This page covers every Docker command you’re likely to need — from running containers to cleaning up disk space. It’s structured as a quick-reference card: find any command in under 10 seconds using the section headings below. All examples use Docker Engine on Linux; Docker Compose commands use the v2 syntax (docker compose with a space, not a hyphen).
Container Lifecycle
These commands control the full lifecycle of a container from creation to removal.
docker run [options] image [command] # Create and start a container
docker start [name|id] # Start a stopped container
docker stop [name|id] # Gracefully stop a running container (SIGTERM)
docker restart [name|id] # Stop then start a container
docker rm [name|id] # Remove a stopped container
docker rm -f [name|id] # Force-remove a running container
docker pause [name|id] # Suspend all processes in a container
docker unpause [name|id] # Resume a paused container
docker kill [name|id] # Forcefully stop a container (SIGKILL)
Key flags for docker run:
-d # Detached (run in background)
-it # Interactive with TTY (use for shells)
--name myapp # Assign a name to the container
-p 8080:80 # Map host port 8080 to container port 80
-v /host/path:/container # Bind mount a host directory
-v myvolume:/container # Mount a named volume
-e KEY=value # Set an environment variable
--rm # Automatically remove container on exit
--network mynetwork # Connect to a specific network
--restart unless-stopped # Restart policy (see section 10)
Examples:
docker run -d --name myapp -p 8080:80 nginx
docker run -it ubuntu bash
docker run -d --name myapp -p 8080:80 -v /data:/app/data --restart unless-stopped myimage:latest
Container status values: created, restarting, running, removing, paused, exited, dead
Container Inspection & Logs
docker ps # List running containers
docker ps -a # List all containers (including stopped)
docker ps -q # List only container IDs (running)
docker ps -aq # List only container IDs (all)
docker logs [name] # Print container logs
docker logs -f [name] # Follow (tail) logs in real time
docker logs --tail 100 [name] # Show last 100 lines
docker logs -f --timestamps [name] # Follow logs with timestamps
docker exec -it [name] bash # Open a bash shell in a running container
docker exec -it [name] sh # Use sh if bash is not available
docker exec [name] [command] # Run any command in a running container
docker inspect [name|id] # Return full JSON metadata for a container
docker top [name] # Show running processes inside a container
docker stats # Live resource usage for all running containers
docker stats --no-stream # Single snapshot of resource usage (non-interactive)
docker stats [name] # Resource usage for a specific container
Image Management
docker images # List all local images
docker images -a # Include intermediate images
docker images -q # List image IDs only
docker pull [image]:[tag] # Pull an image from a registry
docker pull nginx:latest # Example: pull latest nginx
docker pull nginx:1.25 # Example: pull a specific version
docker build -t name:tag . # Build an image from Dockerfile in current directory
docker build --no-cache -t name:tag . # Build without using the cache
docker build -t name:tag -f path/Dockerfile . # Specify a custom Dockerfile path
docker rmi [image] # Remove an image
docker rmi [image1] [image2] # Remove multiple images
docker tag source:tag target:tag # Tag an image with a new name
docker push [image]:[tag] # Push an image to a registry
docker image prune # Remove dangling (untagged) images
docker image prune -a # Remove all unused images (not just dangling)
Volumes
Docker supports two types of mounts: named volumes (managed by Docker, portable) and bind mounts (map a specific host path into the container).
docker volume ls # List all volumes
docker volume create [name] # Create a named volume
docker volume inspect [name] # View volume metadata and mount point
docker volume rm [name] # Remove a volume (must not be in use)
docker volume prune # Remove all unused volumes
Bind mount vs named volume in docker run:
# Bind mount — maps a host path directly
docker run -v /host/path:/container/path myimage
# Named volume — Docker manages the storage location
docker run -v myvolume:/container/path myimage
In a Compose file:
services:
app:
volumes:
- /host/path:/container/path # Bind mount
- myvolume:/container/path # Named volume
volumes:
myvolume:
Networks
docker network ls # List all networks
docker network create [name] # Create a bridge network
docker network create --driver host [name] # Create a host-mode network
docker network inspect [name] # Show network details and connected containers
docker network connect [network] [container] # Connect a running container to a network
docker network disconnect [network] [container] # Disconnect a container from a network
docker network rm [name] # Remove a network
docker network prune # Remove all unused networks
Default networks: bridge (default for standalone containers), host (shares the host network stack), none (no networking).
Containers on the same user-defined bridge network can reach each other by container name. The default bridge network does not support DNS-based container discovery.
Docker Compose (v2)
Docker Compose v2 is built into Docker as a plugin. Always use docker compose (with a space). The old docker-compose command with a hyphen is deprecated and unsupported by modern tools including Immich.
Run these commands from the directory containing your docker-compose.yml or compose.yaml file.
docker compose up -d # Start all services in detached mode
docker compose up -d --build # Rebuild images then start services
docker compose down # Stop and remove containers and networks
docker compose down -v # Stop, remove containers, networks AND volumes
docker compose ps # List service containers and their status
docker compose logs -f # Follow logs from all services
docker compose logs -f [service] # Follow logs from a single service
docker compose logs --tail 100 # Show last 100 lines from all services
docker compose exec [service] bash # Open a shell in a running service container
docker compose exec [service] sh # Use sh if bash is unavailable
docker compose pull # Pull latest images for all services
docker compose build # Build or rebuild all service images
docker compose build --no-cache [service] # Rebuild a service image without cache
docker compose restart [service] # Restart a specific service
docker compose stop # Stop all services (does not remove containers)
docker compose start # Start stopped services
docker compose config # Validate and view the merged Compose configuration
docker compose run --rm [service] [cmd] # Run a one-off command in a service container
Note: When rebuilding for deployment, always use --no-cache to ensure a clean build:
docker compose build --no-cache app && docker compose up -d app
System Cleanup
Use docker system df before pruning to see what’s taking up space. Prune commands are irreversible — check carefully before running -a --volumes.
docker system df # Show disk usage: images, containers, volumes
# Prune commands (safe — only removes unused/stopped resources)
docker system prune # Remove stopped containers, dangling images, unused networks
docker system prune -a # Also remove all unused images (not just dangling)
docker system prune -a --volumes # Also remove unused volumes — WARNING: potential data loss
# Targeted prune commands
docker container prune # Remove all stopped containers
docker image prune # Remove dangling images
docker image prune -a # Remove all unused images
docker volume prune # Remove all unused volumes
docker network prune # Remove all unused networks
Useful One-Liners
# Stop all running containers
docker stop $(docker ps -q)
# Remove all stopped containers
docker rm $(docker ps -aq -f status=exited)
# Remove all dangling images
docker rmi $(docker images -q -f dangling=true)
# Get the IP address of a container
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' [name]
# Copy a file FROM a container to the host
docker cp [name]:/path/to/file ./local
# Copy a file TO a container from the host
docker cp ./local [name]:/path/to/file
# Follow logs with timestamps
docker logs -f --timestamps [name]
# See which containers are using a specific image
docker ps -a --filter ancestor=[image]:[tag]
# Inspect a container's environment variables
docker inspect --format='{{range .Config.Env}}{{println .}}{{end}}' [name]
# Show the command a container was started with
docker inspect --format='{{.Config.Cmd}}' [name]
# Run a one-off container and remove it immediately after
docker run --rm -it ubuntu bash
Docker Run Quick Reference
| Flag | What it does | Example |
|---|---|---|
-d |
Run container in the background (detached) | docker run -d nginx |
-it |
Allocate a TTY and keep STDIN open (use for interactive shells) | docker run -it ubuntu bash |
--name |
Assign a custom name to the container | --name myapp |
-p |
Map a host port to a container port | -p 8080:80 |
-v |
Mount a volume or bind mount a host path | -v /data:/app/data |
-e |
Set an environment variable | -e DB_HOST=localhost |
--env-file |
Load environment variables from a file | --env-file .env |
--rm |
Automatically remove the container when it exits | docker run --rm ubuntu echo hi |
--network |
Connect the container to a specific network | --network mynet |
--restart |
Set the restart policy (see section below) | --restart unless-stopped |
--hostname |
Set the container’s hostname | --hostname myhost |
--memory |
Limit container memory usage | --memory 512m |
--cpus |
Limit CPU usage (decimal cores) | --cpus 1.5 |
-u |
Run as a specific user or UID | -u 1000:1000 |
--entrypoint |
Override the image’s default entrypoint | --entrypoint /bin/sh |
Common –restart Policies
| Policy | Behaviour | Recommended for |
|---|---|---|
no |
Never restart the container (default) | One-off jobs, manual-start containers |
always |
Always restart, including after a manual docker stop and Docker daemon restart |
Services that must always be running |
unless-stopped |
Restart unless manually stopped with docker stop; persists across daemon restarts |
Home lab services, self-hosted apps — generally the safest choice |
on-failure |
Restart only if the container exits with a non-zero exit code | Batch jobs, workers that should stop cleanly on success |
on-failure:3 |
Same as on-failure but stops retrying after 3 attempts |
Workers where repeated failure indicates a configuration problem |
