Docker Basics
Containers are just processes with their own filesystem + network namespace. You ship code + its runtime as one image — identical on every machine.
1 credit
Core concepts
- Image — a read-only snapshot of a filesystem + metadata (entrypoint, env). Built from a Dockerfile.
- Container — a running instance of an image. Ephemeral unless you persist volumes.
- Registry — where images live (Docker Hub, ghcr.io, ECR). `docker push` / `docker pull` move them.
- Layer — each Dockerfile instruction creates a layer. Identical layers are cached and shared across images.
Why use it
- Reproducibility — "works on my machine" problem largely goes away.
- Isolation — conflicting dependencies coexist (Python 3.9 + 3.12 on the same host).
- Fast ship — lightweight vs full VMs; start in milliseconds.
First run
bash
# run nginx in a container on port 8080 docker run -d -p 8080:80 --name web nginx curl http://localhost:8080 # stop + remove docker stop web && docker rm web
Pitfalls
- Don't put secrets in your Dockerfile — anyone with the image can extract them.
- `latest` tag drifts. Pin versions (`node:22-alpine`) for reproducible builds.
- Data in a container is lost on `docker rm` — use volumes for anything you care about.