Docker has a wide CLI surface but the part you actually use day to day is small. This is the working set I reach for: images, container lifecycle, run flags, exec and logs, build, networks, volumes, Compose, registry, and the prune commands that keep a host from filling up. Generic placeholders like IMAGE_NAME, CONTAINER_NAME, HOST_PORT, VOLUME_NAME are swappable from the input above the cheat sheet, so you can type IMAGE_NAME=postgres:16, HOST_PORT=5432 and every example below updates in place.
For the longer-form pieces (writing a Dockerfile, Compose, multi-stage builds, troubleshooting), see the linked articles in the What to do next section.
Docker Cheat Sheet
The commands I actually use, grouped by job. Use the variables input to swap placeholders like IMAGE_NAME or CONTAINER_NAME across every example.
Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonImages
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)Container lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerdocker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Networks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksVolumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)Events and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonContainer lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerNetworks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceEvents and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Images
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)docker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Volumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)Daemon and info
docker versionClient and engine versionsdocker infoEngine status, storage driver, image/container counts, host infodocker context lsList docker contexts (default, desktop-linux, remote)docker context use CONTEXT_NAMESwitch the active contextsudo systemctl status dockerLinux: is the daemon runningsudo systemctl start dockerLinux: start the daemonContainer lifecycle
docker run IMAGE_NAMEStart a container from an imagedocker psList running containersdocker ps -aList all containers including stoppeddocker stop CONTAINER_NAMESend SIGTERM then SIGKILL after 10sdocker start CONTAINER_NAMEStart a stopped containerdocker restart CONTAINER_NAMEStop + startdocker kill CONTAINER_NAMESIGKILL immediatelydocker pause CONTAINER_NAMEFreeze all processes with cgroupsdocker unpause CONTAINER_NAMEResume a paused containerdocker rm CONTAINER_NAMERemove a stopped containerdocker rm -f CONTAINER_NAMEForce remove, stops firstdocker container pruneRemove all stopped containersdocker rename OLD NEWRename a containerExec, inspect, logs
docker exec -it CONTAINER_NAME bashShell into a running containerdocker exec -it CONTAINER_NAME shUse sh when bash is not installed (alpine images)docker exec -it --user root CONTAINER_NAME bashForce root for installing tools or fixing permissionsdocker exec CONTAINER_NAME ls /appRun a single non-interactive commanddocker logs CONTAINER_NAMEContainer output (stdout + stderr)docker logs -f CONTAINER_NAMEFollow logs (tail -f)docker logs --tail 100 CONTAINER_NAMELast 100 lines onlydocker logs --since 10m CONTAINER_NAMELast 10 minutesdocker logs --since 2026-05-01 CONTAINER_NAMESince a specific datedocker logs --timestamps CONTAINER_NAMEPrepend ISO timestamps to each linedocker inspect CONTAINER_NAMEFull JSON: mounts, env, network IPs, state, exit codesdocker inspect --format '{{.State.Status}}' CONTAINER_NAMEPluck one field with a Go templatedocker top CONTAINER_NAMEProcesses running inside the containerdocker statsLive CPU, memory, network, disk per containerdocker port CONTAINER_NAMEShow port mappings for one containerdocker diff CONTAINER_NAMEFiles changed since the image was createddocker cp CONTAINER_NAME:/path /host/pathCopy a file out of a containerdocker cp /host/file CONTAINER_NAME:/pathCopy a file into a containerNetworks
docker network lsList networksdocker network create NETWORK_NAMECreate a user-defined bridge (service-name DNS works on these)docker network inspect NETWORK_NAMEShow subnet, gateway, connected containersdocker network connect NETWORK_NAME CONTAINER_NAMEAttach a running container to a networkdocker network disconnect NETWORK_NAME CONTAINER_NAMEDetachdocker network rm NETWORK_NAMERemove an empty networkdocker network pruneRemove all unused networksDocker Compose (V2: docker compose, no hyphen)
docker compose upStart the stack in the current directory's docker-compose.ymldocker compose up -dDetacheddocker compose up --buildRebuild images before startingdocker compose downStop and remove containers + networksdocker compose down -vAlso remove named volumes (data loss)docker compose psStack-scoped container listdocker compose logs -f SERVICE_NAMEFollow logs for one servicedocker compose exec SERVICE_NAME bashShell into a Compose servicedocker compose restart SERVICE_NAMERestart one servicedocker compose build SERVICE_NAMEBuild just one service's imagedocker compose pullPull image updates for every servicedocker compose run --rm SERVICE_NAME COMMANDRun a one-off command in the service's imagedocker compose configValidate and print the merged compose filedocker compose top SERVICE_NAMEProcesses in a Compose serviceEvents and debugging
docker eventsStream the daemon event log (container start/stop/oom etc.)docker events --filter event=oomOnly OOM killsdocker container inspect --format '{{.State.ExitCode}}' CONTAINER_NAMEExit code of the last rundocker container inspect --format '{{.State.OOMKilled}}' CONTAINER_NAMEWas it OOM-killed (exit code 137)Images
docker pull IMAGE_NAMEPull an image from the registrydocker imagesList images on this hostdocker image ls -aList all images including intermediatesdocker rmi IMAGE_NAMERemove an imagedocker image pruneRemove dangling images (untagged)docker image prune -aRemove all unused images, tagged or notdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag an image for pushdocker image inspect IMAGE_NAMEFull metadata, env, entrypoint, labelsdocker image history IMAGE_NAMELayer history with sizes — audit what bloats the imagedocker manifest inspect IMAGE_NAMEShow platforms an image supports (arm64, amd64)docker run — the flags worth knowing
docker run -d IMAGE_NAMEDetached / backgrounddocker run -it IMAGE_NAME bashInteractive shell, allocate a TTYdocker run --rm IMAGE_NAMERemove container automatically when it exitsdocker run --name CONTAINER_NAME IMAGE_NAMEName the container instead of getting a random onedocker run -p HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish a container port to the hostdocker run -p 127.0.0.1:HOST_PORT:CONTAINER_PORT IMAGE_NAMEPublish on a specific host interface only (localhost-only)docker run -v VOLUME_NAME:/path/in/container IMAGE_NAMENamed volume mountdocker run -v /host/path:/path/in/container IMAGE_NAMEBind mount a host pathdocker run -v /host/path:/path/in/container:ro IMAGE_NAMERead-only bind mountdocker run -e KEY=VALUE IMAGE_NAMESingle env vardocker run --env-file .env IMAGE_NAMELoad env vars from a filedocker run --network NETWORK_NAME IMAGE_NAMEAttach to a user-defined networkdocker run --restart unless-stopped IMAGE_NAMERestart on crash/host reboot, unless you stopped it manuallydocker run --user 1000:1000 IMAGE_NAMERun as a specific UID:GID instead of rootdocker run --memory 512m --cpus 0.5 IMAGE_NAMEResource limitsdocker run --platform linux/amd64 IMAGE_NAMEForce the platform (Apple Silicon running x86 images)docker run --hostname HOST IMAGE_NAMESet the container's hostnamedocker run --workdir /app IMAGE_NAMESet the working directory inside the containerdocker run --entrypoint sh IMAGE_NAMEOverride the image's ENTRYPOINTdocker run --add-host db:192.168.1.10 IMAGE_NAMEAdd a /etc/hosts entry inside the containerBuild
docker build -t IMAGE_NAME .Build from the Dockerfile in the current directorydocker build -t IMAGE_NAME -f path/to/Dockerfile .Use a Dockerfile somewhere other than ./Dockerfiledocker build --no-cache -t IMAGE_NAME .Force a full rebuilddocker build --build-arg KEY=VALUE -t IMAGE_NAME .Pass a build-time ARGdocker build --target STAGE -t IMAGE_NAME .Stop at a multi-stage target (e.g. build dev image from a 'dev' stage)docker build --platform linux/amd64,linux/arm64 -t IMAGE_NAME .Build for multiple architectures (needs buildx)docker buildx create --useCreate and switch to a buildx builder (multi-arch)docker buildx build --platform linux/amd64,linux/arm64 --push -t IMAGE_NAME .Multi-arch build pushed to a registry as a manifest listdocker builder pruneClean the BuildKit cache (separate from docker system prune)Volumes
docker volume lsList named volumesdocker volume create VOLUME_NAMEPre-create a named volumedocker volume inspect VOLUME_NAMEDriver, mountpoint, labelsdocker volume rm VOLUME_NAMERemove a volume (must not be in use)docker volume pruneRemove all unused volumes (data loss potential)docker run --rm -v VOLUME_NAME:/from -v $(pwd):/to alpine tar czf /to/backup.tar.gz -C /from .Back up a named volume to a tar.gz on the hostdocker run --rm -v VOLUME_NAME:/to -v $(pwd):/from alpine tar xzf /from/backup.tar.gz -C /toRestore a named volume from a tar.gzRegistry — push, pull, login
docker login REGISTRYLogin to a registry (Docker Hub if no host given)docker logout REGISTRYLogoutdocker tag IMAGE_NAME REGISTRY/REPO:TAGTag for a registry before pushdocker push REGISTRY/REPO:TAGPush to the registrydocker pull REGISTRY/REPO:TAGPull from a private registryCleanup and disk space
docker system dfDisk usage by images, containers, volumes, build cachedocker system pruneRemove stopped containers, unused networks, dangling images, build cachedocker system prune -aAlso remove ALL unused images (not just dangling)docker system prune -a --volumesThe nuclear option: also wipes unused volumes (data loss)docker builder pruneBuildKit cache onlydocker image prune -aUnused images onlydocker container pruneStopped containers onlydocker network pruneUnused networks onlydocker volume pruneUnused volumes only (data loss potential)What to do next
For the longer-form pieces this cheat sheet references:
- How to Install Docker on Ubuntu, macOS, and Windows — the install paths per OS.
- docker run Cheat Sheet — every
docker runflag worth knowing, with patterns. - How to Write a Dockerfile —
FROM,COPY,RUN,CMD,ENTRYPOINT, and the layer-cache rules that decide build speed. - Docker Compose: Getting Started — a working
docker-compose.ymlwalkthrough. - docker exec and docker logs — the two commands you reach for hourly.
- Docker Container Lifecycle: ps, stop, start, restart, rm — managing the containers you have.
- docker system prune: Free Disk Space Used by Docker — when Docker is eating your disk.
- How to Run Anything on Your Computer Without Installing It — the hub for the per-tool recipes (MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch, Nginx, WordPress, PHP, and more).
FAQ
Sources
Authoritative references this article was fact-checked against.
- Docker CLI reference (docs.docker.com)docs.docker.com
- Docker Compose CLI referencedocs.docker.com
- BuildKit documentationdocs.docker.com
