Docker Commands Cheatsheet
Search and filter 80+ Docker commands by category. Click any card to copy the command to your clipboard instantly.
Showing 83 of 83 commands — click any card to copy
Docker Images vs Containers
A Docker image is an immutable, layered filesystem snapshot built from a Dockerfile. Each instruction in a Dockerfile (FROM, RUN, COPY, etc.) adds a new read-only layer. Images are stored locally with docker images and pulled from registries like Docker Hub.
A container is a running instance of an image. Docker adds a thin writable layer on top of the image layers when you start a container. Changes inside the container (files written, packages installed) exist only in that writable layer and are lost when the container is removed — unless you use volumes.
Docker Volumes
Volumes are the recommended mechanism for persisting data generated and used by Docker containers. There are three main types of mounts:
- Named volumes — managed by Docker, ideal for production databases and shared data between containers.
- Bind mounts — map a host path directly into the container, great for development to sync source code.
- tmpfs mounts — stored in memory only, useful for sensitive data that should not be written to disk.
Docker Networking
Docker provides several network drivers out of the box. The bridge network (default) is a private internal network on the host — containers on the same bridge network can communicate, but are isolated from the outside world unless ports are published with -p. The host driver removes network isolation and binds the container directly to the host's network stack. The overlay driver enables multi-host networking for Docker Swarm.
In Docker Compose, all services in a docker-compose.yml are automatically placed on a shared bridge network. Services can reach each other by service name as the hostname — no IP addresses or extra configuration needed.
Frequently Asked Questions
What is the difference between docker stop and docker kill?
docker stop sends a SIGTERM signal to the main process inside the container, giving it time to gracefully shut down (default timeout: 10 seconds, after which SIGKILL is sent). docker kill sends SIGKILL (or a custom signal) immediately without any grace period, forcibly terminating the container. Use docker stop for clean shutdowns and docker kill only when the container is unresponsive.
What is the difference between a Docker image and a container?
A Docker image is a read-only blueprint that contains the filesystem layers, application code, runtime, and configuration needed to create a container. A container is a running (or stopped) instance of an image — it adds a writable layer on top of the image layers. You can create many containers from the same image, and each container maintains its own state independently.
What is a Docker volume and when should I use one?
A Docker volume is a managed storage mechanism that persists data beyond the lifecycle of a container. Unlike bind mounts (which map a host directory into the container), volumes are managed by Docker and stored in a dedicated area on the host filesystem. Use volumes for databases, user uploads, or any data that must survive container restarts and removals. Use bind mounts during development to sync source code in real time.
What does docker system prune do?
docker system prune removes all stopped containers, all networks not used by at least one container, all dangling images (images not tagged and not referenced by any container), and all build cache. Adding -a also removes all unused images (not just dangling ones). Adding --volumes also removes all unused volumes. It is a quick way to reclaim disk space but irreversibly deletes the listed resources.
How do Docker Compose services communicate with each other?
By default, Docker Compose creates a shared bridge network for all services defined in the same docker-compose.yml file. Services can reach each other using the service name as the hostname — for example, a web service can connect to a database service simply by using the hostname db (the service name) rather than an IP address. No extra network configuration is required for basic inter-service communication.