Docker Cheat Sheet
Essential Docker commands for images, containers, volumes, networks, Docker Compose, and Dockerfile instructions.
Images
| Command | Description |
|---|---|
docker images | List local images |
docker pull image:tag | Download image from registry |
docker build -t name:tag . | Build image from Dockerfile in current dir |
docker build -f path/Dockerfile . | Build from specific Dockerfile |
docker build --no-cache -t name . | Build without cache |
docker tag img:tag newname:tag | Tag an image |
docker push image:tag | Push image to registry |
docker rmi image | Remove an image |
docker rmi $(docker images -q) | Remove all images |
docker save -o file.tar image | Save image to tar file |
docker load -i file.tar | Load image from tar file |
docker history image | Show image layer history |
Containers
| Command | Description |
|---|---|
docker ps | List running containers |
docker ps -a | List all containers (including stopped) |
docker run image | Create and start container |
docker start container | Start a stopped container |
docker stop container | Gracefully stop container |
docker restart container | Restart container |
docker kill container | Force stop container |
docker rm container | Remove stopped container |
docker rm -f container | Force remove (even if running) |
docker rename old new | Rename a container |
docker exec -it container bash | Open interactive shell in running container |
docker exec container cmd | Run command in container |
docker logs container | View container logs |
docker logs -f container | Follow logs in real-time |
docker logs --tail 100 container | Last 100 log lines |
docker cp container:/path ./local | Copy files from container |
docker cp ./local container:/path | Copy files to container |
Run Options
| Flag | Description |
|---|---|
-d | Run in detached mode (background) |
-it | Interactive + TTY (for shell access) |
--name myapp | Assign a name to the container |
-p 8080:80 | Map host port 8080 to container port 80 |
-P | Map all exposed ports to random host ports |
-v /host:/container | Bind mount a volume |
-v mydata:/data | Use a named volume |
-e KEY=VALUE | Set environment variable |
--env-file .env | Load env vars from file |
--rm | Auto-remove container when it stops |
--restart always | Always restart (unless manually stopped) |
--restart unless-stopped | Restart unless explicitly stopped |
--network mynet | Connect to a specific network |
-w /app | Set working directory |
--memory 512m | Limit memory to 512MB |
--cpus 2 | Limit to 2 CPUs |
# Common run examples
docker run -d --name web -p 8080:80 nginx
docker run -it --rm node:20 bash
docker run -d --name db -e POSTGRES_PASSWORD=secret -v pgdata:/var/lib/postgresql/data postgres:16Volumes
| Command | Description |
|---|---|
docker volume ls | List volumes |
docker volume create mydata | Create a named volume |
docker volume inspect mydata | Show volume details |
docker volume rm mydata | Remove a volume |
docker volume prune | Remove all unused volumes |
Tip: Named volumes (
-v mydata:/data) persist across container restarts. Bind mounts (-v /host/path:/data) map to host filesystem and are great for development.
Networks
| Command | Description |
|---|---|
docker network ls | List networks |
docker network create mynet | Create a bridge network |
docker network inspect mynet | Show network details |
docker network connect mynet container | Connect container to network |
docker network disconnect mynet container | Disconnect from network |
docker network rm mynet | Remove a network |
docker network prune | Remove unused networks |
Dockerfile
| Instruction | Description |
|---|---|
FROM image:tag | Base image |
WORKDIR /app | Set working directory |
COPY src dest | Copy files from host to image |
ADD src dest | Copy + auto-extract archives + URL support |
RUN command | Execute command during build |
CMD ["cmd", "arg"] | Default command when container starts |
ENTRYPOINT ["cmd"] | Command that always runs (CMD becomes args) |
ENV KEY=VALUE | Set environment variable |
ARG NAME=default | Build-time variable |
EXPOSE 8080 | Document which port the container listens on |
VOLUME /data | Create a mount point |
USER username | Set user for subsequent instructions |
LABEL key="value" | Add metadata |
HEALTHCHECK CMD curl -f http://localhost/ | Container health check |
Example: Node.js App
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]Example: Python App
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:8000"]
Tip: Copy dependency files first, then
RUN install, then copy source code. This maximizes Docker layer caching — dependencies only reinstall when the lock file changes.
Docker Compose
| Command | Description |
|---|---|
docker compose up | Start all services |
docker compose up -d | Start in detached mode |
docker compose up --build | Build images before starting |
docker compose down | Stop and remove containers |
docker compose down -v | Stop and remove containers + volumes |
docker compose ps | List running services |
docker compose logs -f | Follow logs for all services |
docker compose logs service | Logs for specific service |
docker compose exec service bash | Shell into running service |
docker compose restart service | Restart a specific service |
docker compose pull | Pull latest images |
docker compose config | Validate and view merged config |
Example: compose.yaml
services:
web:
build: .
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgres://user:pass@db:5432/mydb
depends_on:
- db
volumes:
- ./src:/app/src
db:
image: postgres:16
environment:
POSTGRES_PASSWORD: secret
POSTGRES_DB: mydb
volumes:
- pgdata:/var/lib/postgresql/data
ports:
- "5432:5432"
volumes:
pgdata:Cleanup
| Command | Description |
|---|---|
docker system prune | Remove stopped containers, unused networks, dangling images |
docker system prune -a | Also remove all unused images |
docker system prune -a --volumes | Remove everything unused (including volumes) |
docker system df | Show Docker disk usage |
docker container prune | Remove stopped containers |
docker image prune | Remove dangling images |
docker volume prune | Remove unused volumes |
Inspect & Debug
| Command | Description |
|---|---|
docker inspect container | Detailed container info (JSON) |
docker stats | Live resource usage (CPU, memory, I/O) |
docker top container | Running processes in container |
docker port container | Show port mappings |
docker diff container | Show filesystem changes |
docker events | Real-time Docker events |
docker version | Docker version info |
docker info | System-wide Docker info |