Docker Containers

A Docker container is a running instance of a Docker image. It is an isolated process (or group of processes) running on the host kernel, with its own filesystem, network, and process tree.
Containers are ephemeral by default - all data written inside the container’s filesystem is lost when the container is removed. Use volumes or bind mounts to persist data.
Multiple containers can be created from the same image simultaneously - each gets its own isolated writable layer.

Container Lifecycle

docker pull → docker create → docker start → [running] → docker stop → docker rm
                                                              ↑
                                                         docker restart

# Pull an image and run a container (combined)
docker run nginx                          # Foreground, blocks terminal
docker run -d nginx                       # Detached (background)
docker run -d --name my-nginx nginx       # Named container
docker run --rm nginx                     # Auto-remove container on exit (keeps things clean)

# Run interactively (get a shell — combine with --rm to avoid leaving shells behind)
docker run -it --rm ubuntu bash

# Map ports: host:container
docker run -d -p 8080:80 nginx            # Access nginx at localhost:8080

# Set environment variables
docker run -d -e DB_HOST=db my-app

# List running containers
docker ps

# List all containers including stopped
docker ps -a

# Stop a container (sends SIGTERM, waits 10s, then SIGKILL)
docker stop my-nginx

# Force kill immediately
docker kill my-nginx

# Remove a stopped container
docker rm my-nginx

# Stop and remove in one step
docker rm -f my-nginx

# Remove ALL stopped containers at once
docker container prune

Inspecting a Running Container

# View container logs
docker logs my-nginx
docker logs -f my-nginx           # Follow (tail -f equivalent)
docker logs --tail 50 my-nginx    # Last 50 lines

# Execute a command in a running container
docker exec -it my-nginx bash     # Open interactive shell
docker exec my-nginx ls /etc/nginx

# View resource usage (CPU, memory, network)
docker stats

# Inspect container metadata (IP, mounts, env vars, etc.)
docker inspect my-nginx

Container Filesystem

Container filesystem is built from the image’s read-only layers + a thin read-write layer on top.
Any file modifications during runtime go into the writable layer and are scoped to that container instance.

Changes are not reflected in the image. To persist changes: either mount a volume, or create a new image with docker commit (avoid in production - use a Dockerfile instead).

# Copy files into/out of a container
docker cp my-nginx:/etc/nginx/nginx.conf ./nginx.conf
docker cp ./nginx.conf my-nginx:/etc/nginx/nginx.conf

# See what changed from the base image (A=added, C=changed, D=deleted)
docker diff my-nginx

Common Gotchas

Containers don’t start after docker run: Check docker ps -a for the exit status, then docker logs <container> for the error. The most common cause is the ENTRYPOINT/CMD crashing immediately.
Port not accessible: Verify you used -p host:container and the container is actually running (docker ps, not docker ps -a).
Data lost after docker rm: Expected. Mount a volume if you need persistence.
docker stop is slow: The app isn’t handling SIGTERM. Fix signal handling in your app or Dockerfile (use exec form for CMD).
Container can’t reach the internet: DNS inside containers defaults to 8.8.8.8. Custom DNS servers on the host don’t automatically apply inside containers.