Docker Cheat Sheet — EdgeSet.dev

⭐ Most Used — Quick Reference

Command	What it does	Typical usage
docker ps	Lists running containers	Confirm what is actually running right now
docker ps -a	Lists all containers, including stopped ones	See the full picture — including failed or exited containers
docker logs -f <name>	Streams container output to your terminal	Debug a container; see why it started or is failing
docker exec -it <name> sh	Opens an interactive shell inside a running container	Inspect files, test connectivity, run one-off commands
docker run -d --name X -p H:C image:tag	Creates and starts a named, port-mapped, detached container	The standard way to spin up a service — use a specific tag, not `latest`
docker stop <name>	Gracefully stops a running container (SIGTERM, then SIGKILL)	Shut down a container cleanly
docker start <name>	Starts a stopped container	Bring back a container you already created
docker rm <name>	Removes a stopped container	Clean up finished test containers
docker system prune	Removes all unused containers, networks, and dangling images	Reclaim disk space after a session of testing

🔍 See What You Have

Command	What it does	Typical usage
docker image ls	Lists local images — repository, tag, image ID, size	Check what is already downloaded on this machine
docker container ls / docker ps	Lists running containers with port mappings and uptime	See what is running right now
docker ps -a	Lists all containers including stopped and exited ones	Find old containers you forgot about; see exit codes
docker logs <name>	Dumps the container's stdout/stderr output	See what happened when a container started or crashed
docker logs -f <name>	Follows (streams) container output in real time	Live tail — leave it running to watch the app
docker inspect <name>	Dumps full JSON metadata — ports, mounts, env vars, network, health	Check the actual port bindings, env vars, and mount paths
docker stats	Live CPU, memory, network, and disk I/O per container	Monitor resource usage across all running containers
docker top <name>	Shows processes running inside a container	Check what is actually running inside, like a container-scoped `ps`
docker port <name>	Lists the container's port mappings	Confirm which host port a container is actually bound to

📦 Pull & Run

docker pull <image>:<tag> Download a specific image tag from a registry without running it

docker run <image>:<tag> Create and start a container — pulls the image first if not local

docker run -d <image> Run detached (background) — returns the container ID

docker run --name web <image> Assign a name so you can refer to it without the ID

docker run -p 8080:80 <image> Map host port 8080 to container port 80

docker run --rm <image> Auto-remove the container when it exits — good for one-shot tasks

Pattern: pull the exact tag you want, then run that same tag — avoids accidentally grabbing latest.

🚩 docker run Flags

-d Detached — run in the background

--name <name> Give the container a human-readable name

-p host:container Publish a port — e.g. -p 8080:80

-e KEY=VALUE Set an environment variable inside the container

-v /host:/container Bind-mount a host directory into the container

--rm Remove the container automatically when it exits

-it Interactive terminal — needed for shells and REPL-style commands

--network <name> Attach to a named Docker network

--restart always Auto-restart on crash or system reboot

--env-file <file> Load env vars from a file (one KEY=VALUE per line)

▶️ Start / Stop / Restart

docker start <name> Start one or more stopped containers

docker stop <name> Gracefully stop — sends SIGTERM, then SIGKILL after the grace period

docker restart <name> Stop then start — useful after config changes

docker kill <name> Force-stop immediately with SIGKILL — no graceful shutdown

docker pause <name> Freeze a container without stopping it (SIGSTOP)

docker unpause <name> Resume a paused container

🔌 Connect & Inspect

docker exec -it <name> sh Interactive shell — sh always works; use this first

docker exec -it <name> bash Shell with bash — only if the image includes it

docker exec <name> <cmd> Run a one-off command inside the container without a shell

docker inspect <name> Full JSON metadata — ports, mounts, env vars, network, health check

docker stats Live CPU, memory, and network stats for all running containers

docker top <name> Processes running inside a container

docker cp <name>:/path /host Copy files out of a container to the host (or reverse)

🧹 Clean Up

docker rm <name> Remove a stopped container

docker rm -f <name> Force-remove a running container

docker container prune Remove all stopped containers at once

docker image rm <image> Remove a local image to free disk space

docker image prune Remove dangling images (untagged layers left from builds)

docker volume prune Remove volumes no longer attached to any container

docker system prune Remove unused containers, networks, and dangling images in one go

docker system prune -a Also removes all unused images (not just dangling) — use when really tight on disk

🏗️ Build & Publish Images

docker build -t name:tag . Build an image from the Dockerfile in the current directory

docker build --no-cache -t name:tag . Force a full rebuild — ignores all cached layers

docker build -f path/Dockerfile . Use a Dockerfile at a non-default path

docker tag <image> repo/image:tag Add a new tag to an existing local image

docker push repo/image:tag Push to a registry (Docker Hub, ECR, GCR, GHCR, etc.)

docker image history <image> Show each layer, its size, and the command that created it

Login first: docker login for Docker Hub or docker login ghcr.io for GitHub Container Registry.

🗂️ Compose Basics — Multi-Container Apps

Command	What it does	Typical usage
docker compose up -d	Builds, creates, and starts all services; `-d` keeps them in the background	Start the full stack defined in `compose.yaml`
docker compose ps	Lists containers in this Compose project with their status	Check the health of the whole stack at a glance
docker compose logs -f	Streams logs from all services into one terminal	Watch the whole app — useful during debugging
docker compose logs -f <svc>	Streams logs from one named service	Focus on a specific container when the full stream is too noisy
docker compose down	Stops and removes containers and the project's network	Tear down cleanly without leaving containers behind
docker compose down -v	Also removes named volumes declared in the Compose file	Full clean teardown — wipes database volumes too
docker compose exec <svc> sh	Opens a shell in a running Compose service container	Debug a specific service — same as `docker exec -it`
docker compose restart <svc>	Restarts one service without touching the others	Pick up a config change without tearing down the whole stack
docker compose build	Rebuilds images for services that have a `build:` block	Pre-build before running, or after changing a Dockerfile
docker compose pull	Pulls the latest version of all third-party images	Update external images like databases before bringing the stack up

Mental model: docker run is for one container at a time. docker compose is for a small app made of multiple containers that need to find each other by service name.

🔄 The "Haven't Touched Docker in 6 Months" Loop

# Orientation — what do I have?

docker images

docker ps -a

# Pull and run a specific older version

docker pull nginx:1.24

docker run -d --name web -p 8080:80 nginx:1.24

# Verify it's running and watch its output

docker ps

docker logs -f web

# Get a shell inside it

docker exec -it web sh

# Lifecycle: stop → start → force remove

docker stop web

docker start web

docker rm -f web

# Clean up the image too

docker image rm nginx:1.24

💡 Tips & Gotchas

Always pin a tag. Using image:latest in anything important is asking for a surprise upgrade. Pull the exact tag you tested with, then run that same tag.

Container exits immediately? docker logs <name> is the first thing to run — the exit code and last lines will almost always tell you why.

Use --rm for throwaway containers. Any time you're running a quick test, passing --rm means the container cleans itself up automatically on exit — no manual docker rm needed.

docker inspect is always accurate. If you're not sure what port a container is actually bound to, or what env vars it has, docker inspect <name> tells you the ground truth — don't guess from the run command.

sh before bash. Always try exec -it <name> sh first — it works in every image. bash only works in images that include it (Debian/Ubuntu-based ones typically do; Alpine doesn't by default).

Volumes persist across container replacements. Removing a container with docker rm does not remove its named volumes — you need docker volume prune or docker compose down -v to wipe them.

Reclaiming disk. docker system prune is safe for cleaning up unused resources. If you really need space back, docker system prune -a also removes all images not currently used by a running container — this means next run will re-pull.

Compose service names are DNS hostnames. Inside a Compose network, containers reach each other by service name — e.g. a web container connects to a database at db:5432, not localhost:5432.