Skip to main content
graphwiz.aigraphwiz.ai
← Back to Cheatsheets

Docker CLI Cheat Sheet

DevOpsDocker
dockercontainerscheatsheetreference

Docker CLI Cheat Sheet

A practical quick-reference guide for Docker command-line operations. Commands are organized by category with common flags and realistic examples.

Images

Docker images are read-only templates used to create containers.

Build an Image

# Build from Dockerfile in current directory
docker build -t myapp:v1.0 .

# Build with custom Dockerfile name
docker build -t myapp:v1.0 -f Dockerfile.prod .

# Build with build arguments
docker build -t myapp:v1.0 --build-arg NODE_ENV=production .

# Build with no cache (fresh build)
docker build -t myapp:v1.0 --no-cache .

# Build for multiple platforms
docker buildx build --platform linux/amd64,linux/arm64 -t myapp:v1.0 .
```text

### Pull Images

```bash
# Pull from Docker Hub
docker pull nginx:alpine

# Pull specific version
docker pull postgres:15.2-alpine

# Pull all tags for an image
docker pull -a myregistry.io/myimage

# Pull from private registry
docker pull myregistry.io/myapp:v1.0
```text

### Push Images

```bash
# Tag image for registry
docker tag myapp:v1.0 myregistry.io/myapp:v1.0

# Push to registry
docker push myregistry.io/myapp:v1.0

# Push all tags
docker push -a myregistry.io/myapp
```text

### List Images

```bash
# List all images
docker images

# List with dangling (untagged) images
docker images -a

# List with digest information
docker images --digests

# Filter by reference
docker images --filter reference="nginx*"

# Format output
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
```text

### Remove Images

```bash
# Remove specific image
docker rmi nginx:alpine

# Remove by image ID
docker rmi abc123def456

# Force removal (even if used by stopped containers)
docker rmi -f nginx:alpine

# Remove multiple images
docker rmi nginx:alpine redis:alpine postgres:15
```text

### Inspect Images

```bash
# View image details
docker inspect nginx:alpine

# Get specific field with format
docker inspect --format='{{.Config.Cmd}}' nginx:alpine

# View image layers
docker history nginx:alpine

# View history with human-readable sizes
docker history --human nginx:alpine
```text

### Save and Load Images

```bash
# Save image to tar file
docker save -o myapp.tar myapp:v1.0

# Save multiple images
docker save -o images.tar nginx:alpine redis:alpine

# Load image from tar file
docker load -i myapp.tar

# Load from stdin
docker load < myapp.tar
```text

### Prune Images

```bash
# Remove dangling (untagged) images
docker image prune

# Remove all unused images (not just dangling)
docker image prune -a

# Force without confirmation
docker image prune -f
```text

## Containers

Containers are running instances of images.

### Run Containers

```bash
# Run container in foreground
docker run nginx:alpine

# Run in detached mode (background)
docker run -d nginx:alpine

# Run with custom name
docker run -d --name web-server nginx:alpine

# Run with port mapping
docker run -d -p 8080:80 nginx:alpine

# Run with multiple ports
docker run -d -p 8080:80 -p 8443:443 nginx:alpine

# Run with environment variables
docker run -d -e POSTGRES_PASSWORD=secret postgres:15

# Run with env file
docker run -d --env-file .env myapp:v1.0

# Run with volume mount
docker run -d -v /host/path:/container/path nginx:alpine

# Run with bind mount (read-only)
docker run -d -v /host/path:/container/path:ro nginx:alpine

# Run with named volume
docker run -d -v mydata:/var/lib/postgresql/data postgres:15

# Run with resource limits
docker run -d --memory=512m --cpus=1.5 myapp:v1.0

# Run interactively with shell
docker run -it alpine:latest /bin/sh

# Run with auto-restart policy
docker run -d --restart=always nginx:alpine

# Run with restart on failure (max 3 attempts)
docker run -d --restart=on-failure:3 myapp:v1.0

# Run with network
docker run -d --network mynetwork myapp:v1.0

# Run with hostname
docker run -d --hostname web01 nginx:alpine

# Run with workdir
docker run -d -w /app myapp:v1.0

# Run with user
docker run -d -u 1000:1000 myapp:v1.0

# Remove container automatically when it exits
docker run --rm -it alpine:latest /bin/sh
```text

### Start and Stop Containers

```bash
# Start stopped container
docker start web-server

# Start multiple containers
docker start web-server db-server cache-server

# Stop running container (graceful, SIGTERM)
docker stop web-server

# Stop with timeout (seconds)
docker stop -t 30 web-server

# Stop multiple containers
docker stop web-server db-server

# Stop all running containers
docker stop $(docker ps -q)
```text

### Restart Containers

```bash
# Restart container
docker restart web-server

# Restart with timeout
docker restart -t 10 web-server
```text

### Kill Containers

```bash
# Kill container (SIGKILL, no grace period)
docker kill web-server

# Kill with custom signal
docker kill -s SIGINT web-server

# Kill all running containers
docker kill $(docker ps -q)
```text

### Remove Containers

```bash
# Remove stopped container
docker rm web-server

# Force remove running container
docker rm -f web-server

# Remove multiple containers
docker rm web-server db-server cache-server

# Remove all stopped containers
docker container prune

# Remove with volumes
docker rm -v web-server
```text

### Pause and Unpause Containers

```bash
# Pause container (freeze processes)
docker pause web-server

# Unpause container
docker unpause web-server
```text

### Rename Containers

```bash
# Rename container
docker rename web-server nginx-prod
```text

## Container Inspection

Commands to inspect and monitor running containers.

### View Logs

```bash
# View container logs
docker logs web-server

# Follow logs in real-time
docker logs -f web-server

# Show last N lines
docker logs --tail 100 web-server

# Show logs since timestamp
docker logs --since 2024-01-15T10:00:00 web-server

# Show logs from last 30 minutes
docker logs --since 30m web-server

# Show logs with timestamps
docker logs -t web-server

# Combine options
docker logs -f --tail 50 --since 10m web-server
```text

### Inspect Containers

```bash
# View container details
docker inspect web-server

# Get specific field
docker inspect --format='{{.State.Status}}' web-server

# Get IP address
docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web-server

# Get port mappings
docker inspect --format='{{json .NetworkSettings.Ports}}' web-server

# Get environment variables
docker inspect --format='{{range .Config.Env}}{{println .}}{{end}}' web-server

# Get volumes
docker inspect --format='{{json .Mounts}}' web-server | jq
```text

### Resource Statistics

```bash
# Live stream of resource usage
docker stats

# Stats for specific container
docker stats web-server

# Single snapshot (no stream)
docker stats --no-stream

# Custom format
docker stats --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"
```text

### Running Processes

```bash
# View processes in container
docker top web-server

# View with custom ps options
docker top web-server aux
```text

### Port Information

```bash
# Show port mappings
docker port web-server

# Show specific port mapping
docker port web-server 80
```text

### Filesystem Changes

```bash
# Show filesystem changes since container started
docker diff web-server

# A = added, C = changed, D = deleted
```text

### Stream Events

```bash
# Stream Docker events
docker events

# Filter by container
docker events --filter container=web-server

# Filter by event type
docker events --filter type=container

# Filter by event (start, stop, die, etc.)
docker events --filter event=start

# Events since timestamp
docker events --since 60m
```text

## Execution

Commands to interact with running containers.

### Execute Commands

```bash
# Run command in running container
docker exec web-server ls /etc/nginx

# Run interactive shell
docker exec -it web-server /bin/sh

# Run as specific user
docker exec -u root web-server cat /etc/passwd

# Run with environment variable
docker exec -e DEBUG=true web-server npm run debug

# Run with workdir
docker exec -w /app web-server npm test

# Run in detached mode
docker exec -d web-server nginx -s reload
```text

### Attach to Container

```bash
# Attach to running container
docker attach web-server

# Detach with Ctrl+P, Ctrl+Q (not Ctrl+C)
```text

### Copy Files

```bash
# Copy from host to container
docker cp ./config.json web-server:/app/config/

# Copy from container to host
docker cp web-server:/app/logs/ ./local-logs/

# Copy with container ID
docker cp abc123def456:/data/backup.tar ./backup.tar
```text

### Export Container

```bash
# Export container filesystem as tar
docker export web-server > backup.tar

# Export and compress
docker export web-server | gzip > backup.tar.gz

# Pipe to import
docker export web-server | docker import - myapp:backup
```text

### Commit Container

```bash
# Create image from container
docker commit web-server myapp:modified

# Commit with message
docker commit -m "Added custom config" web-server myapp:modified

# Commit with author
docker commit -a "DevOps Team" web-server myapp:modified

# Commit with new CMD
docker commit --change 'CMD ["nginx", "-g", "daemon off;"]' web-server myapp:modified
```text

## Volumes

Volumes persist data independent of container lifecycle.

### Create Volumes

```bash
# Create named volume
docker volume create mydata

# Create with specific driver
docker volume create --driver local mydata

# Create with options
docker volume create --opt type=tmpfs --opt device=tmpfs mydata
```text

### List Volumes

```bash
# List all volumes
docker volume ls

# Filter by name
docker volume ls --filter name=mydata

# Filter by driver
docker volume ls --filter driver=local
```text

### Inspect Volumes

```bash
# View volume details
docker volume inspect mydata

# Get mountpoint
docker volume inspect --format='{{.Mountpoint}}' mydata
```text

### Remove Volumes

```bash
# Remove volume
docker volume rm mydata

# Remove multiple volumes
docker volume rm mydata cache sessions

# Force removal
docker volume rm -f mydata
```text

### Prune Volumes

```bash
# Remove all unused volumes
docker volume prune

# Force without confirmation
docker volume prune -f
```text

## Networks

Networks enable communication between containers.

### Create Networks

```bash
# Create bridge network
docker network create mynetwork

# Create with specific driver
docker network create --driver bridge mynetwork

# Create overlay network (Swarm)
docker network create --driver overlay mynetwork

# Create with subnet
docker network create --subnet=192.168.1.0/24 mynetwork

# Create with gateway
docker network create --subnet=192.168.1.0/24 --gateway=192.168.1.1 mynetwork

# Create with IP range
docker network create --subnet=192.168.1.0/24 --ip-range=192.168.1.128/25 mynetwork

# Create attachable overlay network
docker network create --driver overlay --attachable mynetwork

# Create with labels
docker network create --label env=prod mynetwork
```text

### List Networks

```bash
# List all networks
docker network ls

# Filter by driver
docker network ls --filter driver=bridge

# Filter by name
docker network ls --filter name=my*
```text

### Inspect Networks

```bash
# View network details
docker network inspect mynetwork

# Get container IPs
docker network inspect --format='{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{println}}{{end}}' mynetwork
```text

### Connect Containers to Networks

```bash
# Connect running container to network
docker network connect mynetwork web-server

# Connect with static IP
docker network connect --ip 192.168.1.100 mynetwork web-server

# Connect with alias
docker network connect --alias db mynetwork postgres-server
```text

### Disconnect Containers from Networks

```bash
# Disconnect container from network
docker network disconnect mynetwork web-server

# Force disconnect
docker network disconnect -f mynetwork web-server
```text

### Remove Networks

```bash
# Remove network
docker network rm mynetwork

# Remove multiple networks
docker network rm net1 net2 net3
```text

### Prune Networks

```bash
# Remove all unused networks
docker network prune

# Force without confirmation
docker network prune -f
```text

## Docker Compose

Docker Compose manages multi-container applications.

### Start Services

```bash
# Start all services (detached)
docker compose up -d

# Start with build
docker compose up -d --build

# Start specific services
docker compose up -d web db

# Start with force recreate
docker compose up -d --force-recreate

# Start with scale
docker compose up -d --scale web=3

# Start with environment file
docker compose --env-file .env.prod up -d

# Start with project name
docker compose -p myproject up -d

# Start with custom compose file
docker compose -f docker-compose.prod.yml up -d
```text

### Stop Services

```bash
# Stop all services
docker compose down

# Stop and remove volumes
docker compose down -v

# Stop and remove images
docker compose down --rmi all

# Stop and remove orphans
docker compose down --remove-orphans

# Stop without removing
docker compose stop

# Stop specific service
docker compose stop web
```text

### Build Services

```bash
# Build all services
docker compose build

# Build specific service
docker compose build web

# Build with no cache
docker compose build --no-cache

# Build with parallel
docker compose build --parallel

# Pull images before build
docker compose build --pull
```text

### View Logs

```bash
# View all logs
docker compose logs

# Follow logs
docker compose logs -f

# Show last N lines
docker compose logs --tail 100

# Logs for specific service
docker compose logs web

# Logs with timestamps
docker compose logs -t
```text

### List Services

```bash
# List running services
docker compose ps

# List all services (including stopped)
docker compose ps -a

# Show service IDs only
docker compose ps -q
```text

### Execute in Services

```bash
# Run command in service container
docker compose exec web ls /app

# Run interactive shell
docker compose exec web /bin/sh

# Run as specific user
docker compose exec -u root web cat /etc/passwd

# Run one-off command
docker compose run --rm web npm test

# Run with service ports
docker compose run --service-ports web
```text

### Scale Services

```bash
# Scale service to 3 instances
docker compose up -d --scale web=3

# Scale multiple services
docker compose up -d --scale web=3 --scale worker=2
```text

### Other Compose Commands

```bash
# Validate compose file
docker compose config

# Show service images
docker compose images

# Show top processes
docker compose top

# Pause services
docker compose pause

# Unpause services
docker compose unpause

# Restart services
docker compose restart

# Restart specific service
docker compose restart web

# Pull all images
docker compose pull

# Push all images
docker compose push

# Copy files from service
docker compose cp web:/app/logs ./logs

# View port mappings
docker compose port web 80
```text

## System

System-level Docker commands.

### System Information

```bash
# Display system-wide information
docker info

# Show Docker version
docker version

# Show version (short)
docker version --format='{{.Server.Version}}'
```text

### Disk Usage

```bash
# Show disk usage
docker system df

# Show detailed disk usage
docker system df -v
```text

### System Events

```bash
# Stream real-time events
docker system events

# Filter by type
docker system events --filter type=container

# Filter by image
docker system events --filter image=nginx:alpine
```text

### Login to Registry

```bash
# Login to Docker Hub
docker login

# Login to private registry
docker login myregistry.io

# Login with credentials
docker login -u username -p password myregistry.io

# Logout
docker logout myregistry.io
```text

## Cleanup

Commands to reclaim disk space and remove unused resources.

### System-Wide Prune

```bash
# Remove unused data (images, containers, networks)
docker system prune

# Remove all unused data including volumes
docker system prune -a --volumes

# Force without confirmation
docker system prune -f

# Filter by time (remove older than)
docker system prune --filter "until=24h"
```text

### Prune by Resource Type

```bash
# Prune containers (stopped)
docker container prune

# Prune containers older than 1 hour
docker container prune --filter "until=1h"

# Prune images (dangling)
docker image prune

# Prune all unused images
docker image prune -a

# Prune volumes
docker volume prune

# Prune volumes with filter
docker volume prune --filter "label!=keep"

# Prune networks
docker network prune

# Prune build cache
docker builder prune

# Prune all build cache
docker builder prune -a
```text

### Remove Everything

```bash
# Nuclear option: remove all containers, images, volumes, networks
docker stop $(docker ps -aq) 2>/dev/null
docker rm $(docker ps -aq) 2>/dev/null
docker rmi $(docker images -q) 2>/dev/null
docker volume rm $(docker volume ls -q) 2>/dev/null
docker network rm $(docker network ls -q) 2>/dev/null

# Or use prune with all flags
docker system prune -a --volumes -f
```text

### Clean Up Specific Resources

```bash
# Remove exited containers
docker rm $(docker ps -q -f status=exited)

# Remove containers created in last hour
docker rm $(docker ps -q -f created=1h)

# Remove dangling images
docker rmi $(docker images -q -f dangling=true)

# Remove images with specific label
docker rmi $(docker images -q -f label=stage=build)

# Remove volumes not used by any container
docker volume rm $(docker volume ls -qf dangling=true)
```text

## Common Flags Reference

| Flag | Description |
| ------ | ------------- |
| `-d, --detach` | Run in background |
| `-i, --interactive` | Keep STDIN open |
| `-t, --tty` | Allocate pseudo-TTY |
| `-p, --publish` | Publish port (host:container) |
| `-P, --publish-all` | Publish all exposed ports |
| `-v, --volume` | Bind mount volume |
| `-e, --env` | Set environment variable |
| `--env-file` | Read environment from file |
| `--name` | Assign container name |
| `--restart` | Restart policy (no, always, on-failure) |
| `--rm` | Auto-remove container on exit |
| `-w, --workdir` | Working directory |
| `-u, --user` | Username or UID |
| `--network` | Connect to network |
| `--hostname` | Container hostname |
| `--memory, -m` | Memory limit |
| `--cpus` | CPU limit |
| `-a, --all` | Show all (including stopped) |
| `-q, --quiet` | Only show IDs |
| `-f, --filter` | Filter output |
| `--format` | Format output |
| `--no-cache` | Disable cache |
| `--force` | Force operation |
| `-f, --file` | Specify Dockerfile or compose file |

## Exit Codes

| Code | Meaning |
| ------ | --------- |
| 0 | Success |
| 1 | Application error |
| 137 | SIGKILL (OOM killed or manual kill) |
| 139 | Segmentation fault |
| 143 | SIGTERM (graceful stop) |
| 255 | Exit code out of range |

## Quick Reference

```bash
# See what's running
docker ps

# See all containers (including stopped)
docker ps -a

# See images
docker images

# See disk usage
docker system df

# Follow logs
docker logs -f <container>

# Shell into container
docker exec -it <container> /bin/sh

# Quick cleanup
docker system prune -f

# Full cleanup (destructive)
docker system prune -a --volumes -f
```text

## Next Steps

- [Kubernetes kubectl Cheat Sheet](/devops/kubernetes-cheatsheet/) — Orchestrate containers at scale
- [Helm CLI Cheat Sheet](/devops/helm-cheatsheet/) — Package and deploy applications
- [Docker Multi-Stage Builds](/posts/docker-multistage-builds-production/) — Optimize production images
- [Container Building and Hardening](/posts/container-building-hardening-guide/) — Security best practices