Docker — Build, Ship, and Run Containers

Docker packages applications together with their dependencies into containers – lightweight, isolated units that run the same way on every system. Instead of "works on my machine" you get reproducible environments from laptop to production. From the command line you build images, start containers, map ports, mount volumes, and orchestrate whole stacks with Compose. This guide gathers the most important docker commands for everyday work – from your first docker run to targeted cleanup with prune.

Container Lifecycle

docker run <image> — Create and start a new container from an image.

docker run nginx

docker run -d <image> — Run a container in detached (background) mode.

docker run -d nginx

docker run -it <image> <command> — Run a container interactively with a TTY. Useful for shells.

docker run -it ubuntu bash

docker run --name <name> <image> — Run a container with a custom name for easier reference.

docker run --name my-web -d nginx

docker run --rm <image> — Automatically remove the container when it exits.

docker run --rm alpine echo "Hello"

docker start <container> — Start a stopped container.

docker start my-web

docker stop <container> — Gracefully stop a running container (sends SIGTERM, then SIGKILL after timeout).

docker stop my-web

docker restart <container> — Stop and then start a container again.

docker restart my-web

docker kill <container> — Immediately stop a container by sending SIGKILL.

docker kill my-web

docker rm <container> — Remove a stopped container.

docker rm my-web

docker rm -f <container> — Force remove a running container (stop + remove).

docker rm -f my-web

Ports & Environment

docker run -p <host_port>:<container_port> <image> — Map a host port to a container port.

docker run -d -p 8080:80 nginx

docker run -p <host_port>:<container_port>/udp <image> — Map a UDP port from host to container.

docker run -d -p 5353:53/udp dns-server

docker run -P <image> — Map all exposed ports to random host ports.

docker run -d -P nginx

docker run -e <KEY>=<value> <image> — Set an environment variable inside the container.

docker run -d -e MYSQL_ROOT_PASSWORD=secret mysql:8

docker run --env-file <file> <image> — Load environment variables from a file.

docker run -d --env-file .env my-app

docker run --restart=<policy> <image> — Set restart policy: no, on-failure, always, unless-stopped.

docker run -d --restart=unless-stopped nginx

Volumes & Mounts

docker run -v <host_path>:<container_path> <image> — Bind mount a host directory into the container.

docker run -d -v ./html:/usr/share/nginx/html nginx

docker run -v <host_path>:<container_path>:ro <image> — Bind mount as read-only inside the container.

docker run -d -v ./config:/etc/app/config:ro my-app

docker run -v <volume_name>:<container_path> <image> — Mount a named Docker volume into the container.

docker run -d -v db-data:/var/lib/mysql mysql:8

docker volume create <name> — Create a named volume for persistent data storage.

docker volume create db-data

docker volume ls — List all Docker volumes.

docker volume ls

docker volume inspect <name> — Show detailed information about a volume.

docker volume inspect db-data

docker volume rm <name> — Remove a volume. Fails if the volume is in use.

docker volume rm db-data

docker volume prune — Remove all unused volumes to free disk space.

docker volume prune

Listing & Inspecting

docker ps — List all running containers.

docker ps

docker ps -a — List all containers including stopped ones.

docker ps -a

docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" — List containers with custom output format.

docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"

docker inspect <container> — Show detailed JSON information about a container.

docker inspect my-web

docker inspect --format '{{.NetworkSettings.IPAddress}}' <container> — Extract a specific field from container metadata using Go templates.

docker inspect --format '{{.NetworkSettings.IPAddress}}' my-web

docker port <container> — Show port mappings for a container.

docker port my-web

docker stats — Show live CPU, memory, network, and disk I/O usage for all running containers.

docker stats

docker top <container> — Show running processes inside a container.

docker top my-web

Logs & Exec

docker logs <container> — Show the logs (stdout/stderr) of a container.

docker logs my-web

docker logs -f <container> — Follow (tail) the log output in real-time.

docker logs -f my-web

docker logs --tail <n> <container> — Show only the last N lines of logs.

docker logs --tail 50 my-web

docker logs --since <time> <container> — Show logs since a timestamp or relative time.

docker logs --since 30m my-web

docker exec -it <container> <command> — Run a command interactively inside a running container.

docker exec -it my-web bash

docker exec <container> <command> — Run a command inside a running container (non-interactive).

docker exec my-web cat /etc/nginx/nginx.conf

docker exec -u <user> <container> <command> — Run a command as a specific user inside the container.

docker exec -u root my-web apt-get update

Copy & Diff

docker cp <container>:<path> <host_path> — Copy files from a container to the host.

docker cp my-web:/etc/nginx/nginx.conf ./nginx.conf

docker cp <host_path> <container>:<path> — Copy files from the host into a container.

docker cp ./index.html my-web:/usr/share/nginx/html/

docker diff <container> — Show filesystem changes made inside a container (A=added, C=changed, D=deleted).

docker diff my-web

Images

docker images — List all locally available images.

docker images

docker pull <image> — Download an image from a registry.

docker pull nginx:alpine

docker pull <image>:<tag> — Pull a specific tagged version of an image.

docker pull node:22-slim

docker push <image> — Upload an image to a registry.

docker push myuser/my-app:latest

docker tag <source_image> <target_image> — Create a new tag (alias) for an existing image.

docker tag my-app:latest myuser/my-app:v1.0

docker rmi <image> — Remove a local image.

docker rmi nginx:alpine

docker image prune — Remove all dangling (untagged) images.

docker image prune

docker image prune -a — Remove all images not used by any container.

docker image prune -a

docker history <image> — Show the layer history of an image.

docker history nginx:alpine

docker save -o <file> <image> — Export an image to a tar archive.

docker save -o my-app.tar my-app:latest

docker load -i <file> — Import an image from a tar archive.

docker load -i my-app.tar

Building Images

docker build -t <name>:<tag> . — Build an image from a Dockerfile in the current directory.

docker build -t my-app:latest .

docker build -t <name> -f <dockerfile> . — Build using a specific Dockerfile.

docker build -t my-app -f Dockerfile.prod .

docker build --no-cache -t <name> . — Build without using the layer cache. Forces a fresh build.

docker build --no-cache -t my-app:latest .

docker build --build-arg <KEY>=<value> -t <name> . — Pass a build-time variable to the Dockerfile.

docker build --build-arg NODE_ENV=production -t my-app .

docker build --target <stage> -t <name> . — Build only up to a specific stage in a multi-stage Dockerfile.

docker build --target builder -t my-app:build .

docker build --platform <platform> -t <name> . — Build for a specific platform architecture.

docker build --platform linux/amd64 -t my-app .

Networks

docker network ls — List all Docker networks.

docker network ls

docker network create <name> — Create a new bridge network.

docker network create my-network

docker network inspect <name> — Show detailed information about a network including connected containers.

docker network inspect my-network

docker network connect <network> <container> — Connect a running container to a network.

docker network connect my-network my-web

docker network disconnect <network> <container> — Disconnect a container from a network.

docker network disconnect my-network my-web

docker run --network <name> <image> — Run a container attached to a specific network.

docker run -d --network my-network --name api my-api

docker network rm <name> — Remove a network. Fails if containers are connected.

docker network rm my-network

docker network prune — Remove all unused networks.

docker network prune

Docker Compose

docker compose up — Create and start all services defined in docker-compose.yml.

docker compose up

docker compose up -d — Start all services in detached (background) mode.

docker compose up -d

docker compose up --build — Rebuild images before starting services.

docker compose up --build -d

docker compose down — Stop and remove all containers, networks created by up.

docker compose down

docker compose down -v — Stop and remove containers, networks, and volumes.

docker compose down -v

docker compose ps — List containers managed by the current Compose project.

docker compose ps

docker compose logs <service> — Show logs for a specific service.

docker compose logs web

docker compose logs -f — Follow logs for all services in real-time.

docker compose logs -f

docker compose exec <service> <command> — Execute a command inside a running Compose service container.

docker compose exec web bash

docker compose run <service> <command> — Run a one-off command in a new container for a service.

docker compose run web npm test

docker compose pull — Pull the latest images for all services.

docker compose pull

docker compose build — Build or rebuild all service images.

docker compose build

docker compose restart <service> — Restart a specific service.

docker compose restart web

docker compose config — Validate and display the resolved Compose configuration.

docker compose config

Cleanup & System

docker system df — Show Docker disk usage: images, containers, volumes, and build cache.

docker system df

docker system df -v — Show detailed disk usage with individual item sizes.

docker system df -v

docker system prune — Remove all stopped containers, unused networks, dangling images, and build cache.

docker system prune

docker system prune -a — Remove everything unused: all images, containers, networks, and cache.

docker system prune -a

docker system prune -a --volumes — Full cleanup including unused volumes. Frees maximum disk space.

docker system prune -a --volumes

docker container prune — Remove all stopped containers.

docker container prune

docker system info — Show system-wide Docker information (version, storage driver, OS, etc.).

docker system info

docker version — Show Docker client and server version details.

docker version

Resource Limits

docker run -m <memory> <image> — Set a memory limit for the container.

docker run -d -m 512m nginx

docker run --cpus=<number> <image> — Limit the number of CPU cores the container can use.

docker run -d --cpus=1.5 my-app

docker run --memory-swap=<limit> <image> — Set memory + swap limit. Use -1 for unlimited swap.

docker run -d -m 512m --memory-swap=1g my-app

docker run --pids-limit=<number> <image> — Limit the number of processes inside the container.

docker run -d --pids-limit=100 my-app

docker update --memory <limit> <container> — Update resource limits on a running container.

docker update --memory 1g my-web

Conclusion

Docker has become indispensable in modern development and DevOps: what starts as a single container quickly grows into multi-stage builds, Compose stacks, and CI/CD pipelines. Once the commands in this guide feel natural, look next at lean multi-stage images, named volumes for persistent data, and regular prune runs so disk usage stays under control.

Further Reading

• Docker documentation – official reference and guides
• docker CLI reference – every command and option
• Docker (software) – Wikipedia – background and architecture

Related Commands

• ddev – local Docker-based development environments for PHP projects
• docker-compose – define multi-container applications declaratively
• helm – package manager for Kubernetes applications