Docker How To

How to open ufw for docker bridge networks

GW_IP=$(docker network inspect -f '{{ (index .IPAM.Config 0).Gateway }}' my-net)
sudo ufw allow in $GW_IP
sudo ufw allow out $GW_IP

How to open docker for network communication

On the latest ubuntu this involves reconfiguring dockerd startup

sudo vi /etc/systemd/system/docker.service.d/override.conf
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://

sudo systemctl daemon-reload
sudo systemctl restart docker.service

How to enable dockerd debugging

sudo vi /etc/systemd/system/docker.service.d/override.conf

add --debug key to the startup command

How to change and copy volumes

Use an alpine image
docker run --rm -v db-fresh:/from -v db:/to alpine ash -c "cp -av /from/* /to/"
or the bash image (which is itself based on alpine)
docker run --rm -v db-fresh:/from -v db:/to bash "cp -av /from/* /to/"

How to run GUI docker apps

On the Linux Host

xhost +local:
docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix:ro image

Or if your container is already running you could try to limit it to the container's host

if [[ -z "$(xhost|grep LOCAL)" ]]; then xhost +local:$(docker inspect --format='{{ .Config.Hostname }}' container); fi

More on xhost is here -

On the Windows Host. Install xming or vcxsrv
xming :0 -ac -clipboard -multiwindow
docker run -e DISPLAY=hostip:0 [...] image

Alternatively you could run a container with it's own X11 and VNC server and use HTML5 as the VNC client. See

On the MacOS Host

brew install socat
brew cask install xquartz
open -a XQuartz
socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"
docker run -e DISPLAY=hostip:0 [...] image

Control remote docker host

export DOCKER_HOST=tcp://otherdockerhost:2375
then your docker client will use remote dockerd
check with
docker version

Add TLS to docker engine

Add tab completion to docker in windows

Install-Module -Scope CurrentUser posh-docker
notepad $PROFILE
Import-Module posh-docker
Open a new PowerShell terminal

Installing docker on a windows server

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Restart-Computer -Force

How to open docker ports on windows firewall with powershell

# insecure docker port
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerinsecure2375"})) {
    New-NetFirewallRule -Name "Dockerinsecure2375" -DisplayName "Docker insecure on TCP/2375" -Protocol tcp -LocalPort 2375 -Action Allow -Enabled True
# swarm ports
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerswarm2377"})) {
    New-NetFirewallRule -Name "Dockerswarm2377" -DisplayName "Docker Swarm Mode Management TCP/2377" -Protocol tcp -LocalPort 2377 -Action Allow -Enabled True
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerswarm7946"})) {
    New-NetFirewallRule -Name "Dockerswarm7946" -DisplayName "Docker Swarm Mode Node Communication TCP/7946" -Protocol tcp -LocalPort 7946 -Action Allow -Enabled True
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerswarm7946udp"})) {
    New-NetFirewallRule -Name "Dockerswarm7946udp" -DisplayName "Docker Swarm Mode Node Communication UDP/7946" -Protocol udp -LocalPort 7946 -Action Allow -Enabled True
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerswarm4789"})) {
    New-NetFirewallRule -Name "Dockerswarm4789" -DisplayName "Docker Swarm Overlay Network Traffic TCP/4789" -Protocol tcp -LocalPort 4789 -Action Allow -Enabled True

How to get container IP

docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" containerid

How to remove stopped containers

docker container prune

How to check space usage

docker system df

How to combine image layers into one

(Each RUN instruction builds one layer of your image)
docker build --squash
Note that this does not work on windows docker as of March 2018

How to check what container isolation technology is used for the container

Important for Windows docker host as these have different options
docker container inspect [name] | grep Isolation

How to clean unnamed docker images

docker system prune

docker images -a may show layers for images that are PARENT layers for existing images. They are good and needed to build the resulting image
if docker images (no -a) shows an unnamed image then that's a leftover and should be removed,

docker rmi $(docker images -f "dangling=true" -q)
docker images | grep "<none>" | awk '{print $3}' | xargs docker rmi

How to change docker image storage location

start the daemon with -g and add it to /etc/default/docker

How to change windows docker daemon configuration with powershell

Write-Host "Stopping docker service"
Stop-Service docker
Write-Host "Activating experimental features"
$daemonJson = "$env:ProgramData\docker\config\daemon.json"
$config = @{}
if (Test-Path $daemonJson) {
  $config = (Get-Content $daemonJson) -join "`n" | ConvertFrom-Json
$config = $config | Add-Member(@{ experimental = $true }) -Force -PassThru
$config | ConvertTo-Json | Set-Content $daemonJson -Encoding Ascii
Write-Host "Starting docker service"
Start-Service docker