port is already in use netstat -tulpn | grep :8080 Verify image exists docker images | grep image_name ``` Permission Issues Resolve permission problems: ```bash Fix Docker socket permissions sudo chmod 666 /var/run/docker.sock Add user to docker group sudo usermod -aG docker $USER Check SELinux context (on RHEL/CentOS) ls -Z /var/run/docker.sock ``` Storage Issues Handle storage-related problems: ```bash Check disk usage docker system df Clean up unused resources docker system prune -a Remove specific resources docker container prune docker image prune docker volume prune docker network prune ``` Network Connectivity Issues Debug network problems: ```bash Test container connectivity docker exec container_name ping google.com Check network configuration docker network inspect bridge Verify port mappings docker port container_name ``` Performance Issues Address performance problems: ```bash Monitor resource usage docker stats --no-stream Check container processes docker exec container_name ps aux Analyze container resource limits docker inspect container_name | grep -i memory ``` Performance Optimization Resource Optimization Optimize container resource usage: ```bash Use multi-stage builds to reduce image size FROM node:16 AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production FROM node:16-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY . . CMD ["node", "server.js"] ``` Caching Strategies Implement effective caching: ```dockerfile Optimize Dockerfile layer caching FROM python:3.9-slim Install dependencies first (changes less frequently) COPY requirements.txt . RUN pip install -r requirements.txt Copy application code last COPY . . CMD ["python", "app.py"] ``` Image Optimization Create smaller, more efficient images: ```dockerfile Use alpine-based images FROM nginx:alpine Remove unnecessary packages RUN apk del build-dependencies Use .dockerignore file .dockerignore node_modules .git *.md .env ``` Best Practices and Tips Development Best Practices 1. Use Specific Image Tags: Avoid `latest` tag in production 2. Implement Health Checks: Always include health check endpoints 3. Handle Signals Properly: Ensure graceful shutdown 4. Use Multi-Stage Builds: Reduce final image size 5. Scan for Vulnerabilities: Regularly update base images Production Deployment Tips ```bash Use restart policies docker run -d --restart=unless-stopped nginx Implement proper logging docker run -d \ --log-driver=json-file \ --log-opt max-size=10m \ --log-opt max-file=3 \ nginx Set resource limits docker run -d \ --memory=512m \ --cpus=0.5 \ nginx ``` Container Orchestration For production environments, consider using orchestration tools: ```yaml docker-compose.yml example version: '3.8' services: web: image: nginx:alpine ports: - "80:80" volumes: - ./html:/usr/share/nginx/html:ro restart: unless-stopped db: image: postgres:13 environment: POSTGRES_DB: myapp POSTGRES_USER: user POSTGRES_PASSWORD: password volumes: - db_data:/var/lib/postgresql/data restart: unless-stopped volumes: db_data: ``` Monitoring and Maintenance Regular maintenance tasks: ```bash Weekly cleanup script #!/bin/bash docker system prune -f docker image prune -f docker volume prune -f Monitor disk usage docker system df Update images docker images --format "table {{.Repository}}\t{{.Tag}}" | grep -v REPOSITORY | while read repo tag; do docker pull $repo:$tag done ``` Conclusion Running Docker containers on Linux provides a powerful, flexible platform for application deployment and management. This comprehensive guide has covered everything from basic container operations to advanced security and optimization techniques. Key takeaways from this guide: 1. Start Simple: Begin with basic `docker run` commands and gradually explore advanced features 2. Security First: Always implement security best practices from the beginning 3. Monitor Everything: Use logging and monitoring tools to maintain visibility 4. Optimize Continuously: Regularly review and optimize your container configurations 5. Plan for Scale: Consider orchestration tools as your container usage grows Next Steps To continue your Docker journey: 1. Explore Docker Compose: Learn multi-container application management 2. Study Kubernetes: Investigate container orchestration at scale 3. Implement CI/CD: Integrate Docker into your development pipeline 4. Learn Advanced Networking: Master Docker's networking capabilities 5. Security Hardening: Implement comprehensive security measures Docker containers on Linux offer endless possibilities for modernizing your infrastructure and development workflows. With the knowledge gained from this guide, you're well-equipped to leverage Docker's full potential in your projects and production environments. Remember to stay updated with Docker's latest features and security updates, and always test thoroughly before deploying to production. The container ecosystem continues to evolve rapidly, offering new tools and capabilities that can further enhance your containerization strategy.