Essential Docker Concepts and Quick Command Cheat Sheet

1. What problem Docker solves

Docker isolates applications at the OS level, avoiding the heavyweight overhead of full virtual machines.

Docker vs Virtual Machine

2. Image management (images)

Common commands

# Pull an image
docker pull IMAGE[:TAG]
# List local images
docker images
# Remove a specific image (use -f to force)
docker rmi [-f] IMAGE_OR_ID
# Remove all dangling images
docker image prune

Offline migration (no network)

# 1. Export image to a file
docker save -o FILE.tar IMAGE
# 2. Transfer the file
tscp FILE.tar root@TARGET_IP:/path
# 3. Import on the target machine
docker load -i FILE.tar

Tagging

# Tag an image (original image remains)
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

3. Container management (container)

Run a container docker run [OPTIONS] IMAGE [COMMAND] Common options

Stop and delete

# List running containers
docker ps
# List all containers (including stopped)
docker ps -a
# View container logs
docker logs CONTAINER
# Follow logs in real time
docker logs -f CONTAINER
# Inspect container details
docker inspect CONTAINER

Enter a running container

docker exec -it CONTAINER /bin/bash
# Exit without stopping: Ctrl+P, Ctrl+Q
# Exit and stop: exit

4. Data volumes (docker volume)

Why volumes are needed?

Data persistence – containers are ephemeral; without a volume data disappears when the container is removed.

Host ↔ container – convenient file sharing.

Container ↔ container – multiple containers can share the same volume.

Three volume types

1. Managed volume (created by Docker, stored under /var/lib/docker/volumes/)

# Create a volume
docker volume create VOLUME_NAME
# List volumes
docker volume ls
# Inspect a volume
docker volume inspect VOLUME_NAME
# Remove a volume
docker volume rm VOLUME_NAME
# Remove all unused volumes
docker volume prune
# Mount to a container
docker run [...] -v VOLUME_NAME:/container/path IMAGE

2. Bind mount (mount a host directory or file into the container)

# Mount host path
docker run [...] -v /host/path:/container/path IMAGE
# Read‑only bind mount
docker run [...] -v /host/path:/container/path:ro IMAGE

Note : When mounting, the container’s target directory is overwritten by the host’s content; using :ro makes the mount read‑only inside the container while the host can still modify the files.

3. tmpfs mount (stores data in host memory; disappears when the container stops)

docker run [...] --tmpfs /container/path IMAGE

5. Container networking (docker network)

Why networking is needed?

Container‑to‑container communication (e.g., web service accessing a database).

Container‑to‑external network communication.

Container‑to‑host interaction.

Four common network modes

# Bridge (default, no extra flag)
docker run [...] IMAGE
# Host mode
docker run --network host IMAGE
# Container mode (share another container’s network)
docker run --network container:CONTAINER_A IMAGE
# None mode
docker run --network none IMAGE

Network management commands

# Create a custom network
docker network create NETWORK_NAME
# List networks
docker network ls
# Inspect a network
docker network inspect NETWORK_NAME
# Remove a network
docker network rm NETWORK_NAME
# Remove all unused networks
docker network prune
# Connect a container to a network
docker network connect NETWORK_NAME CONTAINER
# Disconnect a container from a network
docker network disconnect NETWORK_NAME CONTAINER

6. Image building (Dockerfile)

Method 1: Container snapshot (docker commit) – not recommended for production

docker commit [OPTIONS] CONTAINER_ID IMAGE[:TAG]

Drawback: non‑reproducible and history is opaque.

Method 2: Dockerfile – recommended

Describes the build process in a script, enabling version control and reproducibility.

CMD vs ENTRYPOINT

# Only CMD – can be overridden
CMD ["python", "app.py"]
# docker run IMAGE bash → runs bash, not app.py

# Only ENTRYPOINT – fixed entry, args are appended
ENTRYPOINT ["python", "app.py"]
# docker run IMAGE --port=8080 → python app.py --port=8080

# Recommended combination
ENTRYPOINT ["python", "app.py"]
CMD ["--port=80"]
# docker run IMAGE → python app.py --port=80 (uses CMD default)
# docker run IMAGE --port=8080 → python app.py --port=8080 (CMD overridden)

Multi‑stage build

Why? Compiled languages (e.g., Go, Java) need a full build environment, but the runtime only needs the compiled artifact. Including build tools inflates image size.

Advantages : final image contains only runtime files, reducing size and attack surface.

# Stage 1: Build (full compiler)
FROM golang:1.21 AS builder
WORKDIR /app
COPY . .
RUN go build -o myapp .

# Stage 2: Run (minimal base image)
FROM alpine:latest
WORKDIR /app
# Copy only the compiled binary
COPY --from=builder /app/myapp .
CMD ["./myapp"]

Building an image

docker build [OPTIONS] CONTEXT_PATH
# Common options:
# -t IMAGE:TAG   → name and tag
# -f Dockerfile   → specify Dockerfile path (default is ./Dockerfile)
# --no-cache      → rebuild without cache
# Example:
 docker build -t myapp:1.0 .
 docker build -f ./docker/Dockerfile -t myapp:1.0 .

7. Container orchestration (docker compose)

Why orchestration is needed? Real‑world applications consist of multiple services (web, database, cache). Managing each with separate docker run commands is cumbersome and error‑prone. Docker Compose uses a single YAML file to describe and manage multi‑container applications.

Problems it solves

One command starts/stops the entire stack.

Automatically handles service dependencies and network order.

Configuration‑as‑code enables version control and team collaboration.

Sample docker‑compose.yml

version: "3.9"
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html
    depends_on:
      - db
    networks:
      - app-net

  db:
    image: mysql:8.0
    environment:
      MYSQL_ROOT_PASSWORD: secret
      MYSQL_DATABASE: mydb
    volumes:
      - db-data:/var/lib/mysql
    networks:
      - app-net

volumes:
  db-data:

networks:
  app-net:
    driver: bridge

Common Compose commands

# Validate and view merged config
docker compose config
# Create and start all services (foreground)
docker compose up
# Start in background
docker compose up -d
# Rebuild images before starting
docker compose up --build
# Stop and remove containers, networks (volumes kept)
docker compose down
# Remove containers, networks, and volumes
docker compose down -v
# List service status
docker compose ps
# Follow logs of all services
docker compose logs -f
# Follow logs of a specific service
docker compose logs -f SERVICE_NAME
# Exec a shell in a service container
docker compose exec SERVICE_NAME bash
# Restart a service
docker compose restart SERVICE_NAME
# Pull latest images for all services
docker compose pull

Thank you for reading. If you found this useful, please consider supporting the author! 🎉