CLI Reference
This is a comprehensive reference for the Docker CLI (docker) and Docker Compose CLI (docker compose). Commands are organized by category for quick lookup.
Docker CLI Syntax
bash
docker [global-options] command [subcommand] [options] [arguments]Global Options
| Option | Short | Description |
|---|---|---|
--config | Location of client config files | |
--context | -c | Context to use |
--debug | -D | Enable debug mode |
--host | -H | Daemon socket to connect to |
--log-level | -l | Logging level (debug, info, warn, error, fatal) |
--tls | Use TLS | |
--tlscacert | Trust certs signed by this CA | |
--tlscert | Path to TLS certificate | |
--tlskey | Path to TLS key | |
--version | -v | Print version information |
Container Commands
docker run
bash
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]| Option | Short | Description | Example |
|---|---|---|---|
--detach | -d | Run in background | -d |
--interactive | -i | Keep STDIN open | -i |
--tty | -t | Allocate pseudo-TTY | -t |
--name | Container name | --name web | |
--rm | Auto-remove on exit | --rm | |
--publish | -p | Port mapping | -p 8080:80 |
--volume | -v | Volume mount | -v data:/app |
--mount | Mount specification | --mount type=bind,src=.,dst=/app | |
--env | -e | Environment variable | -e NODE_ENV=prod |
--env-file | Env file | --env-file .env | |
--network | Network | --network my-net | |
--workdir | -w | Working directory | -w /app |
--user | -u | User | -u 1000:1000 |
--memory | -m | Memory limit | -m 512m |
--cpus | CPU limit | --cpus 1.5 | |
--restart | Restart policy | --restart unless-stopped | |
--platform | Platform | --platform linux/amd64 | |
--read-only | Read-only root FS | --read-only | |
--privileged | Extended privileges | --privileged | |
--cap-add | Add capability | --cap-add NET_BIND_SERVICE | |
--cap-drop | Drop capability | --cap-drop ALL | |
--security-opt | Security option | --security-opt no-new-privileges | |
--tmpfs | tmpfs mount | --tmpfs /tmp | |
--dns | Custom DNS | --dns 8.8.8.8 | |
--hostname | -h | Container hostname | -h myhost |
--add-host | Custom host entry | --add-host host:IP | |
--init | Use init process | --init | |
--pid | PID namespace | --pid host | |
--ipc | IPC namespace | --ipc host | |
--log-driver | Logging driver | --log-driver json-file | |
--label | -l | Container label | -l env=prod |
--entrypoint | Override entrypoint | --entrypoint /bin/sh | |
--gpus | GPU access | --gpus all | |
--device | Host device access | --device /dev/sda:/dev/xvdc | |
--ulimit | Set ulimits | --ulimit nofile=1024:2048 | |
--pids-limit | PID limit | --pids-limit 100 | |
--stop-signal | Stop signal | --stop-signal SIGTERM | |
--stop-timeout | Stop timeout | --stop-timeout 30 |
Common Run Patterns
bash
# Interactive container
docker run -it --rm ubuntu:22.04 /bin/bash
# Background web server
docker run -d --name nginx -p 80:80 nginx:latest
# Development with live reload
docker run -d -p 3000:3000 -v $(pwd):/app -w /app node:20 npm run dev
# Database with persistent storage
docker run -d --name db -v db-data:/var/lib/postgresql/data \
-e POSTGRES_PASSWORD=secret postgres:16
# Secure production container
docker run -d --name app \
--read-only --tmpfs /tmp \
--cap-drop ALL --cap-add NET_BIND_SERVICE \
--security-opt no-new-privileges \
--memory 512m --cpus 1.0 \
--restart unless-stopped \
-u 1000:1000 -p 3000:3000 \
my-app:1.0docker container
bash
docker container ls [OPTIONS] # List containers (alias: docker ps)
docker container create [OPTIONS] IMAGE # Create a container
docker container start CONTAINER # Start a container
docker container stop CONTAINER # Stop a container
docker container restart CONTAINER # Restart a container
docker container rm CONTAINER # Remove a container
docker container pause CONTAINER # Pause a container
docker container unpause CONTAINER # Unpause a container
docker container kill CONTAINER # Kill a container
docker container logs CONTAINER # View logs
docker container inspect CONTAINER # Inspect details
docker container exec CONTAINER CMD # Execute command
docker container cp SRC DST # Copy files
docker container stats [CONTAINER] # Resource usage
docker container top CONTAINER # Running processes
docker container port CONTAINER # Port mappings
docker container diff CONTAINER # Filesystem changes
docker container wait CONTAINER # Wait for exit
docker container rename OLD NEW # Rename a container
docker container update CONTAINER # Update resource limits
docker container attach CONTAINER # Attach to STDIN/STDOUT
docker container commit CONTAINER IMAGE # Create image from container
docker container export CONTAINER # Export filesystem as tar
docker container prune # Remove stopped containersdocker exec
bash
docker exec [OPTIONS] CONTAINER COMMAND [ARG...]| Option | Short | Description |
|---|---|---|
--interactive | -i | Keep STDIN open |
--tty | -t | Allocate pseudo-TTY |
--detach | -d | Run in background |
--env | -e | Set environment variable |
--user | -u | Run as user |
--workdir | -w | Working directory |
--privileged | Give extended privileges |
bash
# Interactive shell
docker exec -it my-container /bin/bash
docker exec -it my-container /bin/sh
# Run as root
docker exec -u root my-container apt-get update
# Run command with env var
docker exec -e DEBUG=1 my-container npm test
# Run in specific directory
docker exec -w /app my-container ls -ladocker logs
bash
docker logs [OPTIONS] CONTAINER| Option | Short | Description |
|---|---|---|
--follow | -f | Follow log output (stream) |
--tail | -n | Number of lines from end |
--since | Show logs since timestamp | |
--until | Show logs before timestamp | |
--timestamps | -t | Show timestamps |
--details | Show extra details |
bash
docker logs my-container # All logs
docker logs -f my-container # Stream logs
docker logs --tail 100 my-container # Last 100 lines
docker logs --since 2h my-container # Last 2 hours
docker logs --since "2025-01-01" my-app # Since date
docker logs -f --tail 0 my-container # Only new logs
docker logs -t my-container # With timestampsImage Commands
bash
docker image ls [OPTIONS] # List images
docker image pull IMAGE[:TAG] # Pull an image
docker image push IMAGE[:TAG] # Push an image
docker image build [OPTIONS] PATH # Build an image
docker image tag SOURCE TARGET # Tag an image
docker image rm IMAGE # Remove an image
docker image inspect IMAGE # Inspect details
docker image history IMAGE # Show layer history
docker image save -o FILE IMAGE # Save to tar
docker image load -i FILE # Load from tar
docker image prune [OPTIONS] # Remove unused images
docker image import FILE [REPO[:TAG]] # Import from tarbash
# Common image operations
docker images # List all local images
docker pull nginx:1.25 # Pull specific version
docker build -t my-app:1.0 . # Build from Dockerfile
docker tag my-app:1.0 registry/app:1.0 # Tag for registry
docker push registry/app:1.0 # Push to registry
docker rmi my-app:1.0 # Remove image
docker image prune -a # Remove all unused
docker save my-app:1.0 > app.tar # Export to file
docker load < app.tar # Import from file
docker history my-app:1.0 # View layersVolume Commands
bash
docker volume create [OPTIONS] [NAME] # Create a volume
docker volume ls [OPTIONS] # List volumes
docker volume inspect NAME # Inspect a volume
docker volume rm NAME # Remove a volume
docker volume prune [OPTIONS] # Remove unused volumesNetwork Commands
bash
docker network create [OPTIONS] NAME # Create a network
docker network ls [OPTIONS] # List networks
docker network inspect NAME # Inspect a network
docker network connect NET CONTAINER # Connect container
docker network disconnect NET CONTAINER # Disconnect container
docker network rm NAME # Remove a network
docker network prune [OPTIONS] # Remove unused networksSystem Commands
bash
docker system info # System information
docker system df # Disk usage
docker system df -v # Verbose disk usage
docker system prune # Remove unused data
docker system prune -a --volumes # Remove everything unused
docker system events # Real-time events
docker version # Version information
docker info # System-wide infoDocker Buildx Commands
bash
docker buildx build [OPTIONS] PATH # Build with BuildKit
docker buildx create [OPTIONS] # Create builder instance
docker buildx use NAME # Switch builder
docker buildx inspect [NAME] # Inspect builder
docker buildx ls # List builders
docker buildx rm NAME # Remove builder
docker buildx prune # Remove build cache
docker buildx du # Disk usage
docker buildx imagetools inspect IMAGE # Inspect multi-platform manifest
docker buildx imagetools create # Create/update manifestbash
# Multi-platform build
docker buildx build --platform linux/amd64,linux/arm64 -t app:1.0 --push .
# Build with cache
docker buildx build --cache-from type=gha --cache-to type=gha,mode=max -t app:1.0 .Docker Compose Commands
bash
docker compose up [OPTIONS] [SERVICE] # Create and start services
docker compose down [OPTIONS] # Stop and remove services
docker compose ps [OPTIONS] # List services
docker compose logs [OPTIONS] [SERVICE] # View logs
docker compose build [OPTIONS] [SERVICE] # Build services
docker compose pull [SERVICE] # Pull images
docker compose push [SERVICE] # Push images
docker compose restart [SERVICE] # Restart services
docker compose stop [SERVICE] # Stop services
docker compose start [SERVICE] # Start services
docker compose pause [SERVICE] # Pause services
docker compose unpause [SERVICE] # Unpause services
docker compose exec SERVICE CMD # Execute in service
docker compose run SERVICE CMD # One-off command
docker compose cp SRC DST # Copy files
docker compose top [SERVICE] # Running processes
docker compose config # Validate and view config
docker compose events [SERVICE] # Service events
docker compose port SERVICE PORT # Port mapping
docker compose images [SERVICE] # List images
docker compose version # Compose version
docker compose kill [SERVICE] # Kill services
docker compose create [SERVICE] # Create services
docker compose rm [SERVICE] # Remove stopped servicesCompose Up Options
| Option | Description |
|---|---|
-d, --detach | Detached mode |
--build | Build images before starting |
--force-recreate | Recreate even if unchanged |
--no-deps | Don't start dependencies |
--no-build | Don't build images |
--remove-orphans | Remove orphaned containers |
--scale SERVICE=N | Scale to N instances |
--wait | Wait for services to be healthy |
--timeout N | Timeout in seconds |
Compose Down Options
| Option | Description |
|---|---|
-v, --volumes | Remove named volumes |
--rmi all | Remove all images |
--rmi local | Remove only locally built images |
--remove-orphans | Remove orphaned containers |
-t, --timeout | Timeout in seconds |
Docker Swarm Commands
bash
docker swarm init [OPTIONS] # Initialize swarm
docker swarm join [OPTIONS] HOST:PORT # Join a swarm
docker swarm leave [OPTIONS] # Leave the swarm
docker swarm update [OPTIONS] # Update swarm
docker swarm join-token [worker|manager] # Manage tokens
docker swarm unlock # Unlock the swarm
docker swarm unlock-key # Manage unlock key
docker node ls # List nodes
docker node inspect NODE # Inspect node
docker node update [OPTIONS] NODE # Update node
docker node rm NODE # Remove node
docker node promote NODE # Promote to manager
docker node demote NODE # Demote to worker
docker service create [OPTIONS] IMAGE # Create a service
docker service ls # List services
docker service ps SERVICE # List service tasks
docker service inspect SERVICE # Inspect service
docker service update [OPTIONS] SERVICE # Update service
docker service scale SERVICE=N # Scale a service
docker service rollback SERVICE # Rollback service
docker service rm SERVICE # Remove service
docker service logs SERVICE # View service logs
docker stack deploy -c FILE NAME # Deploy a stack
docker stack ls # List stacks
docker stack services NAME # List stack services
docker stack ps NAME # List stack tasks
docker stack rm NAME # Remove a stack
docker secret create NAME FILE # Create a secret
docker secret ls # List secrets
docker secret inspect NAME # Inspect secret
docker secret rm NAME # Remove a secret
docker config create NAME FILE # Create a config
docker config ls # List configs
docker config inspect NAME # Inspect config
docker config rm NAME # Remove a configQuick Reference
| Task | Command |
|---|---|
| Run a container | docker run -d -p 80:80 --name web nginx |
| Stop a container | docker stop web |
| Remove a container | docker rm web |
| View logs | docker logs -f web |
| Shell into container | docker exec -it web sh |
| Build an image | docker build -t app:1.0 . |
| Push an image | docker push user/app:1.0 |
| Start Compose stack | docker compose up -d |
| Stop Compose stack | docker compose down |
| View disk usage | docker system df |
| Clean everything | docker system prune -a --volumes |
Next Steps
- Dockerfile Reference — Complete Dockerfile instruction reference
- Compose File Format — Complete Compose file reference
- CLI Commands Reference — Detailed CLI usage guide
- Docker Engine Architecture — How CLI commands are processed
- Introduction to Docker — Getting started with Docker