Docker 速查表

容器、映像檔、磁碟區、網路和 Docker Compose 的基本 Docker 命令。

63個命令

ContainersRun a container in detached (background) mode

docker run -d IMAGE

docker run -d nginx

ContainersRun a container interactively with a shell

docker run -it IMAGE bash

docker run -it ubuntu bash

ContainersName the container and map a host port to container port

docker run --name NAME -p HOST:CTR IMAGE

docker run --name web -p 8080:80 nginx

ContainersSet an environment variable in the container

docker run -e KEY=VALUE IMAGE

docker run -e NODE_ENV=production node:18 node app.js

ContainersBind-mount a host directory into the container

docker run -v /host/path:/ctr/path IMAGE

docker run -v $(pwd)/data:/app/data myapp

ContainersAutomatically remove container when it exits

docker run --rm IMAGE

docker run --rm alpine echo 'hello'

ContainersList running containers

docker ps

docker ps

ContainersList all containers (including stopped)

docker ps -a

docker ps -a

ContainersGracefully stop a running container (SIGTERM)

docker stop CONTAINER

docker stop web

ContainersStart a stopped container

docker start CONTAINER

docker start web

ContainersStop then start a container

docker restart CONTAINER

docker restart web

ContainersRemove a stopped container

docker rm CONTAINER

docker rm web

ContainersForce-remove a running container

docker rm -f CONTAINER

docker rm -f web

ContainersOpen an interactive shell in a running container

docker exec -it CONTAINER bash

docker exec -it web bash

ContainersStream logs from a container

docker logs -f CONTAINER

docker logs -f web

ContainersReturn detailed JSON info about a container

docker inspect CONTAINER

docker inspect web

ContainersDisplay live resource usage statistics

docker stats

docker stats

ImagesDownload an image from a registry

docker pull IMAGE:TAG

docker pull postgres:16

ImagesList all local images

docker images

docker images

ImagesBuild an image from a Dockerfile in the current directory

docker build -t NAME:TAG .

docker build -t myapp:latest .

ImagesBuild using a specific Dockerfile path

docker build -f PATH/Dockerfile .

docker build -f docker/Dockerfile.prod -t myapp:prod .

ImagesTag a local image with a new name/tag

docker tag SOURCE TARGET

docker tag myapp:latest registry.io/user/myapp:v1.0

ImagesPush an image to a registry

docker push IMAGE

docker push registry.io/user/myapp:v1.0

ImagesRemove a local image

docker rmi IMAGE

docker rmi myapp:latest

ImagesRemove dangling (untagged) images

docker image prune

docker image prune

ImagesRemove all unused images (not just dangling)

docker image prune -a

docker image prune -a

VolumesCreate a named volume

docker volume create NAME

docker volume create pgdata

VolumesList volumes

docker volume ls

docker volume ls

VolumesInspect a volume

docker volume inspect NAME

docker volume inspect pgdata

VolumesRemove a volume

docker volume rm NAME

docker volume rm pgdata

VolumesMount a named volume into a container

docker run -v VOLUME:/ctr/path IMAGE

docker run -v pgdata:/var/lib/postgresql/data postgres:16

NetworksCreate a user-defined bridge network

docker network create NAME

docker network create mynet

NetworksList networks

docker network ls

docker network ls

NetworksConnect a running container to a network

docker network connect NET CONTAINER

docker network connect mynet web

NetworksRun a container on a specific network

docker run --network NET IMAGE

docker run --network mynet --name api myapp

NetworksRemove a network

docker network rm NAME

docker network rm mynet

ComposeCreate and start all services in background

docker compose up -d

docker compose up -d

ComposeStop and remove containers and networks

docker compose down

docker compose down

ComposeAlso remove volumes

docker compose down -v

docker compose down -v

ComposeList containers managed by Compose

docker compose ps

docker compose ps

ComposeStream logs from a service

docker compose logs -f SERVICE

docker compose logs -f api

ComposeOpen a shell in a running Compose service

docker compose exec SERVICE bash

docker compose exec api bash

ComposeBuild or rebuild services

docker compose build

docker compose build

ComposePull latest images for all services

docker compose pull

docker compose pull

ComposeRestart a specific service

docker compose restart SERVICE

docker compose restart api

ComposeUse a specific compose file

docker compose -f FILE up -d

docker compose -f docker-compose.prod.yml up -d

DockerfileSet the base image for the build

FROM BASE:TAG

FROM node:18-alpine

DockerfileSet the working directory for subsequent instructions

WORKDIR /path

WORKDIR /app

DockerfileCopy files from build context into the image

COPY src dest

COPY package*.json ./
COPY . .

DockerfileExecute a shell command during build

RUN command

RUN npm ci --only=production

DockerfileSet environment variables baked into the image

ENV KEY=VALUE

ENV NODE_ENV=production PORT=3000

DockerfileDefine a build-time variable (not in final image)

ARG NAME=default

ARG APP_VERSION
RUN echo $APP_VERSION

DockerfileDocument the port the container will listen on

EXPOSE PORT

EXPOSE 3000

DockerfileDefault command to run (exec form preferred)

CMD ["executable", "arg"]

CMD ["node", "server.js"]

DockerfileContainer entry point (CMD args are appended)

ENTRYPOINT ["executable"]

ENTRYPOINT ["docker-entrypoint.sh"]

DockerfileCreate a mount point for external volumes

VOLUME ["/data"]

VOLUME ["/var/lib/mysql"]

DockerfileSet the user for RUN/CMD/ENTRYPOINT instructions

USER name

USER node

CleanupRemove stopped containers, dangling images, unused networks, build cache

docker system prune

docker system prune

CleanupAlso remove all unused images (not just dangling)

docker system prune -a

docker system prune -a

CleanupShow Docker disk usage

docker system df

docker system df

CleanupRemove all stopped containers

docker container prune

docker container prune

CleanupDisplay system-wide Docker information

docker info

docker info

CleanupShow Docker client and daemon version

docker version

docker version

最簡生產Dockerfile

# Stage 1: build
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# Stage 2: runtime
FROM node:18-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
USER node
CMD ["node", "dist/server.js"]

多階段構建通過僅複製生產構建產物。 USER node 指令避免以root身份執行，提高安全性。

docker-compose.yml 範例

services:
  api:
    build: .
    ports:
      - "3000:3000"
    environment:
      DATABASE_URL: postgres://user:pass@db:5432/mydb
    depends_on:
      db:
        condition: service_healthy

  db:
    image: postgres:16-alpine
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: mydb
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user"]
      interval: 5s
      retries: 5

volumes:
  pgdata:

常見問題

docker run和docker start有什麼區別？

docker run從映像建立一個新容器並啟動它。docker start重新啟動現有的已停止容器。首次建立容器或需要新容器時使用docker run。當您想以其現有狀態恢復之前停止的容器時，使用docker start。

如何刪除所有已停止的容器和未使用的映像？

使用docker system prune刪除所有已停止的容器、懸掛映像、未使用的網路和建置快取。新增-a標誌還可刪除未使用的映像。使用docker container prune僅針對容器，docker image prune僅針對映像。

Dockerfile中COPY和ADD有什麼區別？

COPY只是將檔案從建置內容複製到映像中。ADD做同樣的事情，但還支援URL來源和自動提取壓縮封存（.tar、.tar.gz、.tar.bz2）。最佳實踐：除非特別需要ADD的額外功能，否則使用COPY，因為COPY更透明。

如何讓容器資料在其生命週期之外持久化？

使用Docker磁碟區（docker volume create myvol，然後在docker run中用-v myvol:/data）進行Docker管理的持久命名儲存。使用繫結掛載（-v /主機/路徑:/容器/路徑）掛載特定的主機目錄。磁碟區更適合生產環境，因為它們完全由Docker管理且可移植。

最簡生產Dockerfile

# Stage 1: build
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# Stage 2: runtime
FROM node:18-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
USER node
CMD ["node", "dist/server.js"]

多階段構建通過僅複製生產構建產物。 USER node 指令避免以root身份執行，提高安全性。

docker-compose.yml 範例

services:
  api:
    build: .
    ports:
      - "3000:3000"
    environment:
      DATABASE_URL: postgres://user:pass@db:5432/mydb
    depends_on:
      db:
        condition: service_healthy

  db:
    image: postgres:16-alpine
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: mydb
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user"]
      interval: 5s
      retries: 5

volumes:
  pgdata:

Docker 速查表

最簡生產Dockerfile

docker-compose.yml 範例

常見問題

docker run和docker start有什麼區別？

如何刪除所有已停止的容器和未使用的映像？

Dockerfile中COPY和ADD有什麼區別？

如何讓容器資料在其生命週期之外持久化？

DevOps references

Docker 速查表

最簡生產Dockerfile

docker-compose.yml 範例

常見問題

docker run和docker start有什麼區別？

如何刪除所有已停止的容器和未使用的映像？

Dockerfile中COPY和ADD有什麼區別？

如何讓容器資料在其生命週期之外持久化？