Docker Cheatsheet

Top commands.

Building images

Image builds are the foundation of every container workflow. Master the basic flags before reaching for build optimisations like BuildKit cache mounts and multi-arch tooling.

• docker build -t myapp:latest . Standard tagged build from the current directory using the local Dockerfile.
• docker build --target=builder -t myapp:builder . Stop at a specific stage in a multi-stage build; useful for debugging the build itself.
• docker build --platform=linux/amd64,linux/arm64 Build multi-arch images in one pass; required for fleets that mix Apple Silicon dev with x86 production.
• docker build --build-arg KEY=value Pass parameters into the Dockerfile at build time; useful for environment-specific values that should not live in the image.

Running containers

Run flags decide blast radius and ergonomics. -d, --rm, and -v are the three flags you reach for daily; the rest are situational.

• docker run -d -p 8080:80 nginx Detached, port-mapped container; the default shape for running a service locally.
• docker run --rm -it ubuntu bash Interactive, ephemeral container that cleans up on exit; the right shape for one-off investigation.
• docker run -v /host:/container myapp Bind-mount a host path; use -v name:/container instead for named Docker volumes.
• docker run --env-file .env myapp Load environment variables from a file; keeps secrets out of CLI history and shell logs.

Inspecting containers

Inspection is the discipline of debugging containers without panic. ps, logs, and exec are the daily three; inspect is the deep-dive.

• docker ps -a List running and exited containers; -a includes the ones that crashed five minutes ago.
• docker logs --tail 100 -f container-name Follow the live log tail; --tail bounds the initial output to recent lines.
• docker exec -it container-name sh Get a shell in a running container; do not use docker run for this, it creates a new container.
• docker inspect container-name Full JSON state of the container; the source of truth for IP, mounts, env, and exit reason.

Managing images

Image management is its own discipline. Local cache fills up silently, tags drift between environments, and pruning is the routine that keeps disk free.

• docker images List local images with size and tag; the first command when investigating disk pressure.
• docker pull image:tag Pull a specific tag explicitly; useful before running to confirm the version.
• docker rmi image:tag Remove a local image; -f forces removal even when containers reference it.
• docker tag src:tag dst:tag Create an alias for an existing image; the basis of any promotion workflow between environments.

Cleaning up

Cleanup is its own discipline. Disk fills up silently between deploys; running prune on a schedule prevents the surprise outage at 3am when /var fills up.

• docker system prune -a Full sweep: unused images, stopped containers, networks, and dangling build cache. The biggest disk reclaim in one command.
• docker volume prune Remove unused volumes specifically; volumes survive container removal by default.
• docker container prune Remove stopped containers; quick wins after a CI run leaves behind exited workers.
• docker image prune --filter "until=24h" Age-filtered image sweep that keeps recent images warm; bounds cache without killing today's work.