Docker Cheat Sheet

Docker•Permalink

Comprehensive Docker Engine CLI reference for images, containers, networks, volumes, registries, contexts, and cleanup.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Basics

Show Docker version

↗#

docker version

# Display client and server version details.

Show Docker system info

↗#

docker info

# Display engine-wide diagnostic and configuration information.

Show Docker help

↗#

docker --help

# Show top-level help and subcommands.

List contexts

↗#

docker context ls

# List available Docker contexts.

Use a context

↗#

docker context use default

# Switch the current Docker context.

Logout from a registry

↗#

docker logout

# Remove stored registry credentials.

Search Docker Hub

↗#

docker search nginx

# Search Docker Hub for images.

## Images

Pull an image

↗#

docker pull nginx:latest

# Download an image from a registry.

Push an image

↗#

docker push ghcr.io/acme/web:1.0.0

# Upload an image to a registry.

List images

↗#

docker images

# List local images.

List images with image namespace

↗#

docker image ls

# List local images using the image management namespace.

Show image history

↗#

docker image history nginx:latest

# Show the layer history of an image.

Inspect an image

↗#

docker image inspect nginx:latest

# Show low-level JSON metadata for an image.

Remove an image

↗#

docker image rm nginx:latest

# Delete a local image.

Force remove an image

↗#

docker rmi -f nginx:latest

# Force-remove a local image.

Prune dangling images

↗#

docker image prune

# Remove dangling images.

Prune unused images

↗#

docker image prune -a

# Remove all unused images.

Tag an image

↗#

docker tag myapp:dev ghcr.io/acme/myapp:1.0.0

# Create or update an image tag.

Save image to tar

↗#

docker save -o myapp.tar myapp:1.0.0

# Export one or more images to a tar archive.

Load image from tar

↗#

docker load -i myapp.tar

# Import images from a tar archive.

Import rootfs as image

↗#

docker image import rootfs.tar myimage:rootfs

# Import a tarball as an image.

Build an image

↗#

docker image build -t myapp:dev .

# Build an image from a Dockerfile.

Commit container changes to image

↗#

docker commit mycontainer myimage:debug

# Create a new image from container changes.

Push all tags

↗#

docker image push --all-tags ghcr.io/acme/myapp

# Push all local tags for a repository name.

Inspect a manifest

↗#

docker manifest inspect alpine:latest

# Inspect an image manifest or manifest list.

## Containers

Run a container

↗#

docker run nginx:latest

# Create and start a new container.

Run detached

↗#

docker run -d --name web nginx:latest

# Run a container in the background.

Run interactively

↗#

docker run -it ubuntu:24.04 bash

# Run an interactive shell inside a new container.

Publish a port

↗#

docker run -d -p 8080:80 nginx:latest

# Publish a container port to the host.

Set environment variables

↗#

docker run -e NODE_ENV=production myapp:latest

# Pass environment variables into the container.

Load env file

↗#

docker run --env-file .env myapp:latest

# Load environment variables from a file.

Mount a bind volume

↗#

docker run -v "$PWD":/app -w /app node:20 npm test

# Bind-mount a host directory into the container.

Use explicit mount syntax

↗#

docker run --mount type=bind,src="$PWD",dst=/app myapp:latest

# Mount storage using long-form syntax.

Run and remove on exit

↗#

docker run --rm alpine:latest echo hello

# Automatically remove the container after it exits.

Create container without starting

↗#

docker create --name web nginx:latest

# Create a container but do not start it yet.

Start a stopped container

↗#

docker start web

# Start one or more stopped containers.

Stop a running container

↗#

docker stop web

# Gracefully stop a running container.

Kill a container

↗#

docker kill web

# Force-stop a running container.

Restart a container

↗#

docker restart web

# Restart one or more containers.

Pause a container

↗#

docker pause web

# Suspend all processes in a container.

Unpause a container

↗#

docker unpause web

# Resume a paused container.

List running containers

↗#

docker ps

# List running containers.

List all containers

↗#

docker ps -a

# List running and stopped containers.

List containers

↗#

docker container ls

# List running containers with the container namespace.

Execute command in running container

↗#

docker exec -it web sh

# Run a command in a running container.

Attach to a running container

↗#

docker attach web

# Attach local stdio to a running container.

Show container logs

↗#

docker logs web

# Print logs from a container.

Follow container logs

↗#

docker logs -f --tail=100 web

# Follow container logs from the last 100 lines.

List processes in a container

↗#

docker top web

# Display running processes inside a container.

Stream resource usage

↗#

docker stats

# Stream live CPU, memory, network, and block I/O usage.

Copy files into a container

↗#

docker cp ./config.yml web:/etc/myapp/config.yml

# Copy files from host to container.

Copy files from a container

↗#

docker cp web:/var/log/nginx/access.log ./access.log

# Copy files from container to host.

Rename a container

↗#

docker rename web web-old

# Rename an existing container.

Remove a stopped container

↗#

docker rm web

# Remove one or more stopped containers.

Force remove a running container

↗#

docker rm -f web

# Force-remove a running container.

Prune stopped containers

↗#

docker container prune

# Remove all stopped containers.

## Inspection and Debugging

Inspect a container

↗#

docker inspect web

# Show low-level JSON metadata for a container.

Format inspect output

↗#

docker inspect -f '{{.NetworkSettings.IPAddress}}' web

# Render inspect output through a Go template.

Show filesystem changes

↗#

docker diff web

# Show filesystem changes in a container since it started.

Stream Docker events

↗#

docker events

# Stream real-time events from the daemon.

Filter Docker events

↗#

docker events --filter type=container --filter event=start

# Filter real-time events by type or action.

List port mappings

↗#

docker port web

# List published ports for a container.

Wait for container exit

↗#

docker wait web

# Block until a container exits and print its exit code.

Update container resources

↗#

docker update --memory 512m --cpus 1.5 web

# Update resource limits on a running container.

Stream recent events since timestamp

↗#

docker events --since 1h

# Show events from the past hour and continue streaming.

## Networks

List networks

↗#

docker network ls

# List Docker networks.

Create bridge network

↗#

docker network create app-net

# Create a user-defined bridge network.

Create network with subnet

↗#

docker network create --subnet 172.20.0.0/16 app-net

# Create a network with a custom subnet.

Inspect network

↗#

docker network inspect app-net

# Show low-level details of a Docker network.

Connect container to network

↗#

docker network connect app-net web

# Attach a running container to a network.

Disconnect container from network

↗#

docker network disconnect app-net web

# Detach a container from a network.

Remove network

↗#

docker network rm app-net

# Delete one or more unused networks.

Prune unused networks

↗#

docker network prune

# Remove all unused networks.

Run on a specific network

↗#

docker run -d --name api --network app-net myapi:latest

# Start a container attached to a chosen network.

## Volumes and Mounts

List volumes

↗#

docker volume ls

# List Docker volumes.

Create volume

↗#

docker volume create pgdata

# Create a named volume.

Inspect volume

↗#

docker volume inspect pgdata

# Show low-level details of a volume.

Remove volume

↗#

docker volume rm pgdata

# Delete a named volume.

Prune unused volumes

↗#

docker volume prune

# Remove all unused local volumes.

Mount named volume in container

↗#

docker run -d --name db -v pgdata:/var/lib/postgresql/data postgres:16

# Run a container with a named volume.

Bind-mount host dir read-only

↗#

docker run --mount type=bind,src="$PWD/config",dst=/app/config,readonly myapp:latest

# Mount a host directory as read-only.

Use tmpfs mount

↗#

docker run --tmpfs /tmp:rw,noexec,nosuid,size=64m myapp:latest

# Mount an in-memory tmpfs inside the container.

## System and Cleanup

Show disk usage

↗#

docker system df

# Display disk usage by images, containers, volumes, and build cache.

Prune unused data

↗#

docker system prune

# Remove stopped containers, unused networks, dangling images, and build cache.

Prune all unused data

↗#

docker system prune -a --volumes

# Aggressively remove unused images and volumes too.

Prune build cache

↗#

docker builder prune

# Remove unused build cache.

Prune all build cache

↗#

docker builder prune -a

# Remove all unused build cache, not only dangling records.

## Registries and Manifests

Pull by digest

↗#

docker pull nginx@sha256:<digest>

# Pull an image by immutable digest.

Run by digest

↗#

docker run nginx@sha256:<digest>

# Run a container from an immutable image digest.

Inspect repo digests

↗#

docker image inspect nginx:latest --format '{{json .RepoDigests}}'

# Display the digests associated with a local image.

Create manifest list

↗#

docker manifest create ghcr.io/acme/myapp:1.0.0 ghcr.io/acme/myapp:1.0.0-amd64 ghcr.io/acme/myapp:1.0.0-arm64

# Create a local manifest list from multiple platform images.

Annotate manifest entry

↗#

docker manifest annotate ghcr.io/acme/myapp:1.0.0 ghcr.io/acme/myapp:1.0.0-arm64 --arch arm64

# Annotate a manifest list entry with platform metadata.

Push manifest list

↗#

docker manifest push ghcr.io/acme/myapp:1.0.0

# Push a manifest list to a registry.

## Contexts and Trust

Create a context

↗#

docker context create prod --docker host=ssh://user@server

# Create a named context that targets a specific Docker endpoint.

Inspect a context

↗#

docker context inspect prod

# Show the endpoint configuration for a context.

Remove a context

↗#

docker context rm prod

# Delete a Docker context.

Inspect image trust data

↗#

docker trust inspect alpine:latest

# Inspect content trust metadata for an image.

Sign an image

↗#

docker trust sign acme/myapp:1.0.0

# Sign an image tag using Docker Content Trust.

More in Docker

Docker Swarm Cheat Sheet

Swarm cluster, node, service, and stack commands for container orchestration on Docker Engine.

Docker Buildx Cheat Sheet

Modern BuildKit and Buildx reference for multi-platform builds, cache, secrets, and remote outputs.

Dockerfile Cheat Sheet

High-value Dockerfile instructions, patterns, and build flags for reproducible and efficient image builds.

Recommended next

Terraform Troubleshooting and Migration Cheat Sheet

TERRAFORM

Commands and patterns for debugging, upgrades, migration, and state repair in Terraform.

Terraform HCP Remote and CI Cheat Sheet

TERRAFORM

Commands and snippets for HCP Terraform remote runs, CLI auth, automation, and CI-friendly usage.

Terraform Language Patterns Cheat Sheet

TERRAFORM

High-value HCL patterns for variables, locals, outputs, loops, conditionals, dynamic blocks, and data shaping.

Terraform Modules and Providers Cheat Sheet

TERRAFORM

Commands and snippets for modules, providers, version constraints, registry access, and dependency management.

Terraform Workspaces and State Cheat Sheet

TERRAFORM

Manage Terraform CLI workspaces, local and remote state, imports, and state surgery commands.

Terraform CLI Cheat Sheet

TERRAFORM

Core Terraform CLI commands for init, plan, apply, state, output, variables, workspaces, and automation.

Browse all sheets →