Loading...

Docker Developer Cheatsheet — Cheatsheet | ArbindBuilds

Docker Developer Cheatsheet

A dense, no-fluff Docker reference covering core concepts, Dockerfile syntax, build/run commands, Compose, volumes, multi-stage builds, and production hardening. One page, everything you need.

ArbindBuilds·May 10, 2026·dockercontainersdevopsbackendcheatsheetcli

Core Concepts

Image — read-only template used to create containers
Container — runnable instance of an image; isolated process
Dockerfile — script of instructions to build an image
Layer — each instruction in a Dockerfile adds a cached layer
Volume — persistent storage that survives container restarts
Network — virtual bridge connecting containers to each other or the host
Registry — storage for images (Docker Hub, GHCR, ECR)

Dockerfile Essentials

FROM node:20-alpine          # base image
WORKDIR /app                 # set working dir
COPY package*.json ./        # copy deps first (cache optimization)
RUN npm ci --omit=dev        # install deps
COPY . .                     # copy source
EXPOSE 3000                  # document port (does NOT publish)
CMD ["node", "server.js"]    # default command

Instruction	Use
`ARG`	build-time variable
`ENV`	runtime environment variable
`ENTRYPOINT`	fixed executable, CMD becomes args
`HEALTHCHECK`	defines container health probe

← Back to Cheatsheets

Build & Run

Command	Description
`docker build -t name:tag .`	build image from current dir
`docker build --no-cache -t name .`	force rebuild all layers
`docker run -d -p 3000:3000 name`	run detached, map host:container port
`docker run --rm -it name sh`	interactive one-off container
`docker run -e KEY=val name`	pass environment variable
`docker run -v $(pwd):/app name`	bind mount current dir

Container Management

Command	Description
`docker ps`	list running containers
`docker ps -a`	list all including stopped
`docker stop <id>`	graceful SIGTERM stop
`docker kill <id>`	immediate SIGKILL
`docker rm <id>`	remove stopped container
`docker exec -it <id> sh`	shell into running container
`docker logs -f <id>`	stream container logs
`docker inspect <id>`	full JSON metadata

Image Management

Command	Description
`docker images`	list local images
`docker pull name:tag`	pull from registry
`docker push name:tag`	push to registry
`docker tag src:tag dest:tag`	create alias tag
`docker rmi <id>`	remove image
`docker image prune -a`	remove all unused images
`docker save name > file.tar`	export image to tar
`docker load < file.tar`	import image from tar

Docker Compose

# compose.yaml
services:
  app:
    build: .
    ports: ["3000:3000"]
    env_file: .env
    depends_on: [db]
    volumes:
      - .:/app
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_PASSWORD: secret
    volumes:
      - pg_data:/var/lib/postgresql/data

volumes:
  pg_data:

Command	Description
`docker compose up -d`	start all services detached
`docker compose down -v`	stop and remove volumes
`docker compose logs -f app`	tail specific service logs
`docker compose exec app sh`	shell into running service

Volumes & Networking

# Named volume
docker volume create mydata
docker run -v mydata:/data image

# Bind mount
docker run -v /host/path:/container/path image

# Networks
docker network create mynet
docker run --network mynet --name api image
docker run --network mynet image curl http://api:3000

Containers on the same network resolve each other by service name
bridge — default isolated network
host — shares host network stack (Linux only)

Multi-Stage Build

# Stage 1: build
FROM node:20-alpine AS builder
WORKDIR /app
COPY . .
RUN npm ci && npm run build

# Stage 2: production image
FROM node:20-alpine AS runner
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
CMD ["node", "dist/index.js"]

Final image contains only what you copy from previous stages
Drastically reduces image size — drop build tools, test deps, source files

Cleanup & Prune

Command	Description
`docker system prune`	remove stopped containers, dangling images, unused networks
`docker system prune -a`	above + all unused images
`docker volume prune`	remove all unused volumes
`docker image prune --filter "until=24h"`	remove images older than 24h

Run docker system df first to see disk usage before pruning.

Production Hardening Tips

Use node:20-alpine or distroless — not latest or full Debian
Pin exact image digests for reproducible builds: image@sha256:abc123
Run as non-root: USER node before CMD
Set --read-only flag on containers where possible
Never bake .env or secrets into the image; use --env-file or Docker secrets
Add .dockerignore — exclude node_modules, .git, .env, dist

node_modules
.git
.env
*.log
dist