When we want to mount a volume inside a container, there serveral scenes:
- common config files
- some logs we want to keep in host
- database directory
- other black magic, like socket, or pid file
You may notice that when a container is stopped, the volume strategy will allow us to run a container do the same thing in the same environment.
There is the offical document in Docker volume:
# Mount local /tmp dirctory to contaier /home/corvo/tmp
You may not worry about the directory not exist, Docker will create it for you.
There are some methods to let the container to listen to a port in the host. Port forwarding is one of them. when we create a new container, and we want to forward 80 in container to 10080 in host, we can use the following command:
$ docker run \
Host network and process
I’d like to introduce the
-pid host in this section.
-net hostwill share the host’s network stack and all interfaces from the host will be available to the container. You can use 127.0.0.1 to access the service in the host.
--pid hostwill use the host’s PID namespace inside the container. It means you can use
ps -auxto display all process in the host.
These two arguments give the ability that container could communicate with the host machine. It’s powerful, but prone to some security issues. Once the hacker enter the container, he or she could manipulate the whole machine.
A simple server should never use these functions. There are several scenarios where we need them, and I will give examples later in other blogs.
This flag will tell the docker daemeon how the container should or should not be restarted on exit.
Docker supports the following restart policies:
I prefer to use
This policy will ensure that the container is runing even if I restart the docker daemon or the machine,
which makes docker very useful in development.