Docker Core Concepts

Images, containers, volumes, networks, and Dockerfile

Core Concepts

Image — read-only template with app code, runtime, and dependencies. Built from Dockerfile.
Container — running instance of an image. Isolated, ephemeral, reproducible.
Volume — persistent storage that outlives containers. Data survives restarts.
Network — isolated communication between containers. Containers on same network resolve by name.

dockerfile

# Multi-stage build
FROM node:20-alpine AS builder
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci && npm cache clean --force
COPY . .
RUN npm run build

# Production stage — smaller image
FROM node:20-alpine AS runner
WORKDIR /app
RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 appuser
COPY --from=builder --chown=appuser:nodejs /app/dist ./dist
COPY --from=builder --chown=appuser:nodejs /app/node_modules ./node_modules
USER appuser
EXPOSE 3000
CMD ["node", "dist/index.js"]

Docker Commands

bash

# Build & Run
docker build -t myapp:latest .
docker run -d -p 3000:3000 --name myapp myapp:latest

# Container management
docker ps                          # running containers
docker ps -a                       # all containers
docker logs -f myapp               # follow logs
docker exec -it myapp /bin/sh      # shell into container
docker stop myapp && docker rm myapp

# Images & cleanup
docker images                      # list images
docker system prune -a             # clean everything

# Docker Compose
docker compose up -d               # start all services
docker compose down                # stop and remove
docker compose logs -f app         # follow app logs
docker compose exec app sh         # shell into app

💬 Why multi-stage builds?

Multi-stage builds create smaller production images. Build stage has dev dependencies (compilers, build tools). Production stage copies only the compiled output. Results in images that are 10-50x smaller and more secure.