Dockerfile introduction to violence

Docker last: Docker introduction to violence
Docker next: Docker network


What is it?

Dockerfile The text file used to build the Docker image is a script composed of instructions and parameters required to build the image one by one.

Writing steps

graph LR; A[write Dockerfile] B[docker build command build] C[docker run image run container instance] a -- > B -- > C

Execution process

graph TD; A[docker runs a container from the basic image] b[executes an instruction and modifies the container] c[executes an operation similar to docker commit and submits a new image layer] D[docker then runs a new container based on the just submitted image] E[executes the next instruction in the dockerfile until all instructions are executed] a -- > B -- > C -- > D -- > E

Common commands


FROM: basic image, that is, the image on which the current image is based. The first item must be FROM
MAINTAINER: name and email address of image MAINTAINER
Export: the port exposed by the current container
WORKDIR: Specifies the working directory in which the terminal logs in by default after the container is created
USER: Specifies the USER to execute the image. If not specified, the default is root (generally not specified)
VOLUME: container data VOLUME, used for data storage and persistence


There are two formats of commands that need to be run during container construction, namely shell format and exec format.

RUN yum install -y vim
RUN ["yum", "install", "-y", "vim"]

RUN runs when docker build s


Used to set environment variables during image construction
The set environment variables can be used in subsequent instructions, for example:

ENV MY_PATH /usr/my_path


ADD: copy the files in the host directory into the image (automatically process URL and tar compressed package)
COPY: similar to ADD, but only a simple COPY


Specify the command to execute after the container is started

  • Support shell format and exec format
  • After specifying the ENTRYPOINT instruction, specify the specific parameters with CMD.

be careful:

  • Multiple CMD instructions can be specified, but only the last one takes effect. CMD will be replaced by parameters after docker run

For example:

# The last line of tomcat is CMD ["", "run"]
# If you execute the following command, the tomcat service will not start normally
docker run -it -p 8080:8080 tomcat /bin/bash

The difference between the CMD command and the RUN command: the CMD command is RUN when docker run s, and the RUN command is RUN when docker build s


Like CMD, it is used to specify the commands to be executed when a container runs, but the difference is that ENTRYPOINT will not be overwritten by the commands after docker run.
It is usually used in conjunction with CMD command. When CMD is after the ENTRYPOINT command, CMD is used to pass parameters to ENTRYPOINT.
For example, build nginx:test image:

FROM nginx

ENTRYPOINT ["nginx", "-c"]
CMD ["/etc/nginx/nginx.conf"]

Specified equivalent effect:

docker run nginx:test # nginx -c /etc/nginx/nginx.conf
docler run nginx:test /etc/nginx/new.conf # nginx -c /etc/nginx/new.conf


Build centos7 with ssh login

mkdir centos7_ssh
cd centos7_ssh
vim Dockerfile

Dockerfile contents are as follows:

# Based on which image
FROM centos:7

# author
MAINTAINER zhinushannan<>

# Setting environment variables

# Configure ssh login:
# Install openssh server, openssh clients, net tools
# Set the password of the root account
# Generate ssh key
RUN yum install -y openssh-server penssh-clients net-tools && \
    echo $ROOT_PASSWORD | passwd --stdin root && \
    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

# Configure Python environment
RUN yum install -y zlib-devel openssl-devel libffi-devel gcc make wget && \
    cd /root/ && wget$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz && \
    tar -xf /root/Python-$PYTHON_VERSION.tar.xz && rm -rf /root/Python-$PYTHON_VERSION.tar.xz && \
    cd /root/Python-$PYTHON_VERSION && ./configure && make && make install && rm -rf /root/Python-$PYTHON_VERSION

# After installing thefuck tool and starting the container, it needs to be executed in turn to take effect: fuck, source ~ / bashrc, fuck, source ~/.bashrc
RUN pip3 install thefuck -i $PIP_MIRROR_URL --trusted-host $PIP_MIRROR_HOST && \
    echo -e "\n\n# thefuck\reval \"\$(thefuck --alias fuck)\"" >> /etc/profile

# When the container starts, start the sshd service
CMD ["/usr/sbin/sshd", "-D"]

# Listen on port 22
docker build -t centos_ssh:7 .  # structure
docker run -d -p 9000:22 centos_ssh:7  # start-up
ssh root@ -p 9000  # ssh login, where the ip should be the ip of the machine
ssh-keygen -f "/home/zhinushannan/.ssh/known_hosts" -R "[]:9000"  # After deleting the container, the corresponding signature should be deleted

Suspended mirror image

Both REPOSITORY and TAG are images of <none>.
View the suspended image: docker images -f dangling=true
Remove all suspended images: docker image prune

Docker last: Docker introduction to violence
Docker next: Docker network

Tags: Java Linux Docker Operation & Maintenance Container

Posted by vitalyb on Wed, 10 Aug 2022 02:46:21 +0930