Docker Handbook

Docker cheat sheet

Check Version



Starting and Stopping

CPU Constraints
You can limit CPU, either using a percentage of all CPUs, or by using specific cores.
For example, you can tell the cpu-shares setting. The setting is a bit strange -- 1024 means 100% of the CPU, so if you want the container to take 50% of all CPU cores, you should specify 512:
docker run -it -c 512 agileek/cpuset-test
You can also only use some CPU cores using cpuset-cpus:
docker run -it --cpuset-cpus=0,4,6 agileek/cpuset-test
Note that Docker can still see all of the CPUs inside the container -- it just isn't using all of them.
Memory Constraints
You can also set memory constraints on Docker:
docker run -it -m 300M ubuntu:14.04 /bin/bash


Import / Export

  • docker cp copies files or folders between a container and the local filesystem.
  • docker export turns container filesystem into tarball archive stream to STDOUT.

Import/Export container

Import a container as an image from file:
cat my_container.tar.gz | docker import - my_image:my_tag
Export an existing container:
docker export my_container | gzip > my_container.tar.gz

Executing Commands



  • docker images shows all images.
  • docker import creates an image from a tarball.
  • docker build creates image from Dockerfile.
  • docker commit creates image from a container, pausing it temporarily if it is running.
  • docker rmi removes an image.
  • docker load loads an image from a tar archive as STDIN, including images and tags (as of 0.7).
  • docker save saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7).


Load/Save image

Load an image from file:
docker load < my_image.tar.gz
Save an existing image:
docker save my_image:my_tag | gzip > my_image.tar.gz



  • FROM Sets the Base Image for subsequent instructions.
  • MAINTAINER (deprecated - use LABEL instead) Set the Author field of the generated images.
  • RUN execute any commands in a new layer on top of the current image and commit the results.
  • CMD provide defaults for an executing container.
  • EXPOSE informs Docker that the container listens on the specified network ports at runtime. NOTE: does not actually make ports accessible.
  • ENV sets environment variable.
  • ADD copies new files, directories or remote file to container. Invalidates caches. Avoid ADD and use COPY instead.
  • COPY copies new files or directories to container. By default this copies as root regardless of the USER/WORKDIR settings. Use --chown=<user>:<group> to give ownership to another user/group. (Same for ADD.)
  • ENTRYPOINT configures a container that will run as an executable.
  • VOLUME creates a mount point for externally mounted volumes or other containers.
  • USER sets the user name for following RUN / CMD / ENTRYPOINT commands.
  • WORKDIR sets the working directory.
  • ARG defines a build-time variable.
  • ONBUILD adds a trigger instruction when the image is used as the base for another build.
  • STOPSIGNAL sets the system call signal that will be sent to the container to exit.
  • LABEL apply key/value metadata to your images, containers, or daemons.
  • SHELL override default shell is used by docker to run commands.
  • HEALTHCHECK tells docker how to test a container to check that it is still working.

Registry & Repository






  • docker network create NAME Create a new network (default type: bridge).
  • docker network rm NAME Remove one or more networks by name or identifier. No containers can be connected to the network when deleting it.