Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
                                  ##         .
                            ## ## ##        ==
                         ## ## ## ## ##    ===
                     /"""""""""""""""""\___/ ===
                ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
                     \______ o           __/
                       \    \         __/

Docker Cheat Sheet

Important Docker Commands Ordered by

  • Compute (Services),
  • Network,
  • Storage

and then by

  • Docker CLI,
  • Dockerfile,
  • Compose, and
  • Swarm

An explaining blog post can be foud here:

An updating blog post can be foud here:

COMPUTE (Services)

Docker CLI

  • create & run: docker run -itd -p 3000:3000 -v /source/path/on/host:/destination/path/in/container --name <ctr_name> <img_name>

    • Description: Interactive container not attached to the current shell with port to host mapping and a host bind volume
    • Optional:
      • Check results: docker inspect <ctr_name>
  • "ssh"/bash into: docker exec -it <ctr_name> /bin/bash

    • Description: Connect to a running container with a new shell

    • Alternative: docker attach <ctr_name>( more on Stackoverflow )

      Attach isn't for running an extra thing in a container, it's for attaching to the running process.

  • start | stop: docker start|restart|stop <ctr_name>

  • rename: docker rename <ctr_name> <new_name>

  • list: docker ps [-a]

  • list formatted: docker ps -a --format "table {{.ID}}\t{{.Names}}\t{{.Status}}\t{{.Ports}}"

  • get runnings processes: docker top <ctr_name>

  • get logs: docker logs <ctr_name>

  • delete: docker rm [-vf] <ctr_name>

  • get long id: docker ps -a --no-trunc

Docker Dockerfile

FROM <img_name>:<tag_name>  

ARG <port_env_var>
ENV NODE_ENV ${<nodejs_env>}  

RUN <some_bash_cmd> \
    && <another_bash_cmd>

COPY <file_name> /destination/path/in/container
VOLUME /source/path/on/host:/destination/path/in/container  

EXPOSE ${<port_env_var>}    # only exposed by container, but not yet mapped to the docker host  

USER <user_name>            # set permisions accordingly (before) ... if not specified: root
WORKDIR <dir_name>
CMD <main_bash_cmd>         # or ENTRYPOINT command (not overwritable) for external scripts
  • build:
    cd .
    docker build -t <image_name> .

  • list all images: docker images [-a]

  • delete: docker rmi <img_name>

  • delete dangling images in docker ps (listed as "none"): docker rmi $(docker images --quiet --filter "dangling=true")

    • Alternative: docker images -qf dangling=true | xargs docker rmi // untested yet, but always without error even if no dangling images exist
  • use Environment Variables: see on Stackoverflow

Docker Compose

version: "3"

      context: ./path/to/dir
        - <port>
    image: <reg_tag>/<img_name>:<img_tag>
      - <net_name>
       - "${<port_env_var>}:${<port_env_var>}"                  # port to host mapping
      - NODE_ENV=<nodejs_env>
      - PORT_ENV_VAR="${<port_env_var>}"
      - /source/path/on/host:/destination/path/in/container     # host bind
      - no-new-privileges

  <net_name>:           # custom network created before
    external: true

  <vol_name>:           # named volume created before
    external: true
  • test config: docker-compose config

  • build: docker-compose build

  • push to registry: docker-compose push # as specified above by <reg_tag>

  • create & start in one: docker-compose up

  • start | stop: docker-compose start|restart|stop <project_name>

  • kill | delete: docker-compose kill|rm <project_name>

  • set multiple compose files manually as ENVIRONMENT VARIABLE: export COMPOSE_FILE="/path/to/docker-stack.yml:/path/to/" ( more here )

Docker Swarm

  • deploy stack: docker stack deploy --compose-file=docker-compose.yml <stack_name> # e.g. ${COMPOSE_PROJECT_NAME}

    • before do: docker-compose build and docker-compose push
  • use multiple compose or stack files for deploy:

    • optional (if stored as variable): echo "${ces_docker_stack_files}" # /path/to/docker-stack.yml -c /path/to/
    • docker stack deploy -c $(echo "${ces_docker_stack_files}") ${COMPOSE_PROJECT_NAME} --with-registry-auth
version: "3"


      mode: replicated         # or 'global' for one on each docker swarm host
      replicas: <amount>          
        condition: <condition>
        max_attempts: <amount>
        delay: <amount>s
        limits:                # hard limit
          cpus: '<cpu_share>'
          memory: <amount>M
        reservations:          # soft limit
          cpus: '<cpu_share>'
          memory: <amount>M  

  • list all stacks: docker stack ls

  • list tasks of stack: docker stack ps <stack_name>

  • list tasks of stack: docker stack ps "${COMPOSE_PROJECT_NAME}"

  • list services of stack: docker stack services <stack_name>

  • show logs of a stack service: docker service logs <service_name>

  • delete: docker stack rm <stack_name>


Docker CLI

  • list networks: docker network ls

  • get info for default container network "bridge": docker network inspect bridge

  • get docker host ip: docker-machine ip <host_name>

  • create custom bridge network: docker network create --driver bridge <network_name>

    • Optional:
      • specify a subnet (to avoid overlap with other networks!): <...> --subnet= <...>
      • specify which ip's to take: <...> --ip-range= <...>
      • specify as internal: --internal
    • connect container to it:
      • in run command (only one network allowed): docker run <...> --net=<network_name> <...>
      • connect existing container: docker network connect <network_name> <container_name>
      • give container a static ip: <...> --ip= <...>
  • delete custom network: docker network rm <network_name>

  • get container ip:
    docker ps // get id
    docker network inspect <network_name> // check ip of this id

    • Alternative: docker inspect <container_name>
  • map exposed container port to docker host: docker run <...> -p 8529:8529 <...>

Docker Dockerfile


EXPOSE 3000 # only exposed by container, but not yet mapped to the docker host


Docker Compose

version: "3"


  <net_name>:       # custom network created before
    external: true


Docker Swarm

  • specify ip or eth settings for swarm cluster:

    • Advertised address to swarm members for API access and overlay networking: docker swarm init --advertise-addr <addr> <...>
    • Listening address for inbound swarm manager traffic: docker swarm init --listen-addr <addr> <...>
  • create custom overlay network (encrypted): docker network create --opt encrypted --driver overlay <network_name>

  • create overlay network: docker network create --driver overlay --subnet=<ip_range> --gateway=<ip_address> <net_name>

    • Optional: --attachable for allowing unmanaged (non-swarm) containers and --opt encrypted for encryption


Docker CLI

  • list volumes: docker volume ls

  • details volumes: docker volume inspect

  • create (named) volume (available only on this docker host): docker volume create --name <volume_name>

  • Edit (on docker host) a containter file (e.g. .conf) of a stopped | not starting containter:

  • copy from docker host into container: docker cp /source/path/on/host <container_name>:/destination/path/in/container

  • delete (named) volume: docker volume rm <volume_name>

  • map volumes (from host to container: docker run <...> -v /source/path/on/host:/destination/path/in/container <...>

  • volume deletion (via -v in docker run, not for named volumes) needs to be excplit on container deletion via -v: docker rm -v <container_name>

  • delete all exited containers including their volumes: docker rm -v $(docker ps -a -q -f status=exited)

  • delete the unwanted / left overs:

Docker Dockerfile


VOLUME /source/path/on/host:/destination/path/in/container


Docker Compose

version: "3"



  <vol_name>:       # named volume created before
    external: true

Docker Swarm

Keep in mind that regular volumes (see above) are always local to that host only (so a container needing that volume can only correctly start on thist host).



  • create secret: docker secret create <sec_name> /path/to/<sec_file>
  • remove secret: docker secret rm <sec_name>
  • more here and here ... and same for configs

Docker Machine

  • start | stop: docker-machine start|stop <host_name>
  • ssh into: docker-machine ssh <host_name>
  • send one ssh command: docker-machine ssh <host_name> '<command> <params> <...>
  • adjust time drift: docker-machine ssh <host_name> 'sudo ntpclient -s -h
    • only neccessary in a docker toolbox vm on virtualbox

Docker Daemon Access

  • connect to remote docker daemon from a local shell: export DOCKER_HOST="ssh://<user>@<ip>"


  • login to registry: echo "${token}"| docker login --username "${user}" --password-stdin
  • logout from registry: docker logout


Docker Events

  • listen to events: docker events
  • get help: docker-machine <command_name> --help
  • get env vars: docker-machine env <host_name>


  • get help: docker <command_name> --help

Further information

Reference documentation:


Important Docker Commands Ordered by Compute (Services), Network, Storage then by Docker CLI, Dockerfile, Compose, and Swarm







No releases published


No packages published