Docker is a tool for managing containers. Containers are somewhat like virtual machine instances except a lot more lightweight.

Think of an application e.g. a web app. You want to run the application, but you don't want to pollute your host OS with all the baggage that comes with it (libraries, dependencies, config files, services, …). So what do you do? You can run the application in a virtual machine.

What does it take to run an application in a virtual machine? First, you first need to set up a virtual machine. This means giving it a slice of your hardware (CPU, RAM, HDD, …). Then, you need to install an OS on the virtual machine (let's say, Ubuntu). Then, you also need to install everything the application needs (apt install ...). Finally, you need to copy your application inside the virtual machine. This works, but wastes a lot of resources + the application will obviously be a lot slower than it would have been if it was ran on the host.

What if instead of emulating hardware, we just run the application we wanted on the host, but somehow made the application “feel” like it's in a virtual machine? That's exactly what Docker does! “Containerizing” an application means making the application “feel” like it's in a virtual machine, even though it's not.

But actually, it's even better! Not only can we make an application “feel” like it's in a virtual machine, we can setup the environment inside the container such that everything the application expects is already there. Meaning, inside the container: every library that the application needs is already installed, every configuration file that the application reads is already configured, every environment variable that the application expects is already set, every directory that… you get the idea. All that remains is actually running the application inside that preconfigured container, and the application just works out of the box.

Therefore, it's actually more appropriate to think of Docker as an “environment manager” than anything! The fact Docker containers act like lightweight virtual machines is nice to think of as an analogy, but it's not where the true utility of Docker lies in.

Follow the guide on https://docs.docker.com/engine/install/

On Debian and Ubuntu systems, this usually boils down to modifying /etc/apt/sourcesl.list then running:

 $ sudo apt update
 $ sudo apt install          \
       docker-ce             \
       docker-ce-cli         \
       containerd.io         \
       docker-buildx-plugin  \
       docker-compose-plugin

If you want to make a regular user be able to use docker command, just add them to the docker group:

 $ sudo gpasswd -a john docker
 $ sudo groups john
john : john docker

Remember that they will have to log out and then log back in, in order for their groups to update. Warning: Do not do this if you don't trust the user!

In order to see what Docker is in practice, it's best if you try it yourself:

docker run -it --rm ubuntu:latest

This puts you inside a container, running bash shell as root. You can now use apt to install anything you like. You can also break the system if you like (e.g. run rm -rf /usr). When you exit the shell, everything you ever did inside is lost. This includes anything you installed, but also anything you created, edited, changed, removed, or broke.

When you run docker run -it --rm ubuntu:latest again, you're put in the exact same environment again, as if you were running it for the first time. Anything you installed is no longer there, but also anything you broke before is no longer broken (e.g. if you did rm -rf /usr you now do have /usr). You get a blank slate. The power of Docker comes from the fact it's able to efficiently replicate the exact same image environment, every single time.

But what if you do want to preserve what you've installed? That's where docker commit and docker build commands come in, but that comes later.

Docker images are predefined environments. You run an application within these predefined environments with docker run -it --rm <image>. You list images with docker images. You remove an image with docker rmi <image>. An image is usually named <name>:<tag>. For example, ubuntu:latest. The tag is usually used for different versions of an image with the same name. You retag an image docker tag ubuntu:latest my:example. At this point, you can run 'ubuntu:latest' or 'my:example' – it's the same environment (makes no difference). You rename an image by retagging it and deleting the old one with docker rmi.

Docker images are pulled from https://hub.docker.com/. This is like GitHub for docker images. You use docker pull <image> to pull an image from the repository to your local filesystem. You use docker search <image> to search the repository for a particular image. Running the image will also pull the image if it doesn't exist on your filesystem.

Continuing on the virtual machine analogy, you can think of a docker image as .iso file, containing OS installation + system configuration. Running a container is then somewhat like starting a virtual machine, installing an OS with that .iso, then running a desired application within that OS.

Docker images are stored in /var/lib/docker directory. Docker manages images in an efficient way, using a filesystem engine called overlay2. Unlike .iso files, which are often ~4-6GB in size, docker images are usually pretty small (often several megabytes).

The following are some image related commands you should remember:

• docker run -it --rm <image> - Run a docker image with image's default application (likely, the shell)
• docker images - List docker images on your local filesystem
• docker rmi <image> - Delete a docker image from your local filesystem
• docker pull <image> - Pull a docker image from “docker.io” repository
• docker search <image> - Try to find a particular image on docker.io repositories
• docker tag <image1> <image2> - Retag an image e.g. 'ubuntu:latest' to 'my:image' (they refer to the same environment)

Docker containers are particular instances of an image. You run a container with docker run -it --rm <image>. You list containers with docker ps. You