Docker Cheat Sheet
Build, run, and manage containers with the Docker commands engineers reach for during local development, CI debugging, and production incident response.
Images
7 commandsdocker build -t name:tag .Build image from Dockerfile
docker imagesList local images
docker pull nginx:latestPull image from registry
docker push user/img:tagPush to registry
docker rmi image_idRemove image
docker image pruneRemove unused images
docker tag img:v1 img:latestTag image
Containers
11 commandsdocker run -d --name app imgRun detached
docker run -it img bashInteractive shell
docker run -p 8080:80 imgMap port
docker run -v ./data:/data imgMount volume
docker run -e KEY=val imgSet env variable
docker run --rm imgRemove after exit
docker psRunning containers
docker ps -aAll containers
docker stop NAMEStop container
docker rm NAMERemove container
docker restart NAMERestart container
Debugging
7 commandsdocker logs NAMEContainer logs
docker logs -f NAMEStream logs
docker exec -it NAME bashShell into running
docker inspect NAMEFull container details
docker statsLive resource usage
docker top NAMEProcesses in container
docker diff NAMEChanged files
Docker Compose
8 commandsdocker compose up -dStart all services
docker compose downStop and remove
docker compose logs -fStream all logs
docker compose psService status
docker compose buildRebuild services
docker compose exec svc bashShell into service
docker compose pullPull latest images
docker compose down -vRemove with volumes
Volumes & Networks
6 commandsdocker volume create volCreate volume
docker volume lsList volumes
docker volume rm volRemove volume
docker network create netCreate network
docker network lsList networks
docker network inspect netNetwork details
Cleanup
5 commandsdocker system pruneRemove all unused
docker system prune -aRemove ALL (incl images)
docker system dfDisk usage
docker container pruneRemove stopped
docker volume pruneRemove unused volumes
Multi-Stage Builds
5 commandsFROM node:22 AS builderNamed build stage
FROM node:22-slim AS runtimeSmaller runtime image
COPY --from=builder /app/dist .Copy from build stage
COPY --from=0 /app .Copy from stage index
RUN --mount=type=cache,target=/root/.npm npm ciBuildKit cache mount
BuildKit & Performance
7 commandsDOCKER_BUILDKIT=1 docker build .Enable BuildKit
docker buildx build --platform linux/amd64,linux/arm64 .Multi-arch build
docker buildx create --useCreate buildx builder
--build-arg VAR=valPass build argument
.dockerignoreExclude files from build context
docker build --cache-from img:latest .Use remote cache
docker build --progress=plain .Show full build output
Security Best Practices
7 commandsUSER nonroot:nonrootDon't run as root
COPY --chown=nonroot:nonroot . .Set file ownership
RUN apt-get update && apt-get install -y --no-install-recommendsMinimal packages
docker scan img:tagScan for vulnerabilities
docker scout quickview imgDocker Scout analysis
FROM scratchEmpty base image (Go/Rust binaries)
HEALTHCHECK CMD curl -f http://localhost/ || exit 1Container health check
Docker Compose Advanced
7 commandsdepends_on: svc: condition: service_healthyWait for health check
deploy: resources: limits: cpus: '0.5'Resource limits
profiles: [debug]Optional service profiles
docker compose --profile debug upStart with profile
docker compose configValidate compose file
docker compose watchAuto-rebuild on changes
extends: file: base.yml service: webExtend base config
Troubleshooting
8 commandsdocker logs --tail 100 -f NAMELast 100 lines + follow
docker inspect --format '{{.State.ExitCode}}' NAMEExit code
docker eventsReal-time Docker events
docker history img:tagImage layer history
docker export NAME > fs.tarExport filesystem
docker commit NAME new-imgCreate image from container
docker save img > img.tarSave image to file
docker load < img.tarLoad image from file