Command/option | Description
Containers | Containers are light-weight virtual machines
docker create image [cmd] | Create container from image
docker rename container newname | Rename container
docker rm container | Remove a container
-f | Force
-v | Also delete volumes
docker pull image[:tag] | Pull image from repository
docker start container | Start container
docker stop container | Stop container
docker restart container | Restart container
docker wait container | Wait until container stops
docker attach container | Attach to container
ctrl-P ctrl-Q | Detach from container
docker ps | List running containers
-a | List all containers (including stopped)
-s | Display file sizes
docker logs container | Fetch logs from a container
-f | Follow output
-t | Show timestamps
tail n | Show n last lines
docker inspect name/id | Show low-level information on objects
docker port container | Show port mappings
docker top container | Show running processes inside container
docker stats [containers...] | Show statistics from containers
docker cp container:path dest | Copy files or folders from a container to the file system
docker cp src container:path | Copy files or folders from the file system to a container
Run containers |
docker run image [cmd] | Create container and run
-d | Detach into background and print container ID
--name name | Set name
--restart always | Always restart container
--rm | Remove on exit
-w dir | Work directory inside container
Environment and TTY: |
-a pipe | Attach container to pipe (e.g.
cat file.txt | docker run -i -a stdin ...)'
-e var | Expose local environment variable to the container
-e var=value | Set environment variable in the container
--env-file filename | Set environment variable in the container from key=value file
-i | Interactive
-t | Allocate pseudo-tty
-m 8g | Limit to 8G memory
--cpus=1.5 | Limit to number of CPUs
-h hostname | Set hostname
-p 80:5000 | Bind container port 5000 to host port 80
-p 127.0.0.1:80:5000 | Bind container port 5000 to localhost:80 only
--read-only | Make volume readonly
-v path | Mount the current directory as a path inside the container (e.g.
-v localpath:path | Mount a specific directory as a path (e.g.
-v localfile:file | Mount a specific file as a container file (e.g.
-v volume:path | Mount a docker volume as a path (e.g.
Images | Images are templates for docker containers
docker images [
-a] | Show all images (-a for all including intermediates)
docker build [
-f filename] | Build an image from
./Dockerfile (or named file with -f)
docker rmi [
-f] image | Remove an image (-f = force)
docker image prune | Prune unused images
Volumes | Free-floating file systems
docker volume create [volume] | Create a new volume
docker volume rm [
-f] volumes... | Remove volume(s) (-f = force)
docker volume ls | List volumes
docker volume inspect volumes... | Display detailed information about volume(s)
- For greatest security, it's best to run docker images inside a virtual machine.
- Docker image ID's are sensitive information and should be treated like passwords.
docker run --pids-limit=64will limit the number of processes inside a container, to prevent fork bombs.
- Avoid using