← Back to all cheatsheets
DevOps
Docker Cheat Sheet
Basic Syntax
docker [command] [options]Container Management
Run Containers
docker run nginx # Run container from image
docker run -d nginx # Run in detached mode (background)
docker run -it ubuntu bash # Run interactively with shell
docker run --name mycontainer nginx # Run with custom name
docker run -p 8080:80 nginx # Port mapping (host:container)
docker run -v /host/path:/container/path nginx # Volume mount
docker run -e ENV_VAR=value nginx # Set environment variable
docker run --rm nginx # Remove container after exit
docker run --restart unless-stopped nginx # Auto-restart policyList Containers
docker ps # List running containers
docker ps -a # List all containers (including stopped)
docker ps -q # List container IDs only
docker ps -s # List with size information
docker ps --filter "status=exited" # Filter by statusContainer Operations
docker start container_name # Start stopped container
docker stop container_name # Stop running container
docker restart container_name # Restart container
docker pause container_name # Pause container
docker unpause container_name # Unpause container
docker kill container_name # Force stop container
docker rm container_name # Remove stopped container
docker rm -f container_name # Force remove running containerExecute Commands in Containers
docker exec container_name command # Execute command
docker exec -it container_name bash # Interactive shell
docker exec -u root container_name command # Execute as specific user
docker attach container_name # Attach to running containerContainer Inspection
docker logs container_name # View logs
docker logs -f container_name # Follow logs (tail)
docker logs --tail 100 container_name # Last 100 lines
docker logs --since 1h container_name # Logs from last hour
docker inspect container_name # Detailed info (JSON)
docker stats # Resource usage stats
docker stats container_name # Stats for specific container
docker top container_name # Running processes
docker port container_name # Port mappingsImage Management
Pull & Push Images
docker pull nginx # Pull image from registry
docker pull nginx:1.21 # Pull specific version
docker push username/image:tag # Push to registry
docker login # Login to registry
docker logout # Logout from registryList & Search Images
docker images # List local images
docker images -a # Show all images (including intermediate)
docker images -q # List image IDs only
docker search nginx # Search Docker HubRemove Images
docker rmi image_name # Remove image
docker rmi -f image_name # Force remove
docker image prune # Remove unused images
docker image prune -a # Remove all unused imagesImage Operations
docker tag source_image:tag target_image:tag # Tag image
docker save -o image.tar image_name # Export image to tar
docker load -i image.tar # Import image from tar
docker history image_name # Show image history
docker inspect image_name # Inspect image detailsBuilding Images
Dockerfile Basics
docker build . # Build from Dockerfile in current dir
docker build -t image_name:tag . # Build with tag
docker build -f custom.Dockerfile . # Use custom Dockerfile
docker build --no-cache . # Build without cache
docker build --build-arg VAR=value . # Pass build argument
docker build --target stage_name . # Multi-stage build (specific stage)Common Dockerfile Commands
FROM ubuntu:20.04 # Base image
LABEL maintainer="[email protected]" # Metadata
RUN apt-get update && apt-get install -y nginx # Execute command
COPY ./app /app # Copy files
ADD https://example.com/file.tar.gz /tmp/ # Copy and auto-extract
WORKDIR /app # Set working directory
ENV NODE_ENV=production # Set environment variable
EXPOSE 80 # Document port
USER appuser # Switch user
VOLUME /data # Create mount point
ENTRYPOINT ["executable"] # Configure container executable
CMD ["param1", "param2"] # Default command/paramsDocker Compose
Basic Commands
docker-compose up # Start services
docker-compose up -d # Start in detached mode
docker-compose down # Stop and remove containers
docker-compose down -v # Also remove volumes
docker-compose start # Start existing services
docker-compose stop # Stop services
docker-compose restart # Restart services
docker-compose ps # List services
docker-compose logs # View logs
docker-compose logs -f service_name # Follow logs
docker-compose exec service_name command # Execute command
docker-compose build # Build/rebuild services
docker-compose pull # Pull service imagesdocker-compose.yml Example
version: '3.8'
services:
web:
image: nginx:latest
ports:
- "8080:80"
volumes:
- ./html:/usr/share/nginx/html
environment:
- ENV_VAR=value
depends_on:
- db
db:
image: postgres:13
environment:
- POSTGRES_PASSWORD=secret
volumes:
- db-data:/var/lib/postgresql/data
volumes:
db-data:Volumes & Data Management
Volume Operations
docker volume create volume_name # Create volume
docker volume ls # List volumes
docker volume inspect volume_name # Inspect volume
docker volume rm volume_name # Remove volume
docker volume prune # Remove unused volumesUsing Volumes
docker run -v volume_name:/container/path image # Named volume
docker run -v /host/path:/container/path image # Bind mount
docker run --mount type=volume,src=vol,dst=/app image # Mount syntax
docker run --volumes-from container_name image # Copy volumes from containerNetworks
Network Operations
docker network create network_name # Create network
docker network ls # List networks
docker network inspect network_name # Inspect network
docker network rm network_name # Remove network
docker network prune # Remove unused networks
docker network connect network_name container # Connect container to network
docker network disconnect network_name container # Disconnect containerNetwork Types
docker run --network bridge container # Bridge network (default)
docker run --network host container # Host network
docker run --network none container # No network
docker run --network custom_network container # Custom networkSystem Management
System Information
docker version # Docker version info
docker info # System-wide information
docker system df # Disk usage
docker system events # Real-time eventsCleanup Operations
docker system prune # Remove unused data
docker system prune -a # Remove all unused data
docker system prune -a --volumes # Remove everything unused
docker container prune # Remove stopped containers
docker image prune # Remove dangling images
docker volume prune # Remove unused volumes
docker network prune # Remove unused networksDocker Registry
Working with Registries
docker tag image:tag registry.com/image:tag # Tag for registry
docker push registry.com/image:tag # Push to registry
docker pull registry.com/image:tag # Pull from registry
docker login registry.com # Login to private registry
docker search registry.com/term # Search registryRun Local Registry
docker run -d -p 5000:5000 --name registry registry:2
docker tag myimage localhost:5000/myimage
docker push localhost:5000/myimageMonitoring & Debugging
Container Debugging
docker diff container_name # Show filesystem changes
docker events --filter container=name # Container events
docker inspect --format '{{.State.Status}}' container # Specific info
docker cp container:/path/file ./local/path # Copy from container
docker cp ./local/file container:/path # Copy to containerHealth Checks
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1docker inspect --format='{{.State.Health}}' containerBest Practices
Image Building
# Use .dockerignore
node_modules
.git
*.log
# Multi-stage build example
FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:16-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
CMD ["node", "dist/index.js"]Security
docker run --read-only image # Read-only filesystem
docker run --security-opt=no-new-privileges image # Drop privileges
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE image # Limit capabilities
docker scan image_name # Scan for vulnerabilitiesUseful One-Liners
# Stop all containers
docker stop $(docker ps -q)
# Remove all containers
docker rm $(docker ps -aq)
# Remove all images
docker rmi $(docker images -q)
# Remove dangling images
docker rmi $(docker images -f "dangling=true" -q)
# View logs of latest container
docker logs $(docker ps -lq)
# Execute shell in latest container
docker exec -it $(docker ps -lq) bash
# Get container IP address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name
# Monitor container resource usage
watch docker stats --no-streamCommon Use Cases
Development Environment
# Run MySQL for development
docker run -d --name mysql \
-e MYSQL_ROOT_PASSWORD=secret \
-e MYSQL_DATABASE=myapp \
-p 3306:3306 \
-v mysql-data:/var/lib/mysql \
mysql:8.0
# Run Redis
docker run -d --name redis -p 6379:6379 redis:alpine
# Run Node.js app with live reload
docker run -it --rm \
-v $(pwd):/app \
-w /app \
-p 3000:3000 \
node:16 \
npm run devQuick Testing
# Quick Ubuntu shell
docker run -it --rm ubuntu bash
# Quick Python environment
docker run -it --rm python:3.9 python
# Quick Alpine Linux
docker run -it --rm alpine shTips
- Use
.dockerignoreto exclude unnecessary files from builds - Always use specific image tags, not
latestin production - Combine RUN commands to reduce layers:
RUN cmd1 && cmd2 && cmd3 - Use multi-stage builds to reduce final image size
- Clean up regularly with
docker system prune - Use named volumes for persistent data
- Use
--rmflag for temporary containers - Use
docker-composefor multi-container applications - Set resource limits with
--memoryand--cpusflags - Use health checks for production containers
- Keep images small by using Alpine-based images when possible
- Never store secrets in images; use environment variables or secrets management