DockerLearn — Complete Docker Learning Hub

01 / LEARN

Core Topics

Click any topic to expand. Each panel has explanations, code examples and visual diagrams. Designed for absolute freshers — read in order.

🏗️

TOPIC 01

Docker Architecture

Client, Daemon, REST API, containerd, runc — the full stack explained.

BeginnerDiagrams

📦

TOPIC 02

Images & Layers

How images stack layer by layer, union FS, and why caching matters.

BeginnerConcepts

🚢

TOPIC 03

Containers

Lifecycle, run vs start vs exec, detached/attached, resource limits.

BeginnerHands-on

📝

TOPIC 04

Dockerfile

FROM, RUN, COPY, CMD vs ENTRYPOINT, ARG vs ENV, multi-stage builds.

BeginnerBuild

💾

TOPIC 05

Volumes & Storage

Volumes vs bind mounts vs tmpfs. How to persist data when containers die.

IntermediateStorage

🔌

TOPIC 06

Networking

Bridge, host, none, overlay. Port mapping and container DNS.

IntermediateNetworking

🎼

TOPIC 07

Docker Compose

Run multi-container apps with one YAML — services, networks, volumes.

IntermediateYAML

🏬

TOPIC 08

Registries & Tags

Docker Hub, private registries, image tags, push/pull, authentication.

IntermediateDistribution

🛡️

TOPIC 09

Best Practices & Security

Smaller images, non-root users, .dockerignore, scanning, no :latest.

AdvancedSecurity

🏗️ Docker Architecture

Docker uses a client-server architecture. You type commands using the Docker Client which talks to the Docker Daemon over a REST API. The daemon does the real work: building images, running containers, managing networks and volumes.

FLOW

You type: docker run nginx
   ↓
Docker Client (CLI)
   ↓ REST API
Docker Daemon (dockerd)
   ↓
containerd (high-level runtime)
   ↓
runc (low-level OCI runtime)
   ↓
Linux Kernel (namespaces + cgroups + overlayfs)
   ↓
🚢 Container is running!

👉 Open the Architecture tab in the nav for the interactive version where you can click each component for deeper info.

📦 Images & Layers

A Docker image is a read-only template (like a class). A container is a running instance of that image (like an object). Images are built from stacked layers, where each Dockerfile instruction creates a new layer.

CONCEPT

Image: my-app:1.0
┌─────────────────────────────┐
│ Layer 4: CMD ["node","app"] │  ← writable when running
├─────────────────────────────┤
│ Layer 3: COPY . /app        │  ← changes often (your code)
├─────────────────────────────┤
│ Layer 2: RUN npm install    │  ← cached separately
├─────────────────────────────┤
│ Layer 1: FROM node:18       │  ← base image (rarely changes)
└─────────────────────────────┘

Layer Caching

If a layer hasn't changed, Docker reuses it. Put things that change often at the BOTTOM.

Union FS

Layers stack into one view. Containers add a thin writable layer on top — image stays unchanged.

Image Tag

Format: name:tag. No tag → :latest. Avoid in production.

🚢 Containers

A container is a running process isolated from the host using Linux namespaces and cgroups. Containers are ephemeral — when stopped, anything written inside is lost (unless you used a volume).

BASH

# Run a container detached, with port mapping
docker run -d --name web -p 8080:80 nginx:1.25

# List containers
docker ps                # running only
docker ps -a             # all (including stopped)

# Lifecycle
docker stop web
docker start web
docker restart web

# Get logs
docker logs -f web

# Exec into a running container
docker exec -it web sh

# Resource limits
docker run -d --memory=512m --cpus=0.5 nginx

# Cleanup
docker rm web            # stopped
docker rm -f web         # force (running)

Container Lifecycle

created → running → paused → stopped → removed

📝 Dockerfile

A Dockerfile is a recipe — a text file with instructions Docker uses to build an image. Each instruction creates a layer.

DOCKERFILE

# Base image
FROM node:18-alpine

# Working directory inside container
WORKDIR /app

# Copy dependency files first (better caching!)
COPY package*.json ./
RUN npm ci --only=production

# Copy source code
COPY . .

# Document which port the app uses
EXPOSE 3000

# Run as non-root user (security)
USER node

# Default command when container starts
CMD ["node", "server.js"]

Multi-stage build (much smaller images):

DOCKERFILE

# Stage 1 — build (heavy)
FROM node:18 AS builder
WORKDIR /app
COPY . .
RUN npm install && npm run build

# Stage 2 — runtime (lean)
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
USER node
CMD ["node", "dist/index.js"]

💾 Volumes & Storage

Containers are ephemeral. To persist data (databases, uploads, logs), use volumes.

Named Volume

Managed by Docker. Best for production data.

Bind Mount

Maps host folder into container. Best for dev.

tmpfs Mount

In-memory only. For secrets/temp data.

BASH

docker volume create mydata
docker run -d -v mydata:/var/lib/mysql mysql:8       # named volume
docker run -d -v $(pwd):/app node:18                  # bind mount
docker run --tmpfs /tmp nginx                          # tmpfs
docker volume ls
docker volume inspect mydata

🔌 Networking

Each container gets its own network namespace and IP. Docker provides drivers to control how containers communicate.

bridge (default)

Private virtual network on host. Custom bridges → DNS by name.

host

Shares host network. No isolation. Linux only.

none

No networking. Fully isolated. Batch jobs.

overlay

Multi-host networking for Swarm.

BASH

docker network create app-net
docker run -d --name db --network app-net postgres:15
docker run -d --name api --network app-net my-api
# inside api container, 'db' resolves to the db container
docker network ls

🎼 Docker Compose

Define a multi-container app in one YAML file. One command starts everything: web + db + cache + worker.

YAML

services:
  web:
    build: .
    ports: ["8080:3000"]
    environment:
      DATABASE_URL: postgres://user:pass@db:5432/app
    depends_on: [db]
    networks: [app-net]
  db:
    image: postgres:15
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: app
    volumes: [db-data:/var/lib/postgresql/data]
    networks: [app-net]
volumes:
  db-data:
networks:
  app-net:

Common commands

docker compose up -d   # start in background
docker compose down     # stop & remove
docker compose logs -f  # follow combined logs
docker compose ps

🏬 Registries & Tags

A registry stores Docker images. Docker Hub is the default. Companies use private registries (AWS ECR, GCP Artifact Registry, GitHub Container Registry).

BASH

docker pull nginx:1.25

# Tag for a registry
docker tag my-app:1.0 myuser/my-app:1.0
docker tag my-app:1.0 myregistry.com/team/my-app:1.0

# Login & push
docker login
docker push myuser/my-app:1.0

# Pin by digest (immutable)
docker pull nginx@sha256:abc123...

Tag strategy: Use semantic versions like 1.2.3. Avoid latest in production.

🛡️ Best Practices & Security

These practices save you from 90% of beginner pain — bloated images, slow builds, and security incidents.

✓ Small base images

Prefer alpine/distroless. node:18=1GB → node:18-alpine=180MB.

✓ Multi-stage builds

Build heavy, ship lean. Cuts size 5-10x.

✓ Run as non-root

Add USER node in Dockerfile.

✓ .dockerignore

Exclude node_modules, .git, .env.

✗ Never bake secrets

No keys, passwords, tokens in Dockerfile or image.

✗ Don't use :latest

Pin specific versions. Latest changes silently.

⚠ Scan images

Use docker scout or trivy.

⚠ Health checks

Add HEALTHCHECK so orchestrators know app is ready.

02 / ARCHITECTURE

Interactive Docker Architecture

💡 Click any component below to learn what it does, see how it connects, and read related Q&A. Everything is linked — visualize the flow and absorb knowledge fast.

USER LAYER

👤 You (Terminal) i

↓types: docker run nginx

DOCKER CLIENT

💻 Docker CLI (docker) i

↓REST API over /var/run/docker.sock

DOCKER ENGINE (DAEMON)

⚙️ dockerd i

🌐 REST API i

📦 Image Store i

🔌 Network Mgr i

💾 Volume Mgr i

↓delegates container ops via gRPC

CONTAINER RUNTIME

🧩 containerd i

⚡ runc i

🔗 containerd-shim i

↓uses kernel features to isolate the process

LINUX KERNEL FEATURES

🏷️ Namespaces i

📊 cgroups (Resource Limits) i

🗂️ overlayfs i

🛡️ seccomp / AppArmor i

↓

RUNNING CONTAINER

🚢 Your Container i

↑images pulled from

REGISTRY

🏬 Docker Hub / ECR / GCR i

💡 Container vs VM: A VM runs a full guest OS on a hypervisor (heavy, slow, GBs). A container shares the host kernel and only ships the app + its libraries (light, fast, MBs). Isolation comes from namespaces; resource control comes from cgroups.

03 / Q&A

Questions & Answers

30+ questions — Easy, Medium, Hard. Filter by difficulty. These cover everything you'll be asked when learning or applying Docker concepts.

What is Docker and why do we use it?Easy▼

Docker is an open-source platform that packages applications and dependencies into lightweight, portable units called containers. It solves the "works on my machine" problem — the same container runs identically on a laptop, staging server, and production cloud. Containers start in milliseconds, use far fewer resources than VMs, and make CI/CD faster.

Difference between a Docker Image and a Container?Easy▼

An image is a read-only template — like a class in OOP, or a recipe. A container is a running instance of an image — like an object created from a class. You can create many containers from one image. The image is on disk; the container is a running process.

Difference between a Container and a VM?Easy▼

VM: Runs full guest OS on hypervisor. Heavy (GBs), slow boot (minutes), strong isolation.

Container: Shares host kernel. Lightweight (MBs), starts in ms, isolated via namespaces + cgroups.

Rule of thumb: 1 server = ~10 VMs but 100s of containers.

What is a Dockerfile?Easy▼

A Dockerfile is a plain text file with step-by-step instructions Docker uses to build an image. Each instruction (FROM, RUN, COPY, CMD, etc.) creates a new image layer. Think of it as a recipe: FROM is the base, RUN is a cooking step, COPY adds your code, CMD is what's served when someone runs the container.

Name 7 common Docker commands.Easy▼

• docker pull <image> — download image
• docker build -t name:tag . — build from Dockerfile
• docker run -d -p 8080:80 nginx — run container
• docker ps — list running (add -a for all)
• docker logs <name> — view logs
• docker exec -it <name> sh — shell into container
• docker rm -f <name> — force remove

What is Docker Hub?Easy▼

Docker Hub is the default public registry, like GitHub for Docker images. Pull official images (nginx, mysql, node), publish your own, share. Private alternatives: AWS ECR, GCP Artifact Registry, GitHub Container Registry.

What does the EXPOSE instruction do?Easy▼

EXPOSE is documentation only. It tells anyone reading the Dockerfile which ports the container listens on. It does NOT publish the port. Use -p HOST:CONTAINER at runtime: docker run -p 8080:80 myimage.

docker run vs docker start vs docker exec?Easy▼

docker run — creates a NEW container from an image and starts it.
docker start — starts an EXISTING stopped container (keeps name, ID, volumes).
docker exec — runs a new command in an already-running container (e.g. opening a shell).

What does -d flag do?Easy▼

-d = detached mode. Container runs in background, terminal is freed. Without -d, container runs in foreground and Ctrl+C stops it. Use -d for servers, foreground for one-off tasks.

What is .dockerignore?Easy▼

Like .gitignore for Docker. Lists files NOT sent to the daemon during build. Without it, Docker copies your entire project (including node_modules, .git, .env) — slow builds and leaked secrets. Typical entries: node_modules, .git, .env, *.log.

CMD vs ENTRYPOINT?Medium▼

CMD — default command, OVERRIDDEN if you pass args to docker run.
ENTRYPOINT — fixed; args you pass become arguments TO it.

Best practice: Use both — ENTRYPOINT ["python","app.py"] + CMD ["--port=8080"]. The script always runs, flags are tweakable.

COPY vs ADD?Medium▼

COPY — does only what you'd expect: copies local files. Predictable.
ADD — also fetches URLs and auto-extracts tar archives. Surprising.

Rule: Always use COPY. Use ADD only when you actually want tar extraction.

ARG vs ENV?Medium▼

ARG — build-time only. Set with --build-arg. Disappears after build.
ENV — set during build AND available at runtime in the container. Override with -e on docker run.

ARG for build version flags, ENV for runtime config like NODE_ENV=production.

What are Docker volumes? Why use them?Medium▼

Containers are ephemeral — when removed, data is deleted. Volumes persist data outside container lifecycle.

3 types:
• volume — managed by Docker. Best for prod.
• bind mount — links host folder to container. Best for dev.
• tmpfs — RAM only. For secrets/temp.

docker run -d -v mydata:/var/lib/mysql mysql

Docker network drivers?Medium▼

• bridge (default) — virtual network on host. Containers on same custom bridge resolve each other by name.
• host — shares host network stack. No isolation.
• none — no network. Fully isolated.
• overlay — multi-host networking for Swarm.
• macvlan — container gets own MAC + IP on physical net.

What is Docker Compose?Medium▼

Tool to define multi-container apps in one YAML file. Instead of 4 long docker run commands, write docker-compose.yml and run docker compose up. Handles networking, volumes, dependency order, env vars, scaling — declaratively.

How to reduce Docker image size?Medium▼

1. Small base images — alpine, distroless, -slim.
2. Multi-stage builds — compile heavy, ship lean.
3. Combine RUN commands in one line.
4. Use .dockerignore.
5. Clean up caches and temp files in same RUN.
6. Pin versions.

What is image layer caching?Medium▼

Each Dockerfile instruction creates a layer. If unchanged, Docker reuses cached version. Cache invalidation: once a layer changes, every layer below rebuilds.

Optimization: Put rarely-changing instructions FIRST. Classic example: copy package.json and npm install BEFORE copying source code, so code changes don't bust dependency cache.

How to pass environment variables?Medium▼

• -e KEY=value — single var
• --env-file .env — from file
• ENV KEY=value in Dockerfile (default)
• In docker-compose.yml via environment: or env_file:

Don't put secrets in Dockerfile. Use --env-file + .dockerignore on .env.

Named volume vs bind mount?Medium▼

Named volume: Docker-managed at /var/lib/docker/volumes/. Best for production data, portable across hosts.

Bind mount: Maps exact host path. -v /home/user/code:/app. Best for local dev — edit code on host, container sees changes.

Volumes = abstracted. Bind mounts = direct host control.

What is a multi-stage build?Hard▼

Multiple FROM in one Dockerfile. Each stage is independent. Final image only contains what you COPY --from=<stage>.

Why: Compile in heavy image (compilers, dev tools), ship a tiny runtime image.

Example: Go binary compiled in golang:1.21 (~1GB) → copied into scratch (~10MB). Same app, 100x smaller.

How does Docker achieve isolation?Hard▼

Three Linux kernel features:
• Namespaces — each container has own view of system: pid, net, mnt, uts, ipc, user.
• cgroups — limit CPU, memory, I/O, network.
• Union filesystem (overlayfs) — stack image layers + thin writable layer per container.

Containers are NOT VMs — they share the host kernel.

Role of containerd and runc?Hard▼

• dockerd — user-facing Docker API, images, networks, volumes.
• containerd — high-level runtime. Manages container lifecycle, snapshots. Used by Docker AND Kubernetes.
• runc — lowest-level OCI runtime. Sets up namespaces + cgroups using kernel.

Flow: docker run → dockerd → containerd → runc → container.

How to debug a container that won't start?Hard▼

1. docker ps -a — see status, exit code.
2. docker logs <name> — read the actual error.
3. docker inspect <name> — full config, mounts, networks.
4. docker run -it --entrypoint sh <image> — override entrypoint with shell.
5. docker events — live stream of daemon events.

Common causes: wrong CMD, missing env var, port in use, bad volume path.

Docker security best practices?Hard▼

• Don't run as root — USER appuser
• Minimal base images (alpine, distroless)
• Pin versions and digests, never :latest
• Scan images — docker scout, trivy
• Never bake secrets in images
• Drop capabilities — --cap-drop=ALL
• Read-only root FS — --read-only
• Limit resources — --memory, --cpus
• Keep Docker patched on the host

Docker Swarm vs Kubernetes?Hard▼

Swarm: Docker's built-in orchestrator. Simple, easy to learn, comes with Docker.
K8s: Far more powerful — auto-healing, advanced scheduling, HPA, ingress, RBAC. Steeper curve.

In practice: Swarm fine for small/medium, K8s dominates at scale (EKS, GKE, AKS). Swarm usage has declined.

What is HEALTHCHECK?Hard▼

Dockerfile instruction to test if container is actually healthy (not just running):
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/health || exit 1

Container can be "running" but app inside hung. Healthcheck detects this; orchestrators restart it or stop sending traffic. Statuses: starting, healthy, unhealthy.

How to handle secrets in Docker?Hard▼

Bad: hardcode in Dockerfile, bake into image, commit .env to git.

Good:
• --env-file at runtime
• Docker secrets (Swarm) — mounted at /run/secrets/
• BuildKit --secret for build-time
• Real secret managers: Vault, AWS/GCP Secrets Manager, K8s Secrets

Always: .env in .gitignore AND .dockerignore.

docker exec vs docker attach?Hard▼

exec — runs NEW process inside running container. docker exec -it web sh. Exiting doesn't stop container.

attach — connects terminal to MAIN process (PID 1). Ctrl+C usually KILLS the main process and STOPS the container.

Use exec 99% of the time.

docker system prune vs docker volume prune?Hard▼

system prune — removes stopped containers, dangling images, unused networks, (with -a) unused images. Does NOT touch volumes by default — your data is safe.

volume prune — removes ONLY unused volumes. Dangerous — can permanently delete database data.

Run docker system df first to see what's using space.

04 / EXAM

Practice Exam

15 multiple-choice questions, 15 minutes, instant scoring with explanations. Put your knowledge to the test.

🎯 Docker Practice Exam

15 MCQs. 15 minutes. Mix of easy, medium, and hard. You'll see explanations after each answer. Hit Start when you're ready.

Questions

15:00

Minutes

60%

Pass Mark

05 / LABS

Hands-on Practice Labs

Real terminal exercises. Each step has a copy-able command. Track your progress with checkboxes.

0 / 0 tasks

Free practice platforms: play-with-docker.com · Docker Desktop · killercoda.com/docker

Run your first container

Easy

Goal: Pull nginx, run it on port 8080, see the welcome page, then clean up.

Pull nginx

docker pull nginxcopy

Run detached, map host 8080 → container 80

docker run -d --name web -p 8080:80 nginxcopy

Open http://localhost:8080 in browser

curl http://localhost:8080copy

Cleanup

docker rm -f webcopy

◯ Image pulled

◯ Page loaded

◯ Cleaned up

Build your own image

Easy

Goal: Create a Dockerfile for a simple HTML site, build it, run it.

Make a folder + index.html

mkdir mysite && cd mysite && echo "<h1>Hello Docker</h1>" > index.htmlcopy

Create Dockerfile (FROM nginx:alpine + COPY)

printf 'FROM nginx:alpine\nCOPY index.html /usr/share/nginx/html/\n' > Dockerfilecopy

Build the image

docker build -t mysite:1.0 .copy

Run it

docker run -d -p 8080:80 mysite:1.0copy

◯ Dockerfile written

◯ Image built

◯ Container running

Persist data with volumes

Medium

Goal: Run MySQL with a named volume. Remove and recreate — data survives.

Create volume

docker volume create mysqldatacopy

Run MySQL with volume

docker run -d --name db -e MYSQL_ROOT_PASSWORD=secret -v mysqldata:/var/lib/mysql mysql:8copy

Wait, then create a database

sleep 20 && docker exec -it db mysql -psecret -e "CREATE DATABASE testdb;"copy

Remove container (NOT volume)

docker rm -f dbcopy

Recreate — testdb still exists

docker run -d --name db -e MYSQL_ROOT_PASSWORD=secret -v mysqldata:/var/lib/mysql mysql:8 && sleep 15 && docker exec -it db mysql -psecret -e "SHOW DATABASES;"copy

◯ Volume created

◯ DB created

◯ Data survived

Connect containers via network

Medium

Goal: Run Redis + a client container that talks to Redis by name.

Custom bridge

docker network create app-netcopy

Run Redis

docker run -d --name redis --network app-net redis:7copy

Ping by name (expect PONG)

docker run -it --rm --network app-net redis:7 redis-cli -h redis pingcopy

◯ Network created

◯ Got PONG

Multi-container with Docker Compose

Medium

Goal: Spin up web + Postgres with one command.

Create docker-compose.yml

cat > docker-compose.yml <<EOF services: web: image: nginx:alpine ports: ["8080:80"] db: image: postgres:15 environment: POSTGRES_PASSWORD: pass EOFcopy

Start everything

docker compose up -dcopy

List services

docker compose pscopy

Tear down

docker compose downcopy

◯ Compose file written

◯ Services up

◯ Tore down

Debug a broken container

Hard

Goal: Run a container that crashes, diagnose it, fix it.

Run with bad command

docker run --name broken nginx wrong-commandcopy

See Exited status

docker ps -acopy

Read the error

docker logs brokencopy

Inspect

docker inspect brokencopy

Cleanup + run correctly

docker rm broken && docker run -d --name fixed nginxcopy

◯ Saw the crash

◯ Read logs

◯ Fixed it

06 / REAL WORLD

Practical Use Cases

How real engineering teams use Docker every day. Each card is a scenario you'll see in production — and what container-based solution fixes it.

📦 SCENARIO 01 · STARTUPS

"Works on my machine" syndrome

A new engineer joins. Spends 2 days installing Postgres, Redis, Node version manager, npm packages — gets weird errors no one else has.

Solution: Ship a docker-compose.yml with the repo. New engineer runs docker compose up and has the full dev environment in 2 minutes — same versions as everyone else.

🚀 SCENARIO 02 · CI/CD

Consistent build environments

CI build passes on Jenkins agent A but fails on agent B because of a different Node version. Flaky, hard to debug.

Solution: Run every CI step inside a Docker container with pinned versions. Same image in dev, CI, and production. Build either passes everywhere or nowhere — no flakiness.

🌐 SCENARIO 03 · MICROSERVICES

Polyglot architecture

Company has services in Node, Python, Go, Java. Each needs different runtimes, package managers, OS libraries. Provisioning servers is a nightmare.

Solution: Each service ships as a Docker image with its own runtime. Hosts only need Docker installed. Add or remove services without touching the OS.

⏰ SCENARIO 04 · SCHEDULED JOBS

Cron jobs in production

Need to run a daily report generator, a weekly DB cleanup, a 5-min health pinger. Running these as long-lived processes wastes resources.

Solution: Package each job as a Docker image. Use docker run --rm from cron / Kubernetes CronJob. Runs, exits, vanishes — clean and isolated.

🧪 SCENARIO 05 · TESTING

Integration tests that need real services

Your tests need a real Postgres, Redis, and Kafka. Mocking them is brittle. Devs forget to start services, tests break randomly.

Solution: docker compose up spins up the full test stack. Use testcontainers library to start fresh containers per test suite. Tests run identically on every machine.

🎓 SCENARIO 06 · DATA SCIENCE

Reproducible Jupyter environments

A research notebook with 30 pip packages won't run on a colleague's laptop. Six months later, even the original author can't reproduce the results.

Solution: Wrap the notebook + exact pip versions in a Docker image. Anyone, anywhere, anytime → docker run my-research:1.0 reproduces results exactly.

🛒 SCENARIO 07 · E-COMMERCE

Black Friday traffic surge

Traffic 20x normal during sales. Need to instantly scale web and checkout services without spinning up new VMs (which take minutes).

Solution: Containers start in seconds. Run them on an orchestrator (K8s/ECS) with auto-scaling. Hit the surge → 100 more containers spin up in seconds → traffic absorbed.

🏦 SCENARIO 08 · LEGACY APPS

Old app stuck on Python 2.7

A revenue-critical legacy app needs Python 2.7 + old libraries. The host OS has moved to Python 3 and won't let you install the old version.

Solution: Containerize the legacy app with its exact Python 2.7 environment. Modern host runs modern stack. Legacy container runs alongside, no conflicts. Buy time to refactor.

07 / CHEATSHEET

Command Cheatsheet

Every command you'll actually use, grouped by task. Click any command to copy. Hit "Download PDF" to take it offline.

🚢 Containers

docker run -d --name web -p 8080:80 nginx

Run detached with port mapping

docker ps

List running containers

docker ps -a

List ALL containers

docker stop <name>

Stop a container

docker rm -f <name>

Force remove

docker exec -it <name> sh

Shell into container

docker logs -f <name>

Follow logs

docker inspect <name>

Full container details

docker stats

Live CPU/RAM usage

📦 Images

docker pull nginx:1.25

Pull from registry

docker images

List local images

docker build -t myapp:1.0 .

Build from Dockerfile

docker tag myapp:1.0 user/myapp:1.0

Retag image

docker push user/myapp:1.0

Push to registry

docker rmi <image>

Remove image

docker history <image>

Show layers

docker save -o app.tar myapp:1.0

Export image to tarball

docker load -i app.tar

Import from tarball

💾 Volumes

docker volume create mydata

Create named volume

docker volume ls

List volumes

docker volume inspect mydata

Volume details

docker run -v mydata:/data nginx

Mount named volume

docker run -v $(pwd):/app node

Bind mount (dev mode)

docker run --tmpfs /tmp nginx

In-memory mount

docker volume rm mydata

Remove volume

🔌 Networks

docker network ls

List networks

docker network create app-net

Create custom bridge

docker network inspect app-net

Network details

docker run --network app-net nginx

Attach to network

docker network connect app-net <name>

Add running container

docker network disconnect app-net <name>

Detach

docker network rm app-net

Remove network

🎼 Compose

docker compose up -d

Start in background

docker compose down

Stop and remove

docker compose down -v

Also remove volumes

docker compose ps

List services

docker compose logs -f

Follow combined logs

docker compose build

Build all services

docker compose restart web

Restart one service

docker compose exec web sh

Shell into service

🧹 Cleanup

docker system df

Disk usage breakdown

docker system prune

Remove unused stuff

docker system prune -a

Aggressive cleanup

docker container prune

Remove stopped containers

docker image prune

Remove dangling images

docker volume prune

⚠ Delete unused volumes

docker rm -f $(docker ps -aq)

Force remove ALL containers

🐛 Debug

docker logs --tail 100 -f <name>

Follow last 100 lines

docker top <name>

Processes inside container

docker port <name>

Show port mappings

docker diff <name>

Filesystem changes

docker events

Live daemon events

docker run -it --entrypoint sh <image>

Override entrypoint, debug

docker cp <name>:/path ./local

Copy from container

🔐 Registry

docker login

docker login myregistry.com

Private registry

docker logout

Logout

docker search nginx

Search Docker Hub

docker pull nginx@sha256:abc...

Pin by digest

docker scout cves myimage:1.0

Scan vulnerabilities

Master Dockerfrom zero to Hero

Core Topics

Interactive Docker Architecture

Questions & Answers

Practice Exam

🎯 Docker Practice Exam

Hands-on Practice Labs

Practical Use Cases

Command Cheatsheet

🚢 Containers

📦 Images

💾 Volumes

🔌 Networks

🎼 Compose

🧹 Cleanup

🐛 Debug

🔐 Registry

Master Docker
from zero to Hero