docker images | List images |
docker pull <image> | Pull image from registry |
docker pull <image>:<tag> | Pull specific version |
docker push <image> | Push image to registry |
docker rmi <image> | Remove image |
docker rmi $(docker images -q) | Remove all images |
docker image prune | Remove unused images |
docker image prune -a | Remove all unused images |
docker tag <image> <new-tag> | Tag an image |
docker history <image> | Show image history |
docker inspect <image> | Show image details |
docker build -t <name> . | Build image from Dockerfile |
docker build -t <name>:<tag> . | Build with tag |
docker build -f <file> . | Build from specific Dockerfile |
docker build --no-cache . | Build without cache |
docker build --build-arg KEY=val . | Build with argument |
docker save -o <file>.tar <image> | Save image to tar file |
docker load -i <file>.tar | Load image from tar file |
docker run <image> | Run container |
docker run -d <image> | Run in background (detached) |
docker run -it <image> bash | Run interactive with shell |
docker run --name <name> <image> | Run with custom name |
docker run -p 8080:80 <image> | Map port host:container |
docker run -v /host:/container <image> | Mount volume |
docker run -e KEY=value <image> | Set environment variable |
docker run --env-file .env <image> | Load env from file |
docker run --rm <image> | Remove after exit |
docker run --network <net> <image> | Connect to network |
docker run --restart always <image> | Auto restart on failure |
docker ps | List running containers |
docker ps -a | List all containers |
docker start <container> | Start stopped container |
docker stop <container> | Stop running container |
docker restart <container> | Restart container |
docker kill <container> | Force stop container |
docker rm <container> | Remove container |
docker rm $(docker ps -aq) | Remove all containers |
docker container prune | Remove stopped containers |
docker rename <old> <new> | Rename container |
docker update --restart always <c> | Update container config |
docker exec -it <container> bash | Execute bash in container |
docker exec <container> <cmd> | Execute command |
docker attach <container> | Attach to container |
docker logs <container> | View container logs |
docker logs -f <container> | Follow logs (tail) |
docker logs --tail 100 <container> | Show last 100 lines |
docker inspect <container> | View container details |
docker top <container> | View running processes |
docker stats | View resource usage |
docker cp <container>:/path /local | Copy from container |
docker cp /local <container>:/path | Copy to container |
docker network ls | List networks |
docker network create <name> | Create network |
docker network create --driver bridge <n> | Create bridge network |
docker network rm <network> | Remove network |
docker network inspect <network> | View network details |
docker network connect <net> <container> | Connect container to network |
docker network disconnect <net> <c> | Disconnect from network |
docker network prune | Remove unused networks |
docker volume ls | List volumes |
docker volume create <name> | Create volume |
docker volume rm <volume> | Remove volume |
docker volume inspect <volume> | View volume details |
docker volume prune | Remove unused volumes |
-v <vol>:/path | Mount named volume |
-v /host/path:/container/path | Bind mount host directory |
-v /host/path:/path:ro | Read-only mount |
docker compose up | Start services |
docker compose up -d | Start in background |
docker compose up --build | Build and start |
docker compose down | Stop and remove |
docker compose down -v | Stop and remove with volumes |
docker compose ps | List containers |
docker compose logs | View logs |
docker compose logs -f | Follow logs |
docker compose exec <svc> bash | Execute in service |
docker compose build | Build images |
docker compose pull | Pull images |
docker compose restart | Restart services |
docker compose stop | Stop services |
docker compose config | Validate compose file |
# docker-compose.yml
version: '3.8'
services:
web:
build: .
ports:
- "8080:80"
volumes:
- ./app:/app
environment:
- NODE_ENV=production
depends_on:
- db
db:
image: postgres:15
volumes:
- db_data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=secret
volumes:
db_data: FROM image:tag | Base image |
FROM image:tag AS stage | Named build stage |
WORKDIR /app | Set working directory |
COPY src dest | Copy files/dirs |
COPY --from=stage src dest | Copy from stage |
ADD src dest | Copy with auto-extract |
RUN command | Execute command |
RUN ["cmd", "arg1"] | Exec form |
ENV KEY=value | Set environment variable |
ARG NAME=default | Build argument |
EXPOSE 8080 | Document port |
CMD ["cmd", "arg"] | Default command |
ENTRYPOINT ["cmd"] | Main executable |
USER username | Run as user |
VOLUME /data | Mount point |
LABEL key=value | Add metadata |
HEALTHCHECK CMD curl ... | Container health check |
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
USER node
EXPOSE 3000
CMD ["node", "dist/server.js"] docker login | Login to Docker Hub |
docker login registry.example.com | Login to private registry |
docker logout | Logout from registry |
docker tag image registry/image:tag | Tag for registry |
docker push registry/image:tag | Push to registry |
docker pull registry/image:tag | Pull from registry |
docker search <term> | Search Docker Hub |
--user 1000:1000 | Run as specific user/group |
--read-only | Read-only filesystem |
--cap-drop ALL | Drop all capabilities |
--cap-add NET_BIND_SERVICE | Add specific capability |
--security-opt no-new-privileges | Prevent privilege escalation |
--memory 512m | Memory limit |
--cpus 0.5 | CPU limit |
--pids-limit 100 | Process limit |
docker scan <image> | Scan for vulnerabilities |
docker system df | Show disk usage |
docker system prune | Remove unused data |
docker system prune -a | Remove all unused data |
docker system prune --volumes | Include volumes in cleanup |
docker info | Show system info |
docker version | Show Docker version |
.dockerignore to exclude filesdocker compose for multi-container apps