A curated list of Docker command-line use cases that frequently appear in real-world scenarios and technical interviews.
You want to ensure that your Docker image is rebuilt completely from scratch without using any cached layers.
docker build --no-cache --tag myapp .The --no-cache flag disables caching for all steps in the Dockerfile, ensuring a clean build. This is especially useful when dependencies or base images might change, and you want to avoid outdated layers.
You have your Dockerfile located in a different folder and want to build the image from there.
docker build --tag myapp --file docker/Dockerfile .The -f flag allows you to specify the location of the Dockerfile. Ensure to specify the build context (. in this case) correctly.
You want to tag your Docker image with the current Git commit hash for traceability.
docker build --tag myapp:$(git rev-parse --short HEAD) .git rev-parse --short HEAD fetches the short form of the current Git commit hash, helping to version the Docker image by the code commit.
Your image size is large because it includes build tools or unnecessary files.
# Stage 1 - Build
FROM golang:1.21 as builder
WORKDIR /app
COPY . .
RUN go build -o myapp
# Stage 2 - Runtime
FROM alpine:latest
COPY --from=builder /app/myapp /myapp
ENTRYPOINT ["/myapp"]Multi-stage builds allow you to use one image for building and another lightweight image for production, reducing the final image size.
You want to include the current date in the Docker image tag for easier version tracking.
docker build --tag myapp:release-$(date +%Y-%m-%d) .This tags your image with the current date, useful for nightly or daily builds.
You want to restrict the amount of memory and CPU a container can use.
docker run --memory="512m" --cpus="1.5" myapp:latestThis ensures the container uses a maximum of 512MB of RAM and 1.5 CPU cores, which helps in resource-constrained environments.
You want your container to run with a non-root user for security purposes.
docker run -u 1001:1001 myapp:latestRunning containers as a non-root user is a best practice to prevent privilege escalation attacks.
You want to restrict write access in the container for extra security.
docker run --read-only --tmpfs /tmp -d myapp:latestThis mounts the root filesystem as read-only and adds a temporary writable /tmp to meet application needs.
You want the container to automatically restart if it fails.
docker run -d --restart=on-failure:3 myapp sh -c "sleep 1 && exit 1"This will restart the container up to 3 times on failure. Useful for fault-tolerant setups.
You want Docker to monitor the health of a running container.
FROM node:18
WORKDIR /app
COPY server.js .
RUN apk add --no-cache curl && npm install express
EXPOSE 8080
HEALTHCHECK CMD curl --fail http://localhost:8080/health || exit 1
CMD ["node", "server.js"]The HEALTHCHECK instruction checks the /health endpoint, and Docker marks the container unhealthy if it fails.
You want to monitor the latest logs of a container in real-time.
docker logs -f --tail 50 <container-id>This displays the last 50 lines of logs and continues to stream new logs as they are generated.
You want to verify if a certain process (e.g., Java) is running inside a container.
docker exec -it <container-id> sh -c "ps aux | grep java"This inspects the running processes inside the container using ps.
You want to harden your container environment.
docker run --pids-limit 100 --read-only --memory=256m myappLimits the number of processes, enforces read-only FS, and sets memory usage limits.
You want container logs written to a directory on your host.
docker run -v $(pwd)/logs:/var/log/nginx nginxThis mounts a host directory into the container where logs can be written persistently.
docker system prune -af --volumesRemoves all unused containers, images, networks, and volumes to free up disk space.
docker rmi $(docker images -f "dangling=true" -q)Deletes untagged images that are not used by any container.
docker rm -f $(docker ps -aq)Forcibly deletes all running and stopped containers.
docker images --filter "since=<image-name:tag>"Shows only the images that were created after a given image.
docker rename <old-container-name> <new-container-name>Changes the container's name without restarting it.
docker update --restart=always <container-name>Configures the container to always restart unless explicitly stopped.
docker pause <container-name>
docker unpause <container-name>Temporarily suspends/resumes all processes within a container.
docker diff <container-name>Lists changes to files or directories in a container’s filesystem.
docker save <image-name> > <image-name>.tarSaves the Docker image to a tar archive for transfer or backup.
docker load < <image-name>.tarLoads a Docker image from a tar file into the local Docker registry.
docker cp <container-name>:<file-path> ./localfile.txtExtracts a file from a running container to the host.
docker stats --no-streamProvides a live snapshot of resource usage by running containers.