LTS

    Innovation Version

      Container Engine

      Docker daemon is a system process that resides in the background. Before you run a docker subcommand, start Docker daemon.

        

      If the Docker daemon is installed using the RPM package or system package management tool, you can run the systemctl start docker command to start the Docker daemon.

      The docker command supports the following parameters:

      1. To combine parameters of a single character, run the following command:

        docker run -t -i busybox /bin/sh
        

        The command can be written as follows:

        docker run -ti busybox /bin/sh
        
      2. bool command parameters such as --icc=true, are displayed in the command help. If this parameter is not used, the default value displayed in the command help is used. If this parameter is used, the opposite value of the value displayed in the command help is used. In addition, if --icc is not added when Docker daemon is started, --icc=true is used by default. Otherwise, --icc=false is used.

      3. Parameters such as --attach=[] in the command help indicate that these parameters can be set for multiple times. For example:

        docker run --attach=stdin --attach=stdout -i -t busybox /bin/sh
        
      4. Parameters such as -a and --attach=[] in the command help indicate that the parameter can be specified using either -a value or --attach=value. For example:

        docker run -a stdin --attach=stdout -i -t busybox /bin/sh
        
      5. Parameters such as --name="" can be configured with a character string and can be configured only once. Parameters such as -c= can be configured with an integer and can be configured only once.

      Table 1 Parameters specified during the Docker daemon startup

      Parameter

      Description

      --api-cors-header

      CORS header information for enabling remote API calling. This interface supports the secondary development of upper-layer applications, which sets the CORS header for a remote API.

      --authorization-plugin=[]

      Authentication plug-in.

      -b, --bridge=""

      Existing bridge device mounting to the docker container. Note: none can be used to disable the network in the container.

      --bip=""

      Bridge IP address, which is automatically created using the CIDR address. Note: this parameter cannot be used with -b .

      --cgroup-parent

      cgroup parent directory configured for all containers.

      --config-file=/etc/docker/daemon.json

      Configuration file for starting Docker daemon.

      --containerd

      Socket path of containerd.

      -D, --debug=false

      Specifies whether to enable the debugging mode.

      --default-gateway

      Default gateway of the container IPv4 address.

      --default-gateway-v6

      Default gateway of the container IPv6 address.

      --default-ulimit=[]

      Default ulimit value of the container.

      --disable-legacy-registry

      Disables the original registry.

      --dns=[]

      DNS server of the forcibly used container.

      Example: --dns 8.8.x.x

      --dns-opt=[]

      DNS option.

      --dns-search=[]

      Forcibly searches DNS search domain name used by a container.

      Example: --dns-search example.com

      --exec-opt=[]

      Parameter to be executed when a container is started.

      For example, set the native.umask parameter.

      #The umask value of the started container is 0022.--exec-opt native.umask=normal 
      #The umask value of the started container is 0027 (default value).
      --exec-opt  native.umask=secure    

      Note: If native.umask is also configured in docker create or docker run command, the configuration in command is used.

      --exec-root=/var/run/docker

      Root directory for storing the execution status file.

      --fixed-cidr=""

      Fixed IP address (for example, 10.20.0.0/16) of the subnet. The IP address of the subnet must belong to the network bridge.

      --fixed-cidr-v6

      Fixed IPv6 address.

      -G, --group="docker"

      Group assigned to the corresponding Unix socket in the background running mode. Note: When an empty string is configured for this parameter, the group information is removed.

      -g, --graph="/var/lib/docker"

      The root directory for running docker.

      -H, --host=[]

      Socket bound in background mode. One or more sockets can be configured using tcp://host:port, unix:///path to socket, fd://* or fd://socketfd. Example:

      $ dockerd -H tcp://0.0.0.0:2375

      or

      $ export DOCKER_HOST="tcp://0.0.0.0:2375"

      --insecure-registry=[]

      Registry for insecure connections. By default, the Docker uses TLS certificates to ensure security for all connections. If the registry does not support HTTPS connections or the certificate is issued by an unknown certificate authority of the Docker daemon, you need to configure --insecure-registry=192.168.1.110:5000 when starting the daemon. This parameter needs to be configured if a private registry is used.

      --image-layer-check=true

      Image layer integrity check. To enable the function, set this parameter to true. Otherwise, set this parameter to false. If this parameter is not configured, the function is disabled by default.

      When Docker is started, the image layer integrity is checked. If the image layer is damaged, the related images are unavailable. Docker cannot verify empty files, directories, or link files. Therefore, if the preceding files are lost due to a power failure, the integrity check of Docker image data may fail. When the Docker version changes, check whether the parameter is supported. If not supported, delete it from the configuration file.

      --icc=true

      Enables communication between containers.

      --ip="0.0.0.0"

      Default IP address used when a container is bound to a port.

      --ip-forward=true

      Starts the net.ipv4.ip_forward process of the container.

      --ip-masq=true

      Enables IP spoofing.

      --iptables=true

      Starts the iptables rules defined by the Docker container.

      -l, --log-level=info

      Log level.

      --label=[]

      Daemon label, in key=value format.

      --log-driver=json-file

      Default log driver of container logs.

      --log-opt=map[]

      Log drive parameters.

      --mtu=0

      MTU value of the container network. If this parameter is not configured, value of route MTU is used by default. If the default route is not configured, set this parameter to the constant value 1500.

      -p, --pidfile="/var/run/docker.pid"

      PID file path of the background process.

      --raw-logs

      Logs with all timestamps and without the ANSI color scheme.

      --registry-mirror=[]

      Image registry preferentially used by the dockerd.

      -s, --storage-driver=""

      Storage driver used when a container is forcibly run.

      --selinux-enabled=false

      Enables SELinux. If the kernel version is 3.10.0-862.14 or later, this parameter cannot be set to true.

      --storage-opt=[]

      Storage driver parameter. This parameter is valid only when the storage driver is devicemapper. Example: dockerd --storage-opt dm.blocksize=512K

      --tls=false

      Enables the TLS authentication.

      --tlscacert="/root/.docker/ca.pem"

      Certificate file path that has been authenticated by the CA.

      --tlscert="/root/.docker/cert.pem"

      File path of the TLS certificates.

      --tlskey="/root/.docker/key.pem"

      File path of TLS keys.

      --tlsverify=false

      Verifies the communication between the background processes and the client using TLS.

      --insecure-skip-verify-enforce

      Whether to forcibly skip the verification of the certificate host or domain name. The default value is false.

      --use-decrypted-key=true

      Whether to use the decryption private key.

      --userland-proxy=true

      Whether to use the userland proxy for the container LO device.

      --userns-remap

      User namespace-based user mapping table in the container.

      NOTE:

      This parameter is not supported in the current version.

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份