Docker Commands Cheatsheet

🖼️ Images

# Build an image from a Dockerfile in current directory
docker build -t my-app:latest .

# Build from a specific Dockerfile
docker build -f Dockerfile.prod -t my-app:prod .

# Build with build arguments
docker build --build-arg ENV=production -t my-app .

# List all local images
docker images
docker image ls

# Pull image from registry
docker pull nginx:latest
docker pull python:3.11-alpine

# Push image to registry
docker push myrepo/my-app:latest

# Tag an image
docker tag my-app:latest myrepo/my-app:v1.0.0

# Remove an image
docker rmi my-app:latest
docker image rm my-app:latest

# Remove all unused images
docker image prune

# Remove ALL images (including used ones)
docker image prune -a

# Inspect image details
docker image inspect my-app

# View image build history (layers)
docker history my-app

# Save image to a tar file
docker save my-app:latest -o my-app.tar

# Load image from a tar file
docker load -i my-app.tar

📦 Containers

# Run a container
docker run nginx

# Run in detached (background) mode
docker run -d nginx

# Run with a name
docker run -d --name my-nginx nginx

# Run and remove container when it exits
docker run --rm nginx

# Run with port mapping (host:container)
docker run -d -p 8080:80 nginx

# Run with multiple port mappings
docker run -d -p 8080:80 -p 8443:443 nginx

# Run with environment variables
docker run -d -e NODE_ENV=production -e PORT=3000 my-app

# Run with env file
docker run -d --env-file .env my-app

# Run with volume mount
docker run -d -v /host/path:/container/path my-app

# Run with named volume
docker run -d -v my-data:/app/data my-app

# Run interactively with terminal
docker run -it ubuntu bash

# Execute command in running container
docker exec -it container-name bash
docker exec container-name ls /app

# List running containers
docker ps

# List all containers (including stopped)
docker ps -a

# Stop a container (graceful — sends SIGTERM)
docker stop container-name

# Kill a container (immediate — sends SIGKILL)
docker kill container-name

# Start a stopped container
docker start container-name

# Restart a container
docker restart container-name

# Remove a stopped container
docker rm container-name

# Remove a running container (force)
docker rm -f container-name

# Remove all stopped containers
docker container prune

# Copy files to/from container
docker cp local-file.txt container-name:/app/
docker cp container-name:/app/file.txt ./local/

# View container details
docker inspect container-name

# View resource usage
docker stats
docker stats container-name

# View running processes in container
docker top container-name

📋 Logs

# View container logs
docker logs container-name

# Follow logs in real time
docker logs -f container-name

# Show last 100 lines
docker logs --tail 100 container-name

# Show logs with timestamps
docker logs -t container-name

# Show logs since a time
docker logs --since 30m container-name
docker logs --since 2026-01-15T10:00:00 container-name

# Follow with timestamps and last 50 lines
docker logs -f -t --tail 50 container-name

💾 Volumes

# Create a named volume
docker volume create my-data

# List volumes
docker volume ls

# Inspect a volume
docker volume inspect my-data

# Remove a volume
docker volume rm my-data

# Remove all unused volumes
docker volume prune

# Mount a named volume when running
docker run -d -v my-data:/app/data my-app

# Bind mount (host path:container path)
docker run -d -v $(pwd):/app my-app

# Read-only mount
docker run -d -v my-data:/app/data:ro my-app

🌐 Networks

# List networks
docker network ls

# Create a network
docker network create my-network

# Create a network with a subnet
docker network create --subnet=172.20.0.0/16 my-network

# Connect a container to a network
docker network connect my-network container-name

# Disconnect a container from a network
docker network disconnect my-network container-name

# Inspect network
docker network inspect my-network

# Run container on a specific network
docker run -d --network my-network my-app

# Remove a network
docker network rm my-network

# Remove all unused networks
docker network prune

🐙 Docker Compose

# Start services (build if needed)
docker compose up

# Start in detached mode
docker compose up -d

# Start specific service
docker compose up -d web

# Force rebuild before starting
docker compose up -d --build

# Stop services (preserves containers and volumes)
docker compose stop

# Stop and remove containers and networks
docker compose down

# Stop, remove containers, networks, AND volumes
docker compose down -v

# View running services
docker compose ps

# View logs
docker compose logs
docker compose logs -f web       # Follow specific service

# Execute command in service container
docker compose exec web bash
docker compose exec db psql -U postgres

# Scale a service
docker compose up -d --scale worker=3

# View service configuration
docker compose config

# Pull latest images for services
docker compose pull

# Rebuild images without starting
docker compose build

# Run a one-off command (new container)
docker compose run --rm web python manage.py migrate

Example docker-compose.yml

version: '3.9'

services:
  web:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
      - DATABASE_URL=postgres://user:pass@db:5432/mydb
    depends_on:
      - db
    volumes:
      - ./uploads:/app/uploads
    restart: unless-stopped
    networks:
      - app-network

  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: mydb
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - app-network

volumes:
  postgres-data:

networks:
  app-network:
    driver: bridge

🏛️ Registry Operations

# Login to Docker Hub
docker login

# Login to AWS ECR
aws ecr get-login-password --region us-east-1 | \
  docker login --username AWS --password-stdin \
  123456789.dkr.ecr.us-east-1.amazonaws.com

# Login to GitHub Container Registry
echo $TOKEN | docker login ghcr.io -u USERNAME --password-stdin

# Tag for a registry
docker tag my-app:latest myusername/my-app:latest
docker tag my-app:latest ghcr.io/myorg/my-app:latest

# Push to registry
docker push myusername/my-app:latest

# Search Docker Hub
docker search nginx

🔍 Debugging & Cleanup

# Run container with interactive shell for debugging
docker run -it --entrypoint bash my-app

# Override entrypoint to debug a failing container
docker run -it --entrypoint /bin/sh my-app

# View container filesystem changes
docker diff container-name

# Check disk usage
docker system df

# Remove everything unused (containers, images, networks, volumes)
docker system prune

# Remove everything including unused volumes
docker system prune -a --volumes

# View Docker events in real time
docker events

# Export container filesystem as tar
docker export container-name -o container-backup.tar

📝 Dockerfile Quick Reference

FROM node:20-alpine           # Base image
WORKDIR /app                  # Set working directory
COPY package*.json ./         # Copy files (layer cache optimization)
RUN npm install               # Execute command during build
COPY . .                      # Copy remaining files
ENV NODE_ENV=production       # Set environment variable
EXPOSE 3000                   # Document exposed port
ARG BUILD_DATE                # Build-time variable
VOLUME ["/app/data"]          # Declare mount point
USER node                     # Switch to non-root user
HEALTHCHECK CMD curl -f http://localhost:3000/ || exit 1
ENTRYPOINT ["node"]           # Fixed command (not overridable without --entrypoint)
CMD ["app.js"]                # Default arguments (overridable)

→ Related: Deploy to AWS with Docker Tutorial | DevOps Basics Guide | Container Glossary Term