gefvert.org

Docker Reference

2019-11-13

Command/option Description
 
Containers Containers are light-weight virtual machines
docker create image [cmd] Create container from image
docker rename container newname Rename container
docker rm container Remove a container
   -f Force
   -v Also delete volumes
 
docker pull image[:tag] Pull image from repository
docker start container Start container
docker stop container Stop container
docker restart container Restart container
docker wait container Wait until container stops
docker attach container Attach to container
ctrl-P ctrl-Q Detach from container
 
docker ps List running containers
   -a List all containers (including stopped)
   -s Display file sizes
 
docker logs container Fetch logs from a container
   -f Follow output
   -t Show timestamps
   -tail n Show n last lines
 
docker inspect name/id Show low-level information on objects
docker port container Show port mappings
docker top container Show running processes inside container
docker stats [containers...] Show statistics from containers
 
docker cp container:path dest Copy files or folders from a container to the file system
docker cp src container:path Copy files or folders from the file system to a container
 
docker exec -it container sh -c "echo a && echo b" Execute a command in a container, interactively - command must be an executable, this is how you chain commands
docker exec -d container touch /tmp/myfile Execute a command and detach
 
Run containers
docker run image [cmd] Create container and run
 
   General:
   -d Detach into background and print container ID
   --name name Set name
   --restart always Always restart container
   --rm Remove on exit
   -w dir Work directory inside container
 
   Environment and TTY:
   -a pipe Attach container to pipe (e.g. `cat file.txt
   -e var Expose local environment variable to the container
   -e var=value Set environment variable in the container
   --env-file filename Set environment variable in the container from key=value file
   -i Interactive
   -t Allocate pseudo-tty
 
   Limits:
   -m 8g Limit to 8G memory
   --cpus=1.5 Limit to number of CPUs
 
   Networking:
   -h hostname Set hostname
   -p 80:5000 Bind container port 5000 to host port 80
   -p 127.0.0.1:80:5000 Bind container port 5000 to localhost:80 only
 
   Volumes:
   --read-only Make volume readonly
   -v path Mount the current directory as a path inside the container (e.g. /foo)
   -v localpath:path Mount a specific directory as a path (e.g. /home/data:/foo or c:\data:d:)
   -v localfile:file Mount a specific file as a container file (e.g. /home/data/httpd.conf:/etc/httpd.conf)
   -v volume:path Mount a docker volume as a path (e.g. mydata:/foo)
 
Images Images are templates for docker containers
docker images [-a] Show all images (-a for all including intermediates)
docker build [-f filename] Build an image from ./Dockerfile (or named file with -f)
docker rmi [-f] image Remove an image (-f = force)
docker image prune Prune unused images
 
Volumes Free-floating file systems
docker volume create [volume] Create a new volume
docker volume rm [-f] volumes... Remove volume(s) (-f = force)
docker volume ls List volumes
docker volume inspect volumes... Display detailed information about volume(s)

 

Remember:

  • For greatest security, it's best to run docker images inside a virtual machine.
  • Docker image ID's are sensitive information and should be treated like passwords.
  • docker run --pids-limit=64 will limit the number of processes inside a container, to prevent fork bombs.
  • Avoid using latest image tags.