Docker Cheatsheet¶

docker image

• Build an image from a Dockerfile
• Tag an image
• List images
• Remove an image
• Synchronise with a container registry

docker container

• Create - but do not start - a container from an image
• Start a container
• Create and start a container from an image
• Stop a running container
• Pause or unpause all running processes in a container
• Delete a container
• List containers
• Copy files
• Execute a command in a container
• Create an image from a container
• Attach terminal to container
• Display container information
• Print container logs

docker network

• Create a network
• List networks
• Delete a network
• Connect or disconnect a container from a network

Dockerfile instructions

• Set the base image
• Run a command in the shell during the build stage
• Publish a port
• Set a variable for use during the build stage
• Set an environment variable
• Set the working directory
• Copy files into a container
• Set the default command for a running container

---

docker image¶

Build an image from a Dockerfile¶

docker image build -t IMAGE_NAME:TAG PATH_TO_BUILD_CONTEXT

The Dockerfile should be located at the root of the build context and should be called Dockerfile. If it is not, use

docker build -t -IMAGE_NAME:TAG -f PATH_TO_DOCKERFILE PATH_TO_BUILD_CONTEXT

PATH_TO_DOCKERFILE cannot be outside of the build context.

Tag an image¶

To create a tag TARGET_IMAGE that refers to SOURCE_IMAGE, use

docker image tag SOURCE_IMAGE:TAG TARGET_IMAGE:TAG

List images¶

docker image ls

Include intermediate images

docker image ls -a

Remove an image¶

docker image rm IMAGE_NAME:TAG

Remove danging intermediate images

docker image prune

Remove images not referenced by a container

docker image prune -a

Synchronise with a container registry¶

Pull from the registry

docker image pull IMAGE_NAME:TAG

Push to the registry

docker image push IMAGE_NAME:TAG

---

docker container¶

Create - but do not start - a container from an image¶

docker container create IMAGE_NAME:TAG

Publish ports

docker container create -p HOST_PORT:CONTAINER_PORT/PROTOCOL IMAGE_NAME:TAG

HOST_PORT is the port used to access the container from outside. CONTAINER_PORT is the port used within the container.

PROTOCOL must be either tcp or udp. If PROTOCOL is not specified, tcp is assumed.

Mount a volume

docker container create --mount source=PATH_ON_DISK, target=PATH_IN_CONTAINER, type=bind IMAGE_NAME:TAG

Start a container¶

docker container start CONTAINER_NAME

Print container output

docker container start -a CONTAINER_NAME

Connect to the container’s terminal

docker container start -it CONTAINER_NAME

CTRL+P then CTRL+Q to disconnect.

Create and start a container from an image¶

docker container run IMAGE_NAME:TAG

docker container run combines docker container create and docker container start.

Publish ports

docker container run -p HOST_PORT:CONTAINER_PORT/PROTOCOL IMAGE_NAME:TAG

HOST_PORT is the port used to access the container from outside. CONTAINER_PORT is the port used within the container.

PROTOCOL must be either tcp or udp. If PROTOCOL is not specified, tcp is assumed.

Mount a volume

docker container run --mount source=PATH_ON_DISK, target=PATH_IN_CONTAINER, type=bind IMAGE_NAME:TAG

Stop a running container¶

Shutdown gracefully

docker container stop CONTAINER_NAME

Stop immediately

docker container kill CONTAINER_NAME

Pause or unpause all running processes in a container¶

Pause

docker container pause CONTAINER_NAME

Unpause

docker container unpause CONTAINER_NAME

Delete a container¶

docker container rm CONTAINER_NAME

Stop and delete a running container

docker container rm -f CONTAINER_NAME

Stops immediately, no graceful shutdown.

Delete all stopped containers

docker container prune

Delete all running and stopped containers

docker container rm -f $(docker ps -aq)

List containers¶

Running containers

docker container ls

All containers

docker container ls --all

Copy files¶

To container

docker container cp PATH_ON_DISK CONTAINER_NAME:PATH_IN_CONTAINER

From container

docker container cp CONTAINER_NAME:PATH_IN_CONTAINER PATH_ON_DISK

Execute a command in a container¶

docker container exec CONTAINER_NAME COMMAND OPTIONAL_ARGUMENTS

Run in background

docker container exec -d CONTAINER_NAME COMMAND OPTIONAL_ARGUMENTS

Execute with temporary environment variables

docker container exec -e VARIABLE_NAME=VALUE CONTAINER_NAME COMMAND OPTIONAL_ARGUMENTS

Create an image from a container¶

docker container commit CONTAINER_NAME

Attach terminal to container¶

docker container attach CONTAINER_NAME

CTRL+C to detach.

Display container information¶

docker container inspect CONTAINER_NAME

Print container logs¶

docker container logs CONTAINER_NAME

Print the last N lines of the container logs

docker container logs --tail N CONTAINER_NAME

Print all subsequent logs

docker container logs -f CONTAINER_NAME

---

docker network¶

Create a network¶

docker network create NETWORK_NAME

List networks¶

docker network ls

Delete a network¶

docker network rm NETWORK_NAME

Remove all unused networks

docker network prune

Connect or disconnect a container from a network¶

Connect

docker network connect NETWORK_NAME CONTAINER_NAME

Disconnect

docker network disconnect NETWORK_NAME CONTAINER_NAME

---

Dockerfile instructions¶

To build a Dockerfile, use

docker image build -t IMAGE_NAME:TAG PATH_TO_BUILD_CONTEXT

The Dockerfile should be located at the root of the build context and should be called Dockerfile. If it is not, use

docker build -t -IMAGE_NAME:TAG -f PATH_TO_DOCKERFILE PATH_TO_BUILD_CONTEXT

PATH_TO_DOCKERFILE cannot be outside of the build context.

docker image build executes each instruction in the Dockerfile in sequence. After each instruction, the resulting intermediate image is committed. If docker image build is re-run using the same build context, cached images are used until the first changed instruction. Consequently, it is good practice to structure the Dockerfile so that instructions that change less frequently are executed first.

Build context¶

The Dockerfile and any local files copied to the container must be contained within a build context. The build context is a local directory.

When docker image build is run, the entire build context is copied to the Docker daemon. The exception to this are files and directories that are marked for omission in a .dockerignore file that is placed at the root of the build context. Because large build contexts reduce the performance of docker image build, it is good practice to only include directories and files that are relevant to the container in the build context or to use a .dockerignore file.

Set the base image¶

FROM IMAGE_NAME:TAG

This must be the first instruction in a Dockerfile. (The only exception is the ARG instruction, which may be used to set IMAGE_NAME or TAG. Variables set before the FROM instruction do not persist after it.)

Run a command in the shell during the build stage¶

RUN COMMAND OPTIONAL_ARGUMENTS

This runs commands using the default shell (/bin/sh -c on Linux, cmd /S /C on Windows). This is known as the shell form. An alternative form is the exec form:

RUN ["EXECUTABLE", "OPTIONAL_ARGUMENT1", "OPTIONAL_ARGUMENT2", ...]

Publish a port¶

RUN -p HOST_PORT:CONTAINER_PORT/PROTOCOL

HOST_PORT is the port used to access the container from outside. CONTAINER_PORT is the port used within the container.

PROTOCOL must be either tcp or udp. If PROTOCOL is not specified, tcp is assumed.

Set a variable for use during the build stage¶

ARG KEY=VALUE

If VALUE contains spaces, enclose it within double-quotes or precede each space with a backslash.

To reference this variable, use $KEY.

Multiple variables can be set in a single instruction. To do this, use

ARG KEY1=VALUE1 KEY2=VALUE2, ...

Variables set using ARG do not persist once the container has been built. To set an environment variable that is available when the container is running, use ENV.

Set an environment variable¶

ENV KEY=VALUE

If VALUE contains spaces, enclose it within double-quotes or precede each space with a backslash.

Variables set using ENV can be referenced in a Dockerfile - and override variables set using ARG. To reference a variable, use $KEY.

Multiple variables can be set in a single instruction. To do this, use

ENV KEY1=VALUE1 KEY2=VALUE2, ...

Variables set using ENV persist when the container is running.

Set the working directory¶

To set the working directory for subsequent RUN, COPY, ADD and CMD instructions, use

WORKDIR PATH_IN_CONTAINER

If the WORKDIR instruction is used multiple times, each subsequent path will be set relative to the path of the previous WORKDIR instruction.

Copy files into a container¶

Copy files into a container from a local source

COPY PATH_ON_DISK PATH_IN_CONTAINER

PATH_ON_DISK cannot be outside of the build context. (This is usually the same directory as the Dockerfile.)

Copy files into a container from any source

ADD SOURCE_PATH PATH_IN_CONTAINER

SOURCE_PATH can be a local file or a URL. If it is a local tar archive with extensions gzip, bzip2 or xz, it is first unpacked.

If SOURCE_PATH is a local file it cannot be outside of the build context. (This is usually the same directory as the Dockerfile.)

ADD is more powerful than COPY - it supports both local and remote sources and unpacks tar archives. When copying files from a local source, COPY is preferred because it is more transparent.

Set the default command for a running container¶

CMD ["EXECUTABLE", "OPTIONAL_ARGUMENT1", "OPTIONAL_ARGUMENT2", ...]

This is the exec form, which is preferred. However, to pass an environment variable, it is necessary to use the shell form:

CMD COMMAND OPTIONAL_ARGUMENTS

There can only be one CMD instruction in a Dockerfile. If CMD is used more than once, only the last instruction is effective.

---

Made with ❤ by Javid Lakha for the Harvard AC295 / CSCI E-115 students. Please send suggestions and corrections to javid@hey.com.

Version 1.2.1