Basics

docker --version

Shows the installed Docker version.

docker info

Displays detailed system-wide information, including running containers, images, and storage drivers.

docker help

Shows the list of available Docker commands with brief descriptions. You can also use "docker <command> --help" for help on a specific command.

docker <command> [OPTIONS]

// Example
docker exec -it http-server bash

Basic Docker cli structure.

Docker core components:

• Images: Read-only templates used to create containers.
• Containers: Running instances of images — isolated processes.
• Volumes: Persistent storage shared between container and host.
• Networks: Allow communication between containers.
• Dockerfile: Script to build Docker images.
• Docker Compose: Tool for defining and running multi-container Docker apps.

Images

docker images

Shows a list of images on your local machine including repository, tag, image id and size.

docker pull <image>:<tag>

Pulls an image from Docker Hub. If no tag is provided Docker uses latest by default.

docker build -t <name>:<tag> <path>

// Example
docker build -t myapp:1.0 .

Builds an image from a Dockerfile. . refers to the current directory (where the Dockerfile lives).

docker tag <image_id> <repo/name>:<tag>

This adds a tag to an image. It's useful for versioning or preparing to push to a registry.

docker rmi <image_id or name>

Removes an image. If you add "-f" it forces the removal.

docker inspect <image>

Inspects image details. This gives JSON output with layers, config, environment vars, etc.

docker history <image>

Shows the commands used to build the image layers.

docker push <repo/image>:<tag>

Pushes an image to the registry. To use this first you need to be logged in with docker login.

docker run <image>

This adds a container layer over the image and starts it.

Containers

docker run [OPTIONS] <image>

Creates and starts a new container from the specified image.

Common options:

• -d : Run in background (detached)
• -it : Interactive + terminal (great for shells)
• --rm : Automatically remove when stopped
• --name : Give the container a name
• -p <host>:<container> : Port mapping
• -v <host>:<container> : Mount volume

// Only running containers
docker ps

// All (including stopped)
docker ps -a

Lists containers.

docker start <container>

Starts an existing (stopped) container that was created earlier (e.g., via "docker run").

docker stop <container>

Stops a container.

docker restart <container>

Restarts a container.

docker rm <container>

Deletes a container.

docker exec -it <container> <command>

// Example
docker exec -it myapp bash

Runs a command inside a running container.

docker attach <container>

Attaches your terminal to a running container's main process (usually the one started with CMD or ENTRYPOINT in the Dockerfile). You'll see live output and can interact if it's an interactive process (like a shell or a server running in the foreground). Detach with "Ctrl + P + Q".

docker logs <container>

// In real time
docker logs -f <container>

Shows container logs.

docker inspect <container>

Shows detailed info in JSON format about a container, like network, mounts, config, etc.

docker stats

Shows real-time usage (CPU, memory, I/O) for running containers.

docker container prune

Removes all stopped containers.

Dockerfiles

A Dockerfile is a script that automates the creation of a Docker image by specifying:

• the base image
• what files to copy
• what commands to run
• environment configuration

Common instructions:

• FROM : Base image to use (must be first line)
• RUN : Executes commands in a new image layer
• CMD : Default command to run when container starts
• COPY : Copies files/directories from host to image
• ADD : Like COPY but can also extract tar files or download URLs
• WORKDIR : Sets the working directory inside the container
• ENV : Sets environment variables
• EXPOSE : Documents which port the container will listen on
• ENTRYPOINT : Configures the container to run as an executable

# Use base image
FROM node:18

# Set working directory
WORKDIR /app

# Copy files
COPY package*.json ./
RUN npm install

COPY . .

# Expose port
EXPOSE 3000

# Default command
CMD ["npm", "start"]

An example of a Dockerfile. This builds a Node.js app image that starts from a clean Node.js 18 environment, installs dependencies, adds the app's source code, runs the app on port 3000 using "npm start".

docker build -t myapp:1.0 .

Builds an image.

# Stage 1 - Builder
FROM node:18 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

# Stage 2 - Minimal runtime
FROM nginx:alpine
COPY --from=builder /app/build /usr/share/nginx/html

This is an example of a multi-stage build. A multi-stage build uses multiple FROM statements in one Dockerfile. Each FROM starts a new stage, and you can copy only what you need from earlier stages into the final image. It's useful because it keeps the final image small (no dev tools, compilers, or source code), reduces attack surface and makes builds cleaner and more modular. In the example above the final image only contains the compiled application (e.g., Vue or React), no Node.js or source code.

Volumes

docker volume create <volume_name>

Creates a volume.

docker volume ls

Lists volumes.

docker volume rm <volume_name>

Removes a volume. (Only works if the volume is not being used by any container)

docker volume prune

Deletes all unused volumes.

docker run -v <volume_name>:<container_path> <image>

Uses a volume in a container.

docker volume inspect <volume_name>

Shows details of a volume such as path on host, mountpoint, etc.

docker run -v /home/user/app:/usr/src/app node

Example of a bind mount. It's great for local development as changes in the code editor reflect instantly inside the container. It's not managed by Docker.

docker volume create pgdata
docker run -v pgdata:/var/lib/postgresql/data postgres

Example of a named volume. Data remains even if the container is deleted. Easy to back up and manage via Docker CLI as it is managed by Docker. It's useful in situations where you want Docker-managed, persistent, and portable data.

services:   
  frontend:     
    image: node:lts     
    volumes:       
      - myapp:/home/node/app       
volumes:   
  myapp:

Example of how to use a volume with Docker Compose.

Networks

Common network types:

• bridge : Default for standalone containers. Isolated, local container network.
• host : Shares the host's network stack. No network isolation.
• none : Completely disables networking for a container.
• overlay : Used for multi-host (swarm) networks. Spans across multiple Docker daemons.
• macvlan : Assigns a MAC address to a container, like a physical device on the LAN.

docker network ls

Lists networks.

docker network inspect <network_name>

Gives detailed information of a network, such as driver, scope, IP address details, list of containers connected to this network etc.

docker network create <network_name>

// Example
docker network create \
--driver bridge \
--subnet 192.168.100.0/24 \
--gateway 192.168.100.1 \
my_custom_net

Creates a network.

docker network rm <network_name>

Removes a network.

docker network create mynet
docker run -d --name db --network mynet postgres
docker run -d --name app --network mynet myapp

This is an example of using a custom network. Creating and attaching containers to the same custom bridge network allows automatic name-based DNS resolution between them. In this example "app" can access "db" using "db:5432".

services:   
  app:     
    image: myapp     
    networks:       
      - frontend       
  db:     
    image: postgres     
    networks:       
      - backend       
networks:   
  frontend:   
  backend:

Docker Compose automatically creates a custom network for the services, but you can still specify your own network if needed.

Docker compose

version: "3.8"
services:   
  web:   
    build: ./web     
    ports:     
      - "3000:3000"       
    depends_on:     
      - db       
  db:   
    image: postgres:14     
    environment:     
      POSTGRES_PASSWORD: secret       
    volumes:     
      - dbdata:/var/lib/postgresql/data       
      
volumes:   
  dbdata:

Example of a docker-compose.yml file. Services part contains each containerized app you run. Volumes part contains the shared persistent storage. Networks part contains the custom container communication layer.

Most common commands:

• docker compose up : Start all services
• docker compose up -d : Start in detached mode
• docker compose down : Stop and remove containers, network, volumes
• docker compose ps : List running services
• docker compose logs : Show logs for all services
• docker compose build : Build services from Dockerfiles
• docker compose restart : Restart one or more services

// .env file
POSTGRES_PASSWORD=secret

// Reference in Docker Compose file
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}

It's a good practice to use .env files for secrets and configs.

Cleanup

docker stop $(docker ps -q)

Stops all running containers.

docker rm $(docker ps -a -q)

Removes all containers.

docker image prune

Removes all unused images.

docker rmi $(docker images -q)

Removes all images.

docker volume prune

Removes unused volumes.

docker volume rm $(docker volume ls -q)

Removes all volumes.

docker network prune

Removes unused networks.

docker system prune

Removes everything not in use. Add "-a" to also remove unused images, not just dangling (images not tagged and not referenced by any container). Add "--volumes" to clean up volumes as well.

docker system df

This shows space used by containers, images, volumes, build cache and what's reclaimable.

Docker Hub & registries

docker pull nginx

When you run a command like this Docker looks for the image "nginx" on Docker Hub by default. Docker Hub is the default public registry which has thousands of official images (e.g., postgres, node, ubuntu), user and organization accounts, public & private repositories, automated builds (connected to GitHub/GitLab) and a web UI for browsing images and tags.

// Tag the image
docker tag myapp myusername/myapp:latest

// Log in
docker login

// Push the image
docker push myusername/myapp:latest

This is the common procedure to push to a registry.

docker pull myusername/myapp:latest

// From a specific registry
docker pull ghcr.io/myorg/myapp:1.0.0

Pulls from a registry.

services:
web:
  image: nginx:latest

This pulls from Docker Hub (unless otherwise specified) in Docker Compose.

docker run -d -p 5000:5000 --name registry registry:2

Hosts a private registry.

docker tag myapp localhost:5000/myapp
docker push localhost:5000/myapp

Pushes to a private registry.

Troubleshooting

docker logs <container_name>

Shows logs from a container. Add "-f" to follow logs live. It's great for checking startup issues or errors in services.

docker inspect <container_name>

Outputs JSON with useful informatipn about a container: mounts, IPs, environment, restart policy, etc.

docker exec -it <container_name> bash

Provides access to a running container's shell. Use "sh" if "bash" isn't available.

docker build --progress=plain .

Builds with verbose output.

docker history <image_name>

Shows intermediate image layers.

docker run -it <image_name> /bin/sh

Provides interactive mode for testing.

docker inspect <container_name> | grep IPAddress

Shows the IP address of the container.

docker exec -it <container_name> ping google.com

Tests the DNS of the network.

docker network ls

Shows Docker networks.

docker network inspect <network_name>

Shows detailed information of a network.

docker inspect <container_name>

Shows attached volumes.

docker exec -it <container_name> ls /mounted/path

Shows if files are missing inside a container.

docker build --no-cache -t myapp .

Rebuilds an image without using a cache layer.

docker inspect --format='{{.State.ExitCode}}' <container_name>

Shows last exit code of a container.