Commands

Links#

https://docs.docker.com/reference/cli/docker/
https://docs.docker.com/reference/cli/docker/container/run/
https://docs.docker.com/reference/cli/docker/container/exec/
https://docs.docker.com/reference/cli/docker/compose/
https://docs.docker.com/engine/manage-resources/pruning/

1. Daily Commands#

一句话：先看 container 状态和日志，再进入容器排查。

Need	Command
List running containers	`docker ps`
List all containers	`docker ps -a`
Status table	`docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}'`
Start container	`docker start <container>`
Stop container	`docker stop <container>`
Restart container	`docker restart <container>`
Remove stopped container	`docker rm <container>`
Follow logs	`docker logs -f <container>`
Last logs	`docker logs --tail 200 <container>`
Run shell	`docker exec -it <container> sh`
Inspect details	`docker inspect <container>`
Resource usage	`docker stats`

docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'
docker logs --tail 100 order-api
docker exec -it order-api sh

2. Run Container#

run once and remove#

docker run --rm alpine:3.20 echo "hello"

run background service#

docker run -d \
  --name order-api \
  --restart unless-stopped \
  -p 3000:3000 \
  -e APP_ENV=dev \
  -e LOG_LEVEL=info \
  order-api:local

restart policy:
    --restart unless-stopped:
        Docker daemon starts the container again after daemon restart or host reboot
        if you manually docker stop it, Docker will not restart it until you start it again

    prerequisite:
        Docker daemon itself must start on boot

sudo systemctl enable docker
sudo systemctl start docker

add restart policy to existing container#

If the container is already running, you can update restart policy without recreating it:

docker update --restart unless-stopped order-api

Verify:

docker inspect order-api --format '{{.HostConfig.RestartPolicy.Name}}'

Expected:

unless-stopped

Cancel restart policy:

docker update --restart no order-api

run with env file#

docker run --rm \
  --env-file .env.local \
  -p 3000:3000 \
  order-api:local

env notes:
    .env is runtime config
    do not COPY .env into Docker image
    production secrets should come from platform secret store

run with named volume#

docker volume create --label keep=true pgdata

docker run -d \
  --name postgres-dev \
  -e POSTGRES_PASSWORD=postgres \
  -v pgdata:/var/lib/postgresql/data \
  -p 5432:5432 \
  postgres:16

run with resource limit#

docker run --rm \
  --memory 512m \
  --cpus 1.0 \
  order-api:local

3. Logs And Debug#

Need	Command
Follow logs	`docker logs -f <container>`
Logs since time	`docker logs --since 30m <container>`
Logs with timestamp	`docker logs -t <container>`
Process list	`docker top <container>`
Execute command	`docker exec <container> <cmd>`
Interactive shell	`docker exec -it <container> sh`
Filesystem diff	`docker diff <container>`
Copy file out	`docker cp <container>:/path/file ./file`
Copy file in	`docker cp ./file <container>:/path/file`

docker exec -it order-api sh
ps aux
env | sort

debug order:
    docker ps
    docker logs --tail 200
    docker inspect
    docker exec only when logs and config are not enough

4. Images#

Need	Command
List images	`docker images`
Pull image	`docker pull nginx:1.27-alpine`
Build image	`docker build -t order-api:local .`
Build with Dockerfile path	`docker build -f docker/Dockerfile -t order-api:local .`
Tag image	`docker tag order-api:local registry.example.com/order-api:1.0.0`
Push image	`docker push registry.example.com/order-api:1.0.0`
Remove image	`docker rmi <image>`
Image history	`docker history <image>`
Inspect image	`docker image inspect <image>`

docker build \
  --pull \
  -t registry.example.com/order-api:1.0.0 \
  .

tag strategy:
    local:
        order-api:local

    release:
        registry.example.com/order-api:1.0.0

    git sha:
        registry.example.com/order-api:git-a1b2c3d

    environment alias:
        registry.example.com/order-api:prod
        only points to currently deployed image, not the immutable rollback reference

5. Buildx#

适合 CI 构建 multi-arch image，例如 linux/amd64 和 linux/arm64。

docker buildx create --name ci-builder --use
docker buildx inspect --bootstrap

docker buildx build \
  --platform linux/amd64,linux/arm64 \
  -t registry.example.com/order-api:1.0.0 \
  --push \
  .

docker buildx ls
docker buildx rm ci-builder

6. Compose#

start#

docker compose up -d

compose restart policy#

services:
  order-api:
    image: order-api:1.0.0
    restart: unless-stopped
    ports:
      - "3000:3000"

docker compose up -d
docker compose ps

notes:
    restart: unless-stopped works when Docker daemon starts after host reboot
    compose project is not a systemd unit by itself
    Docker restarts containers from the previous compose project as containers

status and logs#

docker compose ps
docker compose logs -f
docker compose logs -f order-api

restart one service#

docker compose restart order-api

rebuild one service#

docker compose build order-api
docker compose up -d order-api

stop and remove#

docker compose down

remove with volumes#

docker compose down -v

warning:
    docker compose down -v deletes named volumes created by the project
    use it only for local/dev reset

7. Networks#

Need	Command
List networks	`docker network ls`
Create bridge network	`docker network create order-net`
Inspect network	`docker network inspect order-net`
Connect container	`docker network connect order-net <container>`
Disconnect container	`docker network disconnect order-net <container>`
Container port mapping	`docker port <container>`

docker network create order-net

docker run -d \
  --name api \
  --network order-net \
  order-api:local

DNS rule:
    containers on the same user-defined bridge network can resolve each other by container name
    host machine cannot resolve that Docker DNS name directly

8. Volumes#

Need	Command
List volumes	`docker volume ls`
Create volume	`docker volume create --label keep=true order-data`
Inspect volume	`docker volume inspect order-data`
Remove volume	`docker volume rm order-data`
Remove unused volumes	`docker volume prune --filter "label!=keep"`

docker run --rm \
  -v order-data:/data \
  alpine:3.20 \
  sh -c 'echo hello > /data/hello.txt'

backup named volume#

docker run --rm \
  -v order-data:/data:ro \
  -v "$PWD":/backup \
  alpine:3.20 \
  tar czf /backup/order-data.tgz -C /data .

restore named volume#

docker run --rm \
  -v order-data:/data \
  -v "$PWD":/backup \
  alpine:3.20 \
  tar xzf /backup/order-data.tgz -C /data

9. Registry#

docker login registry.example.com

tag and push#

docker tag order-api:local registry.example.com/order-api:1.0.0
docker tag order-api:local registry.example.com/order-api:git-a1b2c3d
docker push registry.example.com/order-api:1.0.0
docker push registry.example.com/order-api:git-a1b2c3d

pull and run#

docker pull registry.example.com/order-api:1.0.0

docker run -d \
  --name order-api \
  -p 3000:3000 \
  registry.example.com/order-api:1.0.0

credential rules:
    use CI secret store for registry username/token
    do not commit Docker config with auth token
    rotate robot account tokens

Retention is registry-specific. Define the policy in Docker Operations before relying on cleanup.

10. Cleanup#

Need	Command
Disk usage	`docker system df`
Remove stopped containers older than 7 days	`docker container prune --filter "until=168h"`
Remove unused images older than 14 days	`docker image prune -a --filter "until=336h"`
Remove unused networks older than 7 days	`docker network prune --filter "until=168h"`
Remove build cache older than 7 days	`docker builder prune --filter "until=168h"`
Remove unused volumes without keep label	`docker volume prune --filter "label!=keep"`

docker system df
docker container prune --filter "until=168h"
docker image prune -a --filter "until=336h"
docker builder prune --filter "until=168h"

default local cleanup policy:
    run docker system df before cleanup
    prune stopped containers older than 7 days
    prune unused images older than 14 days
    prune build cache older than 7 days
    never prune volumes blindly
    protect data volumes with label keep=true

when to run:
    dev laptop: weekly or when Docker disk usage > 30 GB
    shared Docker host: only during maintenance window
    CI builder: after build or daily, depending on cache value

Full policy examples are in Docker Operations.

11. Troubleshooting#

port already allocated#

docker ps --format 'table {{.Names}}\t{{.Ports}}'
lsof -i :3000

fix:
    stop the container using the port
    or change host port, for example -p 3001:3000

container exits immediately#

docker ps -a
docker logs --tail 200 <container>
docker inspect <container>

common causes:
    command exits by design
    missing environment variable
    application cannot connect to dependency
    file permission problem on mounted volume

cannot resolve service name#

docker network inspect <network>
docker inspect <container> --format '{{json .NetworkSettings.Networks}}'

fix:
    put containers in the same user-defined bridge network
    use compose service name for compose services

no space left on device#

docker system df
docker images
docker ps -a
docker volume ls
df -h

fix:
    prune stopped containers first
    prune old unused images and build cache
    review volumes before deleting
    check whether logs or /var/lib/docker are filling the host filesystem

container OOM#

docker inspect <container> --format '{{.State.OOMKilled}}'
docker stats <container>
docker logs --tail 200 <container>

fix:
    raise memory limit
    reduce app heap / worker concurrency
    check memory leak with application metrics