启动 Docker

如果你是用一种特殊的方式启动,ubuntu系统会在运行时启动.你可以运行 sudo docker help 获取帮助

如果你看到 docker: command not found 或者 /var/lib/docker/repositories: permission denied 你需要检查你的路径和安装方式

# Run docker in daemon mode

sudo <path to>/docker -d &


# Download an ubuntu image

sudo docker pull ubuntu

This will find the ubuntu image by name in the Central Index and download it from the top-level Central Repository to a local image cache.


When the image has successfully downloaded, you will see a 12 character hash 539c0211cd76: Download complete which is the short form of the image ID. These short image IDs are the first 12 characters of the full image ID - which can be found using docker inspect or docker images -notrunc=true

Running an interactive shell

# Run an interactive shell in the ubuntu image,# allocate a tty, attach stdin and stdout# To detach the tty without exiting the shell,# use the escape sequence Ctrl-p + Ctrl-q

sudo docker run -i -t ubuntu /bin/bash

The sudo command and the docker Group

The docker daemon always runs as the root user, and since Docker version 0.5.2, the docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root, and so, by default, you can access it with sudo.

Starting in version 0.5.3, if you (or your Docker installer) create a Unix group called docker and add users to it, then the docker daemon will make the ownership of the Unix socket read/writable by the docker group when the daemon starts. The docker daemon must always run as the root user, but if you run the docker client as a user in the docker group then you don’t need to add sudo to all the client commands.


The docker group is root-equivalent.


# Add the docker group if it doesn't already exist.

sudo groupadd docker

# Add the connected user "${USER}" to the docker group.# Change the user name to match your preferred user.# You may have to logout and log back in again for# this to take effect.
sudo gpasswd -a ${USER} docker

# Restart the docker daemon.
sudo service docker restart

Bind Docker to another host/port or a Unix socket


Changing the default docker daemon binding to a TCP port or Unix docker user group will increase your security risks by allowing non-root users to potentially gain root access on the host (e.g. #1369). Make sure you control access to docker.

With -H it is possible to make the Docker daemon to listen on a specific IP and port. By default, it will listen on unix:///var/run/docker.sock to allow only local connections by the root user. You could set it to or a specific host IP to give access to everybody, but that is not recommended because then it is trivial for someone to gain root access to the host where the daemon is running.

Similarly, the Docker client can use -H to connect to a custom port.

-H accepts host and port assignment in the following format: tcp://[host][:port] or unix://path

For example:

  • tcp://host:4243 -> tcp connection on host:4243
  • unix://path/to/socket -> unix socket located at path/to/socket

-H, when empty, will default to the same value as when no -H was passed in.

-H also accepts short form for TCP bindings: host[:port] or :port

# Run docker in daemon mode

sudo <path to>/docker -H -d &
# Download an ubuntu image
sudo docker -H :5555 pull ubuntu

You can use multiple -H, for example, if you want to listen on both TCP and a Unix socket

# Run docker in daemon mode

sudo <path to>/docker -H tcp:// -H unix:///var/run/docker.sock -d &
# Download an ubuntu image, use default Unix socket
sudo docker pull ubuntu
# OR use the TCP port
sudo docker -H tcp:// pull ubuntu

Starting a long-running worker process

# Start a very useful long-running processJOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")

# Collect the output of the job so far
sudo docker logs $JOB

# Kill the job
sudo docker kill $JOB

Listing all running containers

sudo docker ps

Bind a service on a TCP port

# Bind port 4444 of this container, and tell netcat to listen on itJOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444)

# Which public port is NATed to my container?PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }')

# Connect to the public portecho hello world | nc $PORT

# Verify that the network connection workedecho "Daemon received: $(sudo docker logs $JOB)"

Committing (saving) a container state

Save your containers state to a container image, so the state can be re-used.

When you commit your container only the differences between the image the container was created from and the current state of the container will be stored (as a diff). See which images you already have using the docker images command.

# Commit your container to a new named image

sudo docker commit <container_id> <some_name>

# List your containers
sudo docker images

You now have a image state from which you can create new instances.