Show Menu

Docker, Docker-Compose and Docker-Swarm Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.



A platform to develop, deploy and run applic­ations with contai­ners.
A text document that contains all the commands a user could call on the command line to assemble an image.
Each instru­ction in a Dockerfile creates a layer in the image, where each layer is a set of differ­ences from the previous layer.
An executable package that includes everything needed to run an applic­ati­on--the code, a runtime, libraries, enviro­nment variables, and config­uration files.
A runtime instance of an image — what the image becomes in memory when executed (that is, an image with state, or a user process).
Runs one image, but it codifies the way that image runs — what ports it should use, how many replicas of the container should run so the service has the capacity it needs, and so on.
A group of interr­elated services that share depend­encies, and can be orches­trated and scaled together. A single stack is capable of defining and coordi­nating the functi­onality of an entire applic­ation.


Allows containers connected to the same bridge network to commun­icate, while providing isolation from containers which are not connected to that bridge network.
(distr­ibuted, docker swarm)
Creates a distri­buted network among multiple Docker daemon hosts.
(useful for perfor­mance optimi­zation)
The contai­ner's network is not isolated from the Docker host. The container shares the host’s networking namespace and does not get its own IP-address allocated.
Connects the container directly to the physical network and assigns a MAC address to each contai­ner's virtual network interface.
Disabled the networking stack on a container.



(preferred way to persist data)
A volume is stored within a directory on the Docker host and is mounted into the container. Volumes are managed by Docker and are isolated from the core functi­onality of the host. A volume can be mounted into multiple containers simult­ane­ously. When you mount a volume, it may be named or anonymous - with no difference in their behaviour. Anonymous volumes get a random name by Docker that is guaranteed to be unique within the Docker host. Volumes support the use of volume drivers, which allow you to store your data on remote hosts or cloud providers.
Bind mounts
(preferred way for sharing config­uration files)
A file or directory on the host machine is mounted into a container. The file or directory is referenced by its full path on the host machine. The file or directory does not need to exist on the Docker host already. It is created on demand if it does not yet exist.
tmpfs mounts
(preferred way, when no need to persist data)
A tmpfs mount is not persisted on disk, either on the Docker host or within a container. It can be used by a container during the lifetime of the container, to store non-pe­rsi­stent state or sensitive inform­ation.
named pipes
An npipe mount can be used for commun­ication between the Docker host and a container. Common use case is to run a third-­party tool inside of a container and connect to the Docker Engine API using a named pipe.



docker build -t IMAGE:TAG
Build an image from the Dockerfile in the current directory and tag it
-f /path/­to/­doc­kerfile
Define the Docker­file, which should be used
Force a complete new build from scrath
docker image ls, docker images
List all images that are locally stored within the Docker engine
docker rmi IMAGE:TAG
Delete an image from the local image store
docker history IMAGE
Show the layers of a Docker image


docker login my.reg­ist­ry.c­om­:8000
Log in to a registry (the Docker Hub by default)
Retag a local image with a new image name and tag
docker push REPOSI­TOR­Y/I­MAG­E:TAG
Push an image to a registry
docker pull REPOSI­TOR­Y/I­MAG­E:TAG
Pull an image from a registry


docker run [OPTIONS] IMAGE[­:TAG]
Run container in the background
Connect the container to the current terminal
Expost port PUBLISHED externally and map to port TARGET inside the container
Name the container with CONTAI­NERNAME
Remove the container automa­tically after it exists
Create a host mapped volume inside the container
The command to run inside the container
docker stop CONTAI­NERNAME
Stop the running container CONTAI­NERNAME through SIGTERM
docker kill CONTAI­NERNAME
Stop the running container CONTAI­NERNAME through SIGKILL
Fetch the logs of a container named CONTAI­NERNAME
Show extra details provided to logs
--follow, -f
Follow log output
--tail LINES
Number of LINES to show from the end of the logs
--time­stamps, -t
Show timestamps


docker network ls
List networks
docker network create [OPTIONS] NETWOR­KNAME
Create a network named NETWOR­KNAME
--driver, -d (bridge | overlay | macvlan)
Driver to manage the Network
Enable manual container attachment
--gateway IP_ADDRESS
IPv4 or IPv6 Gateway for the master subnet
Subnet in CIDR format that represents a network segment
docker network inspect [OPTIONS] NETWORK [NETWO­RK...]
Display detailed inform­ation on one or more networks
--verbose, -v
Verbose output for diagno­stics
docker network rm NETWORK [NETWO­RK...]
Remove one or more networks
docker network connect [OPTIONS] NETWORK CONTAINER
Connect a container to a network
IPv4 address (e.g., 172.30.10­0.104)
IPv6 address (e.g., 2001:d­b8::33)
docker network disconnect [OPTIONS] NETWORK CONTAINER
Disconnect a container from a network
--force, -f
Force the container to disconnect from a network


docker volume ls
List volumes
docker volume create [OPTIONS] [VOLUME]
Create a volume
--driver, -d
Specify volume driver name
Specify volume name
docker volume inspect VOLUME [VOLUM­E...]
Display detailed inform­ation on one or more volumes
docker volume rm [OPTIONS] VOLUME [VOLUM­E...]
Remove one or more volumes
--force, -f
Force the removal of one or more volumes


docker container ls, docker ps
List all running containers
docker system df
Show docker disk usage
--verbose, -v
Show detailed inform­ation on space usage
docker system prune [OPTIONS]
Remove unused data
--all, -a
Remove all unused images not just dangling ones
--force, -f
Do not prompt for confir­mation
Prune volumes
docker image prune [OPTIONS]
Remove unused images
--all, -a
Remove all unused images not just dangling ones
--force, -f
Do not prompt for confir­mation
docker container prune [OPTIONS]
Remove all stopped containers
--force, -f
Do not prompt for confir­mation
docker volume prune [OPTIONS]
Remove all unused local volumes
--force, -f
Do not prompt for confir­mation



version: '3'

    image: registry/repository/image:tag
      - service2
    env_file: path/to/file
      - ENV_VAR=value
      - network1
      - "3000"
      - "3000-3005"
      - "8000:8000"
      - "9090-9091:8080-8081"
      - ""
      - ""
      - "6060:6060/udp"
    restart: (no | always | on-failure | unless-stopped)
      - /path/in/container                    # Just specify a path and let the Engine create a volume
      - /path/on/host:/path/in/container      # Specify an absolute path mapping
      - ./path/on/host:/path/in/container     # Path on the host, relative to the Compose file
      - ~/path/on/host:/path/in/container/:ro # User-relative path
      - namedvolume:/path/in/container        # Named volume
    image: registry/repository/another_image:tag


    driver: local # See for other drivers
    external: (false | true) # If true, docker-compose does not attempt to create it

Docker­-Co­mpose Parameters

docker­-co­mpose [options] [COMMAND]
--version, -v
Print version
--file, -f
Specify an compose file (default: docker­-co­mpo­se.yml)
Show more output
--log-­level LEVEL

Command Overview

docker­-co­mpose up [OPTIONS]
Starts all containers
--detached, -d
detached mode: Run containers in the background
Recreate containers even if their config­uration and image haven't changed
Remove containers for services not defined in the Compose file
docker­-co­mpose down [OPTIONS]
Stops containers and removes contai­ners, networks, volumes, and images created by up
--volumes, -v
Remove named and anonymous volumes
Remove containers for services not defined in the Compose file
docker­-co­mpose stop [SERVICE]
Stops running containers without removing them
docker­-co­mpose kill [SERVICE]
Forces running containers to stop by sending a SIGKILL signal
docker­-co­mpose rm [OPTIONS] [SERVI­CE...]
Removes stopped service containers
--force, -f
Don't ask to confirm removal
--stop, -s
Stop the containers before removing
Remove any anonymous volumes attached to containers
docker­-co­mpose pull SERVICE
Pulls an image associated with the SERVCE
docker­-co­mpose logs SERVICE
Displays log output from the SERVICE

Docker Swarm


docker swarm init
Initialize swarm mode
--adve­rti­se-addr IP
listen on a specific interface
docker swarm join-token (worke­r|m­anager)
Create a join token for a worker­|ma­nager node
docker swarm join --token <to­ken> IP:2377
Join an existing swarm (under IP) as a manager node
docker node ls
List the nodes partic­ipating in a swarm


docker service ls
List the services running in a swarm
docker service ps SERVIC­ENAME
List the tasks of the SERVIC­ENAME
docker service create [OPTIONS] IMAGE
Create a new service
--replicas NUMBER
NUMBER of tasks
--publish, -p EXPOSE­D:T­ARGET
Publish a port (TARGET) as a node port (EXPOSED)
Give the service a name called SERVIC­ENAME
docker service scale SERVIC­ENA­ME=­NUMBER