Master Docker: 15 Essential Tips and Commands for Efficient Container Management

1. Get the ID of the most recently run container

Run a container and capture its ID in a variable, then commit it as a new image:

$ ID=$(docker run ubuntu echo hello world)
$ docker commit $ID helloworld
fd08a884dc79

For scripting, define an alias to simplify the command:

alias dl='docker ps -l -q'
$ dl
1904cf045887

Now dl returns the latest container ID without typing the full command.

2. Specify software in the Dockerfile instead of installing it interactively

Prefer adding RUN apt-get install … lines to a Dockerfile rather than installing packages inside a running container’s shell.

$ docker run -i -t ubuntu bash
# inside the container
apt-get update && apt-get install -y postgresql
exit
$ docker commit $(dl) helloworld

The resulting image contains the installed software.

3. Reduce repeated use of sudo for Docker commands

Add your user to the docker group and restart the Docker service:

sudo groupadd docker
sudo gpasswd -a $USER docker
sudo service docker restart
exit
# log in again

After this, Docker commands no longer require sudo.

4. Clean up stopped containers

Remove all stopped containers in one line: docker rm $(docker ps -a -q) This deletes every container that is not running.

5. Parse docker inspect output with jq

Instead of a complex grep pipeline, use jq for JSON parsing:

docker inspect $(dl) | jq -r '.[0].NetworkSettings.IPAddress'

The expression extracts the container’s IP address directly.

6. List environment variables of an image

Run the image with env to see its default variables: docker run ubuntu env Typical output includes HOME=/, PATH=…, container=lxc, HOSTNAME=….

7. RUN vs CMD

RUN

executes during image build, while CMD runs when a container starts from the image. Example Dockerfile:

FROM thelanddownunder
MAINTAINER crocdundee
RUN apt-get update && apt-get install -y softwares
CMD ["softwares"]

During docker build, only RUN commands run; the CMD is stored for later execution.

8. CMD vs ENTRYPOINT

CMD

can be overridden by arguments passed to docker run, whereas ENTRYPOINT defines a fixed entry point and all additional arguments are appended.

# Dockerfile A
FROM ubuntu
CMD ["echo"]
# docker run imageA hello   → hello

# Dockerfile B
FROM ubuntu
ENTRYPOINT ["echo"]
# docker run imageB hello   → hello

9. Do containers have their own IP address?

Yes. On the host, ip -4 -o addr show eth0 shows the host’s IP. Inside a container, run the same command to see its private IP, e.g., 172.17.0.43/16.

10. Communicate with the Docker daemon via UNIX socket

Use nc -U /var/run/docker.sock to open a raw HTTP connection to the daemon, then issue requests such as: GET /images/json HTTP/1.1 The daemon returns JSON data about available images.

11. Visualize image dependency graphs

Generate a graph with: docker images -viz | dot -Tpng -o docker.png Serve the PNG with a simple HTTP server, e.g., python -m SimpleHTTPServer, and view it in a browser.

12. Where Docker stores its data

All Docker data resides under /var/lib/docker, containing subdirectories such as containers/, graph/ (images), and volumes/. Inspecting these directories reveals the layered filesystem structure.

13. Docker’s source code is written in Go

Key files include:

commands.go – CLI wrapper that forwards to the REST API

api.go – API routing

server.go – Core API implementation

buildfile.go – Dockerfile parser

Reading these files helps understand how Docker builds and runs containers.

14. Do not start background services with RUN

RUN

executes at build time and its processes disappear in the final image. Instead, start services in the container’s foreground (e.g., via an ENTRYPOINT script).

15. Linking containers for inter‑service communication

Run a container with a name and link another container to it:

# First container
docker run -d --name loldb loldbimage
# Second container linked to the first
docker run --link loldb:cheez otherimage env

The linked container receives environment variables such as CHEEZ_PORT, enabling seamless network communication without exposing ports publicly.