What is DockerFile ? A DockerFile is a set of instructions which are used to construct a Docker Image. These instructions are called directives.

DockerFile directives :

• FROM : start a new build stage and sets the base image (Operating System, software or service) ; usually must be the first directive in the DockerFile (except ARG can be placed before FROM)
• ENV : set environment variables ; these can be referenced in the DockerFile itself and are visible to the container at runtime
• RUN : creates a new layer on top of the previous layer by running a command inside that new layer and commiting the changes (if more than one commands are combined in one RUN execution (for example, RUN apt-get update && apt-get install -y nginx), only one layer will be created)
• CMD : specify a default command used to run a container at execution time ; only one CMD can be executed in a DockerFile, if more than one is defined, only last of them will be executed
• EXPOSE : documents which port(s) are intended to published when running a container
• WORKDIR : sets the current working directory for subsequent directives such ass ADD, COPY, CMD, ENTRYPOINT, etc. Can be used multiple time to change the directories through the DockerFile. Also, a relative path can be used, which is set by the new working directory relative to the previous working directory
• COPY : copy files from the local machine to the image
• ADD : similar to copy, but can also pull files using a URL and extract an archive into loose files in the image
• STOPSIGNAL : specify the signal that will be used to stop the container ; if it is not set explicitly, Docker will use Linux SIGTERM (Signal Terminate) as a STOPSIGNAL by default ; when docker stop command is executed, it internally uses STOPSIGNAL to stop the container
• HEALTHCHECK : specify a command to run in order to perform a custom health check to verify that the container is working properly (some condition can be used : ping the server etc). HEALTHCHECK command syntax is : HEALTHCHECK [OPTIONS] CMD command . What is default interval for HEALTHCHECK ? By default it is every 30 seconds

Here is DockerFile example :

FROM ubuntu
RUN apt-get update && pt-get instll -y nginx
WORKDIR /var/www/html/
ADD index.html ./
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
STOPSIGNAL SIGTERM // not mandatory, used by default
HEALTHCHECK CMD curl localhost 80 // CMD here is not analogous to CMD two lines above, here it's just a condition

CMD vs ENTRYPOINT

DockerFile should have at least 1 CMD or 1 ENTRYPOINT. 1 CMD and 1 ENTRYPOINT is also a possible combination in a DockerFile. There can not be more than one ENTRYPOINT in a DockerFile. If a container is not executable, CMD should be used ; otherwise, one should use ENTRYPOINT. Executable Docker Container is a container which runs a service. CMD can be submitted to Docker Container as an argument (for example, docker run cmd echo “test”). In other words, CMD can be overwritten, and that can possibly become a security issue. ENTRYPOINT does not let overwriting the submitted command. That is why ENTRYPOINT is more secure than CMD.

Below is an examples of using ENTRYPOINT and both ENTRYPOINT and CMD in DockerFile :

// ENTRYPOINT example
FROM debian
ENTRYPOINT ["/bin/ping","localhost"]

// ENTRYPOINT and CMD example
FROM debian
ENTRYPOINT ["/bin/ping"]
CMD ["localhost"]

In the second example CMD specifies an argument that will be submitted to ENTRYPOINT. CMD argument can be changed (for example, docker run mix echo “test”).