| Command/option | Description |
|---|---|
| Containers | Containers are light-weight virtual machines |
docker create image [cmd] |
Create container from image |
docker rename container newname |
Rename container |
docker rm container |
Remove a container |
-f |
Force |
-v |
Also delete volumes |
docker pull image[:tag] |
Pull image from repository |
docker start container |
Start container |
docker stop container |
Stop container |
docker restart container |
Restart container |
docker wait container |
Wait until container stops |
docker attach container |
Attach to container |
| ctrl-P ctrl-Q | Detach from container |
docker ps |
List running containers |
-a |
List all containers (including stopped) |
-s |
Display file sizes |
docker logs container |
Fetch logs from a container |
-f |
Follow output |
-t |
Show timestamps |
-tail n |
Show n last lines |
docker inspect name/id |
Show low-level information on objects |
docker port container |
Show port mappings |
docker top container |
Show running processes inside container |
docker stats [containers...] |
Show statistics from containers |
docker cp container:path dest |
Copy files or folders from a container to the file system |
docker cp src container:path |
Copy files or folders from the file system to a container |
docker exec -it container sh -c "echo a && echo b" |
Execute a command in a container, interactively - command must be an executable, this is how you chain commands |
docker exec -d container touch /tmp/myfile |
Execute a command and detach |
| Run containers | |
docker run image [cmd] |
Create container and run |
| General: | |
-d |
Detach into background and print container ID |
--name name |
Set name |
--restart always |
Always restart container |
--rm |
Remove on exit |
-w dir |
Work directory inside container |
| Environment and TTY: | |
-a pipe |
Attach container to pipe (e.g. `cat file.txt |
-e var |
Expose local environment variable to the container |
-e var=value |
Set environment variable in the container |
--env-file filename |
Set environment variable in the container from key=value file |
-i |
Interactive |
-t |
Allocate pseudo-tty |
| Limits: | |
-m 8g |
Limit to 8G memory |
--cpus=1.5 |
Limit to number of CPUs |
| Networking: | |
-h hostname |
Set hostname |
-p 80:5000 |
Bind container port 5000 to host port 80 |
-p 127.0.0.1:80:5000 |
Bind container port 5000 to localhost:80 only |
| Volumes: | |
--read-only |
Make volume readonly |
-v path |
Mount the current directory as a path inside the container (e.g. /foo) |
-v localpath:path |
Mount a specific directory as a path (e.g. /home/data:/foo or c:\data:d:) |
-v localfile:file |
Mount a specific file as a container file (e.g. /home/data/httpd.conf:/etc/httpd.conf) |
-v volume:path |
Mount a docker volume as a path (e.g. mydata:/foo) |
| Images | Images are templates for docker containers |
docker images [-a] |
Show all images (-a for all including intermediates) |
docker build [-f filename] |
Build an image from ./Dockerfile (or named file with -f) |
docker rmi [-f] image |
Remove an image (-f = force) |
docker image prune |
Prune unused images |
| Volumes | Free-floating file systems |
docker volume create [volume] |
Create a new volume |
docker volume rm [-f] volumes... |
Remove volume(s) (-f = force) |
docker volume ls |
List volumes |
docker volume inspect volumes... |
Display detailed information about volume(s) |
Remember:
- For greatest security, it's best to run docker images inside a virtual machine.
- Docker image ID's are sensitive information and should be treated like passwords.
-
docker run --pids-limit=64will limit the number of processes inside a container, to prevent fork bombs. - Avoid using
latestimage tags.