# Assignment 4 – Docker

**Graduate tasks are marked “CS 647 Only”**

### 1.0 Install Docker Engine

Install Docker CE from the official repository. You do not need to set up sudo-less access.

In [2]:
# verification
sudo docker --version

Docker version 28.1.1, build 4eba377


### 1.1 Pull and List a Base Image

Pull **`debian:latest`** and verify it appears in the local image list.


In [3]:
# YOUR COMMAND HERE
sudo docker pull debian:latest

latest: Pulling from library/debian

[1BDigest: sha256:264982ff4d18000fa74540837e2c43ca5137a53a83f8f62c7b3803c0f0bdcd56
Status: Downloaded newer image for debian:latest
docker.io/library/debian:latest


In [5]:
# verification
sudo docker images

REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
debian       latest    b2ab84c007fe   2 days ago   117MB


### 1.2 Inspect Image Metadata

Display the operating system and architecture of the `debian:latest` image.


In [7]:
# YOUR COMMAND HERE
sudo docker image inspect debian:latest --format='OS: {{.Os}}, Arch: {{.Architecture}}'


OS: linux, Arch: amd64


### 1.3 Run a Container

Run a container from `debian:latest` that prints **`Hello from Docker`**:

```bash
/bin/echo "Hello from Docker"
```


In [8]:
# YOUR COMMAND HERE
sudo docker run debian:latest /bin/echo "Hello from Docker"


Hello from Docker


### 1.4 Build a Custom Nginx Image

Create a file **`index.html`** whose contents are exactly:

```
Hello from a custom container
```

Write a **`Dockerfile`** that:

1. Uses **`nginx:latest`** as the base image.  
2. Copies `index.html` into `/usr/share/nginx/html/index.html`.

Build the image and tag it **`nginx:cs447`**.


In [11]:
# YOUR COMMAND(S) HERE
# You can use the terminal to create the files,
# but your docker build command should be in here.
sudo docker build -t nginx:cs447 /home/alyssaaragon/nginx-custom


[1A[1B[0G[?25l[+] Building 0.0s (0/1)                                          docker:default
[?25h[1A[0G[?25l[+] Building 0.2s (1/2)                                          docker:default
[34m => [internal] load build definition from Dockerfile                       0.0s
[0m[34m => => transferring dockerfile: 104B                                       0.0s
[0m => [internal] load metadata for docker.io/library/nginx:latest            0.2s
[?25h[1A[1A[1A[1A[0G[?25l[+] Building 0.4s (1/2)                                          docker:default
[34m => [internal] load build definition from Dockerfile                       0.0s
[0m[34m => => transferring dockerfile: 104B                                       0.0s
[0m => [internal] load metadata for docker.io/library/nginx:latest            0.3s
[?25h[1A[1A[1A[1A[0G[?25l[+] Building 0.5s (1/2)                                          docker:default
[34m => [internal] load build definition from Dockerfile     

In [12]:
# verification
sudo docker images | grep nginx | head

nginx        cs447     26491bd6e451   38 seconds ago   192MB


### 1.5 Run the Custom Image on Host Port 8080

In [13]:
# YOUR COMMAND HERE
sudo docker run -d -p 8080:80 nginx:cs447


3112b1ed0f645d89ec2d804d5bece7a5686ad95673733305c03f4e690cbe7125


In [14]:
# verification
curl -s http://localhost:8080 | head

Hello from a custom container


### 1.6 Bind‑Mount a Persistent Host Directory

1. Create **`/opt/dockerdata`** on the host.  
2. Add a file `host.txt` containing `hostfile`.  
3. Run a one‑off Debian container that bind‑mounts `/opt/dockerdata` to `/data` and writes `container.txt` with `containerfile` inside the mount.


In [15]:
# YOUR COMMANDS HERE
# You can use the terminal to create the files,
# but your docker run command should be in here.
sudo docker run --rm -v /opt/dockerdata:/data debian:latest /bin/bash -c "echo 'containerfile' > /data/container.txt"


In [16]:
# verification
ls -l /opt/dockerdata

total 8
-rw-r--r-- 1 root root 14 Apr 30 09:41 container.txt
-rw-r--r-- 1 root root  9 Apr 30 09:40 host.txt


### 1.7 Create and Use a **Named Volume**

Docker named volumes are convenient for persisting data without hard‑coding a host path.

1. Create a volume called **`cs447_data`**.  
2. Run a one‑off container that mounts this volume at `/data` and writes a file `inside.txt` containing `namedvolume`.  
3. Inspect the volume from the host to confirm it exists.

In [17]:
# YOUR COMMANDS HERE
sudo docker volume create cs447_data
sudo docker run --rm -v cs447_data:/data debian:latest /bin/bash -c "echo 'namedvolume' > /data/inside.txt"
sudo docker volume inspect cs447_data


cs447_data
[
    {
        "CreatedAt": "2025-04-30T09:48:48-07:00",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/cs447_data/_data",
        "Name": "cs447_data",
        "Options": null,
        "Scope": "local"
    }
]


In [18]:
# verification
sudo docker volume ls

DRIVER    VOLUME NAME
local     cs447_data


### 1.8 Inspect Container Logs
Run a command that displays the most recent 5 lines from the logs of your `cs447_web` container.

In [24]:
# YOUR COMMAND HERE
# You should see at least one log line showing the curl command from earlier
sudo docker logs --tail 5 3112b1ed0f64


2025/04/30 16:38:20 [notice] 1#1: start worker process 29
2025/04/30 16:38:20 [notice] 1#1: start worker process 30
2025/04/30 16:38:20 [notice] 1#1: start worker process 31
2025/04/30 16:38:20 [notice] 1#1: start worker process 32
172.17.0.1 - - [30/Apr/2025:16:38:23 +0000] "GET / HTTP/1.1" 200 30 "-" "curl/7.88.1" "-"


### 1.9 Run a Constrained Container

Start a container named `secure_test` that:

* Drops **all** capabilities (`--cap-drop ALL`)  
* Uses a **read‑only root filesystem** (`--read-only`)  
* Executes `/bin/true`


In [26]:
# YOUR COMMANDS HERE
sudo docker run --name secure_test --cap-drop ALL --read-only debian /bin/true


In [27]:
# verification
sudo docker inspect -f 'ReadonlyRootFS={{.HostConfig.ReadonlyRootfs}} CapDrop={{.HostConfig.CapDrop}}' secure_test

ReadonlyRootFS=true CapDrop=[ALL]


### 1.10 CS 647 Only – Local Private Registry

Graduate students must:

1. Run a registry container on port 5000.  
2. Tag `nginx:cs447` as `localhost:5000/nginx:cs647` and push it.  
3. Remove the local image and pull it back from the registry.  
4. Run the image on host port 8081 to confirm it serves the custom page.

In [None]:
# YOUR COMMANDS HERE

In [None]:
# verification
curl -s http://localhost:8081 | head

### 1.11 Cleanup - CS 447 and CS 647 (You will lose some points if you don't run this)

In [28]:
sudo docker stop $(sudo docker ps -q) 2>/dev/null || true
sudo docker rm $(sudo docker ps -aq) 2>/dev/null || true
sudo docker system prune -af

3112b1ed0f64
990b36446775
3112b1ed0f64
f3afec79e814
Deleted Images:
untagged: nginx:cs447
deleted: sha256:26491bd6e451583b2a647bcdb446ba8c3a8e92e364391b25aaebdceb87173fd8
untagged: debian:latest
untagged: debian@sha256:264982ff4d18000fa74540837e2c43ca5137a53a83f8f62c7b3803c0f0bdcd56
deleted: sha256:b2ab84c007feae81d95c5350d44ad7a54ea4693a79cb40fb05bd3fe00cbd4d26
deleted: sha256:247fffb7158d7a68ad951dfdda7bf8af07ff4078d16abeb05bd3184effcad359

Deleted build cache objects:
od2e69m6i2yfwz8yt039fthp2
wl5krftnc5hxj760vou5q2k42
iirge67he4t20nbeiqery7p8x
yi1vnhlhuidxnypxen2yt5oz7
y2l6bth52ndgcyi2drrybfv3z
l3v6w2bic16o40i0ofe4imqm9
eo8jn5frkyfgoehy48jrtvcfl
pt4mwu6xcnxi8buvlktg2iegj
1ms77a86pvcqi05dvmy5pl1c9
xuh4ol1hfjnky0oztlhhvljn2
332l7e9p2178cfkbb5fems6j0
q2j5fm8cucrfm1n8cnoqcuxd8

Total reclaimed space: 116.6MB


In [29]:
# verification
sudo docker ps -a

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
