Command/option | Description
-
| -
|
Containers | Containers are light-weight virtual machines
docker create image [cmd] | Create container from image
docker rename container newname | Rename container
docker rm container | Remove a container
-f | Force
-v | Also delete volumes
|
docker pull image[:tag] | Pull image from repository
docker start container | Start container
docker stop container | Stop container
docker restart container | Restart container
docker wait container | Wait until container stops
docker attach container | Attach to container
ctrl-P ctrl-Q | Detach from container
|
docker ps | List running containers
-a | List all containers (including stopped)
-s | Display file sizes
|
docker logs container | Fetch logs from a container
-f | Follow output
-t | Show timestamps
-tail n | Show n last lines
|
docker inspect name/id | Show low-level information on objects
docker port container | Show port mappings
docker top container | Show running processes inside container
docker stats [containers...] | Show statistics from containers
|
docker cp container:path dest | Copy files or folders from a container to the file system
docker cp src container:path | Copy files or folders from the file system to a container
|
Run containers |
docker run image [cmd] | Create container and run
|
General: |
-d | Detach into background and print container ID
--name name | Set name
--restart always | Always restart container
--rm | Remove on exit
-w dir | Work directory inside container
|
Environment and TTY: |
-a pipe | Attach container to pipe (e.g. cat file.txt | docker run -i -a stdin ...)'
-e var | Expose local environment variable to the container
-e var=value | Set environment variable in the container
--env-file filename | Set environment variable in the container from key=value file
-i | Interactive
-t | Allocate pseudo-tty
|
Limits: |
-m 8g | Limit to 8G memory
--cpus=1.5 | Limit to number of CPUs
|
Networking: |
-h hostname | Set hostname
-p 80:5000 | Bind container port 5000 to host port 80
-p 127.0.0.1:80:5000 | Bind container port 5000 to localhost:80 only
|
Volumes: |
--read-only | Make volume readonly
-v path | Mount the current directory as a path inside the container (e.g. /foo)
-v localpath:path | Mount a specific directory as a path (e.g. /home/data:/foo or c:\data:d:)
-v localfile:file | Mount a specific file as a container file (e.g. /home/data/httpd.conf:/etc/httpd.conf)
-v volume:path | Mount a docker volume as a path (e.g. mydata:/foo)
|
Images | Images are templates for docker containers
docker images [-a] | Show all images (-a for all including intermediates)
docker build [-f filename] | Build an image from ./Dockerfile (or named file with -f)
docker rmi [-f] image | Remove an image (-f = force)
docker image prune | Prune unused images
|
Volumes | Free-floating file systems
docker volume create [volume] | Create a new volume
docker volume rm [-f] volumes... | Remove volume(s) (-f = force)
docker volume ls | List volumes
docker volume inspect volumes... | Display detailed information about volume(s)
Remember:
- For greatest security, it's best to run docker images inside a virtual machine.
- Docker image ID's are sensitive information and should be treated like passwords.
-
docker run --pids-limit=64will limit the number of processes inside a container, to prevent fork bombs. - Avoid using
latestimage tags.