📡 You're offline — showing cached content
New version available!
Quick Access
🗺️ Roadmaps 🃏 Flashcards 📚 Series 🎓 Tutorials 🗺️ My Path 🎤 Mock Interview Cheat Code 📄 Resume Builder 🛠️ Dev Tools
Switch Guides
HTML5 Cheat Sheet CSS3 Cheat Sheet JavaScript ES6+ Bootstrap 5 PHP 8 Reference MySQL / SQL Git & GitHub Python 3 React.js Hooks Tailwind CSS Node.js Core Docker & Containers TypeScript MongoDB NoSQL Linux / Bash Redis GraphQL Regex Mastery Next.js 14+ Kubernetes (K8s)
Page Sections
Docker Reference

Docker & Containers

Containers, images, volumes, and Docker Compose.

All Topics

Images & Containers

docker build -t name:tag .
Build image from Dockerfile in current dir. -t tags with name:version. --no-cache for fresh build.
Example: docker build -t myapp:1.0.0 --no-cache -f Dockerfile.prod .
docker run -p 8080:80 -d
Run container, map host:container ports, detached. --name for custom name, --rm to auto-remove.
Example: docker run -d --name api -p 3000:3000 --env-file .env myapp:1.0.0
docker ps -a / docker stats
List all containers (running + stopped) / live resource usage (CPU, memory, net I/O).
Example: docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"
docker exec -it NAME sh
Open interactive shell inside running container for debugging without stopping it.
Example: docker exec -it api sh -c "cat /etc/hosts; env | grep DB_"
docker logs -f --tail=100
Stream container logs. --since="1h" for time filter. --timestamps for datetime prefix.
Example: docker logs -f --tail=200 --timestamps api
docker cp src container:dest
Copy files between host and container without bind mounts — great for debugging.
Example: docker cp ./config.json api:/app/config.json
docker image prune -a
Remove all unused images. docker system prune -af --volumes for full disk cleanup.
Example: docker system df; docker system prune -af --volumes
docker image history
See layer-by-layer build history and size — identify which steps bloat your image.
Example: docker image history --no-trunc myapp:1.0.0

Dockerfile Best Practices

FROM node:20-slim
Use slim/alpine variants for smaller images. Pin exact versions for reproducible builds.
Example: FROM node:20.11.0-alpine3.19 AS base
Multi-stage builds
Build in one stage, copy only artifacts to final stage — dev tools stay out of production image.
Example: FROM node:20 AS builder\nRUN npm ci && npm run build\nFROM node:20-slim\nCOPY --from=builder /app/dist ./dist
COPY package*.json first
Copy package files and run npm ci BEFORE copying source — leverages layer cache for node_modules.
Example: COPY package.json package-lock.json ./\nRUN npm ci --only=production\nCOPY . .
USER node / RUN adduser
Never run containers as root. Add non-root user and switch to it before CMD.
Example: RUN addgroup -S app && adduser -S app -G app\nUSER app
HEALTHCHECK instruction
Docker polls health endpoint — unhealthy containers get restarted by orchestrators.
Example: HEALTHCHECK --interval=30s --timeout=5s CMD curl -f http://localhost:3000/health || exit 1
ARG vs ENV
ARG = build-time only. ENV = persists in container. Don't use ARG for secrets (visible in history).
Example: ARG BUILD_VERSION\nENV APP_VERSION=$BUILD_VERSION NODE_ENV=production
.dockerignore
Like .gitignore for Docker build context — exclude node_modules, .git, .env, *.log.
Example: node_modules\n.git\n.env\n*.log\ndist\n.nyc_output
ENTRYPOINT vs CMD
ENTRYPOINT = fixed executable. CMD = default args (overridable). Use exec form []: ["node","server.js"].
Example: ENTRYPOINT ["node"]\nCMD ["server.js"] # docker run img greet.js overrides CMD

Docker Compose

docker compose up -d --build
Start all services detached with fresh build. --force-recreate to recreate existing containers.
Example: docker compose up -d --build --remove-orphans
depends_on + healthcheck
depends_on condition:service_healthy waits for DB healthcheck before starting app.
Example: depends_on: db: condition: service_healthy
volumes: named vs bind
Named volumes managed by Docker (persist between runs). Bind mounts link to host path (dev hot reload).
Example: volumes: - postgres_data:/var/lib/postgresql/data - ./src:/app/src:ro
networks: custom
Isolate service groups. Services can only communicate on shared networks by name.
Example: networks: backend: driver: bridge; frontend: driver: bridge
env_file: .env
Load env vars from file into container. Separate .env.dev and .env.prod for environments.
Example: env_file: - .env.${COMPOSE_ENV:-dev}
docker compose scale / --scale
Run multiple instances of a service behind a load balancer.
Example: docker compose up -d --scale worker=5
profiles: ["dev"]
Conditionally start services only when their profile is activated — keep test DBs/UIs out of prod.
Example: docker compose --profile debug up # starts services with profiles: [debug]

Registry & Security

docker push / docker pull
Push built image to registry / pull image. Login first with docker login.
Example: docker push registry.example.com/myapp:1.0.0
docker scout / trivy
Scan images for known CVE vulnerabilities. Integrate into CI pipeline to fail on critical issues.
Example: trivy image --severity CRITICAL,HIGH myapp:1.0.0
docker secret (Swarm)
Mount secrets as files into container at /run/secrets — never as env vars in production.
Example: docker secret create db_password ./secret.txt; # available at /run/secrets/db_password
--read-only / --cap-drop
Immutable filesystem / drop Linux capabilities for minimal-privilege containers.
Example: docker run --read-only --cap-drop=ALL --cap-add=NET_BIND_SERVICE myapp