gefvert.org

Docker Reference

2019-11-13

Command/option | Description

  •                               | -
    

  | Containers | Containers are light-weight virtual machines docker create image [cmd] | Create container from image docker rename container newname | Rename container docker rm container | Remove a container    -f | Force    -v | Also delete volumes   | docker pull image[:tag] | Pull image from repository docker start container | Start container docker stop container | Stop container docker restart container | Restart container docker wait container | Wait until container stops docker attach container | Attach to container ctrl-P ctrl-Q | Detach from container   | docker ps | List running containers    -a | List all containers (including stopped)    -s | Display file sizes   | docker logs container | Fetch logs from a container    -f | Follow output    -t | Show timestamps    -tail n | Show n last lines   | docker inspect name/id | Show low-level information on objects docker port container | Show port mappings docker top container | Show running processes inside container docker stats [containers...] | Show statistics from containers   | docker cp container:path dest | Copy files or folders from a container to the file system docker cp src container:path | Copy files or folders from the file system to a container   | Run containers | docker run image [cmd] | Create container and run   |    General: |    -d | Detach into background and print container ID    --name name | Set name    --restart always | Always restart container    --rm | Remove on exit    -w dir | Work directory inside container   |    Environment and TTY: |    -a pipe | Attach container to pipe (e.g. cat file.txt | docker run -i -a stdin ...)'    -e var | Expose local environment variable to the container    -e var=value | Set environment variable in the container    --env-file filename | Set environment variable in the container from key=value file    -i | Interactive    -t | Allocate pseudo-tty   |    Limits: |    -m 8g | Limit to 8G memory    --cpus=1.5 | Limit to number of CPUs   |    Networking: |    -h hostname | Set hostname    -p 80:5000 | Bind container port 5000 to host port 80    -p 127.0.0.1:80:5000 | Bind container port 5000 to localhost:80 only   |    Volumes: |    --read-only | Make volume readonly    -v path | Mount the current directory as a path inside the container (e.g. /foo)    -v localpath:path | Mount a specific directory as a path (e.g. /home/data:/foo or c:\data:d:)    -v localfile:file | Mount a specific file as a container file (e.g. /home/data/httpd.conf:/etc/httpd.conf)    -v volume:path | Mount a docker volume as a path (e.g. mydata:/foo)   | Images | Images are templates for docker containers docker images [-a] | Show all images (-a for all including intermediates) docker build [-f filename] | Build an image from ./Dockerfile (or named file with -f) docker rmi [-f] image | Remove an image (-f = force) docker image prune | Prune unused images   | Volumes | Free-floating file systems docker volume create [volume] | Create a new volume docker volume rm [-f] volumes... | Remove volume(s) (-f = force) docker volume ls | List volumes docker volume inspect volumes... | Display detailed information about volume(s)

 

Remember:

  • For greatest security, it's best to run docker images inside a virtual machine.
  • Docker image ID's are sensitive information and should be treated like passwords.
  • docker run --pids-limit=64 will limit the number of processes inside a container, to prevent fork bombs.
  • Avoid using latest image tags.