Essential Docker FAQ: Concepts, Commands, and Best Practices

What is Docker? Docker is an open‑source container engine written in Go, licensed under Apache 2.0. It runs applications in lightweight, isolated containers on a Linux host, providing portable, self‑contained environments.

Typical Docker use cases include automated packaging and release of web applications, CI/CD pipelines, deploying backend services, building private PaaS platforms (e.g., OpenShift, Cloud Foundry), and providing internal development environments that avoid the overhead of full virtual machines.

Advantages of Docker are flexibility (any app can be containerized), lightweight nature (shared kernel), interchangeability (easy updates), portability (build locally, run anywhere), scalability (replicate containers), and stackability (vertical and horizontal service composition).

Docker vs. virtual machines – VMs add a hypervisor layer and each instance runs its own kernel, consuming more resources. Docker containers isolate via namespaces and cgroups, sharing the host kernel, resulting in lower overhead and higher density, though containers have slightly weaker isolation.

Three core Docker concepts :

Image : a read‑only template (similar to a VM snapshot) that contains the filesystem, binaries, libraries, and configuration needed to run an application.

Container : a running instance of an image, isolated from other containers and the host.

Registry : a server that stores and distributes images (public Docker Hub or private registries).

Quick Docker installation (CentOS 7) :

yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker
systemctl status docker

Changing Docker storage location (default /var/lib/docker): stop Docker, move the directory, and create a symlink:

systemctl stop docker
mkdir -p /root/data/docker
mv /var/lib/docker /root/data/docker
ln -s /root/data/docker /var/lib/docker

Image management commands :

Search: docker search keyword Pull: docker pull repository[:tag] (defaults to latest)

List images: docker images Inspect: docker inspect IMAGE_ID Tag: docker tag SOURCE[:TAG] TARGET[:TAG] Remove: docker rmi REPO:TAG or docker rmi IMAGE_ID [-f] Save to file: docker save -o filename.tar IMAGE Load from file: docker load -i filename.tar Creating containers example:

# Run a CentOS 7.8 container with init
docker run -d --name centos7.8 -h centos7.8 \
  -p 220:22 -p 3387:3389 \
  --privileged=true \
  centos:7.8.2003 /usr/sbin/init

# Run a CentOS 8.2 container
docker run -d --name centos8.2 -h centos8.2 \
  -p 230:22 -p 3386:3389 \
  --privileged=true \
  daocloud.io/library/centos:8.2.2004 init

# Enter a container
docker exec -it centos7.8 bash

Standard container lifecycle when using docker run :

Check if the image exists locally; pull from a registry if missing.

Create and start a container from the image.

Mount a writable layer on top of the read‑only image.

Attach a virtual network interface via a bridge (docker0).

Assign an IP address from Docker's address pool.

Execute the specified command; container stops when the command exits.

Docker networking modes :

host : container shares the host’s network namespace (no separate IP).

container : container shares another container’s network namespace.

none : container has no network interfaces except a loopback.

bridge (default): each container gets its own namespace, connected to the docker0 bridge, with NAT and port‑mapping capabilities.

Data volumes provide persistent directories that can be mounted from the host into containers, allowing data to survive container removal and enabling sharing between containers.

Setting up a private Docker registry :

# Pull the registry image
docker pull registry
# Run the registry on port 5000
docker run -di --name registry -p 5000:5000 registry
# Enable restart on boot
docker update --restart=always registry
# Configure insecure registry in /etc/docker/daemon.json
{
  "insecure-registries":["192.168.1.54:5000"]
}
systemctl restart docker
# Tag and push an image
docker tag postgres:11 192.168.1.54:5000/postgres
docker push 192.168.1.54:5000/postgres

Backing up and restoring containers :

# Commit a running container to a new image
docker commit redis myredis
# Save the image to a tar file
docker save -o myredis.tar myredis
# Restore on another host
docker load -i myredis.tar
# Re‑create the container
docker run -di --name myredis myredis

Deploying MySQL with Docker (illustrated in the original image) typically involves pulling the official MySQL image, creating a container with appropriate volume mounts for data persistence, and exposing the default port 3306.

Overall, this FAQ‑style article provides a practical reference for developers and operations engineers who need to understand Docker fundamentals, perform common tasks, and troubleshoot typical scenarios.