Docker Cheatsheet

Docker is an open-source platform for automating the deployment, scaling, and management of applications using containerization. Containers package code, dependencies, and environment into a single, portable unit.

• Lightweight, fast, and consistent across environments
• Enables microservices and DevOps workflows
• Runs on Linux, Windows, Mac

• Docker Client: CLI and API for interacting with Docker
• Docker Daemon: Background service managing containers
• Docker Registry: Repository for storing images (Docker Hub)
• Docker Images: Templates for creating containers
• Docker Containers: Running instances of images

• Docker Engine: Complete Docker platform
• Docker Daemon: Background service (dockerd)
• Manages containers, images, networks, volumes
• REST API for client communication

# Check daemon status
sudo systemctl status docker
# Restart daemon
sudo systemctl restart docker

• Command-line interface for Docker
• Communicates with Docker daemon
• Basic commands: docker run, docker ps, docker images

# Check Docker version
docker --version
# List running containers
docker ps
# List all containers
docker ps -a

• Read-only templates for creating containers
• Built from Dockerfiles or pulled from registries
• Layered file system for efficiency

# Pull an image
docker pull nginx
# List images
docker images
# Remove an image
docker rmi nginx

• Running instances of Docker images
• Isolated environments with their own filesystem
• Can be started, stopped, and removed

# Run a container
docker run -d nginx
# Stop a container
docker stop mycontainer
# Remove a container
docker rm mycontainer

• Text file with instructions to build Docker images
• Key instructions: FROM, RUN, COPY, WORKDIR, EXPOSE, CMD

# Example Dockerfile
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "start"]

• Create images from Dockerfiles
• Use docker build command
• Tag images for versioning

# Build an image
docker build -t myapp:latest .
# Build with specific tag
docker build -t myapp:v1.0 .
# Build from specific Dockerfile
docker build -f Dockerfile.prod -t myapp:prod .

• Images are built in layers
• Each instruction creates a new layer
• Layers are cached for faster builds
• Optimize by ordering instructions properly

# Good: Dependencies first
COPY package*.json ./
RUN npm install
COPY . .

# Bad: Changes frequently first
COPY . .
RUN npm install

• Docker Hub: Official registry for Docker images
• Public and private repositories
• Pull official images: docker pull nginx
• Push your images: docker push username/image

# Pull from Docker Hub
docker pull nginx:latest
# Push to Docker Hub
docker push myusername/myapp:latest
# Search images
docker search python

• Persistent data storage for containers
• Survive container lifecycle
• Can be shared between containers

# Create a volume
docker volume create mydata
# Run container with volume
docker run -v mydata:/data ubuntu
# List volumes
docker volume ls

• Enable communication between containers
• Types: bridge (default), host, overlay, macvlan
• Custom networks for isolation and DNS

# List networks
docker network ls
# Create a network
docker network create mynet
# Run container on network
docker run --network mynet nginx

• Tool for defining and running multi-container Docker apps
• Uses docker-compose.yml file
• Start all services with one command

# Start services
docker-compose up -d
# Stop services
docker-compose down

• YAML file to define services, networks, and volumes
• Key sections: services, volumes, networks

version: '3.8'
services:
  web:
    image: nginx
    ports:
      - "8080:80"
  db:
    image: postgres
    environment:
      POSTGRES_PASSWORD: example

• Run multiple services (web, db, cache) in one app
• Services communicate via Docker networks
• Compose manages dependencies and startup order

services:
  app:
    build: .
    ports:
      - "5000:5000"
  redis:
    image: redis:alpine

• Set environment variables in containers
• Use -e flag or environment in Compose
• Store secrets and configuration

# Set env variable
docker run -e MY_VAR=value ubuntu env
# In docker-compose.yml:
# environment:
#   - MY_VAR=value

• Expose container ports to host
• Use -p or --publish flag
• Format: hostPort:containerPort

# Expose port 8080 on host to 80 in container
docker run -p 8080:80 nginx
# In docker-compose.yml:
# ports:
#   - "8080:80"

• View container logs with docker logs
• Monitor resource usage with docker stats
• Integrate with monitoring tools (Prometheus, Grafana)

# View logs
docker logs mycontainer
# Follow logs
docker logs -f mycontainer
# Monitor resource usage
docker stats

• docker exec: Run commands in a running container
• docker attach: Attach to a running container's process
• Useful for debugging and maintenance

# Run a shell in a running container
docker exec -it mycontainer /bin/bash
# Attach to container's main process
docker attach mycontainer

• Start, stop, restart, and remove containers
• Use container IDs or names
• Remove all stopped containers with docker container prune

docker start mycontainer
docker stop mycontainer
docker restart mycontainer
docker rm mycontainer
docker container prune

• Remove unused data: containers, images, networks, volumes
• Frees up disk space
• Use with caution: can delete important data

# Remove all unused data
docker system prune -a
# Remove unused volumes
docker volume prune

• Copy files/folders between host and container
• Useful for backups, logs, and data transfer

# Copy file from container to host
docker cp mycontainer:/path/in/container/file.txt ./file.txt
# Copy file from host to container
docker cp ./file.txt mycontainer:/path/in/container/file.txt

• Directory sent to Docker daemon during build
• Includes Dockerfile and all referenced files
• Use .dockerignore to exclude files

# Build context is current directory
docker build -t myapp .
# Exclude files in .dockerignore
cat .dockerignore
node_modules
.git

• CMD: Default command to run (can be overridden)
• ENTRYPOINT: Always runs, even with arguments
• Combine for flexible containers

# Example
ENTRYPOINT ["python"]
CMD ["app.py"]
# docker run myimage script.py (runs: python script.py)

• Use official base images
• Minimize layers and image size
• Leverage .dockerignore
• Use multi-stage builds for production
• Pin versions for reproducibility

# Multi-stage build example
FROM node:18-alpine as build
WORKDIR /app
COPY . .
RUN npm install && npm run build

FROM nginx:alpine
COPY --from=build /app/dist /usr/share/nginx/html

• Native clustering and orchestration for Docker
• Manages multiple Docker hosts as a single cluster
• Services, scaling, rolling updates

# Initialize swarm
docker swarm init
# Deploy a service
docker service create --name web -p 80:80 nginx
# List nodes
docker node ls

• Kubernetes: Advanced, feature-rich, large ecosystem
• Swarm: Simpler, built into Docker, easier to start
• Both provide container orchestration, scaling, self-healing

• Use minimal base images
• Run as non-root user
• Keep images up to date
• Scan images for vulnerabilities
• Limit container capabilities

# Scan image for vulnerabilities
docker scan myimage
# Run as non-root user in Dockerfile
USER node

• docker ps: List running containers
• docker images: List images
• docker run: Run a container
• docker stop: Stop a container
• docker rm: Remove a container
• docker rmi: Remove an image
• docker exec: Run command in running container
• docker logs: View container logs

docker ps
docker images
docker run -d nginx
docker stop mycontainer
docker rm mycontainer
docker rmi nginx:latest
docker exec -it mycontainer bash
docker logs mycontainer