⚠️ Note: Auto-translated Article
This page was generated by AI-assisted automatic translation from the original Japanese article.

Overview

I’m using Docker more and more, both at work and for home server builds, so here are my personal notes. This covers Docker Engine CE (Community Edition) — the free, CLI-based version — not the paid Docker Desktop. I plan to add to this article whenever I feel like it.

Installation

RHEL / Rocky / Alma Linux

# Register dnf repository
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
# Install packages
dnf install -y docker-ce docker-compose-plugin

CentOS Stream

※ As of 2025-01-07, a CentOS Stream 10 version was already available

# Register dnf repository
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# Install packages
dnf install -y docker-ce docker-compose-plugin

Ubuntu

apt update
apt install -y ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
# install Docker packages
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Configuring Bridge Network Address Allocation

By default, dockerd automatically reserves a wide range like 172.17.0.0/16 as a bridge, picking a segment that doesn’t appear to be in use locally. With fully automatic allocation, it can collide with other segments inside a corporate network, causing the scenario where “the server became unreachable the instant a Docker container was started on a remote VM.”

To prevent this, define the allocation range for Docker bridge networks in advance.

Example:

  • Allocate in /24 units from 172.29.0.0/24 to 172.29.255.0/24
    • Choose a private address range you will absolutely never use
  • The default docker0 bridge will be 172.29.0.0/24
cat <<'__EOT__' >/etc/docker/daemon.json
{
    "default-address-pools":[
        {
            "base":"172.29.0.0/16",
            "size":24
        }
    ]
}
__EOT__
systemd restart docker.service

With this, even if docker compose adds new bridges, they will never fall outside this range.

List All Containers (Running and Stopped)

docker container ls -a

Example output

CONTAINER ID   IMAGE                             COMMAND                  CREATED       STATUS                   PORTS                                     NAMES
00b0c16ce586   powerdnsadmin/pda-legacy:latest   "entrypoint.sh gunic…"   7 weeks ago   Up 8 days (healthy)      0.0.0.0:9191->80/tcp, [::]:9191->80/tcp   infallible_mendeleev
d662d485fe03   powerdnsadmin/pda-legacy:latest   "entrypoint.sh gunic…"   7 weeks ago   Exited (0) 7 weeks ago                                             unruffled_allen

Show Container Status and Auto-Start Policy

To have dockerd automatically start containers on restart, you need to set the --restart flag when starting each container.

There’s no straightforward way to check the flag for all running containers at once, so use the bash one-liner below. Install jq beforehand since it’s needed to parse JSON responses.

Install jq (dnf example)

dnf install -y jq

docker container status one-liner

sudo docker inspect -f json $(sudo docker ps -a -q) | jq --raw-output '(["ContainerId","ContainerName","Image","State","RestartPolicy"]| (., map(length*"-"))), (.[] | [.Config.Hostname,.Name,.Config.Image,.State.Status,.HostConfig.RestartPolicy.Name]) | @tsv' | column -ts $'\t'

Example output

ContainerId   ContainerName          Image                            State    RestartPolicy
-----------   -------------          -----                            -----    -------------
00b0c16ce586  /infallible_mendeleev  powerdnsadmin/pda-legacy:latest  running  always
d662d485fe03  /unruffled_allen       powerdnsadmin/pda-legacy:latest  exited   no

Docker Cleanup

As you swap and retry containers, memory and disk accumulate garbage.

Check Status

Container resource usage

docker system df

Example output

TYPE            TOTAL     ACTIVE    SIZE      RECLAIMABLE
Images          1         1         218MB     0B (0%)
Containers      2         1         0B        0B
Local Volumes   1         1         331.7MB   0B (0%)
Build Cache     0         0         0B        0B

List of bridges used by containers

docker network ls

Example output

NETWORK ID     NAME      DRIVER    SCOPE
579ed13faf46   bridge    bridge    local
066f87a2cd1c   host      host      local
1b669453f07e   none      null      local

To remove all resources consumed by Docker:

# Stop all containers
docker stop $(docker ps -aq)
# Remove all containers
docker rm $(docker ps -aq)
# Remove all images
docker rmi $(docker images -q)
# Remove volumes
docker volume rm $(docker volume ls -qf dangling=true)
# Remove build cache
docker builder prune -f
# Remove network bridges
docker network prune -f

When done, verify again with docker system df and docker network ls.

References

Notes

  • The official Docker Engine CLI docs are hard to follow, so I usually end up searching Japanese articles — and depending on when they were written, the instructions are often outdated.
  • I decided to start collecting here the things I’ve personally tested and confirmed to work.