From Network Security Wiki


  • Docker Components:
- Image: Content at rest, Not the full OS, but just the basic environment
- Container: Running Image
- Engine: Software that executes commands for containers. Networking & Volumes are part of Engine.
- Registry: Stores, Distributes & Manages docker images.
- Control Plane: Management Plane for Container & Cluster Orchestration.
  • Container Orchestration:
- Docker Swarm
- Kubernetes
- Mesos Marathon
- Cloud Foundry Diego
- Amazon ECS
- Azure Container Service



sudo apt-get update
sudo apt-key adv --keyserver hkp:// --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo apt-add-repository 'deb ubuntu-xenial main'
sudo apt-get update

It should download from repository:

apt-cache policy docker-engine
sudo apt-get install -y docker-engine
sudo systemctl status docker
sudo usermod -aG docker $(whoami)
sudo usermod -aG docker aman
docker info

Testing Docker

docker run hello-world
docker search ubuntu

Removing Images

Find out the Image ID:

docker images

Delete the Image:

docker rmi -f d9790ed1a768

To view all containers — active and inactive:

docker ps -a

Stopping a running or active container:

docker stop <container-id>

Removing a Container:

docker rm <container-id>

Delete all containers:

docker rm $(docker ps -a -q)

Delete all images:

docker rmi $(docker images -q)

Force delete all images (even with linked containers):

docker rmi $(docker images -q) --force

Remove all stopped containers, unused volumes, unused networks, all images without at least one container associated to them:

docker system prune -a -f

Installing MediaWiki

docker search mediawiki
docker run -d --name=mediawiki -p 80:80 linuxconfig/mediawiki
docker ps

Running same container again on next reboot

docker start mediawiki
Databases Credentials

Default Mysql credentials are:


Use the following command to update or reset MariaDB user password. The below command will set a new admin user password:

docker exec -it mediawiki mysqladmin -uadmin -ppass password abc123

To create a new database eg. mediawiki2 enter:

docker exec -it mediawiki mysqladmin -uadmin -ppass create mediawiki2

Use the below command to copy the LocalSetting.php file from host to Docker:

docker cp LocalSettings.php mediawiki:/var/www/html/LocalSettings.php



Create nginx root directory:

mkdir -p ~/docker-nginx/html
cd ~/docker-nginx/html
nano index.html

Paste below contents into this file

<body style="background-color:green">
    <title>Green Site - Docker </title>
    <div class="container">
      <h1>      GREEN WEBSITE</h1>
      <p>       This is GREEN Website.</p>
      <p>       Its color is also GREEN.</p>

Install nginx image for docker

docker search nginx

Run nginx docker image with auto Restart on reboot option

docker run --name nginx -p 80:80 -d -v ~/docker/nginx/html:/usr/share/nginx/html --restart unless-stopped nginx

Docker currently has four restart policies[1]:

Multiple Instances

Create copies of root directory for different servers:

cp -r ~/docker/nginx/ ~/docker/nginx8080/
cp -r ~/docker/nginx/ ~/docker/nginx8081/
cp -r ~/docker/nginx/ ~/docker/nginx8082/
cp -r ~/docker/nginx/ ~/docker/nginx8083/

Edit the Index.html file to reflect different content by editing the html code.

Start different instances of nginx to start with different ports & root directories:

docker run --name nginx8081 -p 8081:80 -d -v ~/docker/nginx8081/html:/usr/share/nginx/html nginx
docker run --name nginx8082 -p 8082:80 -d -v ~/docker/nginx8082/html:/usr/share/nginx/html nginx
docker run --name nginx8083 -p 8083:80 -d -v ~/docker/nginx8083/html:/usr/share/nginx/html nginx
docker run --name nginx8084 -p 8084:80 -d -v ~/docker/nginx8084/html:/usr/share/nginx/html nginx

Nginx instances should now be available using below links:

Changing port or running custom config

Copy the nginx file from docker file system to local filesystem:

sudo docker cp nginx:/etc/nginx/conf.d/default.conf /home/aman/docker/default.conf

Edit the config file to change the listening port to 8000:

nano default.conf

Now start the docker container with the new port:

docker run --name docker-nginx -p 8081:8000 -v ~/docker/nginx8081/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf -d nginx
Running multiple instances with custom ports & autostart on bootup
 docker run --name nginx8081 -p 8081:8000 -d -v ~/docker/nginx8081/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8082 -p 8082:8000 -d -v ~/docker/nginx8082/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8083 -p 8083:8000 -d -v ~/docker/nginx8083/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx
 docker run --name nginx8084 -p 8084:8000 -d -v ~/docker/nginx8084/html:/usr/share/nginx/html -v ~/docker/default.conf:/etc/nginx/conf.d/default.conf --restart unless-stopped nginx


Downloading and installing image first time

docker pull lucaderi/ntopng-docker
docker run --net=host --name ntopng -t -i lucaderi/ntopng-docker ntopng -v

Let it run for few minutes.
Now press Control+C keys to terminate the process.
Now to start it type the below command:

docker start ntopng



Create a VM with atleast 1.5 GB RAM Boot the following ISO file:

Perform basic networking using below commands:

sudo ifconfig eth0 inet netmask broadcast
sudo route add default gw
sudo vi /etc/resolv.conf

Check Internet connectivity


Install RancherOS

sudo ros install -d /dev/xvda

Set the persistent networking:

sudo vi /etc/networking/interfaces

Install Linux-dash, a minimal low-overhead web dashboard for monitoring Linux servers

sudo system-docker run -d --net=host --name busydash husseingalal/busydash

WebUI Access:


Default password is blank for user 'rancher'. Change it for SSH login:


SSH Login:


Docker Packet Captures

docker exec -it 428947239426349 tcpdump -N -A 'port 80' -w capture.pcap


{{#widget:DISQUS |id=networkm |uniqid=Docker |url= }}