Cheatsheets / Docker

Docker Cheatsheet

Complete Docker reference. Hit Ctrl+P to print.

Images

docker build -t name:tag .Build image from Dockerfile in current directory

docker build -t name:tag -f path/Dockerfile .Build with a specific Dockerfile path

docker build --no-cache -t name:tag .Build ignoring layer cache

docker build --build-arg KEY=val .Pass build argument to Dockerfile ARG

docker pull nginx:alpineDownload image from registry

docker push user/repo:tagUpload image to registry

docker imagesList all local images

docker images -qList image IDs only

docker tag source:tag target:tagCreate a new tag pointing to the same image

docker rmi image:tagRemove an image

docker rmi $(docker images -q)Remove all images

docker image pruneRemove dangling (untagged) images

docker image prune -aRemove all unused images

docker history image:tagShow layer history of an image

docker inspect image:tagShow full image metadata as JSON

docker save image:tag | gzip > image.tar.gzExport image to a tar archive

docker load < image.tar.gzImport image from a tar archive

Containers

docker run image:tagCreate and start a container

docker run -d image:tag-d detached — run in background

docker run -it image:tag sh-it interactive TTY — attach shell

docker run --rm image:tag--rm — remove container automatically when it exits

docker run --name myapp image:tagAssign a name to the container

docker run -p 8080:80 image:tag-p host:container port mapping

docker run -p 127.0.0.1:8080:80 image:tagBind to specific host interface

docker run -v /host/path:/container/path image:tag-v bind mount host directory

docker run -v myvolume:/data image:tagMount named volume

docker run -e KEY=value image:tag-e set environment variable

docker run --env-file .env image:tagLoad environment variables from file

docker run --network mynet image:tagAttach to a network

docker run --memory 512m --cpus 1.5 image:tagLimit memory and CPU

docker run --restart unless-stopped image:tagRestart policy: no|always|on-failure|unless-stopped

docker psList running containers

docker ps -aList all containers including stopped

docker start / stop / restart nameStart / stop / restart a container

docker stop $(docker ps -q)Stop all running containers

docker rm nameRemove a stopped container

docker rm -f nameForce remove a running container

docker container pruneRemove all stopped containers

docker exec -it name shRun shell in running container

docker exec name commandRun one-off command in running container

docker logs nameView container logs

docker logs -f nameFollow (tail) container logs

docker logs --tail 100 nameShow last 100 log lines

docker cp name:/path/file ./localCopy file from container to host

docker cp ./local name:/path/fileCopy file from host to container

docker statsLive CPU, memory, and network usage for all containers

docker top nameShow running processes inside a container

docker inspect nameShow full container metadata as JSON

docker diff nameShow filesystem changes made by container

docker commit name new-image:tagCreate image from container state

Dockerfile

FROM node:20-alpineBase image — must be first instruction

FROM node:20-alpine AS builderNamed stage for multi-stage builds

COPY --from=builder /app/dist ./distCopy from a previous build stage

RUN apt-get update && apt-get install -y curlRun command during build — creates a layer

RUN --mount=type=cache,target=/root/.npm npm installMount cache during build — not stored in image

COPY src/ /app/src/Copy files from build context into image

COPY --chown=node:node . .Copy with ownership

ADD archive.tar.gz /app/ADD auto-extracts archives; prefer COPY for plain files

WORKDIR /appSet working directory — created if it does not exist

ENV NODE_ENV=productionSet environment variable — persists at runtime

ARG VERSION=1.0Build-time variable — not available at runtime

EXPOSE 8080Document which port the container listens on (does not publish)

USER nodeSwitch to non-root user — do this before CMD/ENTRYPOINT

VOLUME ["/data"]Declare a mount point — creates anonymous volume if not mounted

LABEL version="1.0" maintainer="you@example.com"Metadata key-value pairs

CMD ["node", "server.js"]Default command — overridable at docker run

CMD ["npm", "start"]Exec form (preferred) — no shell, signals handled correctly

ENTRYPOINT ["docker-entrypoint.sh"]Fixed executable — CMD becomes its arguments

ENTRYPOINT ["nginx", "-g", "daemon off;"]Common pattern: ENTRYPOINT sets binary, CMD sets flags

HEALTHCHECK --interval=30s --timeout=5s CMD curl -f http://localhost/ || exit 1Health check command run periodically

HEALTHCHECK NONEDisable inherited health check

ONBUILD COPY . /appTrigger instruction when this image is used as a base

SHELL ["/bin/bash", "-c"]Override default shell for RUN commands

Compose

docker compose up -dCreate and start all services in background

docker compose up -d --buildRebuild images before starting

docker compose downStop and remove containers and networks

docker compose down -vAlso remove named volumes

docker compose down --rmi allAlso remove images built by Compose

docker compose buildBuild or rebuild service images

docker compose build --no-cacheBuild ignoring cache

docker compose psList service containers and their status

docker compose logs -fFollow logs from all services

docker compose logs -f serviceFollow logs from one service

docker compose exec service shOpen shell in a running service container

docker compose run --rm service commandRun one-off command in a new container

docker compose restart serviceRestart a specific service

docker compose stop / start serviceStop / start a service without removing it

docker compose pullPull latest images for all services

docker compose configValidate and print the resolved Compose config

docker compose --profile prod up -dStart services matching a profile

docker compose -f docker-compose.yml -f docker-compose.prod.yml up -dMerge multiple Compose files

depends_on:\n db:\n condition: service_healthyWait for service health check before starting

Volumes & Networks

docker volume create myvolumeCreate a named volume

docker volume lsList all volumes

docker volume inspect myvolumeShow volume details including mount point

docker volume rm myvolumeRemove a volume

docker volume pruneRemove all unused volumes

-v myvolume:/dataMount named volume

-v /host/path:/container/pathBind mount — sync host directory into container

-v /host/path:/container/path:roBind mount read-only

--mount type=tmpfs,target=/tmptmpfs mount — in-memory, not persisted

docker network create mynetCreate a bridge network

docker network create --driver overlay mynetCreate overlay network (Swarm)

docker network lsList all networks

docker network inspect mynetShow network details and connected containers

docker network connect mynet nameConnect a running container to a network

docker network disconnect mynet nameDisconnect container from network

docker network rm mynetRemove a network

docker network pruneRemove all unused networks

--network hostUse host network stack — no isolation, best performance

--network noneDisable all networking

Registry

docker loginLog in to Docker Hub

docker login ghcr.ioLog in to GitHub Container Registry

docker logoutLog out from registry

docker search nginxSearch Docker Hub for images

docker tag myapp:latest user/myapp:1.0Tag image for push to registry

docker push user/myapp:1.0Push image to registry

docker pull user/myapp:1.0Pull specific image version

docker pull user/myapp@sha256:abc123Pull by digest — exact, immutable reference

docker manifest inspect image:tagShow manifest — useful for multi-arch images

docker buildx build --platform linux/amd64,linux/arm64 -t user/app:tag --push .Build and push multi-architecture image

docker system dfShow disk usage by images, containers, volumes

docker system pruneRemove all stopped containers, unused networks, dangling images

docker system prune -a --volumesFull cleanup — remove everything unused including volumes