Docker Cheat Sheet

Build an image from a Dockerfile in the current directory

Reads Dockerfile in . and creates an unnamed image

Build and tag an image with a name and version

docker build -t myapp:1.0 . -- tags as myapp:1.0

List all locally stored images

Add --format to customize output columns

Download an image from a registry

docker pull node:20-alpine -- pulls from Docker Hub

Upload an image to a registry

docker push myrepo/myapp:1.0 -- push to Docker Hub or private registry

Remove one or more images

docker rmi myapp:1.0 -- add -f to force removal

Remove all dangling (untagged) images

Add -a to remove ALL unused images, not just dangling ones

Create a new tag that refers to an existing image

docker tag myapp:1.0 myrepo/myapp:latest

Save an image to a tar archive file

docker save -o myapp.tar myapp:1.0 -- for offline transfer

Load an image from a tar archive file

docker load -i myapp.tar -- imports the image locally

Create and start a new container from an image

docker run ubuntu -- runs and attaches to the container

Run a container in detached (background) mode

docker run -d nginx -- returns the container ID

Map a host port to a container port

docker run -p 8080:80 nginx -- access via localhost:8080

Mount a host directory or volume into the container

docker run -v $(pwd):/app node:20 -- bind mount current dir

Automatically remove the container when it exits

docker run --rm alpine echo hello -- cleans up after itself

Assign a custom name to the container

docker run --name web -d nginx -- easier to reference later

List currently running containers

Shows container ID, image, command, status, ports, and names

List all containers including stopped ones

Useful for finding exited containers to restart or remove

Gracefully stop a running container (SIGTERM, then SIGKILL)

docker stop web -- waits 10s by default, use -t to change

Start a previously stopped container

docker start web -- resumes with original run configuration

Remove a stopped container

docker rm web -- add -f to force-remove a running container

Run a command inside a running container interactively

docker exec -it web /bin/sh -- opens a shell session

Create a new user-defined network

docker network create mynet -- bridge driver by default

List all Docker networks

Shows network ID, name, driver, and scope

Display detailed information about a network

Shows connected containers, subnet, gateway, and config

Connect a running container to a network

docker network connect mynet web -- container joins network

Disconnect a container from a network

docker network disconnect mynet web -- removes from network

Remove one or more networks

docker network rm mynet -- network must have no containers

Remove all unused networks

Removes networks not used by any container. Add -f to skip prompt

Create a named volume for persistent data storage

docker volume create pgdata -- data survives container removal

List all Docker volumes

Shows volume driver and name

Display detailed information about a volume

Shows mount point, driver, creation date, and labels

Remove one or more volumes

docker volume rm pgdata -- volume must not be in use

Remove all volumes not used by any container

WARNING: deletes data. Add -f to skip confirmation prompt

Two syntaxes for mounting volumes in docker run

--mount is more explicit and recommended for clarity; -v is shorter

Create and start all services defined in compose.yml

Builds images if needed, creates networks and volumes

Start all services in detached (background) mode

docker compose up -d -- returns control to your terminal

Stop and remove containers, networks created by up

Add -v to also remove named volumes, --rmi all to remove images

Build or rebuild service images

docker compose build --no-cache -- force full rebuild

List containers for the current Compose project

Shows status, ports, and command for each service

View log output from all services

docker compose logs -f web -- follow logs for specific service

Execute a command in a running service container

docker compose exec db psql -U postgres -- open psql shell

Pull the latest images for all services

Run before 'up' to ensure you have the newest versions

Restart all or specific services

docker compose restart web -- restarts only the web service

Validate and display the resolved Compose configuration

Merges all compose files and shows the final config. Great for debugging

Set the base image for the build stage

FROM node:20-alpine -- always pin a specific version

Execute a command during the image build process

RUN apt-get update && apt-get install -y curl -- chain commands to reduce layers

Set the default command to run when the container starts

CMD ["node", "server.js"] -- can be overridden at runtime

Set the main executable that always runs in the container

ENTRYPOINT ["python"] with CMD ["app.py"] -- CMD provides default args

Copy files or directories from host to image filesystem

COPY package*.json ./ -- copy only what is needed first for caching

Copy files with extra features (auto-extract tar, fetch URLs)

ADD app.tar.gz /app -- prefer COPY unless you need tar extraction

Set the working directory for subsequent instructions

WORKDIR /app -- creates the directory if it does not exist

Set an environment variable in the image

ENV NODE_ENV=production -- persists in running containers

Document which port the container listens on at runtime

EXPOSE 3000 -- informational only, does not publish the port

Create a mount point for persistent or shared data

VOLUME /data -- anonymous volume created at runtime

Define a build-time variable (not available in running container)

ARG NODE_VERSION=20 then FROM node:${NODE_VERSION}-alpine

Define a command to check container health at intervals

HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/ || exit 1

Fetch the stdout/stderr logs of a container

docker logs web -- add --tail 100 to limit output

Follow (stream) log output in real-time

docker logs -f web -- like tail -f, Ctrl+C to stop

Return detailed JSON info about a container or image

docker inspect web | jq '.[0].NetworkSettings' -- pipe to jq for readability

Display a live stream of container resource usage

docker stats web db -- monitor specific containers' CPU, memory, net, I/O

Display the running processes inside a container

docker top web -- similar to running ps inside the container

Stream real-time events from the Docker daemon

docker events --filter type=container -- filter by object type

Show filesystem changes made inside a container since start

A = added, C = changed, D = deleted files relative to the image

Copy files between a container and the local filesystem

docker cp web:/app/logs ./logs -- works with running or stopped containers

Log in to a Docker registry (Docker Hub by default)

docker login ghcr.io -- log in to GitHub Container Registry

Log out from a Docker registry

docker logout ghcr.io -- removes stored credentials

Search Docker Hub for images matching a term

docker search nginx --filter stars=100 -- filter by popularity

Download an image or repository from a registry

docker pull ghcr.io/org/app:v2 -- pull from any registry

Upload an image to a registry

Tag first, then push: docker tag app myrepo/app:v1 && docker push myrepo/app:v1