Protect the Docker daemon socket By default, Docker runs via a non-networked Unix socket. It can also optionally communicate using an HTTP socket. If you need Docker to be reachable via the network in a safe manner, you can enable TLS by specifying the tlsverify flag and pointing Docker’s tlscacert flag to a trusted CA certificate. In the daemon mode, it will only allow connections from clients authenticated by a certificate signed by that CA. In the client mode, it will only connect to servers

Automatically start containers As of Docker 1.2, restart policies are the built-in Docker mechanism for restarting containers when they exit. If set, restart policies will be used when the Docker daemon starts up, as typically happens after a system boot. Restart policies will ensure that linked containers are started in the correct order. If restart policies don’t suit your needs (i.e., you have non-Docker processes that depend on Docker containers), you can use a process manager like upstart,

Engine network driver plugins Docker Engine network plugins enable Engine deployments to be extended to support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN or something completely different. Network driver plugins are supported via the LibNetwork project. Each plugin is implemented as a “remote driver” for LibNetwork, which shares plugin infrastructure with Engine. Effectively, network driver plugins are activated in the same way as other plugins, and use the same ki

Installation from binaries This instruction set is meant for hackers who want to try out Docker on a variety of environments. Before following these directions, you should really check if a packaged version of Docker is already available for your distribution. We have packages for many distributions, and more keep showing up all the time! Check runtime dependencies To run properly, docker needs the following software to be installed at runtime: iptables version 1.4 or later Git version 1.7 or l

Link environment variables reference Note: Environment variables are no longer the recommended method for connecting to linked services. Instead, you should use the link name (by default, the name of the linked service) as the hostname to connect to. See the docker-compose.yml documentation for details. Environment variables will only be populated if you’re using the legacy version 1 Compose file format. Compose uses Docker links to expose services’ containers to one another. Each linked cont

load Usage: docker load [OPTIONS] Load an image from a tar archive or STDIN --help Print usage -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz -q, --quiet Suppress the load output. Without this option, a progress bar is displayed. Loads a tarred repository from a file or the standard input stream. Restores both images and tags. $ docker images REPOSITORY TAG IMAGE ID

Driver options and operating system defaults When Docker Machine provisions containers on local network provider or with a remote, cloud provider such as Amazon Web Services, you must define both the driver for your provider and a base operating system. There are over 10 supported drivers and a generic driver for adding machines for other providers. Each driver has a set of options specific to that provider. These options provide information to machine such as connection credentials, ports, and

Migrate from Boot2Docker to Docker Machine If you were using Boot2Docker previously, you have a pre-existing Docker boot2docker-vm VM on your local system. To allow Docker Machine to manage this older VM, you must migrate it. Open a terminal or the Docker CLI on your system. Type the following command. $ docker-machine create -d virtualbox --virtualbox-import-boot2docker-vm boot2docker-vm docker-vm Use the docker-machine command to interact with the migrated VM. Subcommand comparison The d

Docker and Btrfs in practice Btrfs is a next generation copy-on-write filesystem that supports many advanced storage technologies that make it a good fit for Docker. Btrfs is included in the mainline Linux kernel and its on-disk-format is now considered stable. However, many of its features are still under heavy development and users should consider it a fast-moving target. Docker’s btrfs storage driver leverages many Btrfs features for image and container management. Among these features are t

Swarm Rescheduling You can set recheduling policies with Docker Swarm. A rescheduling policy determines what the Swarm scheduler does for containers when the nodes they are running on fail. Rescheduling policies You set the reschedule policy when you start a container. You can do this with the reschedule environment variable or the com.docker.swarm.reschedule-policies label. If you don’t specify a policy, the default rescheduling policy is off which means that Swarm does not restart a container