Docker Cheatsheet
Quick reference for Docker CLI commands — containers, images, volumes, networks, Docker Compose, and Dockerfile instructions.
Containers
| Command | Description |
|---|---|
docker run -d -p 8080:80 nginx | Run a container in background, map port 8080→80 |
docker run --rm -it ubuntu bash | Run interactively, auto-remove on exit |
docker run --name myapp -e ENV=prod image | Set container name and env variable |
docker ps | List running containers |
docker ps -a | List all containers including stopped |
docker start <id> | Start a stopped container |
docker stop <id> | Gracefully stop container (SIGTERM) |
docker restart <id> | Stop and start a container |
docker rm <id> | Remove a stopped container |
docker rm -f <id> | Force-remove a running container |
docker container prune | Remove all stopped containers |
docker exec -it <id> bash | Open interactive shell in running container |
docker logs <id> | Show container logs |
docker logs -f <id> | Follow (tail) container logs |
docker inspect <id> | Show detailed container/image info as JSON |
docker cp <id>:/path ./local | Copy file from container to host |
docker stats | Live resource usage stats for all containers |
Images
| Command | Description |
|---|---|
docker images | List local images |
docker pull nginx:latest | Pull image from registry |
docker push user/image:tag | Push image to registry |
docker build -t myapp:1.0 . | Build image from Dockerfile in current dir |
docker build --no-cache -t myapp . | Build without layer cache |
docker tag image:old user/image:new | Tag/rename an image |
docker rmi <image> | Remove a local image |
docker image prune -a | Remove all unused images |
docker history <image> | Show image layer history |
docker save -o image.tar myapp | Export image to tar archive |
docker load -i image.tar | Import image from tar archive |
Volumes & Networks
| Command | Description |
|---|---|
docker volume create mydata | Create a named volume |
docker volume ls | List volumes |
docker volume rm mydata | Remove a volume |
docker run -v mydata:/data image | Mount named volume into container |
docker run -v $(pwd):/app image | Bind mount current directory |
docker network create mynet | Create a user-defined network |
docker network ls | List networks |
docker run --network mynet image | Attach container to a network |
Docker Compose
| Command | Description |
|---|---|
docker compose up | Start all services defined in compose.yaml |
docker compose up -d | Start services in detached mode |
docker compose down | Stop and remove containers and networks |
docker compose down -v | Also remove volumes |
docker compose ps | List compose services and status |
docker compose logs -f | Follow logs from all services |
docker compose exec web bash | Open shell in the "web" service |
docker compose build | Build or rebuild services |
docker compose pull | Pull latest images for all services |
docker compose restart web | Restart specific service |
Dockerfile Instructions
| Instruction | Description & Example |
|---|---|
FROM | Base image. FROM node:20-alpine |
RUN | Execute command in a new layer. RUN npm install |
COPY | Copy files from build context. COPY . /app |
ADD | Like COPY but also supports URLs and auto-extracts tar files |
ENV | Set environment variable. ENV NODE_ENV=production |
ARG | Build-time variable (not persisted). ARG VERSION=1.0 |
WORKDIR | Set working directory. WORKDIR /app |
EXPOSE | Document that container listens on port. EXPOSE 3000 |
CMD | Default command (overridable). CMD ["node", "server.js"] |
ENTRYPOINT | Fixed executable; CMD becomes arguments. ENTRYPOINT ["node"] |
VOLUME | Create mount point. VOLUME ["/data"] |
HEALTHCHECK | HEALTHCHECK CMD curl -f http://localhost/ || exit 1 |
USER | Set user for subsequent instructions. USER node |
Frequently Asked Questions
What is the difference between CMD and ENTRYPOINT in Docker?
CMD specifies the default command to run when a container starts, but it can be fully overridden by passing a command to docker run. ENTRYPOINT sets the fixed executable that always runs; anything passed to docker run is appended as arguments to the entrypoint. The common pattern is to use ENTRYPOINT for the executable and CMD for default arguments: ENTRYPOINT ["node"] + CMD ["app.js"].
How do I remove all stopped containers in Docker?
Run docker container prune to remove all stopped containers in one command (it will prompt for confirmation). Alternatively, docker system prune removes stopped containers, dangling images, unused networks, and build cache. To also remove all unused images (not just dangling ones), use docker system prune -a.
What is the difference between docker compose up and docker compose start?
docker compose up creates and starts containers for services defined in your compose file. If the containers don't exist yet, it creates them. It also rebuilds images if needed (with --build). docker compose start only starts existing containers — it does not create new containers or networks. Use up when starting fresh or applying configuration changes; use start only to resume stopped containers.