Think of it more like pre-canned build scripts. I can just write a script (DockerFile), which tells docker how to prepare the environment for my app. Usually, this is just pulling the pre-canned image for the app, maybe with some extra dependencies pulled in.

This builds an image (a non-running snapshot of your environment), which can be used to run a container (the actual running app)

Then, i can write a config file (docker-compose.yaml) which tells docker how to configure everything about how the container talks to the host.

• shared folders (volumes)
• other containers it needs to talk to
• network isolation and exposed ports

---

The benefit of this, is that I don’t have to configure the host in any way to build / host the app (other than installing docker). Just push the project files and docker files, and docker takes care of everything else

This makes for a more reliable and dependable deploy

You can even develop the app locally without having any of the devtools installed on the host

As well, this makes your app platform agnostic. As long as it has docker, you don’t need to touch your build scripts to deploy to a new host, regardless of OS

---

A second benefit is process isolation. Should your app rely on an insecure library, or should your app get compromised, you have a buffer between the compromised process and the host (like a light weight VM)