What is Docker?

This software service runs on top of the operating system to creates "virtual containers", each with their own small operating system running on top of the Linux ~~kernel.~~kernel. While we can ~~cut~~ open ports into the container to transmit data, it otherwise operates ~~cut-off~~independently from the host ~~system.~~system – sequestered into its own Kernel namespace for security.

This is ~~a similar to the~~same technology that companies use for hosting their web-based "cloud" services. Containers allow usadministrators to quickly deploy software inon ~~secure,~~nearly ~~isolated~~any ~~environments.~~hardware environment. As ~~you~~your ~~need~~user tobase ~~host most traffic,~~grows, Docker makes it simple to ~~set up~~deploy multiple servers ~~all~~– each running the same ~~services~~software ~~and~~– ~~balance~~so the ~~user~~load ~~load~~can be balanced between these independent systems.

Docker Engine

Docker interfaces directly with the Linux kernel to access the drivers that communicate with your computer's hardware. This enables software to be deployed ~~on another server~~ regardless of the underlying ~~hardware~~hardware. ~~used.~~

The mechanism that virtual containers employ is fundamentally different than a virtual ~~machine,~~machine, ~~but~~an ~~they~~older ~~perform~~technology that performs a similar function.

Virtual machines use a "hypervisor" to emulate the hardware necessary to run its own "guest" kernel and operating system. This happens under the supervision of your "host" operating system and incurs a great deal of computational overhead.

~~Containers~~By comparison, containers share their host operating system's kernel and directly utilize the existing hardware infrastructure. This allows containers to emulate ~~only~~ the ~~minimal~~smallest possible operating system required ~~to support~~for their software.

Developers build a 'container ~~image'~~image' that ~~contain~~contains the complete operating system required for ~~the~~their application. Alpine Linux is the foundation of many Docker containers, requiring only 5mb of storage ~~space.~~space and 120mb of RAM.

These images act as a template to quickly create a containerized operating system that can interface with your hardware through your host operating system. Since Docker ~~has~~can ~~access~~interface towith the kernel, it can share ~~access to devices~~device and ~~files~~file access to individual containers.

~~Docker~~Container ~~Images~~images are "read-~~only"~~only and the files of the image cannot be ~~changed.~~changed – known as "immutable". Any changes you make will be reset once the container is restarted. ~~This makes it extremely easy to update services that have been optimized for Docker. All you need to do is download the latest Docker image and re-start the container using it.~~

In order to keep data in between power cycles, we need to designate storage space for the container.

Docker can ~~be used to:~~automatically create virtual disk drives tied to the container that can be ~~quickly~~ deleted when the container is ~~unused;~~unused. You can also mount a directory from ~~our~~the host computer inside the ~~container;~~container. or For security and speed, you can also create a temporary filesystem in memory that is deleted when the container is stopped.

Docker-optimized applications will often store all of their persistent data within a single directory, commonly called "/app" or "/config". This makes services easy to update services because all you need to do is download the latest Docker image and re-start the container using it.

When creating a container, we can open access to network ports that allow communication with the service you are hosting. For many self-hosted cloud services, this includes aaccess ~~port for~~to the browser-based graphical user ~~interface.~~interface served over HTTP. Services like qBittorrent use ports to communicate with the outside internet through your router. Each application chooses what the functions or purpose for the ports it uses.

These ports can also enable communication between multiple containers – such as an application frontend and it's database.

~~This~~Docker can increase security by allowing your services to communicate behind-the-scenes, inaccessible to access from outside your local computer.

~~Some~~

Modern operating systems have a theoretical maximum of 65,535 ports to be individually allocated for hosted services. While a few are reserved (such as port 80 for HTTP), the majority are freely available for use. As a metaphor, consider how specific telephone numbers are reserved for emergency services, while others are available as residential or business phone numbers. While a computer system may not realistically host that many individual services, it can illustrate the flexibility of modern software.

By leveraging ports, we can access multiple services –hosted ~~like~~from ~~qBittorrent~~the same machine. This is a common practice – ~~use ports~~known as a ~~way~~Docker Stack – that allows you to deploy new containers as well as define the virtual private networks connecting them. Conceptually, a Stack sits a level higher than containers and can consist of several containers that work in tandem.

For example, we could create two stacks for hosting two independent websites. Each stack would have an nginx container allocating sequential ports – such as 3000 and 3001. Additionally, each stack would have MariaDB container for storing web application data. Nginx can communicate with the ~~outside~~MariaDB ~~internet~~container ~~through~~within ~~your~~its ~~network~~Stack, ~~router.~~

but

~~Containers can be controlled like a system service, allowing us to easily start, stop or restart them. Updating software~~it is ~~easy~~completely ~~because~~unaware ~~everything used by~~of the ~~application~~other isMariaDB ~~stored~~container within the ~~container~~second ~~image.~~Stack.

Docker containers are controlled ~~primarily~~ through the ~~terminal.~~terminal, allowing you to easily start, stop and restart them. Similarly, you can connect to the operating system running inside the container to perform tasks and get information.

You can run a docker container from the terminal with one command.

sudo docker run --it -d -p 80:80 --name nginx -v /srv/nginx/:/config scr.io/linuxserver/nginx:latest

This is the basic syntax for creating any Docker container. The command has several important parameters that define how our container is created and then functions. ~~This~~The above command ~~follow~~follows the basic syntax:

sudo [[program]] [[command]] [[parameters]]

Running 'sudo' tells the shell to run the command as Root – or 'super user do'. We are ~~executing~~telling the 'docker' program to 'run' a container with the following parameters:

--it	Keeps the container's shell accessible through the terminal
-d	Runs container in the background
-p	Opens a port on the container, connecting a port from the container to an external port on our host computer. This allows the service to be accessible by other computers on your network.
--name	Name to use for the container
-v	Links a directory or file from our host computer to the container so it can access it.
scr.io/linuxserver/nginx:latest	The Docker image to use for creating the container

~~This is the basic syntax for creating any Docker container.~~ We can check the status of running Docker containers by entering the command:

sudo docker ps

Talk about ports versus interactive terminal. Talk about stacks. Setting up multiple services easily with one port exposed that allows databases to communicate within a secure ecosystem. Show locked icon on individual stacks.

Docker Compose

This Docker Engine add-on ~~that allows you to define and create new containers as well as the virtual networks connecting them. This~~ makes it very easy to quickly pop-up containers using an easy-to-read syntax. Compose uses markup ~~language.~~language known as YAML commonly used as a human-readable format for storing software configuration files.

people:
  person1:
    name: Sally
    age: 32
    interests:
      - "Watching movies"
      - Linux
  person2:
    name: John
    age: 46
    interests:
      - Music
      - "Eating out"

Using the Docker Compose YAML syntax, we can ~~also~~quickly ~~help~~define ~~improve~~a ~~application~~Stack ~~security~~with byone or more containers. This makes it simple to automatically ~~defining~~define private and isolated networks ~~where~~for aneach ~~application~~Stack ~~can~~on ~~securely~~the ~~access~~system. ~~other services behind-the-scenes.~~

services:
  nginx:
    image: lscr.io/linuxserver/nginx:latest
    container_name: nginx
    volumes:
      - /srv/nginx/:/config
    ports:
      - 80:80

This Docker Compose snippet creates the same container as our Docker Engine example ~~above.~~above using ~~YAML~~the ~~follows~~command aline. ~~well-defined~~

~~syntax that focuses on human readability.~~

Portainer, a web application we will be installing, can use Docker Compose to quickly host services using our browser and a graphical interface.