Linux Containers and Docker: Concepts, Installation, Commands, Image Management, Dockerfile, Compose, and Networking

What Is a Linux Container

Linux containers isolate a group of processes from the rest of the system, running from a single image that supplies all required files, ensuring portability and consistency across development, testing, and production environments.

Containers vs. Virtualization

Traditional virtualization runs multiple operating systems on a hypervisor, while containers share the same kernel and isolate only the application processes, offering a lightweight alternative.

Brief History of Containers

The concept began with FreeBSD jail in 2000, evolved through VServer (2001) and LXC, and eventually matured into modern Docker.

What Is Docker

Docker is both an open‑source project and a set of tools provided by Docker Inc., enabling the creation, distribution, and execution of Linux containers.

How Docker Works

Docker leverages kernel features such as cgroups and namespaces to isolate processes, and uses image‑based deployment to run applications consistently across environments.

Docker Goals

Docker’s primary goal is to "Build, Ship and Run any App, Anywhere".

Build: Create a Docker image.

Ship: Distribute the image (e.g., docker pull ).

Run: Start a container from the image.

Installing Docker

Example for CentOS 7.2:

# Check OS version
cat /etc/redhat-release
# Install Docker repository
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
# Install Docker CE
yum install docker-ce -y
# Modify daemon to listen on a remote port
vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://10.0.0.100:2375
systemctl daemon-reload
systemctl enable docker.service
systemctl restart docker.service

Basic Docker Commands

Check version:

docker version

Configure image registry mirror:

vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

Running Your First Container

# Run nginx in detached mode with port mapping
docker run -d -p 80:80 nginx

Docker Image Lifecycle

Search, pull, list, export, import, inspect, and delete images using commands such as docker search , docker pull , docker image list , docker image save , docker image load , docker image inspect , and docker image rm .

Container Management

Start, stop, pause, remove, and inspect containers with docker run , docker start , docker stop , docker rm , and docker container inspect . Use docker exec -it for interactive shells.

Removing All Containers

docker rm -f $(docker ps -a -q)

Port Mapping

Map host ports to container ports with -p host:container or random mapping with -P .

Docker Volume Management

Create and mount volumes to persist data:

# Run nginx with a host directory as a volume
docker run -d -p 80:80 -v /data:/usr/share/nginx/html nginx
# Create a named volume
docker volume create mydata
# Use the named volume
docker run -d -p 8080:80 -v mydata:/usr/share/nginx/html nginx

Building Images with Dockerfile

A Dockerfile defines the steps to build an image. Example for a CentOS‑based image with SSH:

FROM centos:6.8
RUN yum install -y openssh-server
RUN echo "root:123456" | chpasswd
RUN /etc/init.d/sshd start
CMD ["/usr/sbin/sshd", "-D"]

Build the image:

docker image build -t centos6-ssh .

Docker‑Compose Orchestration

Define multi‑container applications in docker-compose.yml . Example for WordPress and MySQL:

version: '3'
services:
  db:
    image: mysql:5.7
    volumes:
      - /data/db_data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: somewordpress
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    volumes:
      - /data/web_data:/var/www/html
    ports:
      - "8000:80"
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress

Start with docker-compose up -d and access via http://HOST_IP:8000 .

HAProxy as a Front‑End Proxy

Install HAProxy, configure a frontend listening on port 8000 and a backend with round‑robin load balancing across two WordPress containers:

frontend frontend_www_example_com
    bind 10.0.0.100:8000
    default_backend backend_www_example_com
backend backend_www_example_com
    balance roundrobin
    server web-node1 10.0.0.100:32768 check
    server web-node2 10.0.0.100:32769 check

Start HAProxy with systemctl start haproxy and monitor at http://10.0.0.100:8888/haproxy-status .

Docker Networking Types

Docker provides several network drivers:

bridge : Default isolated network using a virtual bridge.

host : Shares the host’s network namespace (no isolation).

none : Disables networking for the container.

container : Shares another container’s network stack.

List networks with docker network list .