Docker basics cheatsheet.
Run containers
docker run nginx # run + foreground
docker run -d nginx # detached
docker run -d --name web nginx # named
docker run -d -p 8080:80 nginx # publish port
docker run -d -p 127.0.0.1:8080:80 nginx # bind to localhost
docker run --rm alpine echo hi # remove after exit
docker run -it ubuntu bash # interactive shell
docker run -e ENV=prod app # env var
docker run --env-file .env app # env file
docker run -v $(pwd):/app app # bind mount
docker run -v data:/var/lib/data app # named volume
docker run --network mynet app # custom network
docker run --memory=512m --cpus=1 app # resource limits
docker run --restart=unless-stopped app
ps / logs / exec
docker ps # running
docker ps -a # all
docker ps -a --format "table {{.ID}}\t{{.Names}}\t{{.Status}}"
docker logs web
docker logs -f web # follow
docker logs --tail 100 web
docker logs --since 5m web
docker exec -it web bash
docker exec web ls /
docker exec -e VAR=x web env
stop / start / remove
docker stop web
docker stop web -t 30 # wait 30s before SIGKILL
docker start web
docker restart web
docker rm web # must be stopped
docker rm -f web # force
docker rm $(docker ps -aq) # remove all
Images
docker images
docker pull nginx
docker pull nginx:1.27-alpine
docker rmi nginx
docker image prune # remove dangling
docker image prune -a # remove unused
docker tag nginx myregistry/nginx:v1
docker push myregistry/nginx:v1
docker history nginx # show layers
docker inspect nginx
Build
docker build .
docker build -t myapp .
docker build -t myapp:v1 .
docker build -f Dockerfile.prod -t myapp .
docker build --build-arg VERSION=1.0 .
docker build --no-cache .
docker build --target builder . # multi-stage stop
docker build --platform linux/amd64,linux/arm64 .
inspect
docker inspect web
docker inspect --format='{{.NetworkSettings.IPAddress}}' web
docker inspect --format='{{json .Config.Env}}' web | jq
Resource usage
docker stats
docker stats --no-stream
docker top web # processes inside container
Cleanup
docker system df # disk usage
docker system prune # safe cleanup
docker system prune -a # also unused images
docker system prune --volumes # also unused volumes (DANGER)
docker volume prune
docker network prune
docker container prune
Copy files
docker cp file.txt web:/app/file.txt
docker cp web:/app/log.txt ./log.txt
Networks
docker network ls
docker network create mynet
docker network inspect mynet
docker run --network mynet --name a alpine
docker run --network mynet --name b alpine ping a # DNS resolves by name
docker network connect mynet web
docker network rm mynet
Volumes
docker volume ls
docker volume create data
docker volume inspect data
docker volume rm data
docker run -v data:/app/data app # named volume
docker run -v $(pwd)/local:/app:ro app # bind mount, read-only
docker run --mount type=bind,src=/path,dst=/app app
docker run --mount type=tmpfs,dst=/tmp app # tmpfs (RAM)
docker run vs exec vs attach
run: create + start new container.exec: run command in existing running container.attach: connect to existing container’s stdio (Ctrl-P Ctrl-Q to detach).
Health checks
docker inspect --format='{{.State.Health.Status}}' web
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
CMD curl -f http://localhost/health || exit 1
docker save / load
docker save -o myapp.tar myapp:v1
docker load -i myapp.tar
export / import (container)
docker export web > web.tar
docker import web.tar mywebimage
save/load preserves layers; export/import flattens to one layer.
Common mistakes
- Running with
-itfor non-interactive scripts. - Not specifying tag (uses
latest, which moves). - Bind mount over an image directory wiping its contents.
hostnetwork on macOS — works differently.- Not handling signals —
CMDas shell form doesn’t forward SIGTERM properly. Use exec form.
Read this next
If you want my docker cleanup scripts, they’re at rajpoot.dev .
Building something AI-, backend-, or data-heavy and want a second pair of eyes? I do consulting and freelance work — see my projects and ways to reach me at rajpoot.dev .