From 9ca54258a22939054d0597fde48f83f9a565f6a7 Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sun, 16 Nov 2025 00:56:09 +0000 Subject: [PATCH 01/10] Add a DHI section to the Rust guide with DHI-based Dockerfile example --- content/guides/rust/build-images.md | 192 ++++++++++++++++++++++++---- 1 file changed, 164 insertions(+), 28 deletions(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index d2e414274728..2d1e5bb628de 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -50,7 +50,7 @@ This utility will walk you through creating the following files with sensible de Let's get started! ? What application platform does your project use? Rust -? What version of Rust do you want to use? 1.70.0 +? What version of Rust do you want to use? 1.71.1 ? What port does your server listen on? 8000 ``` @@ -62,6 +62,140 @@ directory: - compose.yaml - README.Docker.md +## Choose a base image + +Before editing your Dockerfile, you need to choose a base image. You can use the [Rust Docker Official Image](https://hub.docker.com/_/rust), +or a [Docker Hardened Image (DHI)](https://hub.docker.com/hardened-images/catalog/dhi/rust). + +Docker Hardened Images (DHIs) are minimal, secure, and production-ready base images maintained by Docker. +They help reduce vulnerabilities and simplify compliance. For more details, see [Docker Hardened Images](/dhi/). + +{{< tabs >}} +{{< tab name="Using Docker Hardened Images" >}} + +Docker Hardened Images (DHIs) are available for Rust in the Hardened Image catalog. Unlike the official image, you must first mirror the Rust DHI into your Docker organization. +Follow the [DHI quickstart](/dhi/get-started/) to mirror the `dhi-rust` repository. Mirrored repositories must start with `dhi-`, for example: +`FROM /dhi-rust:${RUST_VERSION}-alpine`. + +The following Dockerfile is equivalent to the one generated by `docker init`, but it uses a Rust DHI as the build base image: + +```dockerfile {title=Dockerfile} +# Make sure RUST_VERSION matches the Rust version +ARG RUST_VERSION=1.71.1 +ARG APP_NAME=docker-rust-hello + +################################################################################ +# Create a stage for building the application. +FROM /dhi-rust:${RUST_VERSION}-alpine AS build +ARG APP_NAME +WORKDIR /app + +# Install host build dependencies. +RUN apk add --no-cache clang lld musl-dev git + +# Build the application. +RUN --mount=type=bind,source=src,target=src \ + --mount=type=bind,source=Cargo.toml,target=Cargo.toml \ + --mount=type=bind,source=Cargo.lock,target=Cargo.lock \ + --mount=type=cache,target=/app/target/ \ + --mount=type=cache,target=/usr/local/cargo/git/db \ + --mount=type=cache,target=/usr/local/cargo/registry/ \ + cargo build --locked --release && \ + cp ./target/release/$APP_NAME /bin/server + +################################################################################ +# Runtime stage with minimal dependencies. +FROM alpine:3.18 AS final + +# Create a non-privileged user that the app will run under. +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + appuser +USER appuser + +# Copy the executable from the "build" stage. +COPY --from=build /bin/server /bin/ + +# Configure rocket to listen on all interfaces. +ENV ROCKET_ADDRESS=0.0.0.0 +# Expose the port that the application listens on. +EXPOSE 8000 + +# What the container should run when it is started. +CMD ["/bin/server"] + +``` +{{< /tab >}} +{{< tab name="Using the official Rust image" >}} + +By default, docker init creates a multi-stage Dockerfile that uses the official Rust image +in the build stage and Alpine as the runtime image. For example: + +```dockerfile {title=Dockerfile} +# Make sure RUST_VERSION matches the Rust version +ARG RUST_VERSION=1.71.1 +ARG APP_NAME=docker-rust-hello + +################################################################################ +# Create a stage for building the application. + +FROM rust:${RUST_VERSION}-alpine AS build +ARG APP_NAME +WORKDIR /app + +# Install host build dependencies. +RUN apk add --no-cache clang lld musl-dev git + +# Build the application. +RUN --mount=type=bind,source=src,target=src \ + --mount=type=bind,source=Cargo.toml,target=Cargo.toml \ + --mount=type=bind,source=Cargo.lock,target=Cargo.lock \ + --mount=type=cache,target=/app/target/ \ + --mount=type=cache,target=/usr/local/cargo/git/db \ + --mount=type=cache,target=/usr/local/cargo/registry/ \ + cargo build --locked --release && \ + cp ./target/release/$APP_NAME /bin/server + +################################################################################ +# Runtime stage with minimal dependencies. +FROM alpine:3.18 AS final + +# Create a non-privileged user that the app will run under. +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + appuser +USER appuser + +# Copy the executable from the "build" stage. +COPY --from=build /bin/server /bin/ + +# Configure rocket to listen on all interfaces. +ENV ROCKET_ADDRESS=0.0.0.0 +# Expose the port that the application listens on. +EXPOSE 8000 + +# What the container should run when it is started. +CMD ["/bin/server"] + +``` + +{{< /tab >}} +{{< /tabs >}} + + + For building an image, only the Dockerfile is necessary. Open the Dockerfile in your favorite IDE or text editor and see what it contains. To learn more about Dockerfiles, see the [Dockerfile reference](/reference/dockerfile.md). @@ -91,27 +225,30 @@ $ docker build --tag docker-rust-image . You should see output like the following. ```console -[+] Building 62.6s (14/14) FINISHED - => [internal] load .dockerignore 0.1s - => => transferring context: 2B 0.0s - => [internal] load build definition from Dockerfile 0.1s - => => transferring dockerfile: 2.70kB 0.0s - => resolve image config for docker.io/docker/dockerfile:1 2.3s - => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 0.0s - => [internal] load metadata for docker.io/library/debian:bullseye-slim 1.9s - => [internal] load metadata for docker.io/library/rust:1.70.0-slim-bullseye 1.7s - => [build 1/3] FROM docker.io/library/rust:1.70.0-slim-bullseye@sha256:585eeddab1ec712dade54381e115f676bba239b1c79198832ddda397c1f 0.0s - => [internal] load build context 0.0s - => => transferring context: 35.29kB 0.0s - => [final 1/3] FROM docker.io/library/debian:bullseye-slim@sha256:7606bef5684b393434f06a50a3d1a09808fee5a0240d37da5d181b1b121e7637 0.0s - => CACHED [build 2/3] WORKDIR /app 0.0s - => [build 3/3] RUN --mount=type=bind,source=src,target=src --mount=type=bind,source=Cargo.toml,target=Cargo.toml --mount= 57.7s - => CACHED [final 2/3] RUN adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" 0.0s - => CACHED [final 3/3] COPY --from=build /bin/server /bin/ 0.0s - => exporting to image 0.0s - => => exporting layers 0.0s - => => writing image sha256:f1aa4a9f58d2ecf73b0c2b7f28a6646d9849b32c3921e42adc3ab75e12a3de14 0.0s - => => naming to docker.io/library/docker-rust-image +[+] Building 2.2s (18/18) FINISHED + => [internal] load build definition from Dockerfile 0.0s + => => transferring dockerfile: 2.92kB 0.0s + => resolve image config for docker-image://docker.io/docker/dockerfile:1 1.2s + => [auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s + => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s + => [internal] load metadata for docker.io/library/alpine:3.18 0.8s + => [internal] load metadata for docker.io/library/rust:1.71.1-alpine 0.7s + => [auth] library/rust:pull token for registry-1.docker.io 0.0s + => [auth] library/alpine:pull token for registry-1.docker.io 0.0s + => [internal] load .dockerignore 0.0s + => => transferring context: 683B 0.0s + => [build 1/4] FROM docker.io/library/rust:1.71.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s + => => resolve docker.io/library/rust:1.71.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s + => [final 1/3] FROM docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s + => => resolve docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s + => [internal] load build context 0.0s + => => transferring context: 265B 0.0s + => exporting to image 0.0s + => => exporting layers 0.0s + => => exporting manifest sha256:0c9f89589c2bf35bbeb642222fe8c42d2479ee6e9c9028a57aeeacf591aa5375 0.0s + => => exporting config sha256:09a032b66ff64682e6c4a74896017e33854169b5ceb0e51603597d1d2a68358d 0.0s + => => naming to docker.io/library/docker-rust-image:latest 0.0s + => => unpacking to docker.io/library/docker-rust-image:latest ``` ## View local images @@ -123,7 +260,7 @@ To list images, run the `docker images` command. ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 8cae92a8fbd6 3 minutes ago 123MB +docker-rust-image latest 0c9f89589c2b 3 minutes ago 123MB ``` You should see at least one image listed, including the image you just built `docker-rust-image:latest`. @@ -147,9 +284,8 @@ Now, run the `docker images` command to see a list of the local images. ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 8cae92a8fbd6 4 minutes ago 123MB -docker-rust-image v1.0.0 8cae92a8fbd6 4 minutes ago 123MB -rust latest be5d294735c6 4 minutes ago 113MB +docker-rust-image latest 0c9f89589c2b 4 minutes ago 123MB +docker-rust-image v1.0.0 0c9f89589c2b 4 minutes ago 123MB ``` You can see that two images start with `docker-rust-image`. You know they're the same image because if you take a look at the `IMAGE ID` column, you can see that the values are the same for the two images. @@ -166,8 +302,7 @@ Note that the response from Docker tells you that Docker didn't remove the image ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 8cae92a8fbd6 6 minutes ago 123MB -rust latest be5d294735c6 6 minutes ago 113MB +docker-rust-image latest 0c9f89589c2b 6 minutes ago 123MB ``` Docker removed the image tagged with `:v1.0.0`, but the `docker-rust-image:latest` tag is available on your machine. @@ -182,6 +317,7 @@ Related information: - [.dockerignore file](/reference/dockerfile.md#dockerignore-file) - [docker init CLI reference](/reference/cli/docker/init.md) - [docker build CLI reference](/reference/cli/docker/buildx/build.md) +- [Docker Hardened Images](/dhi/) ## Next steps From 62a3794dc2269f12977977fe22e7c74a08edc4a0 Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sat, 22 Nov 2025 13:26:53 +0000 Subject: [PATCH 02/10] Updated Rust Version from 1.71.1 to the latest 1.91.1 --- content/guides/rust/build-images.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index 2d1e5bb628de..fad6347f5c76 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -50,7 +50,7 @@ This utility will walk you through creating the following files with sensible de Let's get started! ? What application platform does your project use? Rust -? What version of Rust do you want to use? 1.71.1 +? What version of Rust do you want to use? 1.91.1 ? What port does your server listen on? 8000 ``` @@ -81,7 +81,7 @@ The following Dockerfile is equivalent to the one generated by `docker init`, bu ```dockerfile {title=Dockerfile} # Make sure RUST_VERSION matches the Rust version -ARG RUST_VERSION=1.71.1 +ARG RUST_VERSION=1.91.1 ARG APP_NAME=docker-rust-hello ################################################################################ @@ -139,7 +139,7 @@ in the build stage and Alpine as the runtime image. For example: ```dockerfile {title=Dockerfile} # Make sure RUST_VERSION matches the Rust version -ARG RUST_VERSION=1.71.1 +ARG RUST_VERSION=1.91.1 ARG APP_NAME=docker-rust-hello ################################################################################ From b772b34c4060837bc10f1fdeaa6b4cf6757a9f2b Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sat, 22 Nov 2025 13:47:55 +0000 Subject: [PATCH 03/10] Update build output --- content/guides/rust/build-images.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index fad6347f5c76..c7b1e2f7387c 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -232,13 +232,13 @@ You should see output like the following. => [auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s => [internal] load metadata for docker.io/library/alpine:3.18 0.8s - => [internal] load metadata for docker.io/library/rust:1.71.1-alpine 0.7s + => [internal] load metadata for docker.io/library/rust:1.91.1-alpine 0.7s => [auth] library/rust:pull token for registry-1.docker.io 0.0s => [auth] library/alpine:pull token for registry-1.docker.io 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 683B 0.0s - => [build 1/4] FROM docker.io/library/rust:1.71.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s - => => resolve docker.io/library/rust:1.71.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s + => [build 1/4] FROM docker.io/library/rust:1.91.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s + => => resolve docker.io/library/rust:1.91.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s => [final 1/3] FROM docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s => => resolve docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s => [internal] load build context 0.0s From 8caefe479b1ec1927cc96a12e204857012d016af Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Fri, 2 Jan 2026 17:12:20 +0000 Subject: [PATCH 04/10] docs: update Rust build guide for public Docker Hardened Images --- content/guides/rust/build-images.md | 147 +++++++++++----------------- 1 file changed, 58 insertions(+), 89 deletions(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index c7b1e2f7387c..131daf36bfcf 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -50,7 +50,7 @@ This utility will walk you through creating the following files with sensible de Let's get started! ? What application platform does your project use? Rust -? What version of Rust do you want to use? 1.91.1 +? What version of Rust do you want to use? 1.92.0 ? What port does your server listen on? 8000 ``` @@ -73,73 +73,24 @@ They help reduce vulnerabilities and simplify compliance. For more details, see {{< tabs >}} {{< tab name="Using Docker Hardened Images" >}} -Docker Hardened Images (DHIs) are available for Rust in the Hardened Image catalog. Unlike the official image, you must first mirror the Rust DHI into your Docker organization. -Follow the [DHI quickstart](/dhi/get-started/) to mirror the `dhi-rust` repository. Mirrored repositories must start with `dhi-`, for example: -`FROM /dhi-rust:${RUST_VERSION}-alpine`. +Docker Hardened Images (DHIs) are publicly available and can be used directly as base images. +To pull Docker Hardened Images, authenticate once with Docker: -The following Dockerfile is equivalent to the one generated by `docker init`, but it uses a Rust DHI as the build base image: - -```dockerfile {title=Dockerfile} -# Make sure RUST_VERSION matches the Rust version -ARG RUST_VERSION=1.91.1 -ARG APP_NAME=docker-rust-hello - -################################################################################ -# Create a stage for building the application. -FROM /dhi-rust:${RUST_VERSION}-alpine AS build -ARG APP_NAME -WORKDIR /app - -# Install host build dependencies. -RUN apk add --no-cache clang lld musl-dev git - -# Build the application. -RUN --mount=type=bind,source=src,target=src \ - --mount=type=bind,source=Cargo.toml,target=Cargo.toml \ - --mount=type=bind,source=Cargo.lock,target=Cargo.lock \ - --mount=type=cache,target=/app/target/ \ - --mount=type=cache,target=/usr/local/cargo/git/db \ - --mount=type=cache,target=/usr/local/cargo/registry/ \ - cargo build --locked --release && \ - cp ./target/release/$APP_NAME /bin/server - -################################################################################ -# Runtime stage with minimal dependencies. -FROM alpine:3.18 AS final - -# Create a non-privileged user that the app will run under. -ARG UID=10001 -RUN adduser \ - --disabled-password \ - --gecos "" \ - --home "/nonexistent" \ - --shell "/sbin/nologin" \ - --no-create-home \ - --uid "${UID}" \ - appuser -USER appuser - -# Copy the executable from the "build" stage. -COPY --from=build /bin/server /bin/ +```bash +docker login +``` -# Configure rocket to listen on all interfaces. -ENV ROCKET_ADDRESS=0.0.0.0 -# Expose the port that the application listens on. -EXPOSE 8000 - -# What the container should run when it is started. -CMD ["/bin/server"] +Use DHIs from the dhi.io registry, for example: +```bash +FROM dhi.io/rust:${RUST_VERSION}-alpine AS build ``` -{{< /tab >}} -{{< tab name="Using the official Rust image" >}} -By default, docker init creates a multi-stage Dockerfile that uses the official Rust image -in the build stage and Alpine as the runtime image. For example: +The following Dockerfile is equivalent to the one generated by `docker init`, but it uses a Rust DHI as the build base image: ```dockerfile {title=Dockerfile} # Make sure RUST_VERSION matches the Rust version -ARG RUST_VERSION=1.91.1 +ARG RUST_VERSION=1.92 ARG APP_NAME=docker-rust-hello ################################################################################ @@ -163,7 +114,7 @@ RUN --mount=type=bind,source=src,target=src \ cp ./target/release/$APP_NAME /bin/server ################################################################################ -# Runtime stage with minimal dependencies. +# Create a new stage for running the application that contains the minimal FROM alpine:3.18 AS final # Create a non-privileged user that the app will run under. @@ -183,6 +134,7 @@ COPY --from=build /bin/server /bin/ # Configure rocket to listen on all interfaces. ENV ROCKET_ADDRESS=0.0.0.0 + # Expose the port that the application listens on. EXPOSE 8000 @@ -225,30 +177,47 @@ $ docker build --tag docker-rust-image . You should see output like the following. ```console -[+] Building 2.2s (18/18) FINISHED - => [internal] load build definition from Dockerfile 0.0s - => => transferring dockerfile: 2.92kB 0.0s - => resolve image config for docker-image://docker.io/docker/dockerfile:1 1.2s - => [auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s - => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s - => [internal] load metadata for docker.io/library/alpine:3.18 0.8s - => [internal] load metadata for docker.io/library/rust:1.91.1-alpine 0.7s - => [auth] library/rust:pull token for registry-1.docker.io 0.0s - => [auth] library/alpine:pull token for registry-1.docker.io 0.0s - => [internal] load .dockerignore 0.0s - => => transferring context: 683B 0.0s - => [build 1/4] FROM docker.io/library/rust:1.91.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s - => => resolve docker.io/library/rust:1.91.1-alpine@sha256:3419c5212b75ce4e7786b71bd2bd49587a2481f8b42ca685d719d265a11c7e96 0.0s - => [final 1/3] FROM docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s - => => resolve docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.0s - => [internal] load build context 0.0s - => => transferring context: 265B 0.0s - => exporting to image 0.0s - => => exporting layers 0.0s - => => exporting manifest sha256:0c9f89589c2bf35bbeb642222fe8c42d2479ee6e9c9028a57aeeacf591aa5375 0.0s - => => exporting config sha256:09a032b66ff64682e6c4a74896017e33854169b5ceb0e51603597d1d2a68358d 0.0s - => => naming to docker.io/library/docker-rust-image:latest 0.0s - => => unpacking to docker.io/library/docker-rust-image:latest +[+] Building 85.0s (18/18) FINISHED docker:desktop-linux + => [internal] load build definition from Dockerfile 0.0s + => => transferring dockerfile: 2.88kB 0.0s + => resolve image config for docker-image://docker.io/docker/dockerfile:1 0.8s + => [auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s + => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s + => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s + => [internal] load metadata for docker.io/library/rust:1.92-alpine 1.3s + => [internal] load metadata for docker.io/library/alpine:3.18 0.5s + => [auth] library/rust:pull token for registry-1.docker.io 0.0s + => [auth] library/alpine:pull token for registry-1.docker.io 0.0s + => [internal] load .dockerignore 0.0s + => => transferring context: 646B 0.0s + => [build 1/4] FROM docker.io/library/rust:1.92-alpine@sha256:f6c22e0a256c05d44fca23bf530120b5d4a6249a393734884281ca80782329bc 9.0s + => => resolve docker.io/library/rust:1.92-alpine@sha256:f6c22e0a256c05d44fca23bf530120b5d4a6249a393734884281ca80782329bc 0.1s + => => sha256:4150afa531694b681cd299599f1d2391c5f4a409844096124ffc475e4eb1ea2f 268.07MB / 268.07MB 6.6s + => => sha256:1074353eec0db2c1d81d5af2671e56e00cf5738486f5762609ea33d606f88612 3.86MB / 3.86MB 0.4s + => => sha256:14182cde8de9d61826651827a8dd082edaa51d4a5a8e9567c2a1e416e32c75e8 75.12MB / 75.12MB 1.9s + => => extracting sha256:1074353eec0db2c1d81d5af2671e56e00cf5738486f5762609ea33d606f88612 0.1s + => => extracting sha256:14182cde8de9d61826651827a8dd082edaa51d4a5a8e9567c2a1e416e32c75e8 0.8s + => => extracting sha256:4150afa531694b681cd299599f1d2391c5f4a409844096124ffc475e4eb1ea2f 1.9s + => [final 1/3] FROM docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.1s + => => resolve docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.1s + => [internal] load build context 0.1s + => => transferring context: 41.56kB 0.0s + => CACHED [final 2/3] RUN adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "10001" appuse 0.0s + => [build 2/4] WORKDIR /app 0.4s + => [build 3/4] RUN apk add --no-cache clang lld musl-dev git 2.8s + => [build 4/4] RUN --mount=type=bind,source=src,target=src --mount=type=bind,source=Cargo.toml,target=Cargo.toml --mount=type=bind,source=Cargo.lock,target=Cargo.lock 69.9s + => [final 3/3] COPY --from=build /bin/server /bin/ 0.1s + => exporting to image 0.4s + => => exporting layers 0.3s + => => exporting manifest sha256:46028e22a9d976f062b51b2444bf0ccaf3930637e70fe576c8185029e2d91927 0.0s + => => exporting config sha256:948f75c524906ae8444ec8fc8b95b9e773878b5b5123586391f54e34aad4c493 0.0s + => => exporting attestation manifest sha256:71e9aac25186f83b404bd91433d72a5a764a378c6f5ef75098da92a9990483f7 0.0s + => => exporting manifest list sha256:c713a4f71c510999215a4a3e7f225fea7c9a26df118504906486a6e934f0beb0 0.0s + => => naming to docker.io/library/docker-rust-image:latest 0.0s + => => unpacking to docker.io/library/docker-rust-image:latest 0.0s + +View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/zudqyd9mk3zaq1bl1h6q7vsiz + ``` ## View local images @@ -260,7 +229,7 @@ To list images, run the `docker images` command. ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 0c9f89589c2b 3 minutes ago 123MB +docker-rust-image latest 41423bf3040a 3 minutes ago 5.33MB ``` You should see at least one image listed, including the image you just built `docker-rust-image:latest`. @@ -284,8 +253,8 @@ Now, run the `docker images` command to see a list of the local images. ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 0c9f89589c2b 4 minutes ago 123MB -docker-rust-image v1.0.0 0c9f89589c2b 4 minutes ago 123MB +docker-rust-image latest 41423bf3040a 4 minutes ago 5.33MB +docker-rust-image v1.0.0 41423bf3040a 4 minutes ago 5.33MB ``` You can see that two images start with `docker-rust-image`. You know they're the same image because if you take a look at the `IMAGE ID` column, you can see that the values are the same for the two images. @@ -302,7 +271,7 @@ Note that the response from Docker tells you that Docker didn't remove the image ```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 0c9f89589c2b 6 minutes ago 123MB +docker-rust-image latest 41423bf3040a 6 minutes ago 5.33MB ``` Docker removed the image tagged with `:v1.0.0`, but the `docker-rust-image:latest` tag is available on your machine. From 175dd2f98a8aef5768d5a5d5e7e562e0a912dbd8 Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Thu, 8 Jan 2026 00:22:41 +0000 Subject: [PATCH 05/10] Update content/guides/rust/build-images.md Co-authored-by: Craig Osterhout --- content/guides/rust/build-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index 131daf36bfcf..fdbbe4df7cd2 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -77,7 +77,7 @@ Docker Hardened Images (DHIs) are publicly available and can be used directly as To pull Docker Hardened Images, authenticate once with Docker: ```bash -docker login +docker login dhi.io ``` Use DHIs from the dhi.io registry, for example: From b09eafb16a385328d2b1c5909a1aa6d477de52eb Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sat, 17 Jan 2026 12:38:06 +0000 Subject: [PATCH 06/10] Fix DHI image to a valid alpine version --- content/guides/rust/build-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index fdbbe4df7cd2..d905496bc7d0 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -83,7 +83,7 @@ docker login dhi.io Use DHIs from the dhi.io registry, for example: ```bash -FROM dhi.io/rust:${RUST_VERSION}-alpine AS build +FROM dhi.io/rust:${RUST_VERSION}-alpine3.22-dev AS build ``` The following Dockerfile is equivalent to the one generated by `docker init`, but it uses a Rust DHI as the build base image: From aa6e6605b2ed4520895e4a67f31c9b25e3da6ac4 Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sat, 17 Jan 2026 12:41:46 +0000 Subject: [PATCH 07/10] Change Dockerfile to DHI image --- content/guides/rust/build-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index d905496bc7d0..bc42e7037141 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -96,7 +96,7 @@ ARG APP_NAME=docker-rust-hello ################################################################################ # Create a stage for building the application. -FROM rust:${RUST_VERSION}-alpine AS build +FROM dhi.io/rust:${RUST_VERSION}-alpine3.22-dev AS build ARG APP_NAME WORKDIR /app From c49c7c00dbc45eb5e15e371c6c63cfb0c68ec7be Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sun, 18 Jan 2026 00:16:22 +0000 Subject: [PATCH 08/10] Update guide for Rust DHI images and DOI --- content/guides/rust/build-images.md | 162 ++++++++++++++++++-------- content/guides/rust/run-containers.md | 61 +++++----- 2 files changed, 138 insertions(+), 85 deletions(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index bc42e7037141..912fd3611abf 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -95,6 +95,7 @@ ARG APP_NAME=docker-rust-hello ################################################################################ # Create a stage for building the application. +################################################################################ FROM dhi.io/rust:${RUST_VERSION}-alpine3.22-dev AS build ARG APP_NAME @@ -115,7 +116,10 @@ RUN --mount=type=bind,source=src,target=src \ ################################################################################ # Create a new stage for running the application that contains the minimal -FROM alpine:3.18 AS final +# We use dhi.io/static for the final stage because it’s a minimal Docker Hardened Image runtime (basically “just # enough OS to run the binary”), which helps keep the image small and with a lower attack surface compared to a # # full Alpine/Debian runtime. +################################################################################ + +FROM dhi.io/static:20250419 AS final # Create a non-privileged user that the app will run under. ARG UID=10001 @@ -143,6 +147,75 @@ CMD ["/bin/server"] ``` +{{< /tab >}} +{{< tab name="Using the Docker Official Images" >}} + +```dockerfile {title=Dockerfile} +# Pin the Rust toolchain version used in the build stage. +ARG RUST_VERSION=1.92 + +# Name of the compiled binary produced by Cargo (must match Cargo.toml package name). +ARG APP_NAME=docker-rust-hello + +################################################################################ +# Build stage (DOI Rust image) +# This stage compiles the application. +################################################################################ + +FROM docker.io/library/rust:${RUST_VERSION}-alpine AS build + +# Re-declare args inside the stage if you want to use them here. +ARG APP_NAME + +# All build steps happen inside /app. +WORKDIR /app + +# Install build dependencies needed to compile Rust crates on Alpine +RUN apk add --no-cache clang lld musl-dev git + +# Build the application +RUN --mount=type=bind,source=src,target=src \ + --mount=type=bind,source=Cargo.toml,target=Cargo.toml \ + --mount=type=bind,source=Cargo.lock,target=Cargo.lock \ + --mount=type=cache,target=/app/target/ \ + --mount=type=cache,target=/usr/local/cargo/git/db \ + --mount=type=cache,target=/usr/local/cargo/registry/ \ + cargo build --locked --release && \ + cp ./target/release/$APP_NAME /bin/server + +################################################################################ +# Runtime stage (DOI Alpine image) +# This stage runs the already-compiled binary with minimal dependencies. +################################################################################ + +FROM docker.io/library/alpine:3.18 AS final + +# Create a non-privileged user (recommended best practice) +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + appuser + +# Drop privileges for runtime. +USER appuser + +# Copy only the compiled binary from the build stage. +COPY --from=build /bin/server /bin/ + +# Rocket: listen on all interfaces inside the container. +ENV ROCKET_ADDRESS=0.0.0.0 + +# Document the port your app listens on. +EXPOSE 8000 + +# Start the application. +CMD ["/bin/server"] +``` {{< /tab >}} {{< /tabs >}} @@ -177,47 +250,34 @@ $ docker build --tag docker-rust-image . You should see output like the following. ```console -[+] Building 85.0s (18/18) FINISHED docker:desktop-linux +[+] Building 1.4s (13/13) FINISHED docker:desktop-linux => [internal] load build definition from Dockerfile 0.0s - => => transferring dockerfile: 2.88kB 0.0s - => resolve image config for docker-image://docker.io/docker/dockerfile:1 0.8s - => [auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s - => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s - => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 0.0s - => [internal] load metadata for docker.io/library/rust:1.92-alpine 1.3s - => [internal] load metadata for docker.io/library/alpine:3.18 0.5s - => [auth] library/rust:pull token for registry-1.docker.io 0.0s - => [auth] library/alpine:pull token for registry-1.docker.io 0.0s + => => transferring dockerfile: 1.67kB 0.0s + => [internal] load metadata for dhi.io/static:20250419 1.1s + => [internal] load metadata for dhi.io/rust:1.92-alpine3.22-dev 1.2s + => [auth] static:pull token for dhi.io 0.0s + => [auth] rust:pull token for dhi.io 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 646B 0.0s - => [build 1/4] FROM docker.io/library/rust:1.92-alpine@sha256:f6c22e0a256c05d44fca23bf530120b5d4a6249a393734884281ca80782329bc 9.0s - => => resolve docker.io/library/rust:1.92-alpine@sha256:f6c22e0a256c05d44fca23bf530120b5d4a6249a393734884281ca80782329bc 0.1s - => => sha256:4150afa531694b681cd299599f1d2391c5f4a409844096124ffc475e4eb1ea2f 268.07MB / 268.07MB 6.6s - => => sha256:1074353eec0db2c1d81d5af2671e56e00cf5738486f5762609ea33d606f88612 3.86MB / 3.86MB 0.4s - => => sha256:14182cde8de9d61826651827a8dd082edaa51d4a5a8e9567c2a1e416e32c75e8 75.12MB / 75.12MB 1.9s - => => extracting sha256:1074353eec0db2c1d81d5af2671e56e00cf5738486f5762609ea33d606f88612 0.1s - => => extracting sha256:14182cde8de9d61826651827a8dd082edaa51d4a5a8e9567c2a1e416e32c75e8 0.8s - => => extracting sha256:4150afa531694b681cd299599f1d2391c5f4a409844096124ffc475e4eb1ea2f 1.9s - => [final 1/3] FROM docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.1s - => => resolve docker.io/library/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f 0.1s - => [internal] load build context 0.1s - => => transferring context: 41.56kB 0.0s - => CACHED [final 2/3] RUN adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "10001" appuse 0.0s - => [build 2/4] WORKDIR /app 0.4s - => [build 3/4] RUN apk add --no-cache clang lld musl-dev git 2.8s - => [build 4/4] RUN --mount=type=bind,source=src,target=src --mount=type=bind,source=Cargo.toml,target=Cargo.toml --mount=type=bind,source=Cargo.lock,target=Cargo.lock 69.9s - => [final 3/3] COPY --from=build /bin/server /bin/ 0.1s - => exporting to image 0.4s - => => exporting layers 0.3s - => => exporting manifest sha256:46028e22a9d976f062b51b2444bf0ccaf3930637e70fe576c8185029e2d91927 0.0s - => => exporting config sha256:948f75c524906ae8444ec8fc8b95b9e773878b5b5123586391f54e34aad4c493 0.0s - => => exporting attestation manifest sha256:71e9aac25186f83b404bd91433d72a5a764a378c6f5ef75098da92a9990483f7 0.0s - => => exporting manifest list sha256:c713a4f71c510999215a4a3e7f225fea7c9a26df118504906486a6e934f0beb0 0.0s - => => naming to docker.io/library/docker-rust-image:latest 0.0s - => => unpacking to docker.io/library/docker-rust-image:latest 0.0s - -View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/zudqyd9mk3zaq1bl1h6q7vsiz - + => [build 1/3] FROM dhi.io/rust:1.92-alpine3.22-dev@sha256:49eb72825a9e15fe48f2c4875a63c7e7f52a5b430bb52b8254b91d132aa5bf38 0.0s + => => resolve dhi.io/rust:1.92-alpine3.22-dev@sha256:49eb72825a9e15fe48f2c4875a63c7e7f52a5b430bb52b8254b91d132aa5bf38 0.0s + => [final 1/2] FROM dhi.io/static:20250419@sha256:74fc43fa240887b8159970e434244039aab0c6efaaa9cf044004cdc22aa2a34d 0.0s + => => resolve dhi.io/static:20250419@sha256:74fc43fa240887b8159970e434244039aab0c6efaaa9cf044004cdc22aa2a34d 0.0s + => [internal] load build context 0.0s + => => transferring context: 117B 0.0s + => CACHED [build 2/3] WORKDIR /build 0.0s + => CACHED [build 3/3] RUN --mount=type=bind,source=src,target=src --mount=type=bind,source=Cargo.toml,target=Cargo.toml --mount=type=bind,source=Cargo.lock,target=Cargo 0.0s + => CACHED [final 2/2] COPY --from=build /build/target/release/docker-rust-hello /server 0.0s + => exporting to image 0.1s + => => exporting layers 0.0s + => => exporting manifest sha256:cc937bbdd712ef6e5445501f77e02ef8455ef64c567598786d46b7b21a4d4fa8 0.0s + => => exporting config sha256:077507b483af4b5e1a928e527e4bb3a4aaf0557e1eea81cd39465f564c187669 0.0s + => => exporting attestation manifest sha256:11b60e7608170493da1fdd88c120e2d2957f2a72a22edbc9cfbdd0dd37d21f89 0.0s + => => exporting manifest list sha256:99a1b925a8d6ebf80e376b8a1e50cd806ec42d194479a3375e1cd9d2911b4db9 0.0s + => => naming to docker.io/library/docker-rust-image-dhi:latest 0.0s + => => unpacking to docker.io/library/docker-rust-image-dhi:latest 0.0s + +View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/yczk0ijw8kc5g20e8nbc8r6lj ``` ## View local images @@ -228,11 +288,11 @@ To list images, run the `docker images` command. ```console $ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 41423bf3040a 3 minutes ago 5.33MB +IMAGE ID DISK USAGE CONTENT SIZE EXTRA +docker-rust-image-dhi:latest 99a1b925a8d6 11.6MB 2.45MB U ``` -You should see at least one image listed, including the image you just built `docker-rust-image:latest`. +You should see at least one image listed, including the image you just built `docker-rust-image-dhi:latest `. ## Tag images @@ -252,29 +312,29 @@ Now, run the `docker images` command to see a list of the local images. ```console $ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 41423bf3040a 4 minutes ago 5.33MB -docker-rust-image v1.0.0 41423bf3040a 4 minutes ago 5.33MB +IMAGE ID DISK USAGE CONTENT SIZE EXTRA +docker-rust-image-dhi:latest 99a1b925a8d6 11.6MB 2.45MB U +docker-rust-image-dhi:v1.0.0 99a1b925a8d6 11.6MB 2.45MB U ``` -You can see that two images start with `docker-rust-image`. You know they're the same image because if you take a look at the `IMAGE ID` column, you can see that the values are the same for the two images. +You can see that two images start with `docker-rust-image-dhi`. You know they're the same image because if you take a look at the `IMAGE ID` column, you can see that the values are the same for the two images. Remove the tag you just created. To do this, use the `rmi` command. The `rmi` command stands for remove image. ```console -$ docker rmi docker-rust-image:v1.0.0 -Untagged: docker-rust-image:v1.0.0 +$ docker rmi docker-rust-image-dhi:v1.0.0 +Untagged: docker-rust-image-dhi:v1.0.0 ``` Note that the response from Docker tells you that Docker didn't remove the image, but only "untagged" it. You can check this by running the `docker images` command. ```console $ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -docker-rust-image latest 41423bf3040a 6 minutes ago 5.33MB +IMAGE ID DISK USAGE CONTENT SIZE EXTRA +docker-rust-image-dhi:latest 99a1b925a8d6 11.6MB 2.45MB U ``` -Docker removed the image tagged with `:v1.0.0`, but the `docker-rust-image:latest` tag is available on your machine. +Docker removed the image tagged with `:v1.0.0`, but the `docker-rust-image-dhi:latest` tag is available on your machine. ## Summary diff --git a/content/guides/rust/run-containers.md b/content/guides/rust/run-containers.md index f02194d365ce..9cf3d99eb7cc 100644 --- a/content/guides/rust/run-containers.md +++ b/content/guides/rust/run-containers.md @@ -24,7 +24,7 @@ To run an image inside of a container, you use the `docker run` command. The `do Use `docker run` to run the image you built in [Build your Rust image](build-images.md). ```console -$ docker run docker-rust-image +$ docker run docker-rust-image-dhi ``` After running this command, you’ll notice that you weren't returned to the command prompt. This is because your application is a server that runs in a loop waiting for incoming requests without returning control back to the OS until you stop the container. @@ -50,7 +50,7 @@ To publish a port for your container, you’ll use the `--publish` flag (`-p` fo You didn't specify a port when running the application in the container and the default is 8000. If you want your previous request going to port 8000 to work, you can map the host's port 3001 to the container's port 8000: ```console -$ docker run --publish 3001:8000 docker-rust-image +$ docker run --publish 3001:8000 docker-rust-image-dhi ``` Now, rerun the curl command. Remember to open a new terminal. @@ -74,8 +74,8 @@ Press ctrl-c to stop the container. This is great so far, but your sample application is a web server and you don't have to be connected to the container. Docker can run your container in detached mode or in the background. To do this, you can use the `--detach` or `-d` for short. Docker starts your container the same as before but this time will "detach" from the container and return you to the terminal prompt. ```console -$ docker run -d -p 3001:8000 docker-rust-image -ce02b3179f0f10085db9edfccd731101868f58631bdf918ca490ff6fd223a93b +$ docker run -d -p 3001:8000 docker-rust-image-dhi +3e4830e7f01304811d97dd3469d47a0c7a916a8b6c28ce0ef19c6f689a521144 ``` Docker started your container in the background and printed the Container ID on the terminal. @@ -99,8 +99,8 @@ Since you ran your container in the background, how do you know if your containe You should see output like the following. ```console -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -3074745e412c docker-rust-image "/bin/server" 8 seconds ago Up 7 seconds 0.0.0.0:3001->8000/tcp wonderful_kalam +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +3e4830e7f013 docker-rust-image-dhi "/server" 23 seconds ago Up 22 seconds 0.0.0.0:3001->8000/tcp, [::]:3001->8000/tcp youthful_lamport ``` The `docker ps` command provides a bunch of information about your running containers. You can see the container ID, the image running inside the container, the command that was used to start the container, when it was created, the status, ports that were exposed, and the name of the container. @@ -108,8 +108,8 @@ The `docker ps` command provides a bunch of information about your running conta You are probably wondering where the name of your container is coming from. Since you didn’t provide a name for the container when you started it, Docker generated a random name. You’ll fix this in a minute, but first you need to stop the container. To stop the container, run the `docker stop` command which does just that, stops the container. You need to pass the name of the container or you can use the container ID. ```console -$ docker stop wonderful_kalam -wonderful_kalam +$ docker stop youthful_lamport +youthful_lamport ``` Now, rerun the `docker ps` command to see a list of running containers. @@ -125,14 +125,10 @@ You can start, stop, and restart Docker containers. When you stop a container, i ```console $ docker ps -a -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS - NAMES -3074745e412c docker-rust-image "/bin/server" 3 minutes ago Exited (0) 6 seconds ago - wonderful_kalam -6cfa26e2e3c9 docker-rust-image "/bin/server" 14 minutes ago Exited (0) 5 minutes ago - friendly_montalcini -4cbe94b2ea0e docker-rust-image "/bin/server" 15 minutes ago Exited (0) 14 minutes ago - tender_bose +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +3e4830e7f013 docker-rust-image-dhi "/server" About a minute ago Exited (0) 28 seconds ago youthful_lamport +60009b7eaf40 docker-rust-image-dhi "/server" 2 minutes ago Exited (0) About a minute ago sharp_noyce +152e1d7d9eea docker-rust-image-dhi "/server ." 4 minutes ago Exited (0) 2 minutes ago magical_bhabha ``` You should now see several containers listed. These are containers that you started and stopped but you haven't removed. @@ -140,20 +136,17 @@ You should now see several containers listed. These are containers that you star Restart the container that you just stopped. Locate the name of the container you just stopped and replace the name of the container in following restart command. ```console -$ docker restart wonderful_kalam +$ docker restart youthful_lamport ``` -Now list all the containers again using the `docker ps` command. +Now list all the containers again using the `docker ps --all` command. ```console $ docker ps --all -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS - NAMES -3074745e412c docker-rust-image "/bin/server" 6 minutes ago Up 4 seconds 0.0.0.0:3001->8000/tcp wonderful_kalam -6cfa26e2e3c9 docker-rust-image "/bin/server" 16 minutes ago Exited (0) 7 minutes ago - friendly_montalcini -4cbe94b2ea0e docker-rust-image "/bin/server" 18 minutes ago Exited (0) 17 minutes ago - tender_bose +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +3e4830e7f013 docker-rust-image-dhi "/server" 3 minutes ago Up 7 seconds 0.0.0.0:3001->8000/tcp, [::]:3001->8000/tcp youthful_lamport +60009b7eaf40 docker-rust-image-dhi "/server" 4 minutes ago Exited (0) 3 minutes ago sharp_noyce +152e1d7d9eea docker-rust-image-dhi "/server ." 5 minutes ago Exited (0) 4 minutes ago magical_bhabha ``` Notice that the container you just restarted has been started in detached mode. Also, observe the status of the container is "Up X seconds". When you restart a container, it starts with the same flags or commands that it was originally started with. @@ -161,8 +154,8 @@ Notice that the container you just restarted has been started in detached mode. Now, stop and remove all of your containers and take a look at fixing the random naming issue. Stop the container you just started. Find the name of your running container and replace the name in the following command with the name of the container on your system. ```console -$ docker stop wonderful_kalam -wonderful_kalam +$ docker stop youthful_lamport +youthful_lamport ``` Now that you have stopped all of your containers, remove them. When you remove a container, it's no longer running, nor is it in the stopped status, but the process inside the container has been stopped and the metadata for the container has been removed. @@ -170,10 +163,10 @@ Now that you have stopped all of your containers, remove them. When you remove a To remove a container, run the `docker rm` command with the container name. You can pass multiple container names to the command using a single command. Again, replace the container names in the following command with the container names from your system. ```console -$ docker rm wonderful_kalam friendly_montalcini tender_bose -wonderful_kalam -friendly_montalcini -tender_bose +$ docker rm youthful_lamport friendly_montalcini tender_bose +youthful_lamport +sharp_noyce +magical_bhabha ``` Run the `docker ps --all` command again to see that Docker removed all containers. @@ -183,11 +176,11 @@ Now, it's time to address the random naming issue. Standard practice is to name To name a container, you just need to pass the `--name` flag to the `docker run` command. ```console -$ docker run -d -p 3001:8000 --name docker-rust-container docker-rust-image +$ docker run -d -p 3001:8000 --name docker-rust-container docker-rust-image-dhi 1aa5d46418a68705c81782a58456a4ccdb56a309cb5e6bd399478d01eaa5cdda $ docker ps -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -c68fa18de1f6 docker-rust-image "/bin/server" 7 seconds ago Up 6 seconds 0.0.0.0:3001->8000/tcp docker-rust-container +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +219b2e3c7c38 docker-rust-image-dhi "/server" 6 seconds ago Up 5 seconds 0.0.0.0:3001->8000/tcp, [::]:3001->8000/tcp docker-rust-container ``` That’s better! You can now easily identify your container based on the name. From cbdc0acd2c0cef8c1a8a3d8eb37997e7f596c9f2 Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sun, 18 Jan 2026 00:20:17 +0000 Subject: [PATCH 09/10] Fix docker build proper name --- content/guides/rust/build-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index 912fd3611abf..13cb43e12597 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -244,7 +244,7 @@ Docker uses "latest" as its default tag. Build the Docker image. ```console -$ docker build --tag docker-rust-image . +$ docker build --tag docker-rust-image-dhi . ``` You should see output like the following. From 8e64cb5e0683cfc78c69457634104d8793631c3a Mon Sep 17 00:00:00 2001 From: Edith Puclla Date: Sun, 18 Jan 2026 00:32:00 +0000 Subject: [PATCH 10/10] Remove one space in command --- content/guides/rust/build-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/rust/build-images.md b/content/guides/rust/build-images.md index 13cb43e12597..9d9ba3b26459 100644 --- a/content/guides/rust/build-images.md +++ b/content/guides/rust/build-images.md @@ -292,7 +292,7 @@ IMAGE ID DISK USAGE CONTENT SIZE EXTRA docker-rust-image-dhi:latest 99a1b925a8d6 11.6MB 2.45MB U ``` -You should see at least one image listed, including the image you just built `docker-rust-image-dhi:latest `. +You should see at least one image listed, including the image you just built `docker-rust-image-dhi:latest`. ## Tag images