Docker Command Reference Cheat Sheet (2026)

Quick-access reference for the most important Docker commands across every topic in the series. Organised by category — containers, images, volumes, networks, Compose, Buildx and system. Bookmark this page and return whenever you need a command fast.

Table of Contents

Container Commands

# Run
docker run IMAGE                          # Run container (foreground)
docker run -d IMAGE                       # Detached (background)
docker run -it IMAGE bash                 # Interactive shell
docker run --rm IMAGE                     # Auto-remove on exit
docker run --name NAME IMAGE              # Named container
docker run -p 8080:80 IMAGE               # Map host:container port
docker run -e KEY=VALUE IMAGE             # Set env var
docker run --env-file .env IMAGE          # Load env from file
docker run -v vol:/path IMAGE             # Named volume mount
docker run -v $(pwd):/app IMAGE           # Bind mount
docker run --network NET IMAGE            # Attach to network
docker run --restart unless-stopped IMAGE # Restart policy
docker run --memory 512m --cpus 0.5 IMAGE # Resource limits
docker run --read-only IMAGE              # Read-only filesystem
docker run --cap-drop ALL IMAGE           # Drop all capabilities
docker run --security-opt no-new-privileges:true IMAGE

# Lifecycle
docker start CONTAINER                    # Start stopped container
docker stop CONTAINER                     # Graceful stop (SIGTERM)
docker kill CONTAINER                     # Immediate stop (SIGKILL)
docker restart CONTAINER                  # Stop + start
docker pause CONTAINER                    # Freeze (SIGSTOP)
docker unpause CONTAINER                  # Unfreeze
docker rm CONTAINER                       # Remove stopped container
docker rm -f CONTAINER                    # Force remove running container

# Inspect and debug
docker ps                                 # Running containers
docker ps -a                              # All containers
docker ps --filter "status=exited"        # Filtered
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
docker logs CONTAINER                     # View logs
docker logs -f CONTAINER                  # Follow logs
docker logs --tail 50 CONTAINER           # Last 50 lines
docker logs --since 10m CONTAINER         # Last 10 minutes
docker exec -it CONTAINER bash            # Shell into running container
docker exec CONTAINER COMMAND             # Run command in container
docker top CONTAINER                      # Processes inside container
docker stats CONTAINER                    # Live resource usage
docker inspect CONTAINER                  # Full JSON metadata
docker inspect CONTAINER --format='{{.State.Status}}'
docker diff CONTAINER                     # Filesystem changes
docker port CONTAINER                     # Port mappings
docker cp SRC CONTAINER:DEST              # Copy into container
docker cp CONTAINER:SRC DEST              # Copy out of container

Image Commands

# Pull / push
docker pull IMAGE:TAG                     # Pull from registry
docker pull IMAGE@sha256:DIGEST           # Pull by digest (immutable)
docker push REGISTRY/IMAGE:TAG            # Push to registry
docker push --all-tags REGISTRY/IMAGE     # Push all tags

# List and inspect
docker images                             # List local images
docker images --filter "dangling=true"    # Untagged images only
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
docker history IMAGE                      # Layer history
docker history IMAGE --no-trunc           # Full commands
docker inspect IMAGE                      # Full metadata
docker inspect IMAGE --format='{{json .Config.Env}}'

# Tag and manage
docker tag SOURCE:TAG TARGET:TAG          # Create an alias tag
docker rmi IMAGE                          # Remove image
docker rmi $(docker images -q IMAGE)      # Remove all tags of an image
docker save IMAGE -o file.tar             # Export image to tar
docker load -i file.tar                   # Import image from tar
docker image prune                        # Remove dangling images
docker image prune -a                     # Remove all unused images

Volume Commands

docker volume create NAME                 # Create named volume
docker volume ls                          # List volumes
docker volume inspect NAME                # Details (mountpoint, driver)
docker volume rm NAME                     # Remove volume
docker volume prune                       # Remove unused volumes

# Backup a volume
docker run --rm \
  -v NAME:/data:ro \
  -v $(pwd):/backup \
  alpine tar czf /backup/backup.tar.gz -C /data .

# Restore a volume
docker run --rm \
  -v NAME:/data \
  -v $(pwd):/backup \
  alpine tar xzf /backup/backup.tar.gz -C /data

# Volume mount flags
-v NAME:/path                             # Named volume
-v /host/path:/container/path             # Bind mount
-v /host/path:/container/path:ro          # Read-only bind mount
-v /container/path                        # Anonymous volume (shadows host path)
--tmpfs /tmp                              # tmpfs (in-memory)
--mount type=tmpfs,target=/tmp,tmpfs-size=64m

Network Commands

docker network ls                         # List networks
docker network create NAME                # Create bridge network
docker network create --driver overlay NAME  # Overlay (Swarm)
docker network create --internal NAME     # No external internet
docker network inspect NAME               # Details (containers, subnet)
docker network connect NAME CONTAINER     # Connect container to network
docker network disconnect NAME CONTAINER  # Disconnect
docker network rm NAME                    # Remove network
docker network prune                      # Remove unused networks

# Run flags
--network NAME                            # Attach to network
--network host                            # Use host network
--network none                            # No networking
--add-host host.docker.internal:host-gateway  # Reach host from container (Linux)
--dns 8.8.8.8                             # Custom DNS server

Docker Compose Commands

# Start / stop
docker compose up                         # Start (foreground, see logs)
docker compose up -d                      # Detached
docker compose up -d --build              # Rebuild images then start
docker compose up -d --scale web=3        # Start with N replicas
docker compose down                       # Stop + remove containers/networks
docker compose down -v                    # Also remove named volumes
docker compose down --remove-orphans      # Remove undefined containers
docker compose stop                       # Stop containers (keep them)
docker compose start                      # Start stopped containers
docker compose restart SERVICE            # Restart one service
docker compose pull                       # Pull latest images

# Logs and status
docker compose ps                         # Status of all services
docker compose logs                       # All logs
docker compose logs -f SERVICE            # Follow one service
docker compose logs --tail 50 SERVICE     # Last 50 lines

# Execute and run
docker compose exec SERVICE bash          # Shell into running service
docker compose exec SERVICE COMMAND       # Run command in service
docker compose run --rm SERVICE COMMAND   # One-off command in new container

# Config and build
docker compose config                     # Print merged config (after overrides)
docker compose build                      # Build all images
docker compose build --no-cache SERVICE   # Rebuild without cache

# Override files
docker compose -f compose.yml -f compose.prod.yml up -d
docker compose --profile tools up         # Start with profile

# Watch mode (live sync — Compose V2.22+)
docker compose watch                      # Sync file changes into running containers

Build and Buildx

# Standard build
docker build -t IMAGE:TAG .               # Build with tag
docker build -f Dockerfile.prod -t IMAGE .  # Custom Dockerfile
docker build --build-arg KEY=VALUE .      # Pass build arg
docker build --no-cache .                 # Skip cache
docker build --target STAGE .             # Build up to a specific stage
docker build --progress=plain .           # Full output (good for CI)

# BuildKit (default in Docker 23+)
docker build --secret id=TOKEN,src=.token .   # Secret mount (never in layer)
docker build --ssh default .              # SSH forwarding

# Buildx — multi-platform and advanced caching
docker buildx ls                          # List builders
docker buildx create --use --name mybuilder   # Create + activate builder
docker buildx inspect --bootstrap         # Verify builder is ready

# Multi-platform build
docker buildx build \
  --platform linux/amd64,linux/arm64 \
  --push \
  -t ghcr.io/org/image:latest .

# Build with registry cache (for CI)
docker buildx build \
  --cache-from type=registry,ref=IMAGE:buildcache \
  --cache-to type=registry,ref=IMAGE:buildcache,mode=max \
  --push -t IMAGE:TAG .

# Build with GitHub Actions cache
docker buildx build \
  --cache-from type=gha \
  --cache-to type=gha,mode=max \
  --push -t IMAGE:TAG .

# Inspect a multi-platform manifest
docker buildx imagetools inspect IMAGE:TAG

Registry Commands

# Authentication
docker login                              # Docker Hub
docker login ghcr.io -u USER --password-stdin   # GHCR (pipe PAT)
docker logout REGISTRY                    # Log out

# AWS ECR login (credentials valid 12 hours)
aws ecr get-login-password --region REGION \
  | docker login --username AWS --password-stdin ACCOUNT.dkr.ecr.REGION.amazonaws.com

# Tag for registry
docker tag LOCAL:TAG REGISTRY/ORG/IMAGE:TAG

# Push
docker push REGISTRY/ORG/IMAGE:TAG
docker push --all-tags REGISTRY/ORG/IMAGE

# Pull
docker pull REGISTRY/ORG/IMAGE:TAG
docker pull REGISTRY/ORG/IMAGE@sha256:DIGEST

# Search Docker Hub
docker search nginx --filter is-official=true --limit 5

# Docker contexts (switch between daemons)
docker context ls
docker context create remote --docker "host=ssh://user@host"
docker context use remote
docker --context remote ps

System and Cleanup

# Disk usage
docker system df                          # Summary: images, containers, volumes, cache
docker system df -v                       # Verbose (per-item breakdown)

# Cleanup
docker container prune                    # Remove stopped containers
docker image prune                        # Remove dangling (untagged) images
docker image prune -a                     # Remove all unused images
docker volume prune                       # Remove unused volumes
docker network prune                      # Remove unused networks
docker builder prune                      # Remove build cache
docker system prune                       # Remove all unused (except volumes)
docker system prune -a --volumes          # Remove everything unused

# Info and version
docker version                            # Client + daemon versions
docker info                               # Full daemon config
docker system events                      # Real-time event stream
docker system events --filter type=container --filter event=die

# Daemon management (Linux systemd)
sudo systemctl start docker
sudo systemctl stop docker
sudo systemctl restart docker
sudo systemctl status docker
sudo journalctl -u docker -f              # Daemon logs

# Swarm
docker swarm init --advertise-addr IP     # Initialize swarm
docker swarm join --token TOKEN HOST:PORT # Join as worker
docker node ls                            # List nodes
docker service ls                         # List services
docker service create --name NAME --replicas 3 IMAGE
docker service scale NAME=5               # Scale service
docker service update --image IMAGE:NEW NAME  # Rolling update
docker stack deploy -c compose.yml STACK  # Deploy Compose as Swarm stack
docker stack rm STACK                     # Remove stack

Docker Series