Docker Cheat Sheet
The commands I actually use, grouped by job. Use the variables input to swap placeholders like IMAGE_NAME or CONTAINER_NAME across every example.
Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonImages
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)Container lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerdocker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Networks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksVolumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)Events and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonContainer lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerNetworks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceEvents and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Images
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)docker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Volumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonContainer lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerNetworks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceEvents and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Images
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)docker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Volumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)Docker has a wide CLI surface but the part you actually use day to day is small. This is the working set I reach for: images, container lifecycle, run flags, exec and logs, build, networks, volumes, Compose, registry, and the prune commands that keep a host from filling up. Generic placeholders like IMAGE_NAME, CONTAINER_NAME, HOST_PORT, VOLUME_NAME are swappable from the input above the cheat sheet, so you can type IMAGE_NAME=postgres:16, HOST_PORT=5432 and every example below updates in place.
For the longer-form pieces (writing a Dockerfile, Compose, multi-stage builds, troubleshooting), see the linked articles in the What to do next section.
What to do next
For the longer-form pieces this cheat sheet references:
- How to Install Docker on Ubuntu, macOS, and Windows — the install paths per OS.
- docker run Cheat Sheet — every
docker runflag worth knowing, with patterns. - How to Write a Dockerfile —
FROM,COPY,RUN,CMD,ENTRYPOINT, and the layer-cache rules that decide build speed. - Docker Compose: Getting Started — a working
docker-compose.ymlwalkthrough. - docker exec and docker logs — the two commands you reach for hourly.
- Docker Container Lifecycle: ps, stop, start, restart, rm — managing the containers you have.
- docker system prune: Free Disk Space Used by Docker — when Docker is eating your disk.
- How to Run Anything on Your Computer Without Installing It — the hub for the per-tool recipes (MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch, Nginx, WordPress, PHP, and more).
FAQ
docker --help lists every subcommand and flag. This page is the working set: the ones I actually reach for, with the flags that matter and short notes on the gotchas. You will look at --help a handful of times a year for the rare flags; this page is what you have open on the second monitor while you work.
It accepts a comma-separated list like IMAGE_NAME=postgres:16, CONTAINER_NAME=db, HOST_PORT=5432. Every occurrence of those tokens in the examples below the input is swapped on the fly. Useful when you want to copy commands without doing the mental find-replace.
Stored in your browser's localStorage, not on the server. Clear it with the button next to the input.
docker compose (space). Compose V2 has been the default since 2022, and the standalone docker-compose binary was removed from official packages mid-2024. The commands and the file format are otherwise the same; the version: key at the top of docker-compose.yml is no longer required and is warned-about in current Compose. See Docker Compose: Getting Started.
docker system prune sweeps stopped containers, unused networks, dangling images, and build cache in one pass. -a extends that to all unused images. --volumes extends it to unused volumes — that flag is the data-loss one. The individual docker image prune, docker container prune, docker volume prune, docker network prune, and docker builder prune let you scope the cleanup. Full breakdown in docker system prune: Free Disk Space.
You are running an x86 image under QEMU emulation. Use --platform linux/arm64 if the image publishes an arm64 manifest, or accept the emulation hit. docker manifest inspect IMAGE_NAME shows which platforms the image supports. The full story is in "exec format error" — Apple Silicon and Multi-Architecture Docker Images.
Sources
Authoritative references this article was fact-checked against.
- Docker CLI reference (docs.docker.com)docs.docker.com
- Docker Compose CLI referencedocs.docker.com
- BuildKit documentationdocs.docker.com





