🐳 Docker

Command Reference & Compose Guide

Containers

docker run -d -p 8080:80 image

Run container detached, map host:container port

docker run -it --rm image bash

Interactive shell, auto-remove on exit

docker run --name myapp -e KEY=val image

Named container with environment variable

docker run -v ./data:/data image

Bind-mount host directory into container

docker ps

List running containers

docker ps -a

List all containers including stopped

docker stop id|name

Gracefully stop a container (SIGTERM → SIGKILL)

docker rm id|name

Remove a stopped container

docker exec -it name bash

Shell into a running container

docker logs -f name

Stream live container logs

docker inspect name

Full JSON metadata for a container or image

docker stats

Live CPU/mem/net usage for all containers

Images

docker pull image:tag

Download image from registry

docker build -t name:tag .

Build image from Dockerfile in current dir

docker build --no-cache -t name:tag .

Force full rebuild, ignore layer cache

docker images

List local images

docker rmi image:tag

Remove a local image

docker tag src:tag dst:tag

Alias an image with a new name/tag

docker push name:tag

Push image to registry

docker history image

Show layers and sizes of an image

Volumes & Networks

docker volume create vol

Create a named volume

docker volume ls

List all volumes

docker volume rm vol

Delete a volume

docker network create net

Create a bridge network

docker network ls

List networks

docker network inspect net

Show containers attached and subnet info

Cleanup

docker system prune

Remove stopped containers, dangling images, unused networks

docker system prune -a

Also remove all unused images (not just dangling)

docker image prune -a

Remove all images not used by a running container

docker volume prune

Remove all unused volumes

# compose.yaml — annotated example
services:

  web:
    image: nginx:alpine          # use a pre-built image
    build: ./app                 # — or build from Dockerfile
    restart: unless-stopped
    ports:
      - "80:80"                   # host:container
      - "443:443"
    environment:
      - NODE_ENV=production
      - DB_HOST=db               # service name = hostname
    volumes:
      - ./html:/usr/share/nginx/html:ro
      - data-vol:/data           # named volume
    depends_on:
      - db
    networks:
      - frontend
      - backend
    healthcheck:
      test: ["CMD","curl","-f","http://localhost"]
      interval: 30s
      timeout: 10s
      retries: 3

  db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: secret
      POSTGRES_DB: mydb
    volumes:
      - pg-data:/var/lib/postgresql/data
    networks:
      - backend

volumes:
  data-vol:            # managed by Docker
  pg-data:

networks:
  frontend:
  backend:
    driver: bridge

key: — directive value — string 30s — duration/number # comment — ignored

Common Compose Commands

docker compose up -d

Start all services in background

docker compose up --build -d

Rebuild images then start

docker compose down

Stop and remove containers and networks

docker compose down -v

Also remove named volumes

docker compose ps

Show service status

docker compose logs -f service

Tail logs for a specific service

docker compose exec service bash

Shell into a running service container

docker compose restart service

Restart a single service

docker compose pull

Pull latest images for all services

docker compose config

Validate and print the resolved compose config

Patterns

restart policies

no — never restart
always — always restart
unless-stopped — restart unless manually stopped
on-failure — only on non-zero exit

service discovery

Services on the same network reach each other by service name as hostname. No extra DNS config needed.

env files

Use env_file: .env to load variables from a file instead of listing them inline. Keep secrets out of compose.yaml.

build context

build: ./dir uses ./dir/Dockerfile. Use build.context + build.dockerfile for custom paths.

profiles

Tag services with profiles: [dev] and start them selectively with --profile dev.

depends_on

Only waits for container start, not readiness. Use healthcheck + depends_on.condition: service_healthy for true readiness.