Docker Cheat Sheet

Useful to confirm API compatibility and engine version before troubleshooting.

Shows storage driver, runtime, cgroup driver, registries, and resource counts.

Use this to discover object-oriented commands such as `docker container`, `docker image`, and `docker network`.

Contexts let you switch between local, remote, or cloud-managed endpoints.

Useful when working across local and remote engines.

Stores credentials via configured credential helper or config store.

Good hygiene on shared machines.

Useful for discovering official images and community variants.

Pin a specific tag or digest in production workflows.

Requires authentication and repository permissions.

Equivalent to `docker image ls`.

Object-oriented form that groups image subcommands together.

Helpful for understanding image growth and Dockerfile output.

Great for checking entrypoint, environment, architecture, and labels.

Will fail if the image is referenced by existing containers unless forced.

Useful when tags or stopped containers keep the image referenced.

Reclaims space from untagged layers left after rebuilds.

More aggressive than pruning only dangling images.

Use tags to prepare images for different registries or release channels.

Useful for air-gapped environments or offline transfer.

Complements `docker save`.

Useful for creating simple images from exported root filesystems.

Equivalent to `docker build`.

Handy for debugging, but prefer Dockerfiles for repeatable builds.

Useful during migrations or synchronized releases.

Helpful for multi-platform images and digests.

Shorthand for create + start with default options.

Detached mode is common for services and daemons.

Useful for exploration, debugging, and ephemeral workspaces.

Maps host port 8080 to container port 80.

Can be repeated or loaded from a file with `--env-file`.

Handy for local development and repeatable container starts.

Good for local dev, compilers, and ad hoc tooling.

Long-form mount syntax is more explicit and extensible than `-v`.

Ideal for short-lived commands and one-off jobs.

Useful when you want to inspect or stage before execution.

Use `-a` to attach immediately after start.

Sends SIGTERM then SIGKILL after the timeout.

Sends SIGKILL by default or a custom signal with `-s`.

Useful after config changes or transient failures.

Useful for testing or temporarily freezing workloads.

Counterpart to `docker pause`.

Equivalent to `docker container ls`.

Useful for finding exited containers and previous runs.

Object-oriented alias for `docker ps`.

A standard way to inspect or debug a live container.

Useful for foreground processes, but `docker exec` is often safer.

Pair with `-f` to follow logs in real time.

Great for watching startup and runtime behavior.

Useful for checking which process tree is active.

Good for spotting runaway or memory-hungry containers.

Useful for debugging or quick experiments.

Good for extracting logs and generated artifacts.

Helpful when rotating or staging replacements.

Use `-f` to remove a running container.

Equivalent to killing then removing it.

Helpful for reclaiming clutter and space.

Inspect networking, mounts, environment, and restart policy.

Great for extracting just the data you need in scripts.

Useful for debugging and understanding mutable writes.

Helpful for automation, debugging, and understanding lifecycle actions.

Useful when troubleshooting a specific resource kind.

Quickly verify how container ports map to host ports.

Useful in scripts that need to synchronize with a container run.

Common for tuning CPU and memory without recreating the container.

Helpful during incident analysis.

Shows built-in networks and user-defined bridges or overlays.

User-defined bridges provide automatic DNS between containers.

Useful when you need predictable IP ranges.

Inspect connected endpoints, subnets, and driver settings.

Lets a container participate in multiple networks.

Useful when changing topology or isolating a workload.

Will fail if the network is still in use.

Helps keep the engine clean after many experiments.

Useful for service discovery between app containers.

Named volumes are managed by the engine and survive container removal.

Useful for databases and persistent application state.

Inspect mountpoint, driver, labels, and options.

Will fail if the volume is still attached unless forced by removing containers first.

Useful after many test runs that leave dangling data.

Common for persistent databases and stateful services.

Good for config files that should not be changed by the container.

Useful for ephemeral sensitive temp data.

Great for understanding where Docker is using space.

Good periodic cleanup for development machines.

Be careful: this can remove data you expected to keep.

Useful when BuildKit caches become large.

Can reclaim significant disk space after many builds.

Prefer digests when you need strict reproducibility.

Prevents silent changes behind mutable tags such as `latest`.

Useful when promoting or pinning builds.

Part of a multi-architecture publishing workflow.

Useful when building a multi-platform image index manually.

Lets clients pull the right image for their platform automatically.

Very convenient for operating remote engines over SSH.

Useful to confirm host, TLS, and metadata settings.

Cleans up no-longer-used targets from your local client.

Relevant in environments using Docker Content Trust / Notary workflows.

Useful in security-sensitive promotion pipelines.