see Docker Cheatsheet for fulllist
docker createcreates a container but does not start it.
docker renameallows the container to be renamed.
docker runcreates and starts a container in one operation.
docker run -td container_idrun container in background and print container ID
docker run --log-driver=syslogrun container with custom log driver
docker run --name yourname docker_imagerun container and assign with customed name
docker rmdeletes a container.
docker rm -vdeletes a container + volumes associated with the container.
docker updateupdates a container’s resource limits.
Starting and Stopping
docker startstarts a container so it is running.
docker stopstops a running container.
docker restartstops and starts a container.
docker pausepauses a running container, “freezing” it in place.
docker unpausewill unpause a running container.
docker waitblocks until running container stops.
docker killsends a SIGKILL to a running container.
docker attachwill connect to a running container.
docker psshows running containers.
docker logsgets logs from container. (You can use a custom log driver, but logs is only available for
docker inspectlooks at all the info on a container (including IP address).
docker eventsgets events from container.
docker portshows public facing port of container.
docker topshows running processes in container.
docker statsshows containers’ resource usage statistics.
docker diffshows changed files in the container’s FS.
docker ps -a shows running and stopped containers.
docker stats --all shows a list of all containers, default shows just running.
Import / Export
docker cpcopies files or folders between a container and the local filesystem.
docker exportturns container filesystem into tarball archive stream to STDOUT.
docker execto execute a command in container.
To enter a running container, attach a new shell process to a running container called foo, use:
docker exec -it foo /bin/bash.
Images are just templates for docker containers.
docker imagesshows all images.
docker importcreates an image from a tarball.
docker buildcreates image from Dockerfile.
docker commitcreates image from a container, pausing it temporarily if it is running.
docker rmiremoves an image.
docker loadloads an image from a tar archive as STDIN, including images and tags (as of 0.7).
docker savesaves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7).
Checking Docker Version
- ‘docker version’ check what version of docker you have running
# Get the server version docker version --format ''
Load an image from file:
docker load < my_image.tar.gz
Save an existing image:
docker save my_image:my_tag | gzip > my_image.tar.gz
Import a container as an image from file:
cat my_container.tar.gz | docker import - my_image:my_tag
Export an existing container:
docker export my_container | gzip > my_container.tar.gz
Difference between loading a saved image and importing an exported container as an image
Loading an image using the
load command creates a new image including its history.
Importing a container as an image using the
import command creates a new image excluding the history which results in a smaller image size compared to loading an image.
Registry & Repository
docker loginto login to a registry.
docker logoutto logout from a registry.
docker searchsearches registry for image.
docker pullpulls an image from registry to local machine.
docker pushpushes an image to the registry from local machine.
Run local registry
The configuration file. Sets up a Docker container when you run
docker build on it. Vastly preferable to
- FROM Sets the Base Image for subsequent instructions.
- MAINTAINER (deprecated - use LABEL instead) Set the Author field of the generated images.
- RUN execute any commands in a new layer on top of the current image and commit the results.
- CMD provide defaults for an executing container.
- EXPOSE informs Docker that the container listens on the specified network ports at runtime. NOTE: does not actually make ports accessible.
- ENV sets environment variable.
- ADD copies new files, directories or remote file to container. Invalidates caches. Avoid
- COPY copies new files or directories to container. By default this copies as root regardless of the USER/WORKDIR settings. Use
--chown=<user>:<group>to give ownership to another user/group. (Same for
- ENTRYPOINT configures a container that will run as an executable.
- VOLUME creates a mount point for externally mounted volumes or other containers.
- USER sets the user name for following RUN / CMD / ENTRYPOINT commands.
- WORKDIR sets the working directory.
- ARG defines a build-time variable.
- ONBUILD adds a trigger instruction when the image is used as the base for another build.
- STOPSIGNAL sets the system call signal that will be sent to the container to exit.
- LABEL apply key/value metadata to your images, containers, or daemons.
- Best practices for writing Dockerfiles
- Michael Crosby has some more Dockerfiles best practices / take 2.
- Building Good Docker Images / Building Better Docker Images
- Managing Container Configuration with Metadata
- How to write excellent Dockerfiles
This is where general Docker best practices and war stories go:
- The Rabbit Hole of Using Docker in Automated Tests
- Bridget Kromhout has a useful blog post on running Docker in production at Dramafever.
- There’s also a best practices blog post from Lyst.
- Building a Development Environment With Docker
- Discourse in a Docker Container