Docker is software that helps to run 'containers' across many operating systems including Linux, Mac and even Windows. Containers are more lightweight than virtual machines as they do not contain a full operating system, instead containers are packages of software that runs as an isolated process. Using Docker helps to elimiate 'It worked on my machine' issues and speeds up development as there are no complex environents to setup.

Traditional apps are monolithic often having tightly coupled teirs, docker lends itself well to modern application design principals and microservice architectures where a set of microservices communicate through API's.

In early 2017 Docker started to offer two version; The community edition docker-ce and the enterprise edition docker-ee. The information found here relates to the community edition of Docker.




  • Docker Client - CLI tool used to configure Docker.
  • Docker Host - Host operating system running Docker containers.
  • Docker Daemon - Docker server which runs as the deamon dockerd.
  • Docker Image - Read only template used to create a Docker container.
  • Docker Container - Running instance of an image.
  • Docker Registry - Central repository of Docker images.
  • Docker Engine - Combination of Docker daemon, rest api and CLI tool.


Bare Metal

Docker host installed directly on the bare metal server.


Type 1 Hypervisor

Docker host installed on a guest OS on top of a type 1 hypervisor such as KVM or ESXi.


Type 2 Hypervisor

Typical laptop/desktop development machine setup would have the docker host installed on a guest OS on top of a type 2 hypervisor such as Virtualbox or VMWare workstation.



Docker is compatible with many operating systems, the following demonstrates how to install Docker Community Edition on Centos 7 minimal.

# bash
sudo yum remove docker docker-common docker-selinux docker-engine

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce

sudo systemctl start docker

sudo systemctl enable docker

There are detailed instructions on the Docker installation method for each platform in the official docs here.


The Docker daemon configuration can be set with flags on the command line, for example; -D for debug mode or defined in the /etc/docker/daemon.json file. The --config-file flag can be used to tell the daemon to use a non default location.

# /etc/docker/daemon.json
  "debug": true,
  "tls": true,
  "tlscert": "/var/docker/server.pem",
  "tlskey": "/var/docker/serverkey.pem",
  "hosts": ["tcp://"]

More info about configuring the Docker daemon can be found in the docs.


Docker images are immutable bundles of software that are hosted in a docker registry. Docker Hub is an example of a docker registry.

Since the docker registry is just an image it's possible to host a private docker registry on a docker host within your security domain.

The docker image command is used to build, fetch, push etc ... docker images. See the docker image cli reference for more details.


Networks in Docker have many similar concepts to those found in both physical networks such as IP addressing, NAT and DNS. There are a number of categories of networks that can be configured for use with Docker containers which are listed below.

  • Default bridge network - All Docker hosts are configured with the default network bridge.
  • User defined network - Networks defined by the user.
  • Custom network - 3rd party network plugins.

Default Bridge Network

The default bridge is configured when Docker is installed. If a network is not specified when creating a container the container will be attached to the default bridge.

User Defined Network

Docker recommends connecting containers to user defined networks. This allows you to control which containers can communicate to each other and enables DNS resolution of container hostnames to IP addresses.

Custom Networks

If the in-built network types do not meet your requirements you can use a 3rd party network plugin for use with connecting containers.

In the category of user defined networks, Docker provides a few different types of networks out of the box.

Bridge Network

Containers on a bridge networks can communicate with other containers on the same bridge. Bridge networks use source NAT to allow containers to communite with the world outside of the Docker host they reside on.


Inbound connections to a container are not permitted except from containers connected to the same bridge. To allow connections to a container from outside the host/bridge they are connected to a port needs to be published. This will enable a destination NAT and port forwarding from the published port to the container port.


Overlay Network




The docker network command

The docker network command is used to build, edit and destroy docker networks. The synax is as follows; docker network <command>. A usefull list of commands are listed below.

docker container inspect --format ""
  • ls - List all networks
  • inspect - Detailed information about a network
  • create --driver - Use a 3rd party driver
  • connect - Connect a network to a container
  • disconnect - Disconnect a network from a container

See the Docker networking documentation for further details.


Docker storage volumes


Docker comes with a feature packed CLI tools for performing docker tasks.

Docker cli


Docker compose