docker run -ti bash encryption xxxx

Use this to run a command in a new container. It suits the situation where you do not have a container running, and you want to create one, start it and then run a process on it.

docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

This is for when you want to run a command in an existing container. This is better if you already have a container running and want to change it or obtain something from it.

docker exec

Docker command line




docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Dockerfile Explanation example.

# A Dockerfile must start with a 'FROM' instruction. The FROM instruction specifies the Base Image from which you are building. 

FROM xxxxxxxxxx/base:14.04.5

# escape=\(backslash) 'sets the character used to escape characters in a Dockerfile. Default is \ (backslash)', Note that escape is not working in RUN command except at the end of a line.

#Kafka 1.0.0 Installation
RUN mkdir -p /usr/share/kafka && \
    curl -Ls '' | \
    tar --strip-components=1 -zx -C /usr/share/kafka/

# Environment variables can also be used in certain instructions as variable to be interpreted by the Dockerfie.
# ENV can be accessed by $variable_name or ${variable_name}
ENV KAFKA_HOME /usr/share/kafka

RUN mkdir -p /var/log/kafka/
RUN chmod -R 777 /var/log/kafka/


#==add additional libs
RUN rm -f $KAFKA_HOME/libs/zookeeper-3*
COPY *.jar $KAFKA_HOME/libs/

ENV DEBIAN_FRONTEND noninteractive
ENV GOROOT /opt/go
ENV GOPATH /root/.go

RUN cd /opt && wget${GOVERSION}.linux-amd64.tar.gz && \
    tar zxf go${GOVERSION}.linux-amd64.tar.gz && rm go${GOVERSION}.linux-amd64.tar.gz && \
    ln -s /opt/go/bin/go /usr/bin/ && \
    mkdir $GOPATH

ENV ARCH=amd64

RUN mkdir -p /tmp/install /tmp/dist \
    && wget -O /tmp/install/node_exporter.tar.gz xxxxxxxx.tar.gz \
    && cd /tmp/install \
    && tar --strip-components=1 -xzf node_exporter.tar.gz \
    && mv node_exporter /bin/node_exporter \
    && rm -rf /tmp/install

# add application user
RUN /usr/sbin/groupadd kafka
RUN /usr/sbin/useradd --gid kafka --home-dir /home/kafka --create-home --shell /bin/bash kafka

COPY supervisord.conf /etc/supervisor

COPY /usr/bin
RUN chmod 755 /usr/bin/

ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]


The FROM instruction initializes a new build stage and sets the Base Image for subsequent instructions.

The ARG is the only instruction that may precede FROM in the Dockerfile.

FROM <image> [AS <name>]
FROM <image>[:<tag>] [AS <name>]
FROM <image>[:<digest>] [AS <name>]

# example for ARG
CMD /code/run-app


The RUN instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be used for the next step in the Dockerfile.

  • RUN <command> (shell form, the command in a shell, which by default is /bin/sh -c on Llinux or cmd /S /C on Windows)
  • RUN ["executable", "param1", "param2"] (exec form)

Example for running (exec form)

RUN ["/bin/bash","-c","echo hello"]


The main purpose of a CMD is to provide defaults for an executable container. There can only be oneCMD instruction in a Dockerfile. If you list more than one CMD then only the last CMD will take effect.

  • CMD ["executable", "param1", "param2"] (exec form, the preferred style)
  • CMD ["param1", "param2"] (used as default parameters to ENTRYPOINT, then we must use ENTRYPOINT as well)
  • CMD command param1 param2(shell form)

When CMD used in the shell or exec form, the CMD instruction sets the command to be executed when running the image.


EXPOSE <port> [<port>/<protocol>]

The EXPOSE instruction informs Docker that the container listens on the specific network ports at run time, but this instruction does not really publish the port but instead a documentation for the docker run -P instruction to map the exposed ports.

EXPOSE 80/tcp
EXPOSE 80/upd

Regardless the EXPOSE setting, we can override them at runtime by using the -p

docker run -p 80:80/tcp -p 80:80/udp  


ENV <key> <value>
ENV <key>=<value> ...

**The Env instruction could allow the to be used with in the environment for all subsequent instruction in the build stage and can be replaced inline in many as well.**

#### ADD

ADD [--chown=<user>:<group>] <src>... <dest>
ADD [--chown=<user>:<group>] ["<src>",... "dst"](this form is required for paths containing whitespace)

The ADD instruction copies new files, directories or remote file URLs from to the , where will be the **` the filesystem of the image at the path . `**

ADD hom* /mydir/        # adds all files starting with "hom"
ADD hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"


COPY [--chown=<user>:<group>] <src>... <dest>
COPY [--chown=<user>:<group>] ["<src>",... "dst"](this form is required for paths containing whitespace)

The COPY instruction copies new files, directories or remote file URLs from to the , where will be the **` the filesystem of the container at the path . `**

COPY obeys the following rules:

  • The src path must be inside the context of the build; we are not allowed to COPY ../something/something, because the first step of a docker build is to send the context directory (and subdirectories) to the docker daemon.
  • If <src> is a directory, the entire contents(not including the directory itself) of the directory are copied, including filesystem metadata.


an ENTRYPOINT allows you to configure a container that will run as an executable.(executable = an executable program)

ENTRYPOINT ["executable", "param1", "param2"](execform, perferred)
ENTRYPOINT command param1 param2(shell form)
  • Command line arguments to docker run <image> will be appended after all elements in an exec form ENTRYPOINT, and will override all elements specified using CMD.
  • The shell form prevents any CMD or run command line arguments from being used, but has the disadvantage that your ENTRYPOINTwill be run as a subcommand of /bin/sh -c

Only the last ENTRYPOINT instruction in the Dockerfile will have an effect

The table to illustrate the between ENTRYPOINT & CMD :

  No ENTRYPOINT ENTRYPOINT shell_cmd shell-p1 ENTRYPOINT[“exec_cmd”,”exec_p1”]
No CMD error, not allowed /bin/sh -c shell_cmd shell_p1 exec_cmd exec_p1
CMD [“exec_cmd”,”p1_cmd”] exec_cmd p1_cmd /bin/sh -c shell_cmd shell-p1 exec_cmd exec_p1 exec_cmd p1_cmd
CMD [“p1_cmd”,”p2_cmd”] p1_cmd p2_cmd /bin/sh -c shell_cmd shell_p1 exec_cmd exec_p1 p1_cmd p2_cmd
CMD exec_cmd p1_cmd /bin/sh -c exec_cmd p1_cmd /bin/sh -c shell_cmd shell_p1 exec_cmd exec_p1 exec_cmd p1_cmd


VOLUME ["/data"]

The VOLUME instruction creates a mount point with the specified name and marks it as holding externally mounted volumes form native host or other containers.


USER <user>[:<group>]

The USER instruction sets the user name (or UID) and optionally the user group(or GID) for running the image and for any RUN, CMD, ENTRYPOINT that follow it in the Dockerfile

USER admin:rootgroup
RUN cd /usr/


WORKDIR /path/to/workdir

The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, and ADD instruction that follow it in the Docker file.

If the directory doesn’t exist, then the directory will be created.

ENV DIRTPATH /home/jiayong
RUN pwd

we would get the output /home/jiayong


ARG <name>[=<defalut value>]

The ARG instruction defines a variable that users can pass at build-time to the builder with the docker build command using the --build-arg <varname>=<value> flag.


SHELL ["executable","parameters"]

The SHELL instruction allows the default shell used for the shell form of command to be overwritten.

# set up the default bash to /bin/sh -c 
SHELL ["/bin/sh", "-c"]
# SHELL can be called multiple times, and affect all the following lines.


Docker Offical Doc



Leave a Comment