5.3 Creating a Docker Image from an Existing Container

If you modify the contents of a container, you can use the docker commit command to save the current state of the container as an image.

The following example demonstrates how to modify a container based on the oraclelinux:7-slim image so that it can run an Apache HTTP server. After stopping the container, the image mymod/httpd:v1 is created from it.

Tip

The oraclelinux:7-slim and oraclelinux:8-slim images provide the bare minimum operating system required for Oracle Linux 7 and Oracle Linux 8. Using these images can help to reduce resource usage when running containers based on them. You can also ensure that the image that you create is limited to the base requirements for your application.

To create an Apache server image from an oraclelinux:7-slim container:

  1. Run the bash shell inside a container named httpd1:

    [root@host ~]# docker run -i -t --name httpd1 oraclelinux:7-slim /bin/bash
    [root@httpd1 ~]#
  2. If you use a web proxy, edit the yum configuration on the guest as described in Oracle® Linux 7: Administrator's Guide.

  3. Install the httpd package:

    [root@httpd1 ~]# yum -y install httpd
  4. If required, create the web content to be displayed under the /var/www/html directory hierarchy on the guest.

  5. Exit the guest by simply using the exit command from within the interactive guest session:

    [root@httpd1 ~]# exit
    exit
    [root@host ~]#

    Or by using the docker stop command on the host:

    [root@host ~]# docker stop httpd1
    httpd1
  6. Create the image mymod/httpd with the tag v1 using the ID of the container that you stopped:

    [root@host ~]# docker commit -m "ol7-slim + httpd" -a "A N Other" \
      `docker ps -l -q` mymod/httpd:v1
    sha256:b03fbc3216882a25e32c92caa2e797469a1ac98e5fc90affa07263b8cb0aa799

    Use the -m and -a options to document the image and its author. The command returns the full version of the new image's ID.

    Tip

    The docker ps -l -q command returns the ID of the last created container. We used this command in the example to obtain the ID of the container that we wanted to use to generate the image. You may, alternatively, specify the ID directly or use an alternate variation on this command to obtain the correct ID.

    If you use the docker images command, the new image now appears in the list:

    [root@host ~]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    mymod/httpd         v1                  b03fbc321688        2 minutes ago       426MB
    oraclelinux         7-slim              c2b5cb5bcd9d        7 days ago          118MB
  7. Remove the container named httpd1.

    # docker rm httpd1
    httpd1

You can now use the new image to create a container that works as a web server, for example:

# docker run -d --name newguest -p 8080:80 mymod/httpd:v1 /usr/sbin/httpd -D FOREGROUND
154f05ea464e4c4b5fe0f3b0fa93b7a3d96ba65efefe6c8cf4753af24d69f955

The -d option runs the command non-interactively in the background and displays the full version of the unique container ID. The -p 8080:80 option maps port 80 in the guest to port 8080 on the host. You can view the port mapping by running docker ps or docker port, for example:

[root@host ~]# docker ps
CONTAINER ID  IMAGE           COMMAND                 CREATED        STATUS        PORTS                 NAMES
154f05ea464e  mymod/httpd:v1  "/usr/sbin/httpd -D …"  2 minutes ago  Up 2 minutes  0.0.0.0:8080->80/tcp  newguest
[root@host ~]# docker port newguest 80
0.0.0.0:8080
Note

The docker ps command displays the short version of the container ID. You can use the --no-trunc option to display the long version.

The default IP address value of 0.0.0.0 means that the port mapping applies to all network interfaces on the host. You can restrict the IP addresses to which the remapping applies by using multiple -p options, for example:

[root@host ~]# docker run -d --name newguest -p 127.0.0.1:8080:80 -p 192.168.1.2:8080:80 \
  mymod/httpd:v1 /usr/sbin/httpd -D FOREGROUND

You can view the web content served by the guest by pointing a browser at port 8080 on the host. If you access the content from a different system, you might need to allow incoming connections to the port on the host, for example:

[root@host ~]# firewall-cmd --zone=public --permanent --add-port=8080/tcp

If you need to remove an image, use the docker rmi command:

[root@host ~]# docker rmi mymod/httpd:v1
Untagged: mymod/httpd:v1
Deleted: sha256:b03fbc3216882a25e32c92caa2e797469a1ac98e5fc90affa07263b8cb0aa799
Deleted: sha256:f10c5b69ca9c3df53412238eefac72522720bc7c1a6a8eb6d21801c23a81c126
Note

You cannot remove the image of a running container.

In a production environment, using the docker commit command to create an image does not provide a convenient record of how you created the image so you might find it difficult to recreate an image that has been lost or become corrupted. The preferred method for creating an image is to set up a Dockerfile, in which you define instructions that allow Docker to build the image for you. See Section 5.4, “Creating a Docker Image from a Dockerfile”.