🔹 1️⃣ Show Information
- Check Docker version
docker --version
- Show detailed Docker system information:
docker info
- Display Docker help:
docker help
🔹 2️⃣ Working with Images
- List all images:
docker images
- Pull an image from Docker Hub:
docker pull nginx:tag
- Remove an image:
docker rmi nginx:tag
The tag indicates the image version, and if it is not mentioned, the latest version will be downloaded.
- Build an image from a Dockerfile :
docker build -t myapp .
- Build with a specific tag:
docker build -t myapp:v1 .
🔹 3️⃣ Working with Containers
- Run a container:
docker run nginx
- Run a container in detached mode:
docker run -d nginx
- Run a container with port mapping:
docker run -d -p 8080:80 nginx
- Run a container with a custom name:
docker run -d --name mynginx nginx
- List running containers:
docker ps
- List all containers (including stopped ones):
docker ps -a
- Stop a container:
docker stop container_name
- Start a stopped container:
docker start container_name
- Remove a container:
docker rm container_name
- Force remove a container:
docker rm -f container_name
🔹 4️⃣ Access a Running Container
- Enter a container using bash:
docker exec -it container_name bash
- If using Alpine (sh instead of bash):
docker exec -it container_name sh
🔹 5️⃣ Logs
- View container logs:
docker logs container_name
- Follow logs in real-time:
docker logs -f container_name
🔹 6️⃣ Volumes Management
- List volumes:
docker volume ls
- Create a volume:
docker volume create myvolume
- Remove a volume:
docker volume rm myvolume
🔹 7️⃣ Networks Management
- List networks:
docker network ls
- Create a network:
docker network create mynetwork
- Inspect a network:
docker network inspect mynetwork
- Remove a network:
docker network rm mynetwork
9️⃣ System Cleanup (Development & Production)
- Remove stopped containers:
docker container prune
- Remove unused images:
docker image prune -a
- Full system cleanup:
docker system prune -a
🐳 Advanced Docker Commands (Multi-Stage / Caching / Debugging / Production)
1️⃣ Multi-Stage Builds
docker build -t myapp .
docker build -t myapp:v1 .
docker build --target build -t myapp:build .
docker build --no-cache -t myapp .
docker build --build-arg ENV=production -t myapp .
docker build --cache-from myapp:latest -t myapp:new .
docker history myapp
docker image inspect myapp
- Enable BuildKit:
export DOCKER_BUILDKIT=1
- Build with a specific stage
docker build --target build -t myapp:build .
- Build without using cache
docker build --no-cache -t myapp .
- Build with build arguments
docker build --build-arg ENV=production -t myapp .
- View image build history
docker history myapp
- Inspect image layers
docker image inspect myapp
2️⃣ Docker Build Caching Tricks
- Enable BuildKit (recommended)
export DOCKER_BUILDKIT=1
Or Windows:
set DOCKER_BUILDKIT=1
- Build using cache from previous image
docker build --cache-from myapp:latest -t myapp:new .
- Pull image before build to reuse cache (CI/CD trick)
docker pull myapp:latest
docker build --cache-from myapp:latest -t myapp:latest .
- Remove dangling images (unused layers)
docker image prune
3️⃣ Container Debugging
- View real-time container stats (CPU / RAM)
docker stats
- Inspect container details (network, mounts, config)
docker inspect container_name
- View container logs
docker logs container_name
- Follow logs:
docker logs -f container_name
- Enter running container (bash)
docker exec -it container_name bash
If Alpine:
docker exec -it container_name sh
- Check container processes
docker top container_name
- Check container resource usage
docker stats container_name
4️⃣ Networking (Advanced)
- Create custom bridge network
docker network create mynetwork
- Connect container to network
docker network connect mynetwork container_name
- Disconnect container from network
docker network disconnect mynetwork container_name
- Inspect network
docker network inspect mynetwork
5️⃣ Volumes & Persistent Storage
- List Of Volume
docker volume ls
- Create named volume
docker volume create myvolume
- Remove volume
docker volume rm myvolume
- Mount volume manually
docker run -v myvolume:/app/data myapp
- Bind mount local folder
docker run -v $(pwd):/app myapp
- Inspect volume
docker volume inspect myvolume
6️⃣ Resource Limits (Production Best Practice)
- Limit CPU & Memory
docker run -d --cpus="1.5" --memory="512m" myapp
- Restart policy (important for production)
docker run -d --restart unless-stopped myapp
Options
noalwayson-failureunless-stopped
7️⃣ Security Best Practices
- Run container as non-root user
docker run -u 1001 myapp
- Remove unused capabilities
docker run --cap-drop ALL myapp
- Read-only filesystem
docker run --read-only myapp
- Scan image for vulnerabilities
docker scan myapp
8️⃣ Docker Compose (Advanced)
- Start Services
docker compose up
Starts all services defined in the
docker-compose.ymlfile.Runs in the foreground (you see logs in the terminal).
docker compose up -d
- Starts all services in detached mode (runs in the background).
docker compose up --build
Builds images before starting the containers (useful after code changes).
- Stop Services
docker compose down
Stops and removes containers, networks, and default volumes created by
up.
- Check Status
docker compose ps
Lists running services and their status.
- Logs
docker compose logs -f
Shows real-time logs for all services (
-f= follow).
- log specific service
docker compose logs backend
Shows logs for a specific service (backend only).
- Rebuild specific service
docker compose build backend
Rebuilds only the backend service.
docker compose build
Builds all services that have a
buildconfiguration.
- Restart specific service
docker compose restart nginx
Restarts only the nginx service container.
- Scale service (Load balancing trick)
docker compose up --scale backend=3
NOTE
Runs 3 instances of the backend service.
Useful for load balancing and horizontal scaling.
- Run one-off command inside service
docker compose run backend bash
NOTE
- Runs a temporary container for the backend service and opens a bash shell inside it.
- Useful for debugging or running manual commands.
- View logs per service
docker compose logs backend
9️⃣ Production Image Optimization
- Use slim base image
Example:
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine
- Reduce image size
docker image ls
- Remove everything unused
docker system prune -a --volumes
🔟 Tagging & Pushing (CI/CD Flow)
- Tag image
docker tag myapp:latest mydockerhubuser/myapp:v1
- Login to Docker Hub
docker login
- Push image
docker push mydockerhubuser/myapp:v1
🔹 Advanced Production & Debugging Tricks
- Difference Between
stopanddown
docker compose stop
docker compose down
NOTE
docker compose stop
Stops running containers without removing them.
NOTE
docker compose down
Stops and removes containers, networks, and default volumes created byup.
- View Last Logs (Production Debugging)
docker logs --tail 50 container_name
Shows only the last 50 lines of logs (useful in production environments).
- Copy Files Between Host and Container
docker cp container_name:/app/file.txt .
docker cp localfile.txt container_name:/app/
Copy files from container to host and vice versa.
- Environment Variables
docker run -e ENV=production myapp
docker compose --env-file .env up
Pass environment variables to containers.
HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1
Allows Docker to monitor container health status.
- Limit Container Logs Size (Production)
docker run --log-opt max-size=10m --log-opt max-file=3 myapp
Prevents logs from consuming too much disk space.
- Inspect Running Processes Inside Container
docker exec -it container_name ps aux
View running processes inside a container.
- Remove Everything (Full Cleanup)
docker system prune -a --volumes
> Removes all unused containers, images, networks, and volumes.
- Docker Context (Working with Remote Servers)
docker context ls
docker context use mycontext
> Manage multiple Docker environments (local, remote, cloud).
- Export / Import Docker Image
docker save myapp > myapp.tar
docker load < myapp.tar
> Useful for offline image transfer.
- Docker Compose Override File
NOTE
docker-compose.override.yml- Allows environment-specific configuration (development vs production).
- Restart Policies (Compose)
restart: unless-stopped
> Ensures containers restart automatically in production.
- Container Resource Monitoring
docker stats container_name
Monitor CPU and memory usage in real-time.
🔹# Docker Compose – Development vs Production
This note explains the differences between Development and Production configurations using Docker Compose in a multi-service application architecture.
The stack contains:
- Frontend → served by NGINX
- Backend API
- Database → PostgreSQL
Development Environment
The development environment is optimized for:
- Fast iteration
- Easy debugging
- Local development
- Developer productivity
The focus is flexibility, not strict security or resource optimization.
Key Characteristics of Development Setup
1. Port Mapping
Ports are exposed so the developer can access services directly from the host machine.
Example:
ports:
- “3001:3001”
Meaning:
Host Machine : 3001
Container : 3001
Benefits:
- Access API using browser or Postman
- Easy debugging
- Direct testing of services
2. Writable Volumes (Bind Mounts)
Example:
volumes:
- ./frontend:/usr/share/nginx/html
This is called a bind mount.
Meaning:
Host Folder → Container Folder
Benefits:
- Any code change on the host is immediately reflected inside the container.
- No need to rebuild images frequently.
- Ideal for frontend development.
Example workflow:
Edit file → Save → Browser refresh → Changes visible
3. Environment Variables Inside Compose
In development, environment variables are often defined directly in the compose file.
Example:
environment:
- PORT=3001
- DATABASE_URL=postgresql://app:secret@db:5432/myapp
Advantages:
-
Easy configuration
-
Quick setup for local development
-
No external secret management required
Disadvantages:
- Not secure for production environments
4. Simple Database Image
Example:
image: postgres:15
This pulls an official image from Docker Hub.
Reasons:
- Stable
- Easy to use
- No custom configuration required
5. Initialization Scripts
Example:
- ./backend/init.sql:/docker-entrypoint-initdb.d/init.sql
Purpose:
Automatically initialize the database when the container starts.
Typical use cases:
- Create tables
- Insert seed data
- Setup initial schema
6. Health Checks
Example:
healthcheck:
test: [“CMD”, “wget”, “-q”, “-O-”, “http://localhost:3001/api/health”]
interval: 30s
timeout: 30s
retries: 5
Purpose:
Check whether the container is functioning properly.
Benefits:
- Detect unhealthy services
- Helps orchestration tools manage containers
7. Multiple Networks
Example:
networks:
- frontend-net
- backend-net
Architecture:
Frontend ←> Backend (frontend-net)
Backend ←> Database (backend-net)
Benefits:
-
Network isolation
-
Better architecture separation
Production Environment
The production environment is optimized for:
- Security
- Stability
- Performance
- Scalability
The focus is reliability and safety rather than convenience.
Key Characteristics of Production Setup
1. Read-Only Volumes
Example:
volumes:
- ./frontend:/usr/share/nginx/html:ro
:ro means read-only.
Benefits:
- Prevents modification of container files
- Improves security
- Protects application assets
2. Internal Services Are Not Exposed
Example removed in production:
ports:
- “3001:3001”
Reason:
Backend services should only be accessible inside the Docker network.
Architecture:
User → Nginx → Backend → Database
Only the frontend service exposes port 80.
3. Resource Limits
Example:
deploy:
resources:
limits:
cpus: “0.5”
memory: 256M
Purpose:
Prevent containers from consuming unlimited system resources.
Benefits:
- Better system stability
- Prevents container resource abuse
- Predictable performance
4. Security Capabilities
Example:
cap_drop:
- ALL
Linux containers run with capabilities.
Dropping capabilities reduces attack surface.
Example of added capabilities:
NET_ADMIN
NET_RAW
SYS_TIME
These control networking and system operations.
Best practice:
Drop everything and add only what you need.
5. Secrets Management
Example:
secrets:
db_password:
file: ./secrets/db_password.txt
Why use secrets?
Sensitive data should never be stored in plain text inside compose files.
Secrets may include:
- Database passwords
- API tokens
- Encryption keys
6. Custom Database Images
Example:
dhi.io/postgres:18-alpine3.22-dev
Companies often maintain custom images with:
- Performance tuning
- Security patches
- Monitoring tools
- Company standards
7. Horizontal Scaling
Example:
replicas: 10
Meaning:
Run 10 backend containers simultaneously.
Benefits:
- Load balancing
- High availability
- Better performance under heavy traffic
Architecture example:
Nginx
│
├── Backend 1
├── Backend 2
├── Backend 3
├── Backend 4
└── Backend N
Development vs Production Comparison
| Feature | Development | Production |
|---|---|---|
| Ports | Exposed | Limited |
| Volumes | Writable | Read-only |
| Security | Minimal | Hardened |
| Secrets | Environment variables | Docker secrets |
| Resources | Unlimited | Limited |
| Scaling | Single container | Multiple replicas |
| Images | Official images | Custom optimized images |
Typical Workflow
Development:
docker compose -f docker-compose-dev.yml up
Production:
docker compose -f docker-compose-prod.yml up -d
💡 Pro DevOps Tip
In real projects we often organize files like this:
docker-compose.yml
docker-compose.dev.yml
docker-compose.prod.yml
And run them using override configuration.
User
│
Nginx
│
Backend API
│
PostgreSQL
Transclude of List.base