docker-container-basics

Docker Container Basics

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "docker-container-basics" with this command: npx skills add karchtho/my-claude-marketplace/karchtho-my-claude-marketplace-docker-container-basics

Docker Container Basics

Comprehensive guide to containerization with Docker, from image fundamentals to production deployments.

When to Use

  • Building and running Docker containers

  • Understanding Docker networking and volumes

  • Debugging container issues

  • Resource management and limits

  • Container security best practices

  • Multi-stage builds for optimization

  • Registry operations (push/pull/login)

  • Debugging container runtime issues

Core Concepts

Container Lifecycle

Build image

docker build -t myapp:latest .

Run container (foreground)

docker run --rm -it myapp:latest

Run container (background)

docker run -d --name my-container myapp:latest

View logs

docker logs -f my-container

Stop/start container

docker stop my-container docker start my-container

Remove container

docker rm my-container

View processes

docker ps -a

Image Management

List images

docker images

Tag image

docker tag myapp:latest myapp:v1.0.0

Remove image

docker rmi myapp:latest

Inspect image

docker inspect myapp:latest

View image layers

docker history myapp:latest

Dockerfile Best Practices

Structure

Use specific version tags (NOT latest)

FROM node:20.11-alpine

Set working directory

WORKDIR /app

Copy package files

COPY package*.json ./

Install dependencies

RUN npm ci --only=production

Copy application code

COPY . .

Expose port (documentation only)

EXPOSE 3000

Health check

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3
CMD node healthcheck.js

Run application

CMD ["node", "server.js"]

Multi-Stage Builds

Build stage

FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build

Production stage

FROM node:20-alpine WORKDIR /app COPY --from=builder /app/dist ./dist COPY package*.json ./ RUN npm ci --only=production EXPOSE 3000 CMD ["node", "dist/server.js"]

Optimization

  • Use .dockerignore to exclude unnecessary files

  • Minimize layer count (combine RUN commands with && )

  • Order commands by change frequency (stable → frequently changing)

  • Use specific base image versions (not latest )

  • Leverage layer caching for faster builds

Networking

Network Types

List networks

docker network ls

Create custom bridge network

docker network create myapp-net

Run container on network

docker run -d --network myapp-net --name db postgres:15 docker run -d --network myapp-net --name api myapp:latest

Container DNS resolution

Services on same network can reach each other by container name

Port Mapping

Map single port

docker run -p 8080:3000 myapp:latest

Map multiple ports

docker run -p 8080:3000 -p 8443:3000 myapp:latest

Map to random port

docker run -p 3000 myapp:latest

View port mappings

docker port my-container

Volumes and Mounts

Named Volumes

Create volume

docker volume create mydata

Run container with volume

docker run -v mydata:/app/data myapp:latest

View volume details

docker volume inspect mydata

Clean up unused volumes

docker volume prune

Bind Mounts

Mount host directory into container

docker run -v /host/path:/container/path myapp:latest

Read-only mount

docker run -v /host/path:/container/path:ro myapp:latest

Tmpfs Mounts

Mount temporary filesystem (memory-backed)

docker run --tmpfs /tmp:rw,size=1gb myapp:latest

Resource Limits

Memory and CPU

Limit memory

docker run -m 512m myapp:latest

Limit CPU (1.0 = 1 core, 0.5 = half core)

docker run --cpus 1.0 myapp:latest

Memory swap limit

docker run -m 512m --memory-swap 1g myapp:latest

CPU shares (relative priority)

docker run --cpu-shares 1024 myapp:latest

Viewing Resource Usage

Monitor container resources

docker stats

Specific container

docker stats my-container

Container Debugging

Execute Commands

Execute command in running container

docker exec -it my-container /bin/sh

Run one-off command

docker exec my-container npm test

Inspect Container

View detailed container info

docker inspect my-container

View environment variables

docker inspect my-container | grep -A 20 "Env"

View mounted volumes

docker inspect my-container | grep -A 10 "Mounts"

View Logs

Tail logs

docker logs -f my-container

Last 100 lines

docker logs --tail 100 my-container

With timestamps

docker logs -t my-container

Since specific time

docker logs --since 2025-01-15T10:00:00 my-container

Security Best Practices

Non-Root User

Create non-root user

RUN groupadd -r appuser && useradd -r -g appuser appuser

Use non-root user

USER appuser

Read-Only Filesystem

docker run --read-only -v /tmp:/tmp myapp:latest

Capability Dropping

Drop unnecessary capabilities

docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE myapp:latest

Security Scanning

Scan image for vulnerabilities

docker scan myapp:latest

Build with BuildKit (enables better layer caching and features)

DOCKER_BUILDKIT=1 docker build .

Registry Operations

Docker Hub

Login

docker login

Tag for registry

docker tag myapp:latest username/myapp:latest

Push image

docker push username/myapp:latest

Pull image

docker pull username/myapp:latest

Logout

docker logout

Private Registry

Login to private registry

docker login registry.example.com

Tag for private registry

docker tag myapp:latest registry.example.com/myapp:latest

Push to private registry

docker push registry.example.com/myapp:latest

Troubleshooting

Container Won't Start

Check exit code and error logs

docker logs my-container

View container events

docker events --filter "container=my-container"

Inspect container config

docker inspect my-container | grep -A 20 "State"

High Resource Usage

Monitor in real-time

docker stats

Identify processes consuming resources

docker top my-container

Network Issues

Test DNS resolution

docker exec my-container nslookup db

Test connectivity

docker exec my-container curl http://db:5432

View network settings

docker network inspect myapp-net

Production Patterns

Health Checks

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3
CMD curl -f http://localhost:3000/health || exit 1

Signal Handling

Applications should handle SIGTERM gracefully

Docker gives 10 seconds (default) before SIGKILL

docker stop --time 30 my-container

Graceful Shutdown

Wait for container to stop (with timeout)

docker stop -t 30 my-container

Verify container stopped

docker wait my-container echo $? # Exit code

Common Patterns

Development Container

docker run -it
-v $(pwd):/app
-p 3000:3000
-e NODE_ENV=development
myapp:dev

Production Container

docker run -d
--name myapp
--restart unless-stopped
-m 1g
--cpus 2
-p 3000:3000
-e NODE_ENV=production
--health-cmd="curl -f http://localhost:3000/health"
--health-interval=30s
myapp:latest

Sidecar Pattern

Main application

docker run -d --name app myapp:latest

Sidecar (logging, monitoring, etc)

docker run -d --network container:app --volumes-from app logging-agent:latest

References

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

nginx-configuration

No summary provided by upstream source.

Repository SourceNeeds Review
9-karchtho
General

dockerfile-generator

No summary provided by upstream source.

Repository SourceNeeds Review
8-karchtho
General

docker-compose-creator

No summary provided by upstream source.

Repository SourceNeeds Review
8-karchtho
General

feature-architect

No summary provided by upstream source.

Repository SourceNeeds Review
6-karchtho