Essential Docker commands for container and image management.
Container Management
Running Containers
# Run container
docker run nginx
# Run with name
docker run --name my-nginx nginx
# Run in background
docker run -d nginx
# Run with port mapping
docker run -p 8080:80 nginx
# Run with volume mount
docker run -v /host/path:/container/path nginx
# Run with environment variables
docker run -e MY_VAR=value nginx
# Run interactive shell
docker run -it ubuntu /bin/bash
# Run and remove after exit
docker run --rm nginx
# Run with restart policy
docker run --restart=always nginx
Container Operations
# List running containers
docker ps
# List all containers (including stopped)
docker ps -a
# Start container
docker start container_name
# Stop container
docker stop container_name
# Restart container
docker restart container_name
# Remove container
docker rm container_name
# Remove all stopped containers
docker container prune
# Force remove running container
docker rm -f container_name
Container Interaction
# Execute command in running container
docker exec container_name ls /app
# Interactive shell in running container
docker exec -it container_name /bin/bash
# View container logs
docker logs container_name
# Follow logs
docker logs -f container_name
# View last 100 lines
docker logs --tail 100 container_name
# Inspect container
docker inspect container_name
# View container stats
docker stats container_name
# Copy files from container
docker cp container_name:/path/to/file ./local/path
# Copy files to container
docker cp ./local/file container_name:/path/to/destination
Image Management
Images
# List images
docker images
# Pull image
docker pull nginx
# Pull specific tag
docker pull nginx:1.21
# Pull all tags
docker pull -a nginx
# Remove image
docker rmi nginx
# Remove unused images
docker image prune
# Remove all images
docker rmi $(docker images -q)
# Tag image
docker tag nginx:latest my-nginx:v1
# Save image to tar
docker save -o nginx.tar nginx
# Load image from tar
docker load -i nginx.tar
Building Images
# Build from Dockerfile
docker build -t my-image .
# Build with specific Dockerfile
docker build -f Dockerfile.prod -t my-image .
# Build with build args
docker build --build-arg VERSION=1.0 -t my-image .
# Build without cache
docker build --no-cache -t my-image .
# Build and tag multiple
docker build -t my-image:latest -t my-image:v1.0 .
Dockerfile Example
FROM ubuntu:22.04
# Set working directory
WORKDIR /app
# Copy files
COPY . /app
# Install dependencies
RUN apt-get update && apt-get install -y python3
# Set environment variable
ENV APP_ENV=production
# Expose port
EXPOSE 8000
# Run command
CMD ["python3", "app.py"]
Docker Compose
Basic Commands
# Start services
docker-compose up
# Start in background
docker-compose up -d
# Stop services
docker-compose down
# Stop and remove volumes
docker-compose down -v
# View logs
docker-compose logs
# Follow logs
docker-compose logs -f
# List services
docker-compose ps
# Restart services
docker-compose restart
# Build services
docker-compose build
# Pull images
docker-compose pull
Docker Compose File Example
version: '3.8'
services:
web:
build: .
ports:
- "8000:8000"
volumes:
- .:/app
environment:
- DEBUG=1
depends_on:
- db
db:
image: postgres:14
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=secret
volumes:
postgres_data:
Networking
Network Commands
# List networks
docker network ls
# Create network
docker network create my-network
# Connect container to network
docker network connect my-network container_name
# Disconnect container from network
docker network disconnect my-network container_name
# Remove network
docker network rm my-network
# Inspect network
docker network inspect my-network
# Run container on specific network
docker run --network=my-network nginx
Volumes
Volume Management
# List volumes
docker volume ls
# Create volume
docker volume create my-volume
# Remove volume
docker volume rm my-volume
# Remove unused volumes
docker volume prune
# Inspect volume
docker volume inspect my-volume
# Use volume in container
docker run -v my-volume:/data nginx
# Bind mount
docker run -v /host/path:/container/path nginx
# Read-only mount
docker run -v /host/path:/container/path:ro nginx
Registry & Repository
Docker Hub
# Login to Docker Hub
docker login
# Logout
docker logout
# Push image
docker push username/image:tag
# Search images
docker search nginx
# Tag for push
docker tag my-image username/my-image:latest
docker push username/my-image:latest
Private Registry
# Tag for private registry
docker tag my-image registry.example.com/my-image:v1
# Push to private registry
docker push registry.example.com/my-image:v1
# Pull from private registry
docker pull registry.example.com/my-image:v1
# Run local registry
docker run -d -p 5000:5000 --name registry registry:2
System Management
Cleanup
# Remove unused data
docker system prune
# Remove all unused data (including volumes)
docker system prune -a --volumes
# View disk usage
docker system df
# Remove all stopped containers
docker container prune
# Remove all unused images
docker image prune
# Remove all unused volumes
docker volume prune
# Remove all unused networks
docker network prune
System Information
# Docker version
docker --version
# Docker info
docker info
# Docker system events
docker events
# Docker system disk usage
docker system df -v
Debugging & Troubleshooting
Inspection
# Inspect container
docker inspect container_name
# Get specific field
docker inspect -f '{{.State.Running}}' container_name
# Get IP address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name
# Get all environment variables
docker inspect -f '{{range .Config.Env}}{{println .}}{{end}}' container_name
# Check container processes
docker top container_name
# View container resource usage
docker stats container_name
# View container changes
docker diff container_name
Health Checks
# In Dockerfile
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
# Check health status
docker inspect --format='{{.State.Health.Status}}' container_name
Multi-Stage Builds
# Build stage
FROM golang:1.19 AS builder
WORKDIR /app
COPY . .
RUN go build -o main .
# Runtime stage
FROM alpine:latest
WORKDIR /app
COPY --from=builder /app/main .
CMD ["./main"]
Useful One-Liners
# Stop all running containers
docker stop $(docker ps -q)
# Remove all containers
docker rm $(docker ps -a -q)
# Remove all images
docker rmi $(docker images -q)
# Get shell in running container
docker exec -it $(docker ps -q | head -1) /bin/bash
# View logs of last created container
docker logs $(docker ps -lq)
# Remove exited containers
docker rm $(docker ps -a -f status=exited -q)
# Remove dangling images
docker rmi $(docker images -f dangling=true -q)
# Get container IP
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name
# Follow logs of multiple containers
docker-compose logs -f service1 service2
# Restart all containers
docker restart $(docker ps -q)
# Export container filesystem
docker export container_name > container.tar
# Import container filesystem
cat container.tar | docker import - new-image:latest
# Run command in all running containers
docker ps -q | xargs -I {} docker exec {} command
# Clean everything
docker system prune -a --volumes -f
Docker Swarm (Orchestration)
# Initialize swarm
docker swarm init
# Join swarm as worker
docker swarm join --token SWMTKN-xxx manager-ip:2377
# List nodes
docker node ls
# Deploy stack
docker stack deploy -c docker-compose.yml my-stack
# List services
docker service ls
# Scale service
docker service scale my-service=5
# Remove stack
docker stack rm my-stack
# Leave swarm
docker swarm leave --force
Security Best Practices
# Run as non-root user
docker run --user 1000:1000 nginx
# Read-only filesystem
docker run --read-only nginx
# Limit resources
docker run --memory="512m" --cpus="1.0" nginx
# Drop capabilities
docker run --cap-drop=ALL nginx
# Security scanning (with Docker Scout)
docker scout cves my-image
# Sign images
docker trust sign registry.example.com/image:tag
Performance Tips
# Use .dockerignore
echo "node_modules" > .dockerignore
echo ".git" >> .dockerignore
# Multi-stage builds for smaller images
# Layer caching - put frequently changing commands last
# Use specific image tags, not 'latest'
# Combine RUN commands to reduce layers
# Example optimized Dockerfile
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:18-alpine
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
CMD ["node", "server.js"]