Why is my Docker container exiting with code 137?

Your container ran out of memory and got killed by the OOM killer. Set `--memory=512m` or whatever limit makes sense. Check what's actually using memory with `docker stats`. If you're running Chrome in a container (why?), it'll eat all available memory by default.

Docker Desktop is eating all my RAM - what do I do?

Go to Docker Desktop → Settings → Resources and lower the memory limit. Default is usually 50% of your system RAM, which is stupid. Set it to 4-8GB max unless you're doing something that actually needs more. Restart Docker Desktop after changing.

How do I fix "permission denied" when mounting volumes?

This is usually a file ownership issue. Your container runs as root but your host files are owned by your user. Either: - Use `--user $(id -u):$(id -g)` to run the container as your user - `chown -R $(id -u):$(id -g) /path/to/mounted/directory` on the host - Or just give up and `chmod 777` everything (not recommended for prod)

My build is slow as hell - how do I speed it up?

- Use `.dockerignore` to exclude `node_modules`, `.git`, and other garbage - Put frequently changing files (like your source code) at the bottom of your Dockerfile - Use multi-stage builds to avoid including build tools in the final image - `docker builder prune -af` if your cache is corrupted - Consider Docker Build Cloud if you have money to burn

Why can't my containers talk to each other?

They're probably on different networks. Use `docker-compose` and let it handle the networking, or create a custom bridge network: ```bash docker network create myapp docker run --network myapp --name web nginx docker run --network myapp --name db postgres ```

Docker Hub keeps rate limiting me - what are my options?

- Pay $5/month for Docker Hub Pro (unlimited pulls) - Use alternative registries like ghcr.io (GitHub Container Registry) - Set up your own registry with `docker run registry:2` - Cache base images in your CI/CD system

Is Podman actually a good Docker replacement?

For Linux servers? Yes. For macOS/Windows development? Meh. Podman is daemonless and rootless by default, which is nice for security. But Docker Desktop's polish is worth the $9/month for most developers. Try [Rancher Desktop](https://rancherdesktop.io/) as a middle ground.

How do I debug a container that won't start?

```bash # See what happened docker logs container-name # Start with a shell instead of your app docker run -it --entrypoint /bin/sh your-image # Check if your app exists and has the right permissions docker exec -it container-name ls -la /app ```

My Dockerfile works locally but fails in CI - why?

- Different base image versions (use specific tags, not `latest`) - Missing build dependencies in CI environment - Cached layers that aren't being rebuilt - Platform differences (ARM vs x86) if you're on Apple Silicon - Different environment variables or secrets

What's the difference between CMD and ENTRYPOINT?

- `CMD` sets default arguments that can be overridden - `ENTRYPOINT` sets the command that always runs - Use both: `ENTRYPOINT ["./app"]` and `CMD ["--prod"]` - This lets you run `docker run myapp --dev` to override just the arguments

How much does Docker actually cost for a team?

**Small team (5 developers)**: $45/month for Docker Desktop Pro **Medium team (20 developers)**: $300/month for Pro + $5/month for Docker Hub Pro **Enterprise (100 developers)**: $2400/month for Business plan + registry + scanning tools Factor in time saved not debugging environment issues. For most teams, it's worth it.

Should I run databases in containers?

**Development**: Absolutely. Consistent database versions, easy cleanup, works great with docker-compose. **Production**: Maybe. Stateless apps in containers are great. Databases need special handling for persistence, backups, and performance. Most teams use managed database services (AWS RDS, etc.) instead.

Why is my Node.js app slow in Docker?

- You're probably not using the production image properly - Make sure you're running `npm ci --only=production` - Use `node:18-alpine` instead of the full `node:18` image - Don't run as root - create a user in your Dockerfile - Set `NODE_ENV=production`

Can I run GUI applications in Docker?

Technically yes, but it's painful. You need to forward X11 or use VNC. Better options: - Use web interfaces instead - Run the GUI app on the host, containerize just the backend - Use Docker Desktop's GUI container support (experimental)

How do I handle secrets in containers?

**Don't**: Put secrets in environment variables or build them into images **Do**: Use Docker secrets, mounted files, or external secret managers ```bash # Mount secret as file docker run -v /host/secret:/app/secret:ro myapp # Or use Docker Swarm secrets docker service create --secret my_secret myapp ```

Currently viewing the AI version

Switch to human version

Docker: Technical Reference and Operational Intelligence

Core Problem Solved

Docker eliminates "works on my machine" deployment failures by packaging applications with exact runtime dependencies. Containers share host kernel but isolate everything else, providing near-native performance without VM overhead.

Critical Architecture Components

Container Runtime Process

Image Pull: Downloads from registry (usually Docker Hub)
Container Creation: Creates isolated environment from image
Filesystem Setup: Adds read-write layer on top of image layers
Network Setup: Creates interfaces and assigns IP addresses
Process Start: Runs application as PID 1 inside container

Underlying Technology

Linux namespaces: Process isolation
cgroups: Resource limiting
Layered filesystem: Cached, reusable image layers

Configuration That Actually Works

Memory Management

# Hard memory limits - container killed at 513MB if set to 512MB
--memory=512m
# Exit code 137 = out of memory kill

Critical Warning: Memory limits are enforced hard with no warnings. Container dies immediately when exceeded.

File Permissions Fix

# Run container as current user to avoid permission issues
--user $(id -u):$(id -g)

# Fix existing permission problems
chown -R $(id -u):$(id -g) /path/to/mounted/directory

Network Configuration

# Create custom network for inter-container communication
docker network create myapp
docker run --network myapp --name web nginx
docker run --network myapp --name db postgres

Default bridge network only works for simple cases. Custom networks required for reliable container-to-container communication.

Production Failure Modes

Docker Hub Rate Limiting

Free accounts: 100 pulls per 6 hours
Impact: Breaks CI/CD pipelines when exceeded
Solution: Docker Hub Pro ($5/month) or alternative registries

BuildKit Cache Corruption

Symptom: Builds become extremely slow
Fix: docker builder prune -af (loses all cached layers)
Trigger: Often occurs after Docker Desktop updates

Container Networking Issues

Problem: Containers on different networks cannot communicate
Root cause: Default bridge network limitations
Solution: Use docker-compose or custom networks

Windows Container Limitations

Reality: Windows containers still problematic compared to Linux
Tooling: Years behind Linux container ecosystem
Recommendation: Use Linux containers even on Windows (via WSL2)

Pricing Reality (2025)

Individual Developers

Docker Desktop: $9/month (was free until December 2024)
Alternative: Rancher Desktop (free but less polished)

Small Teams (5 developers)

Docker Desktop Pro: $45/month
Docker Hub Pro: $5/month (to avoid rate limits)
Total: $50/month

Medium Companies (20 developers)

Docker Desktop: $300/month
Docker Hub Pro: $5/month
Docker Scout: $100-500/month (security scanning)
Total: $405-805/month

Enterprise (100+ developers)

Docker Business: $2400/month
Additional tools: $10,000-50,000/month total
Alternative: Most run their own container registries

Resource Requirements

Performance Characteristics

Memory overhead: Minimal compared to VMs
Build time optimization: Multi-stage builds, .dockerignore, layer caching
Storage: Images share layers, reducing disk usage

Time Investment

Learning curve: 1-2 weeks for basic proficiency
Setup time: Hours on Windows/macOS, minutes on Linux
Debugging time: Significantly reduced deployment issues vs pre-Docker era

Common Failure Scenarios

Exit Code 125

Meaning: Dockerfile syntax error or missing command
Debug: Check Dockerfile syntax and base image contents

Permission Denied on Volume Mounts

Cause: Host files owned by different user than container process
Frequency: Very common in development
Impact: Application cannot read/write mounted files

Container Won't Start

# Debug sequence
docker logs container-name
docker run -it --entrypoint /bin/sh your-image
docker exec -it container-name ls -la /app

Slow Builds

Causes: Missing .dockerignore, poor layer ordering, corrupted cache
Impact: 10x slower builds without optimization
Solutions:
- Use .dockerignore for node_modules, .git
- Put frequently changing files at bottom of Dockerfile
- Use multi-stage builds

Docker vs Alternatives Comparison

Tool	Cost	Architecture	Windows Support	Production Usage
Docker	$9-24/month	Fat daemon (root)	Good	Universal
Podman	Free	Daemonless, rootless	Poor	Red Hat environments
containerd	Free	Minimal daemon	Server only	Kubernetes backend

Ecosystem Tool Assessment

Docker Compose

Value: Essential for multi-container development
Pain points: YAML syntax errors with poor error messages
Production use: Works but limited compared to Kubernetes

Docker Scout (Security Scanning)

Reality: Finds thousands of unfixable CVEs in dependencies
Usefulness: Good for catching obvious issues (root user, latest tags)
ROI: Security theater for most teams

Docker Build Cloud

Performance: 5x faster builds on complex projects
Cost: Significant for large teams
Worth it when: Developer time costs more than cloud compute

Migration Considerations

From Docker Compose to Kubernetes

Tool: Kompose converts compose files to Kubernetes YAML
Complexity increase: Significant operational overhead
Threshold: Consider when scaling beyond single-host deployments

Database Containers

Development: Excellent - consistent versions, easy cleanup
Production: Questionable - stateful services need special handling
Recommendation: Use managed database services (AWS RDS, etc.)

Security Implementation

Secrets Management

# WRONG: Environment variables visible in process list
docker run -e SECRET=password myapp

# RIGHT: Mount secrets as files
docker run -v /host/secret:/app/secret:ro myapp

Container Hardening

Never run as root user
Use minimal base images (Alpine)
Scan images for vulnerabilities
Set resource limits
Use read-only filesystems where possible

Critical Warnings

Docker Desktop licensing changed: Free use ended December 2024 for companies
Memory limits kill containers hard: No warnings, immediate termination
File permissions are complex: Especially with volume mounts
Rate limiting breaks CI/CD: Docker Hub limits affect build pipelines
Cache corruption happens: BuildKit cache needs periodic cleaning

Decision Criteria

Use Docker When:

Team has environment inconsistency issues
Deploying to multiple environments
Need consistent development environments
Cost of Docker licensing < cost of debugging deployment issues

Consider Alternatives When:

Budget constraints for Docker Desktop licenses
Security requirements for rootless containers
Simple single-environment deployments
Team expertise with alternative tools

Operational Recommendations

Budget for licensing costs in team planning
Set up alternative registries to avoid Docker Hub rate limits
Implement proper secrets management from day one
Use specific image tags, never "latest" in production
Monitor container resource usage to prevent OOM kills
Plan migration path to Kubernetes for scaling beyond single-host

Useful Links for Further Investigation

Docker Resources That Don't Suck

Link	Description
Docker Official Docs	The official Docker documentation, offering comprehensive guides and references. It's a decent starting point for new users with a get started guide, and the CLI reference is a must-have for all Docker users.
get started guide	A comprehensive guide within the official Docker documentation designed to help new users quickly understand and begin using Docker effectively.
CLI reference	The official command-line interface reference for Docker Engine, providing detailed information on all Docker CLI commands and their usage, essential for every Docker user.
Docker Hub	The official cloud-based registry service for Docker images, where users can find, store, and share container images, including all essential and official images.
official images	A curated list of Docker container images on Docker Hub that are officially maintained by Docker and trusted vendors, known for their reliability and security.
Docker Compose Documentation	The official documentation for Docker Compose, providing essential guidance for defining and running multi-container Docker applications, crucial for complex deployments.
compose file reference	A detailed reference for the Docker Compose file format, outlining all supported syntax and options, invaluable for troubleshooting and correctly configuring multi-container applications.
Dockerfile Best Practices	Official guidelines from Docker for writing effective and efficient Dockerfiles, covering strategies to improve build times, image size, and overall container performance.
image optimization techniques	Detailed techniques and strategies for optimizing Docker images, focusing on reducing image size and improving build efficiency, crucial for faster deployments and reduced storage.
efficient Dockerfiles	Specific best practices for creating efficient Dockerfiles, particularly emphasizing methods to minimize the number of layers, which significantly impacts image size and build performance.
Docker Security Best Practices	Official Docker guidelines for securing containerized applications and environments, providing essential recommendations to prevent vulnerabilities and protect against common security threats.
NIST's Container Security Guide	A comprehensive publication from the National Institute of Standards and Technology (NIST) offering in-depth guidance on container security, highly recommended for robust security implementations.
Container Networking Deep Dive	An in-depth guide to Docker container networking, essential for understanding how containers communicate and troubleshooting connectivity issues within your Docker environment.
bridge networks	Detailed documentation on Docker's default bridge network driver, explaining its functionality and configuration, crucial for resolving common container communication problems and debugging.
Common Docker Issues on Stack Overflow	A collection of frequently asked questions and solutions related to Docker on Stack Overflow, serving as a practical resource for troubleshooting common errors and finding community-driven answers.
permission denied	A specific Stack Overflow thread addressing the common 'permission denied' error encountered when interacting with Docker, providing various solutions and troubleshooting steps.
port already in use	A Stack Overflow discussion providing solutions for the common 'port already in use' error when running Docker containers, including methods to identify and terminate conflicting processes.
container exited with code 137	A Stack Overflow thread explaining the 'container exited with code 137' error, typically indicating an out-of-memory (OOM) issue, and offering debugging strategies and solutions.
VS Code Docker Extension	The official Docker extension for Visual Studio Code, providing seamless integration for Dockerfile syntax highlighting, comprehensive container management, and effective debugging support within the IDE.
Docker Desktop Alternatives	Rancher Desktop, a free and open-source alternative to Docker Desktop, providing Kubernetes and container management on Windows, macOS, and Linux with a strong developer focus.
Podman Desktop	A graphical tool for managing Podman containers, pods, and images, serving as an open-source alternative to Docker Desktop, though it might require more setup on Windows/Mac.
OrbStack	A fast, lightweight, and paid alternative to Docker Desktop specifically for Mac users, providing rapid container and Kubernetes environments with superior performance and resource efficiency.
LabEx Docker Playground	An online Docker environment that allows users to experiment with Docker commands and concepts without any local installation, offering a reliable alternative to older playgrounds.
Docker Multi-Stage Builds Guide	An official guide explaining Docker multi-stage builds, a crucial technique for creating smaller, more secure images by separating build-time dependencies from runtime, significantly reducing build times.
BuildKit optimizations	Documentation on BuildKit, Docker's next-generation build engine, detailing its advanced features and optimizations that can dramatically improve Docker image build performance and caching.
Container Monitoring with Prometheus	A guide on integrating cAdvisor with Prometheus for comprehensive container monitoring, detailing how to collect, store, and visualize metrics for production Docker environments.
cAdvisor	Google's open-source container advisor (cAdvisor) project, a powerful tool for analyzing resource usage and performance characteristics of running containers, essential for monitoring.
Docker Logging Configuration	Official documentation on configuring Docker container logging, providing methods to manage log drivers and ensure efficient handling of container output to prevent disk space issues.
Centralized logging	Guidance on implementing centralized logging for Docker containers using log tags, a critical practice in production environments for efficient log aggregation and analysis.
Kubernetes Migration Guide	A guide for migrating Docker Compose applications to Kubernetes, providing an overview of orchestration concepts and steps for scaling containerized applications beyond single-host deployments.
Kompose	An open-source tool that helps users convert Docker Compose files into Kubernetes resources (YAML), simplifying the transition of multi-container applications to a Kubernetes cluster.
GitHub Actions Docker Build	Official documentation on building and publishing Docker images using GitHub Actions, providing step-by-step instructions for integrating Docker image workflows into your CI/CD pipelines.
GitLab CI Docker Integration	A comprehensive guide for integrating Docker into GitLab CI/CD pipelines, covering image building, pushing to the integrated container registry, and leveraging Docker for continuous integration.
Docker Hub Rate Limiting	Official documentation explaining Docker Hub's image download rate limits, crucial for understanding CI/CD pipeline failures and managing pull requests for both free and authenticated users.
Authenticated users	Specific details on the increased Docker image pull limits available to authenticated Docker Hub users, outlining the benefits of logging in to avoid rate limit issues in CI/CD.
alternative registries	Information on GitHub Packages, an alternative container registry for storing and managing Docker images, providing a viable solution to Docker Hub's rate limiting for CI/CD pipelines.
Awesome Docker GitHub Repository	A highly curated and popular GitHub repository featuring an extensive list of Docker tools, tutorials, libraries, and resources, widely recognized and used by the Docker community.
Docker Community Forums	The official Docker community forums, a dedicated platform for users to discuss issues, ask questions, and receive help directly from other Docker users and experts.
Docker Blog	The official Docker blog, providing updates, feature announcements, technical articles, and insights into the Docker ecosystem, useful for staying informed on new developments and pricing.
Docker System Commands	Official documentation for Docker system commands, providing essential tools like `docker system prune` for managing Docker's disk usage and resolving common, stubborn issues.
Docker Hub Status Page	The official status page for Docker Hub, providing real-time information on service availability and outages, crucial for diagnosing issues with image pulls and pushes.
Docker Desktop Troubleshooting	Official troubleshooting guide for Docker Desktop, offering platform-specific solutions and common fixes for issues encountered with the desktop application, often involving restarts or reinstallation.
Container Exit Codes Reference	Official documentation detailing Docker container exit codes, explaining their meanings (e.g., 0 for success, 137 for out of memory), essential for diagnosing application and Docker-related failures.

Docker: Technical Reference and Operational Intelligence

Core Problem Solved

Critical Architecture Components

Container Runtime Process

Underlying Technology

Configuration That Actually Works

Memory Management

File Permissions Fix

Network Configuration

Production Failure Modes

Docker Hub Rate Limiting

BuildKit Cache Corruption

Container Networking Issues

Windows Container Limitations

Pricing Reality (2025)

Individual Developers

Small Teams (5 developers)

Medium Companies (20 developers)

Enterprise (100+ developers)

Resource Requirements

Performance Characteristics

Time Investment

Common Failure Scenarios

Exit Code 125

Permission Denied on Volume Mounts

Container Won't Start

Slow Builds

Docker vs Alternatives Comparison

Ecosystem Tool Assessment

Docker Compose

Docker Scout (Security Scanning)

Docker Build Cloud

Migration Considerations

From Docker Compose to Kubernetes

Database Containers

Security Implementation

Secrets Management

Container Hardening

Critical Warnings

Decision Criteria

Use Docker When:

Consider Alternatives When:

Operational Recommendations

Useful Links for Further Investigation

Docker Resources That Don't Suck

Related Tools & Recommendations

GitHub Actions + Jenkins Security Integration

Stop Fighting Your CI/CD Tools - Make Them Work Together

GitOps Integration Hell: Docker + Kubernetes + ArgoCD + Prometheus

Docker Desktop vs Podman Desktop vs Rancher Desktop vs OrbStack: What Actually Happens

Fix Kubernetes ImagePullBackOff Error - The Complete Battle-Tested Guide

Fix Kubernetes OOMKilled Pods - Production Memory Crisis Management

GitHub Actions is Fine for Open Source Projects, But Try Explaining to an Auditor Why Your CI/CD Platform Was Built for Hobby Projects

GitHub Actions + Docker + ECS: Stop SSH-ing Into Servers Like It's 2015

Jenkins - The CI/CD Server That Won't Die

Deploy Django with Docker Compose - Complete Production Guide

Docker Compose 2.39.2 and Buildx 0.27.0 Released with Major Updates

containerd - The Container Runtime That Actually Just Works

Podman Desktop - Free Docker Desktop Alternative

Podman Desktop Alternatives That Don't Suck

GitLab Container Registry

Colima - Docker Desktop Alternative That Doesn't Suck

Docker Desktop Alternatives That Don't Suck

Docker Desktop is Fucked - CVE-2025-9074 Container Escape

How to Actually Escape Docker Desktop Without Losing Your Shit

OrbStack Performance Troubleshooting - Fix the Shit That Breaks