Docker Hub, Commands, and Security Guide for Beginners

Overview of DockerHub

 It enables you to work on the existing picture and then share and circulate your own image within your group or any other developer using the repositories. There are also a variety of trusted images available in Docker hub that have been checked against quality and security standards.

Docker Basic Commands

It is essential to know the basic Docker commands in order to manage containers. With these commands, you are enabled to use Docker images and containers, ranging through searching and pulling images to creation and manipulation of containers.

Identifying and executing Ready-Made Images

First of all, you may discover pre-built images in Docker Hub, Docker Desktop Dashboard, or through a command-line interface (CLI).

Searching using Docker Hub explore page: Searching on Docker Hub explore page allows you to browse by catalog or category or search using the search option to get relevant results quickly. You may filter the results, e.g. by choosing the option Docker Official Image so that you get only high-quality and secure images. After clicking on an image, the page opens that gives information on how to use the image, especially the command to pull the image.

Searching through Docker Desktop Dashboard: By using the Docker Desktop Dashboard, choose the Docker Hub view to view/search the content. You are able to use filters, i.e. either Docker Official Image or Web Servers to narrow down the results of the search.

Searching using CLI: You can search using CLI by opening a terminal and using the docker search command to search images. To take an example, docker search --filter is-official=true nginx will search official Nginx images. As opposed to the web interfaces, category browsing is not available in the docker search command.

After you have identified an image, you can go ahead and pull the representation in your device either through the CLI and Docker desktop dashboard.

Running through Docker Desktop Dashboard: Choose the image (e.g. Nginx) you want to run in the Docker Hub perspective and press the button with a play icon on the left side of the image. When the image is not in your device, it will be automatically retrieved in Docker Hub. It is possible to state run options, e.g. port on the host (e.g. 8080). Once the container is running, it is possible to access the server by using the given link or by opening https://localhost:8080 in the web browser. The container is stopped by choosing the Stop button.

Running through CLI: run docker run command in your terminal. e.g. docker run -p 8080:80 --rm nginx will pull and start the Nginx image and port-map port 8080 on your host with port 80 inside the container. This instruction will download the image automatically in case it is not locally. Then you may go to https://localhost:8080 to see that the container is working. Pressing Ctrl+C in the terminal imposes a stop to the container. It enables you to easily spin up a web server without having to install and configure any servers by hand, using the predefined images created on Docker Hub to easily spin up an application and get it deployed and started within a short time.

Pushing and Constructing Custom Images

You also have the ability to build your personalized images by extending those already available in Docker Hub.

Closure of Dockerfile: A Dockerfile is a text document that contains the instructions used to create a Docker image. To take an example, you may develop a plain Dockerfile that extends the Nginx image and provides a customer Hello world page:

dockerfile

FROM nginx

RUN echo "<h1>Hello world of Docker</h1>" >> /usr/share/nginx/html/index.html

Constructing Your Image: The docker build command to make your image. copy This command will tag your image against a push to the Docker Hub.

Before pushing Test Your Image: First test your custom image locally with docker run -p 8080:80 --rm <YOUR-USERNAME>/nginx-custom. Go to https://localhost:8080 in your browser to make sure that your custom page is shown. Ctrl C to halt the container.

The pushing should happen on Docker Hub: Log in to Docker Desktop. Rank with docker push command to load your image: docker push <YOUR-USERNAME>/nginx-custom. The format of this command will automatically create the repository on Docker Hub, in case it was not created yet.

Accessing Your Repository: You may access your newly pushed repository on Docker Hub by signing in and going to your Repositories page, or, using the Docker Desktop interface and going to the image list in the "Images" view and then to the "Hub repositories" tab.

Additional Vital Commands

docker pull [image_name]: Pulls an image on the local system to display the image in the Docker Hub.

docker images: Displays all the Docker reductions that are available in your local computer.

docker ps: Shows all the currently running docker containers. With the -a flag (docker ps -a) all containers including exited one are displayed.

docker stop [container_id/name]: Stop start

docker rm [container_id/name]: Deletes one or more containers that are stopped. With docker run, the container ends up being deleted once it is exited using the --rm flag.

docker rmi [image_id]: Removes a docker image on your local computer.

docker network ls: Checks the list of the Docker networks in your system.

docker network inspect [network_name]: Gives detailed information of a particular Docker network, including the container names and IP addresses.

Best practices in security by Docker

How to secure your Docker environment is a complex exercise that includes the host OS, container images as well as the runtime.

Host Operating System Protection

Your security is the health of Docker environment starting with the bottom most layer of infrastructure; because a vulnerable host OS may interfere with the operation of all processes including the container run time.

Secure OS selection: Select container specific operating systems such as Bottlerocket offered by AWS where security is built-in, such as enablement of SELinux, automatic security features updates, and hardening of images. When a general-purpose OS is used, it is advisable to handle the security features separately, services should be avoided when not required and a frequent scan should be performed to detect any vulnerabilities.

OS Vulnerabilities and Updates: Unify procedures concerning the authentication of the versions and elements of the base OS. Search and use updates regularly to protect vulnerabilities, and make the host OS immutable, keeping the attack surface to a minimum. It is also very important to keep the Docker run-time engine regularly update with the latest fixes.

User Access Rights: All direct OS authentication is to be audited and logged. Provide access to only relevant users and setting up keys to remote login and setting firewalls. The Docker daemon also needs privileges of the user root; most emphatically users should be added to have the privileges of the group docker only when they are trusted and require privileges.

Host File System: Start containers with as few file system privileges as possible. Sensitive host directories that include the OS configuration settings should not be mounted to give the attackers easy access to the whole system.

Audit Considerations: Audit container daemon actions and those files and directories that are associated with Docker such as /var/lib/docker, docker.service, and /etc/docker/daemon.json.

Docker Image Security

Important is learning what is in your Docker container images prior to deployment.

Continuous Approach: make building and testing images automated. Engage tools that help identify weaknesses and issue of configuration, deploying them into your CI/CD pipeline. It will guarantee that images are cleared on policies prior to moving into production.

Image Vulnerabilities: Scan all of your images layers to known vulnerabilities in OS and non-OS packages. Another step is to use tools that will identify new vulnerabilities and warn about them to developers to help them fix them in time.

Policy Enforcement: : develop and enforce rules of policy using vulnerability severity values (e.g., halting builds when an image has vulnerable packages with severity values greater than medium).

Make User of the Container Image: It is recommended to run containers in non root user where possible, which is specified using the USER command in Dockerfile.

Use Trusted Base Images: Base the container images on options that are both distributed and well established and trusted, and downloaded over secure channels. Official Docker images are maintained and streamlined by either Docker community or vendors. Minimise the attack surface by using minimalistic base images.

Avoid installing unnecessary packages: Reduce the size of a container, and reduce its attack surface by only installing packages used by the container.

Add HEALTHCHECK Directive: HEALTHCHECK directive should be added to Dockerfiles so that Docker could tell whether a state of a container is normal or not, and then exit unhealthy containers and restart new ones.

Prefer COPY to ADD: Use the COPY instruction to copy files in the local host rather than ADD which has the risk of retrieving malicious packages through remote URLs.

Never Store Secrets in Dockerfiles: Just Never store secrets in container images. There should be an external storage of secrets in order to offer them as dynamic at run-time.

Install Verified Packages: Download and install packages only from the sources that can be trusted, verify them.

Docker Uncodemy

Uncodemy has some useful courses that would allow naive individuals to learn the Hub Docker, commands, and security.

DevOps certification course in Noida: The course entails; Introduction to Docker, Introduction to Docker commands practical, working with containers, introduction to Docker HUB, Docker Demo, Docker Compose, and Port. This is an all-round guide that will enable a novice to experience Docker practically.

Learn Docker Commands with Examples: This free tutorial covers various Docker commands such as docker ps, images, and volumes. These courses are designed to provide practical knowledge and skills for navigating the Docker ecosystem effectively.