# Docker — Build, Ship, and Run Containers

> Practical guide to Docker — container lifecycle, building images, volumes, networks, Compose, and cleanup on the command line, with examples.

Source: https://www.jpkc.com/db/en/cheatsheets/containers/docker/

<!-- PROSE:intro -->
Docker packages applications together with their dependencies into containers – lightweight, isolated units that run the same way on every system. Instead of "works on my machine" you get reproducible environments from laptop to production. From the command line you build images, start containers, map ports, mount volumes, and orchestrate whole stacks with Compose. This guide gathers the most important `docker` commands for everyday work – from your first `docker run` to targeted cleanup with `prune`.
<!-- PROSE:intro:end -->

## Container Lifecycle

`docker run <image>` — Create and start a new container from an image.

```bash
docker run nginx
```

`docker run -d <image>` — Run a container in detached (background) mode.

```bash
docker run -d nginx
```

`docker run -it <image> <command>` — Run a container interactively with a TTY. Useful for shells.

```bash
docker run -it ubuntu bash
```

`docker run --name <name> <image>` — Run a container with a custom name for easier reference.

```bash
docker run --name my-web -d nginx
```

`docker run --rm <image>` — Automatically remove the container when it exits.

```bash
docker run --rm alpine echo "Hello"
```

`docker start <container>` — Start a stopped container.

```bash
docker start my-web
```

`docker stop <container>` — Gracefully stop a running container (sends SIGTERM, then SIGKILL after timeout).

```bash
docker stop my-web
```

`docker restart <container>` — Stop and then start a container again.

```bash
docker restart my-web
```

`docker kill <container>` — Immediately stop a container by sending SIGKILL.

```bash
docker kill my-web
```

`docker rm <container>` — Remove a stopped container.

```bash
docker rm my-web
```

`docker rm -f <container>` — Force remove a running container (stop + remove).

```bash
docker rm -f my-web
```

## Ports & Environment

`docker run -p <host_port>:<container_port> <image>` — Map a host port to a container port.

```bash
docker run -d -p 8080:80 nginx
```

`docker run -p <host_port>:<container_port>/udp <image>` — Map a UDP port from host to container.

```bash
docker run -d -p 5353:53/udp dns-server
```

`docker run -P <image>` — Map all exposed ports to random host ports.

```bash
docker run -d -P nginx
```

`docker run -e <KEY>=<value> <image>` — Set an environment variable inside the container.

```bash
docker run -d -e MYSQL_ROOT_PASSWORD=secret mysql:8
```

`docker run --env-file <file> <image>` — Load environment variables from a file.

```bash
docker run -d --env-file .env my-app
```

`docker run --restart=<policy> <image>` — Set restart policy: no, on-failure, always, unless-stopped.

```bash
docker run -d --restart=unless-stopped nginx
```

## Volumes & Mounts

`docker run -v <host_path>:<container_path> <image>` — Bind mount a host directory into the container.

```bash
docker run -d -v ./html:/usr/share/nginx/html nginx
```

`docker run -v <host_path>:<container_path>:ro <image>` — Bind mount as read-only inside the container.

```bash
docker run -d -v ./config:/etc/app/config:ro my-app
```

`docker run -v <volume_name>:<container_path> <image>` — Mount a named Docker volume into the container.

```bash
docker run -d -v db-data:/var/lib/mysql mysql:8
```

`docker volume create <name>` — Create a named volume for persistent data storage.

```bash
docker volume create db-data
```

`docker volume ls` — List all Docker volumes.

```bash
docker volume ls
```

`docker volume inspect <name>` — Show detailed information about a volume.

```bash
docker volume inspect db-data
```

`docker volume rm <name>` — Remove a volume. Fails if the volume is in use.

```bash
docker volume rm db-data
```

`docker volume prune` — Remove all unused volumes to free disk space.

```bash
docker volume prune
```

## Listing & Inspecting

`docker ps` — List all running containers.

```bash
docker ps
```

`docker ps -a` — List all containers including stopped ones.

```bash
docker ps -a
```

`docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"` — List containers with custom output format.

```bash
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
```

`docker inspect <container>` — Show detailed JSON information about a container.

```bash
docker inspect my-web
```

`docker inspect --format '{{.NetworkSettings.IPAddress}}' <container>` — Extract a specific field from container metadata using Go templates.

```bash
docker inspect --format '{{.NetworkSettings.IPAddress}}' my-web
```

`docker port <container>` — Show port mappings for a container.

```bash
docker port my-web
```

`docker stats` — Show live CPU, memory, network, and disk I/O usage for all running containers.

```bash
docker stats
```

`docker top <container>` — Show running processes inside a container.

```bash
docker top my-web
```

## Logs & Exec

`docker logs <container>` — Show the logs (stdout/stderr) of a container.

```bash
docker logs my-web
```

`docker logs -f <container>` — Follow (tail) the log output in real-time.

```bash
docker logs -f my-web
```

`docker logs --tail <n> <container>` — Show only the last N lines of logs.

```bash
docker logs --tail 50 my-web
```

`docker logs --since <time> <container>` — Show logs since a timestamp or relative time.

```bash
docker logs --since 30m my-web
```

`docker exec -it <container> <command>` — Run a command interactively inside a running container.

```bash
docker exec -it my-web bash
```

`docker exec <container> <command>` — Run a command inside a running container (non-interactive).

```bash
docker exec my-web cat /etc/nginx/nginx.conf
```

`docker exec -u <user> <container> <command>` — Run a command as a specific user inside the container.

```bash
docker exec -u root my-web apt-get update
```

## Copy & Diff

`docker cp <container>:<path> <host_path>` — Copy files from a container to the host.

```bash
docker cp my-web:/etc/nginx/nginx.conf ./nginx.conf
```

`docker cp <host_path> <container>:<path>` — Copy files from the host into a container.

```bash
docker cp ./index.html my-web:/usr/share/nginx/html/
```

`docker diff <container>` — Show filesystem changes made inside a container (A=added, C=changed, D=deleted).

```bash
docker diff my-web
```

## Images

`docker images` — List all locally available images.

```bash
docker images
```

`docker pull <image>` — Download an image from a registry.

```bash
docker pull nginx:alpine
```

`docker pull <image>:<tag>` — Pull a specific tagged version of an image.

```bash
docker pull node:22-slim
```

`docker push <image>` — Upload an image to a registry.

```bash
docker push myuser/my-app:latest
```

`docker tag <source_image> <target_image>` — Create a new tag (alias) for an existing image.

```bash
docker tag my-app:latest myuser/my-app:v1.0
```

`docker rmi <image>` — Remove a local image.

```bash
docker rmi nginx:alpine
```

`docker image prune` — Remove all dangling (untagged) images.

```bash
docker image prune
```

`docker image prune -a` — Remove all images not used by any container.

```bash
docker image prune -a
```

`docker history <image>` — Show the layer history of an image.

```bash
docker history nginx:alpine
```

`docker save -o <file> <image>` — Export an image to a tar archive.

```bash
docker save -o my-app.tar my-app:latest
```

`docker load -i <file>` — Import an image from a tar archive.

```bash
docker load -i my-app.tar
```

## Building Images

`docker build -t <name>:<tag> .` — Build an image from a Dockerfile in the current directory.

```bash
docker build -t my-app:latest .
```

`docker build -t <name> -f <dockerfile> .` — Build using a specific Dockerfile.

```bash
docker build -t my-app -f Dockerfile.prod .
```

`docker build --no-cache -t <name> .` — Build without using the layer cache. Forces a fresh build.

```bash
docker build --no-cache -t my-app:latest .
```

`docker build --build-arg <KEY>=<value> -t <name> .` — Pass a build-time variable to the Dockerfile.

```bash
docker build --build-arg NODE_ENV=production -t my-app .
```

`docker build --target <stage> -t <name> .` — Build only up to a specific stage in a multi-stage Dockerfile.

```bash
docker build --target builder -t my-app:build .
```

`docker build --platform <platform> -t <name> .` — Build for a specific platform architecture.

```bash
docker build --platform linux/amd64 -t my-app .
```

## Networks

`docker network ls` — List all Docker networks.

```bash
docker network ls
```

`docker network create <name>` — Create a new bridge network.

```bash
docker network create my-network
```

`docker network inspect <name>` — Show detailed information about a network including connected containers.

```bash
docker network inspect my-network
```

`docker network connect <network> <container>` — Connect a running container to a network.

```bash
docker network connect my-network my-web
```

`docker network disconnect <network> <container>` — Disconnect a container from a network.

```bash
docker network disconnect my-network my-web
```

`docker run --network <name> <image>` — Run a container attached to a specific network.

```bash
docker run -d --network my-network --name api my-api
```

`docker network rm <name>` — Remove a network. Fails if containers are connected.

```bash
docker network rm my-network
```

`docker network prune` — Remove all unused networks.

```bash
docker network prune
```

## Docker Compose

`docker compose up` — Create and start all services defined in docker-compose.yml.

```bash
docker compose up
```

`docker compose up -d` — Start all services in detached (background) mode.

```bash
docker compose up -d
```

`docker compose up --build` — Rebuild images before starting services.

```bash
docker compose up --build -d
```

`docker compose down` — Stop and remove all containers, networks created by up.

```bash
docker compose down
```

`docker compose down -v` — Stop and remove containers, networks, and volumes.

```bash
docker compose down -v
```

`docker compose ps` — List containers managed by the current Compose project.

```bash
docker compose ps
```

`docker compose logs <service>` — Show logs for a specific service.

```bash
docker compose logs web
```

`docker compose logs -f` — Follow logs for all services in real-time.

```bash
docker compose logs -f
```

`docker compose exec <service> <command>` — Execute a command inside a running Compose service container.

```bash
docker compose exec web bash
```

`docker compose run <service> <command>` — Run a one-off command in a new container for a service.

```bash
docker compose run web npm test
```

`docker compose pull` — Pull the latest images for all services.

```bash
docker compose pull
```

`docker compose build` — Build or rebuild all service images.

```bash
docker compose build
```

`docker compose restart <service>` — Restart a specific service.

```bash
docker compose restart web
```

`docker compose config` — Validate and display the resolved Compose configuration.

```bash
docker compose config
```

## Cleanup & System

`docker system df` — Show Docker disk usage: images, containers, volumes, and build cache.

```bash
docker system df
```

`docker system df -v` — Show detailed disk usage with individual item sizes.

```bash
docker system df -v
```

`docker system prune` — Remove all stopped containers, unused networks, dangling images, and build cache.

```bash
docker system prune
```

`docker system prune -a` — Remove everything unused: all images, containers, networks, and cache.

```bash
docker system prune -a
```

`docker system prune -a --volumes` — Full cleanup including unused volumes. Frees maximum disk space.

```bash
docker system prune -a --volumes
```

`docker container prune` — Remove all stopped containers.

```bash
docker container prune
```

`docker system info` — Show system-wide Docker information (version, storage driver, OS, etc.).

```bash
docker system info
```

`docker version` — Show Docker client and server version details.

```bash
docker version
```

## Resource Limits

`docker run -m <memory> <image>` — Set a memory limit for the container.

```bash
docker run -d -m 512m nginx
```

`docker run --cpus=<number> <image>` — Limit the number of CPU cores the container can use.

```bash
docker run -d --cpus=1.5 my-app
```

`docker run --memory-swap=<limit> <image>` — Set memory + swap limit. Use -1 for unlimited swap.

```bash
docker run -d -m 512m --memory-swap=1g my-app
```

`docker run --pids-limit=<number> <image>` — Limit the number of processes inside the container.

```bash
docker run -d --pids-limit=100 my-app
```

`docker update --memory <limit> <container>` — Update resource limits on a running container.

```bash
docker update --memory 1g my-web
```

<!-- PROSE:outro -->
## Conclusion

Docker has become indispensable in modern development and DevOps: what starts as a single container quickly grows into multi-stage builds, Compose stacks, and CI/CD pipelines. Once the commands in this guide feel natural, look next at lean multi-stage images, named volumes for persistent data, and regular `prune` runs so disk usage stays under control.

## Further Reading

- [Docker documentation](https://docs.docker.com/) – official reference and guides
- [docker CLI reference](https://docs.docker.com/reference/cli/docker/) – every command and option
- [Docker (software) – Wikipedia](https://en.wikipedia.org/wiki/Docker_(software)) – background and architecture
<!-- PROSE:outro:end -->

## Related Commands

- [ddev](https://www.jpkc.com/db/en/cheatsheets/containers/ddev/) – local Docker-based development environments for PHP projects
- [docker-compose](https://www.jpkc.com/db/en/cheatsheets/containers/docker-compose/) – define multi-container applications declaratively
- [helm](https://www.jpkc.com/db/en/cheatsheets/containers/helm/) – package manager for Kubernetes applications