github.com/adxhyt/docker@v1.4.2-0.20150117221845-467b7c821390/docs/sources/reference/commandline/cli.md (about) 1 page_title: Command Line Interface 2 page_description: Docker's CLI command description and usage 3 page_keywords: Docker, Docker documentation, CLI, command line 4 5 # Command Line 6 7 {{ include "no-remote-sudo.md" }} 8 9 To list available commands, either run `docker` with no parameters 10 or execute `docker help`: 11 12 $ sudo docker 13 Usage: docker [OPTIONS] COMMAND [arg...] 14 -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. 15 16 A self-sufficient runtime for Linux containers. 17 18 ... 19 20 ## Help 21 To list the help on any command just execute the command, followed by the `--help` option. 22 23 $ sudo docker run --help 24 25 Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] 26 27 Run a command in a new container 28 29 -a, --attach=[] Attach to STDIN, STDOUT or STDERR. 30 -c, --cpu-shares=0 CPU shares (relative weight) 31 ... 32 33 ## Option types 34 35 Single character commandline options can be combined, so rather than 36 typing `docker run -t -i --name test busybox sh`, 37 you can write `docker run -ti --name test busybox sh`. 38 39 ### Boolean 40 41 Boolean options look like `-d=false`. The value you 42 see is the default value which gets set if you do **not** use the 43 boolean flag. If you do call `run -d`, that sets the 44 opposite boolean value, so in this case, `true`, and 45 so `docker run -d` **will** run in "detached" mode, 46 in the background. Other boolean options are similar – specifying them 47 will set the value to the opposite of the default value. 48 49 ### Multi 50 51 Options like `-a=[]` indicate they can be specified multiple times: 52 53 $ sudo docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash 54 55 Sometimes this can use a more complex value string, as for `-v`: 56 57 $ sudo docker run -v /host:/container example/mysql 58 59 ### Strings and Integers 60 61 Options like `--name=""` expect a string, and they 62 can only be specified once. Options like `-c=0` 63 expect an integer, and they can only be specified once. 64 65 ## daemon 66 67 Usage: docker [OPTIONS] COMMAND [arg...] 68 69 A self-sufficient runtime for linux containers. 70 71 Options: 72 --api-enable-cors=false Enable CORS headers in the remote API 73 -b, --bridge="" Attach containers to a pre-existing network bridge 74 use 'none' to disable container networking 75 --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b 76 -D, --debug=false Enable debug mode 77 -d, --daemon=false Enable daemon mode 78 --dns=[] Force Docker to use specific DNS servers 79 --dns-search=[] Force Docker to use specific DNS search domains 80 -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver 81 --fixed-cidr="" IPv4 subnet for fixed IPs (e.g.: 10.20.0.0/16) 82 this subnet must be nested in the bridge subnet (which is defined by -b or --bip) 83 --fixed-cidr-v6="" IPv6 subnet for global IPs (e.g.: 2a00:1450::/64) 84 -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode 85 use '' (the empty string) to disable setting of a group 86 -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime 87 -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. 88 --icc=true Allow unrestricted inter-container and Docker daemon host communication 89 --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) 90 --ip=0.0.0.0 Default IP address to use when binding container ports 91 --ip-forward=true Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement. 92 --ip-masq=true Enable IP masquerading for bridge's IP range 93 --iptables=true Enable Docker's addition of iptables rules 94 --ipv6=false Enable Docker IPv6 support 95 -l, --log-level="info" Set the logging level 96 --label=[] Set key=value labels to the daemon (displayed in `docker info`) 97 --mtu=0 Set the containers network MTU 98 if no value is provided: default to the default route MTU or 1500 if no default route is available 99 -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file 100 --registry-mirror=[] Specify a preferred Docker registry mirror 101 -s, --storage-driver="" Force the Docker runtime to use a specific storage driver 102 --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver 103 --storage-opt=[] Set storage driver options 104 --tls=false Use TLS; implied by --tlsverify flag 105 --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here 106 --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file 107 --tlskey="/home/sven/.docker/key.pem" Path to TLS key file 108 --tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) 109 -v, --version=false Print version information and quit 110 111 Options with [] may be specified multiple times. 112 113 The Docker daemon is the persistent process that manages containers. 114 Docker uses the same binary for both the daemon and client. To run the 115 daemon you provide the `-d` flag. 116 117 118 To run the daemon with debug output, use `docker -d -D`. 119 120 ### Daemon socket option 121 122 The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/) 123 requests via three different types of Socket: `unix`, `tcp`, and `fd`. 124 125 By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`, 126 requiring either `root` permission, or `docker` group membership. 127 128 If you need to access the Docker daemon remotely, you need to enable the `tcp` 129 Socket. Beware that the default setup provides un-encrypted and un-authenticated 130 direct access to the Docker daemon - and should be secured either using the 131 [built in HTTPS encrypted socket](/articles/https/), or by putting a secure web 132 proxy in front of it. You can listen on port `2375` on all network interfaces 133 with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP 134 address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375` 135 for un-encrypted, and port `2376` for encrypted communication with the daemon. 136 137 > **Note** If you're using an HTTPS encrypted socket, keep in mind that only TLS1.0 138 > and greater are supported. Protocols SSLv3 and under are not supported anymore 139 > for security reasons. 140 141 On Systemd based systems, you can communicate with the daemon via 142 [systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use 143 `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but 144 you can also specify individual sockets: `docker -d -H fd://3`. If the 145 specified socket activated files aren't found, then Docker will exit. You 146 can find examples of using Systemd socket activation with Docker and 147 Systemd in the [Docker source tree]( 148 https://github.com/docker/docker/tree/master/contrib/init/systemd/). 149 150 You can configure the Docker daemon to listen to multiple sockets at the same 151 time using multiple `-H` options: 152 153 # listen using the default unix socket, and on 2 specific IP addresses on this host. 154 docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 155 156 The Docker client will honor the `DOCKER_HOST` environment variable to set 157 the `-H` flag for the client. 158 159 $ sudo docker -H tcp://0.0.0.0:2375 ps 160 # or 161 $ export DOCKER_HOST="tcp://0.0.0.0:2375" 162 $ sudo docker ps 163 # both are equal 164 165 Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty 166 string is equivalent to setting the `--tlsverify` flag. The following are equivalent: 167 168 $ sudo docker --tlsverify ps 169 # or 170 $ export DOCKER_TLS_VERIFY=1 171 $ sudo docker ps 172 173 ### Daemon storage-driver option 174 175 The Docker daemon has support for several different image layer storage drivers: `aufs`, 176 `devicemapper`, `btrfs` and `overlay`. 177 178 The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that 179 is unlikely to be merged into the main kernel. These are also known to cause some 180 serious kernel crashes. However, `aufs` is also the only storage driver that allows 181 containers to share executable and shared library memory, so is a useful choice 182 when running thousands of containers with the same program or libraries. 183 184 The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) 185 snapshots. For each devicemapper graph location – typically 186 `/var/lib/docker/devicemapper` – a thin pool is created based on two block 187 devices, one for data and one for metadata. By default, these block devices 188 are created automatically by using loopback mounts of automatically created 189 sparse files. Refer to [Storage driver options](#storage-driver-options) below 190 for a way how to customize this setup. 191 [~jpetazzo/Resizing Docker containers with the Device Mapper plugin]( 192 http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) article 193 explains how to tune your existing setup without the use of options. 194 195 The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not 196 share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. 197 198 The `overlay` is a very fast union filesystem. It is now merged in the main 199 Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). 200 Call `docker -d -s overlay` to use it. 201 > **Note:** 202 > It is currently unsupported on `btrfs` or any Copy on Write filesystem 203 > and should only be used over `ext4` partitions. 204 205 #### Storage driver options 206 207 Particular storage-driver can be configured with options specified with 208 `--storage-opt` flags. The only driver accepting options is `devicemapper` as 209 of now. All its options are prefixed with `dm`. 210 211 Currently supported options are: 212 213 * `dm.basesize` 214 215 Specifies the size to use when creating the base device, which limits the 216 size of images and containers. The default value is 10G. Note, thin devices 217 are inherently "sparse", so a 10G device which is mostly empty doesn't use 218 10 GB of space on the pool. However, the filesystem will use more space for 219 the empty case the larger the device is. 220 221 **Warning**: This value affects the system-wide "base" empty filesystem 222 that may already be initialized and inherited by pulled images. Typically, 223 a change to this value will require additional steps to take effect: 224 225 $ sudo service docker stop 226 $ sudo rm -rf /var/lib/docker 227 $ sudo service docker start 228 229 Example use: 230 231 $ sudo docker -d --storage-opt dm.basesize=20G 232 233 * `dm.loopdatasize` 234 235 Specifies the size to use when creating the loopback file for the "data" 236 device which is used for the thin pool. The default size is 100G. Note that 237 the file is sparse, so it will not initially take up this much space. 238 239 Example use: 240 241 $ sudo docker -d --storage-opt dm.loopdatasize=200G 242 243 * `dm.loopmetadatasize` 244 245 Specifies the size to use when creating the loopback file for the 246 "metadata" device which is used for the thin pool. The default size is 2G. 247 Note that the file is sparse, so it will not initially take up this much 248 space. 249 250 Example use: 251 252 $ sudo docker -d --storage-opt dm.loopmetadatasize=4G 253 254 * `dm.fs` 255 256 Specifies the filesystem type to use for the base device. The supported 257 options are "ext4" and "xfs". The default is "ext4" 258 259 Example use: 260 261 $ sudo docker -d --storage-opt dm.fs=xfs 262 263 * `dm.mkfsarg` 264 265 Specifies extra mkfs arguments to be used when creating the base device. 266 267 Example use: 268 269 $ sudo docker -d --storage-opt "dm.mkfsarg=-O ^has_journal" 270 271 * `dm.mountopt` 272 273 Specifies extra mount options used when mounting the thin devices. 274 275 Example use: 276 277 $ sudo docker -d --storage-opt dm.mountopt=nodiscard 278 279 * `dm.datadev` 280 281 Specifies a custom blockdevice to use for data for the thin pool. 282 283 If using a block device for device mapper storage, ideally both datadev and 284 metadatadev should be specified to completely avoid using the loopback 285 device. 286 287 Example use: 288 289 $ sudo docker -d \ 290 --storage-opt dm.datadev=/dev/sdb1 \ 291 --storage-opt dm.metadatadev=/dev/sdc1 292 293 * `dm.metadatadev` 294 295 Specifies a custom blockdevice to use for metadata for the thin pool. 296 297 For best performance the metadata should be on a different spindle than the 298 data, or even better on an SSD. 299 300 If setting up a new metadata pool it is required to be valid. This can be 301 achieved by zeroing the first 4k to indicate empty metadata, like this: 302 303 $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 304 305 Example use: 306 307 $ sudo docker -d \ 308 --storage-opt dm.datadev=/dev/sdb1 \ 309 --storage-opt dm.metadatadev=/dev/sdc1 310 311 * `dm.blocksize` 312 313 Specifies a custom blocksize to use for the thin pool. The default 314 blocksize is 64K. 315 316 Example use: 317 318 $ sudo docker -d --storage-opt dm.blocksize=512K 319 320 * `dm.blkdiscard` 321 322 Enables or disables the use of blkdiscard when removing devicemapper 323 devices. This is enabled by default (only) if using loopback devices and is 324 required to res-parsify the loopback file on image/container removal. 325 326 Disabling this on loopback can lead to *much* faster container removal 327 times, but will make the space used in `/var/lib/docker` directory not be 328 returned to the system for other use when containers are removed. 329 330 Example use: 331 332 $ sudo docker -d --storage-opt dm.blkdiscard=false 333 334 ### Docker exec-driver option 335 336 The Docker daemon uses a specifically built `libcontainer` execution driver as its 337 interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. 338 339 There is still legacy support for the original [LXC userspace tools]( 340 https://linuxcontainers.org/) via the `lxc` execution driver, however, this is 341 not where the primary development of new functionality is taking place. 342 Add `-e lxc` to the daemon flags to use the `lxc` execution driver. 343 344 345 ### Daemon DNS options 346 347 To set the DNS server for all Docker containers, use 348 `docker -d --dns 8.8.8.8`. 349 350 To set the DNS search domain for all Docker containers, use 351 `docker -d --dns-search example.com`. 352 353 ### Insecure registries 354 355 Docker considers a private registry either secure or insecure. 356 In the rest of this section, *registry* is used for *private registry*, and `myregistry:5000` 357 is a placeholder example for a private registry. 358 359 A secure registry uses TLS and a copy of its CA certificate is placed on the Docker host at 360 `/etc/docker/certs.d/myregistry:5000/ca.crt`. 361 An insecure registry is either not using TLS (i.e., listening on plain text HTTP), or is using 362 TLS with a CA certificate not known by the Docker daemon. The latter can happen when the 363 certificate was not found under `/etc/docker/certs.d/myregistry:5000/`, or if the certificate 364 verification failed (i.e., wrong CA). 365 366 By default, Docker assumes all, but local (see local registries below), registries are secure. 367 Communicating with an insecure registry is not possible if Docker assumes that registry is secure. 368 In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry` 369 in one of the following two forms: 370 371 * `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure. 372 * `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part 373 of the subnet described by the CIDR syntax, should be considered insecure. 374 375 The flag can be used multiple times to allow multiple registries to be marked as insecure. 376 377 If an insecure registry is not marked as insecure, `docker pull`, `docker push`, and `docker search` 378 will result in an error message prompting the user to either secure or pass the `--insecure-registry` 379 flag to the Docker daemon as described above. 380 381 Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure 382 as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. 383 384 ### Running a Docker daemon behind a HTTPS_PROXY 385 386 When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub certificates 387 will be replaced by the proxy's certificates. These certificates need to be added 388 to your Docker host's configuration: 389 390 1. Install the `ca-certificates` package for your distribution 391 2. Ask your network admin for the proxy's CA certificate and append them to 392 `/etc/pki/tls/certs/ca-bundle.crt` 393 3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ docker -d`. 394 The `username:` and `password@` are optional - and are only needed if your proxy 395 is set up to require authentication. 396 397 This will only add the proxy and authentication to the Docker daemon's requests - 398 your `docker build`s and running containers will need extra configuration to use 399 the proxy 400 401 ### Miscellaneous options 402 403 IP masquerading uses address translation to allow containers without a public IP to talk 404 to other machines on the Internet. This may interfere with some network topologies and 405 can be disabled with --ip-masq=false. 406 407 Docker supports softlinks for the Docker data directory 408 (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: 409 410 DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 411 # or 412 export DOCKER_TMPDIR=/mnt/disk2/tmp 413 /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 414 415 416 ## attach 417 418 Usage: docker attach [OPTIONS] CONTAINER 419 420 Attach to a running container 421 422 --no-stdin=false Do not attach STDIN 423 --sig-proxy=true Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. 424 425 The `attach` command lets you view or interact with any running container's 426 primary process (`pid 1`). 427 428 You can attach to the same contained process multiple times simultaneously, screen 429 sharing style, or quickly view the progress of your daemonized process. 430 431 > **Note:** This command is not for running a new process in a container. 432 > See: [`docker exec`](#exec). 433 434 You can detach from the container again (and leave it running) with 435 `CTRL-p CTRL-q` (for a quiet exit), or `CTRL-c` which will send a 436 SIGKILL to the container, or `CTRL-\` to get a stacktrace of the 437 Docker client when it quits. When you detach from the container's 438 process the exit code will be returned to the client. 439 440 To stop a container, use `docker stop`. 441 442 To kill the container, use `docker kill`. 443 444 #### Examples 445 446 $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) 447 $ sudo docker attach $ID 448 top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 449 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie 450 Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st 451 Mem: 373572k total, 355560k used, 18012k free, 27872k buffers 452 Swap: 786428k total, 0k used, 786428k free, 221740k cached 453 454 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 455 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top 456 457 top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 458 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie 459 Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st 460 Mem: 373572k total, 355244k used, 18328k free, 27872k buffers 461 Swap: 786428k total, 0k used, 786428k free, 221776k cached 462 463 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 464 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top 465 466 467 top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 468 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie 469 Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st 470 Mem: 373572k total, 355780k used, 17792k free, 27880k buffers 471 Swap: 786428k total, 0k used, 786428k free, 221776k cached 472 473 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 474 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top 475 ^C$ 476 $ sudo docker stop $ID 477 478 ## build 479 480 Usage: docker build [OPTIONS] PATH | URL | - 481 482 Build a new image from the source code at PATH 483 484 --force-rm=false Always remove intermediate containers, even after unsuccessful builds 485 --no-cache=false Do not use cache when building the image 486 --pull=false Always attempt to pull a newer version of the image 487 -q, --quiet=false Suppress the verbose output generated by the containers 488 --rm=true Remove intermediate containers after a successful build 489 -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success 490 491 Use this command to build Docker images from a Dockerfile and a 492 "context". 493 494 The files at `PATH` or `URL` are called the "context" of the build. The 495 build process may refer to any of the files in the context, for example 496 when using an [*ADD*](/reference/builder/#add) instruction. 497 When a single Dockerfile is given as `URL` or is piped through `STDIN` 498 (`docker build - < Dockerfile`), then no context is set. 499 500 When a Git repository is set as `URL`, then the repository is used as 501 the context. The Git repository is cloned with its submodules 502 (`git clone -recursive`). A fresh `git clone` occurs in a temporary directory 503 on your local host, and then this is sent to the Docker daemon as the 504 context. This way, your local user credentials and VPN's etc can be 505 used to access private repositories. 506 507 If a file named `.dockerignore` exists in the root of `PATH` then it 508 is interpreted as a newline-separated list of exclusion patterns. 509 Exclusion patterns match files or directories relative to `PATH` that 510 will be excluded from the context. Globbing is done using Go's 511 [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. 512 513 Please note that `.dockerignore` files in other subdirectories are 514 considered as normal files. Filepaths in .dockerignore are absolute with 515 the current directory as the root. Wildcards are allowed but the search 516 is not recursive. 517 518 #### Example .dockerignore file 519 */temp* 520 */*/temp* 521 temp? 522 523 The first line above `*/temp*`, would ignore all files with names starting with 524 `temp` from any subdirectory below the root directory. For example, a file named 525 `/somedir/temporary.txt` would be ignored. The second line `*/*/temp*`, will 526 ignore files starting with name `temp` from any subdirectory that is two levels 527 below the root directory. For example, the file `/somedir/subdir/temporary.txt` 528 would get ignored in this case. The last line in the above example `temp?` 529 will ignore the files that match the pattern from the root directory. 530 For example, the files `tempa`, `tempb` are ignored from the root directory. 531 Currently there is no support for regular expressions. Formats 532 like `[^temp*]` are ignored. 533 534 By default the `docker build` command will look for a `Dockerfile` at the 535 root of the build context. The `-f`, `--file`, option lets you specify 536 the path to an alternative file to use instead. This is useful 537 in cases where the same set of files are used for multiple builds. The path 538 must be to a file within the build context. If a relative path is specified 539 then it must to be relative to the current directory. 540 541 542 See also: 543 544 [*Dockerfile Reference*](/reference/builder). 545 546 #### Examples 547 548 $ sudo docker build . 549 Uploading context 10240 bytes 550 Step 1 : FROM busybox 551 Pulling repository busybox 552 ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ 553 Step 2 : RUN ls -lh / 554 ---> Running in 9c9e81692ae9 555 total 24 556 drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin 557 drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev 558 drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc 559 drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib 560 lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib 561 dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc 562 lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin 563 dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys 564 drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp 565 drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr 566 ---> b35f4035db3f 567 Step 3 : CMD echo Hello world 568 ---> Running in 02071fceb21b 569 ---> f52f38b7823e 570 Successfully built f52f38b7823e 571 Removing intermediate container 9c9e81692ae9 572 Removing intermediate container 02071fceb21b 573 574 This example specifies that the `PATH` is 575 `.`, and so all the files in the local directory get 576 `tar`d and sent to the Docker daemon. The `PATH` 577 specifies where to find the files for the "context" of the build on the 578 Docker daemon. Remember that the daemon could be running on a remote 579 machine and that no parsing of the Dockerfile 580 happens at the client side (where you're running 581 `docker build`). That means that *all* the files at 582 `PATH` get sent, not just the ones listed to 583 [*ADD*](/reference/builder/#add) in the Dockerfile. 584 585 The transfer of context from the local machine to the Docker daemon is 586 what the `docker` client means when you see the 587 "Sending build context" message. 588 589 If you wish to keep the intermediate containers after the build is 590 complete, you must use `--rm=false`. This does not 591 affect the build cache. 592 593 $ sudo docker build . 594 Uploading context 18.829 MB 595 Uploading context 596 Step 0 : FROM busybox 597 ---> 769b9341d937 598 Step 1 : CMD echo Hello world 599 ---> Using cache 600 ---> 99cc1ad10469 601 Successfully built 99cc1ad10469 602 $ echo ".git" > .dockerignore 603 $ sudo docker build . 604 Uploading context 6.76 MB 605 Uploading context 606 Step 0 : FROM busybox 607 ---> 769b9341d937 608 Step 1 : CMD echo Hello world 609 ---> Using cache 610 ---> 99cc1ad10469 611 Successfully built 99cc1ad10469 612 613 This example shows the use of the `.dockerignore` file to exclude the `.git` 614 directory from the context. Its effect can be seen in the changed size of the 615 uploaded context. 616 617 $ sudo docker build -t vieux/apache:2.0 . 618 619 This will build like the previous example, but it will then tag the 620 resulting image. The repository name will be `vieux/apache` 621 and the tag will be `2.0` 622 623 $ sudo docker build - < Dockerfile 624 625 This will read a Dockerfile from `STDIN` without context. Due to the 626 lack of a context, no contents of any local directory will be sent to 627 the Docker daemon. Since there is no context, a Dockerfile `ADD` only 628 works if it refers to a remote URL. 629 630 $ sudo docker build - < context.tar.gz 631 632 This will build an image for a compressed context read from `STDIN`. 633 Supported formats are: bzip2, gzip and xz. 634 635 $ sudo docker build github.com/creack/docker-firefox 636 637 This will clone the GitHub repository and use the cloned repository as 638 context. The Dockerfile at the root of the 639 repository is used as Dockerfile. Note that you 640 can specify an arbitrary Git repository by using the `git://` or `git@` 641 schema. 642 643 $ sudo docker build -f Dockerfile.debug . 644 645 This will use a file called `Dockerfile.debug` for the build 646 instructions instead of `Dockerfile`. 647 648 $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . 649 $ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . 650 651 The above commands will build the current build context (as specified by 652 the `.`) twice, once using a debug version of a `Dockerfile` and once using 653 a production version. 654 655 $ cd /home/me/myapp/some/dir/really/deep 656 $ sudo docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp 657 $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp 658 659 These two `docker build` commands do the exact same thing. They both 660 use the contents of the `debug` file instead of looking for a `Dockerfile` 661 and will use `/home/me/myapp` as the root of the build context. Note that 662 `debug` is in the directory structure of the build context, regardless of how 663 you refer to it on the command line. 664 665 > **Note:** `docker build` will return a `no such file or directory` error 666 > if the file or directory does not exist in the uploaded context. This may 667 > happen if there is no context, or if you specify a file that is elsewhere 668 > on the Host system. The context is limited to the current directory (and its 669 > children) for security reasons, and to ensure repeatable builds on remote 670 > Docker hosts. This is also the reason why `ADD ../file` will not work. 671 672 ## commit 673 674 Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] 675 676 Create a new image from a container's changes 677 678 -a, --author="" Author (e.g., "John Hannibal Smith <hannibal@a-team.com>") 679 -m, --message="" Commit message 680 -p, --pause=true Pause container during commit 681 682 It can be useful to commit a container's file changes or settings into a 683 new image. This allows you debug a container by running an interactive 684 shell, or to export a working dataset to another server. Generally, it 685 is better to use Dockerfiles to manage your images in a documented and 686 maintainable way. 687 688 By default, the container being committed and its processes will be paused 689 while the image is committed. This reduces the likelihood of 690 encountering data corruption during the process of creating the commit. 691 If this behavior is undesired, set the 'p' option to false. 692 693 #### Commit an existing container 694 695 $ sudo docker ps 696 ID IMAGE COMMAND CREATED STATUS PORTS 697 c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 698 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 699 $ sudo docker commit c3f279d17e0a SvenDowideit/testimage:version3 700 f5283438590d 701 $ sudo docker images | head 702 REPOSITORY TAG ID CREATED VIRTUAL SIZE 703 SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB 704 705 ## cp 706 707 Copy files/folders from a container's filesystem to the host 708 path. Paths are relative to the root of the filesystem. 709 710 Usage: docker cp CONTAINER:PATH HOSTPATH 711 712 Copy files/folders from the PATH to the HOSTPATH 713 714 ## create 715 716 Creates a new container. 717 718 Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] 719 720 Create a new container 721 722 -a, --attach=[] Attach to STDIN, STDOUT or STDERR. 723 --add-host=[] Add a custom host-to-IP mapping (host:ip) 724 -c, --cpu-shares=0 CPU shares (relative weight) 725 --cap-add=[] Add Linux capabilities 726 --cap-drop=[] Drop Linux capabilities 727 --cidfile="" Write the container ID to the file 728 --cpuset="" CPUs in which to allow execution (0-3, 0,1) 729 --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) 730 --dns=[] Set custom DNS servers 731 --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) 732 -e, --env=[] Set environment variables 733 --entrypoint="" Overwrite the default ENTRYPOINT of the image 734 --env-file=[] Read in a line delimited file of environment variables 735 --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host 736 -h, --hostname="" Container host name 737 -i, --interactive=false Keep STDIN open even if not attached 738 --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 739 'container:<name|id>': reuses another container shared memory, semaphores and message queues 740 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. 741 --link=[] Add link to another container in the form of name:alias 742 --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" 743 -m, --memory="" Memory limit (format: <number><optional unit>, where unit = b, k, m or g) 744 --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) 745 --name="" Assign a name to the container 746 --net="bridge" Set the Network mode for the container 747 'bridge': creates a new network stack for the container on the docker bridge 748 'none': no networking for this container 749 'container:<name|id>': reuses another container network stack 750 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. 751 -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces 752 -p, --publish=[] Publish a container's port, or a range of ports (e.g., `-p 3300-3310`), to the host 753 format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort 754 Both hostPort and containerPort can be specified as a range of ports. 755 When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) 756 (use 'docker port' to see the actual mapping) 757 --privileged=false Give extended privileges to this container 758 --read-only=false Mount the container's root filesystem as read only 759 --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) 760 --security-opt=[] Security Options 761 -t, --tty=false Allocate a pseudo-TTY 762 -u, --user="" Username or UID 763 -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) 764 --volumes-from=[] Mount volumes from the specified container(s) 765 -w, --workdir="" Working directory inside the container 766 767 The `docker create` command creates a writeable container layer over 768 the specified image and prepares it for running the specified command. 769 The container ID is then printed to `STDOUT`. 770 This is similar to `docker run -d` except the container is never started. 771 You can then use the `docker start <container_id>` command to start the 772 container at any point. 773 774 This is useful when you want to set up a container configuration ahead 775 of time so that it is ready to start when you need it. 776 777 Note that volumes set by `create` may be over-ridden by options set with 778 `start`. 779 780 Please see the [run command](#run) section for more details. 781 782 #### Examples 783 784 $ sudo docker create -t -i fedora bash 785 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 786 $ sudo docker start -a -i 6d8af538ec5 787 bash-4.2# 788 789 As of v1.4.0 container volumes are initialized during the `docker create` 790 phase (i.e., `docker run` too). For example, this allows you to `create` the 791 `data` volume container, and then use it from another container: 792 793 $ docker create -v /data --name data ubuntu 794 240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 795 $ docker run --rm --volumes-from data ubuntu ls -la /data 796 total 8 797 drwxr-xr-x 2 root root 4096 Dec 5 04:10 . 798 drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. 799 800 Similarly, `create` a host directory bind mounted volume container, which 801 can then be used from the subsequent container: 802 803 $ docker create -v /home/docker:/docker --name docker ubuntu 804 9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 805 $ docker run --rm --volumes-from docker ubuntu ls -la /docker 806 total 20 807 drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . 808 drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. 809 -rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history 810 -rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc 811 -rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig 812 drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local 813 -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile 814 drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh 815 drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker 816 817 818 ## diff 819 820 List the changed files and directories in a container᾿s filesystem 821 822 Usage: docker diff CONTAINER 823 824 Inspect changes on a container's filesystem 825 826 There are 3 events that are listed in the `diff`: 827 828 1. `A` - Add 829 2. `D` - Delete 830 3. `C` - Change 831 832 For example: 833 834 $ sudo docker diff 7bb0e258aefe 835 836 C /dev 837 A /dev/kmsg 838 C /etc 839 A /etc/mtab 840 A /go 841 A /go/src 842 A /go/src/github.com 843 A /go/src/github.com/docker 844 A /go/src/github.com/docker/docker 845 A /go/src/github.com/docker/docker/.git 846 .... 847 848 ## events 849 850 Usage: docker events [OPTIONS] 851 852 Get real time events from the server 853 854 -f, --filter=[] Provide filter values (i.e., 'event=stop') 855 --since="" Show all events created since timestamp 856 --until="" Stream events until this timestamp 857 858 Docker containers will report the following events: 859 860 create, destroy, die, export, kill, oom, pause, restart, start, stop, unpause 861 862 and Docker images will report: 863 864 untag, delete 865 866 #### Filtering 867 868 The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use 869 multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) 870 871 Using the same filter multiple times will be handled as a *OR*; for example 872 `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display events for 873 container 588a23dac085 *OR* container a8f7720b8c22 874 875 Using multiple filters will be handled as a *AND*; for example 876 `--filter container=588a23dac085 --filter event=start` will display events for container 877 container 588a23dac085 *AND* the event type is *start* 878 879 Current filters: 880 * event 881 * image 882 * container 883 884 #### Examples 885 886 You'll need two shells for this example. 887 888 **Shell 1: Listening for events:** 889 890 $ sudo docker events 891 892 **Shell 2: Start and Stop containers:** 893 894 $ sudo docker start 4386fb97867d 895 $ sudo docker stop 4386fb97867d 896 $ sudo docker stop 7805c1d35632 897 898 **Shell 1: (Again .. now showing events):** 899 900 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start 901 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 902 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 903 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 904 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 905 906 **Show events in the past from a specified time:** 907 908 $ sudo docker events --since 1378216169 909 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 910 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 911 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 912 2014-03-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 913 914 $ sudo docker events --since '2013-09-03' 915 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start 916 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 917 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 918 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 919 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 920 921 $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' 922 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 923 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 924 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 925 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 926 927 **Filter events:** 928 929 $ sudo docker events --filter 'event=stop' 930 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 931 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 932 933 $ sudo docker events --filter 'image=ubuntu-1:14.04' 934 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start 935 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 936 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 937 938 $ sudo docker events --filter 'container=7805c1d35632' 939 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 940 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 941 942 $ sudo docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' 943 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 944 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 945 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 946 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 947 948 $ sudo docker events --filter 'container=7805c1d35632' --filter 'event=stop' 949 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop 950 951 ## exec 952 953 Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] 954 955 Run a command in a running container 956 957 -d, --detach=false Detached mode: run command in the background 958 -i, --interactive=false Keep STDIN open even if not attached 959 -t, --tty=false Allocate a pseudo-TTY 960 961 The `docker exec` command runs a new command in a running container. 962 963 The command started using `docker exec` will only run while the container's primary 964 process (`PID 1`) is running, and will not be restarted if the container is restarted. 965 966 If the container is paused, then the `docker exec` command will fail with an error: 967 968 $ docker pause test 969 test 970 $ docker ps 971 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 972 1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test 973 $ docker exec test ls 974 FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec 975 $ echo $? 976 1 977 978 #### Examples 979 980 $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash 981 982 This will create a container named `ubuntu_bash` and start a Bash session. 983 984 $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks 985 986 This will create a new file `/tmp/execWorks` inside the running container 987 `ubuntu_bash`, in the background. 988 989 $ sudo docker exec -it ubuntu_bash bash 990 991 This will create a new Bash session in the container `ubuntu_bash`. 992 993 ## export 994 995 Usage: docker export CONTAINER 996 997 Export the contents of a filesystem as a tar archive to STDOUT 998 999 For example: 1000 1001 $ sudo docker export red_panda > latest.tar 1002 1003 > **Note:** 1004 > `docker export` does not export the contents of volumes associated with the 1005 > container. If a volume is mounted on top of an existing directory in the 1006 > container, `docker export` will export the contents of the *underlying* 1007 > directory, not the contents of the volume. 1008 > 1009 > Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) 1010 > in the user guide for examples on exporting data in a volume. 1011 1012 ## history 1013 1014 Usage: docker history [OPTIONS] IMAGE 1015 1016 Show the history of an image 1017 1018 --no-trunc=false Don't truncate output 1019 -q, --quiet=false Only show numeric IDs 1020 1021 To see how the `docker:latest` image was built: 1022 1023 $ sudo docker history docker 1024 IMAGE CREATED CREATED BY SIZE 1025 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B 1026 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB 1027 be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB 1028 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB 1029 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B 1030 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B 1031 1032 ## images 1033 1034 Usage: docker images [OPTIONS] [REPOSITORY] 1035 1036 List images 1037 1038 -a, --all=false Show all images (by default filter out the intermediate image layers) 1039 -f, --filter=[] Provide filter values (i.e., 'dangling=true') 1040 --no-trunc=false Don't truncate output 1041 -q, --quiet=false Only show numeric IDs 1042 1043 The default `docker images` will show all top level 1044 images, their repository and tags, and their virtual size. 1045 1046 Docker images have intermediate layers that increase reusability, 1047 decrease disk usage, and speed up `docker build` by 1048 allowing each step to be cached. These intermediate layers are not shown 1049 by default. 1050 1051 The `VIRTUAL SIZE` is the cumulative space taken up by the image and all 1052 its parent images. This is also the disk space used by the contents of the 1053 Tar file created when you `docker save` an image. 1054 1055 An image will be listed more than once if it has multiple repository names 1056 or tags. This single image (identifiable by its matching `IMAGE ID`) 1057 uses up the `VIRTUAL SIZE` listed only once. 1058 1059 #### Listing the most recently created images 1060 1061 $ sudo docker images | head 1062 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1063 <none> <none> 77af4d6b9913 19 hours ago 1.089 GB 1064 committ latest b6fa739cedf5 19 hours ago 1.089 GB 1065 <none> <none> 78a85c484f71 19 hours ago 1.089 GB 1066 docker latest 30557a29d5ab 20 hours ago 1.089 GB 1067 <none> <none> 5ed6274db6ce 24 hours ago 1.089 GB 1068 postgres 9 746b819f315e 4 days ago 213.4 MB 1069 postgres 9.3 746b819f315e 4 days ago 213.4 MB 1070 postgres 9.3.5 746b819f315e 4 days ago 213.4 MB 1071 postgres latest 746b819f315e 4 days ago 213.4 MB 1072 1073 1074 #### Listing the full length image IDs 1075 1076 $ sudo docker images --no-trunc | head 1077 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1078 <none> <none> 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB 1079 committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB 1080 <none> <none> 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB 1081 docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB 1082 <none> <none> 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB 1083 <none> <none> 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB 1084 <none> <none> f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB 1085 tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 1086 <none> <none> 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB 1087 1088 #### Filtering 1089 1090 The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more 1091 than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) 1092 1093 Current filters: 1094 * dangling (boolean - true or false) 1095 1096 ##### Untagged images 1097 1098 $ sudo docker images --filter "dangling=true" 1099 1100 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1101 <none> <none> 8abc22fbb042 4 weeks ago 0 B 1102 <none> <none> 48e5f45168b9 4 weeks ago 2.489 MB 1103 <none> <none> bf747efa0e2f 4 weeks ago 0 B 1104 <none> <none> 980fe10e5736 12 weeks ago 101.4 MB 1105 <none> <none> dea752e4e117 12 weeks ago 101.4 MB 1106 <none> <none> 511136ea3c5a 8 months ago 0 B 1107 1108 This will display untagged images, that are the leaves of the images tree (not 1109 intermediary layers). These images occur when a new build of an image takes the 1110 `repo:tag` away from the image ID, leaving it untagged. A warning will be issued 1111 if trying to remove an image when a container is presently using it. 1112 By having this flag it allows for batch cleanup. 1113 1114 Ready for use by `docker rmi ...`, like: 1115 1116 $ sudo docker rmi $(sudo docker images -f "dangling=true" -q) 1117 1118 8abc22fbb042 1119 48e5f45168b9 1120 bf747efa0e2f 1121 980fe10e5736 1122 dea752e4e117 1123 511136ea3c5a 1124 1125 NOTE: Docker will warn you if any containers exist that are using these untagged images. 1126 1127 ## import 1128 1129 Usage: docker import URL|- [REPOSITORY[:TAG]] 1130 1131 Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. 1132 1133 URLs must start with `http` and point to a single file archive (.tar, 1134 .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If 1135 you would like to import from a local directory or archive, you can use 1136 the `-` parameter to take the data from `STDIN`. 1137 1138 #### Examples 1139 1140 **Import from a remote location:** 1141 1142 This will create a new untagged image. 1143 1144 $ sudo docker import http://example.com/exampleimage.tgz 1145 1146 **Import from a local file:** 1147 1148 Import to docker via pipe and `STDIN`. 1149 1150 $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new 1151 1152 **Import from a local directory:** 1153 1154 $ sudo tar -c . | sudo docker import - exampleimagedir 1155 1156 Note the `sudo` in this example – you must preserve 1157 the ownership of the files (especially root ownership) during the 1158 archiving with tar. If you are not root (or the sudo command) when you 1159 tar, then the ownerships might not get preserved. 1160 1161 ## info 1162 1163 1164 Usage: docker info 1165 1166 Display system-wide information 1167 1168 For example: 1169 1170 $ sudo docker -D info 1171 Containers: 14 1172 Images: 52 1173 Storage Driver: aufs 1174 Root Dir: /var/lib/docker/aufs 1175 Backing Filesystem: extfs 1176 Dirs: 545 1177 Execution Driver: native-0.2 1178 Kernel Version: 3.13.0-24-generic 1179 Operating System: Ubuntu 14.04 LTS 1180 CPUs: 1 1181 Name: prod-server-42 1182 ID: 7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS 1183 Total Memory: 2 GiB 1184 Debug mode (server): false 1185 Debug mode (client): true 1186 Fds: 10 1187 Goroutines: 9 1188 EventsListeners: 0 1189 Init Path: /usr/bin/docker 1190 Docker Root Dir: /var/lib/docker 1191 Username: svendowideit 1192 Registry: [https://index.docker.io/v1/] 1193 Labels: 1194 storage=ssd 1195 1196 The global `-D` option tells all `docker` commands to output debug information. 1197 1198 When sending issue reports, please use `docker version` and `docker -D info` to 1199 ensure we know how your setup is configured. 1200 1201 ## inspect 1202 1203 Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...] 1204 1205 Return low-level information on a container or image 1206 1207 -f, --format="" Format the output using the given go template. 1208 1209 By default, this will render all results in a JSON array. If a format is 1210 specified, the given template will be executed for each result. 1211 1212 Go's [text/template](http://golang.org/pkg/text/template/) package 1213 describes all the details of the format. 1214 1215 #### Examples 1216 1217 **Get an instance's IP address:** 1218 1219 For the most part, you can pick out any field from the JSON in a fairly 1220 straightforward manner. 1221 1222 $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID 1223 1224 **Get an instance's MAC Address:** 1225 1226 For the most part, you can pick out any field from the JSON in a fairly 1227 straightforward manner. 1228 1229 $ sudo docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID 1230 1231 **List All Port Bindings:** 1232 1233 One can loop over arrays and maps in the results to produce simple text 1234 output: 1235 1236 $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID 1237 1238 **Find a Specific Port Mapping:** 1239 1240 The `.Field` syntax doesn't work when the field name begins with a 1241 number, but the template language's `index` function does. The 1242 `.NetworkSettings.Ports` section contains a map of the internal port 1243 mappings to a list of external address/port objects, so to grab just the 1244 numeric public port, you use `index` to find the specific port map, and 1245 then `index` 0 contains the first object inside of that. Then we ask for 1246 the `HostPort` field to get the public address. 1247 1248 $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID 1249 1250 **Get config:** 1251 1252 The `.Field` syntax doesn't work when the field contains JSON data, but 1253 the template language's custom `json` function does. The `.config` 1254 section contains complex JSON object, so to grab it as JSON, you use 1255 `json` to convert the configuration object into JSON. 1256 1257 $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID 1258 1259 ## kill 1260 1261 Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] 1262 1263 Kill a running container using SIGKILL or a specified signal 1264 1265 -s, --signal="KILL" Signal to send to the container 1266 1267 The main process inside the container will be sent `SIGKILL`, or any 1268 signal specified with option `--signal`. 1269 1270 ## load 1271 1272 Usage: docker load [OPTIONS] 1273 1274 Load an image from a tar archive on STDIN 1275 1276 -i, --input="" Read from a tar archive file, instead of STDIN 1277 1278 Loads a tarred repository from a file or the standard input stream. 1279 Restores both images and tags. 1280 1281 $ sudo docker images 1282 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1283 $ sudo docker load < busybox.tar 1284 $ sudo docker images 1285 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1286 busybox latest 769b9341d937 7 weeks ago 2.489 MB 1287 $ sudo docker load --input fedora.tar 1288 $ sudo docker images 1289 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 1290 busybox latest 769b9341d937 7 weeks ago 2.489 MB 1291 fedora rawhide 0d20aec6529d 7 weeks ago 387 MB 1292 fedora 20 58394af37342 7 weeks ago 385.5 MB 1293 fedora heisenbug 58394af37342 7 weeks ago 385.5 MB 1294 fedora latest 58394af37342 7 weeks ago 385.5 MB 1295 1296 ## login 1297 1298 Usage: docker login [OPTIONS] [SERVER] 1299 1300 Register or log in to a Docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. 1301 1302 -e, --email="" Email 1303 -p, --password="" Password 1304 -u, --username="" Username 1305 1306 If you want to login to a self-hosted registry you can specify this by 1307 adding the server name. 1308 1309 example: 1310 $ sudo docker login localhost:8080 1311 1312 ## logout 1313 1314 Usage: docker logout [SERVER] 1315 1316 Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. 1317 1318 For example: 1319 1320 $ sudo docker logout localhost:8080 1321 1322 ## logs 1323 1324 Usage: docker logs [OPTIONS] CONTAINER 1325 1326 Fetch the logs of a container 1327 1328 -f, --follow=false Follow log output 1329 -t, --timestamps=false Show timestamps 1330 --tail="all" Output the specified number of lines at the end of logs (defaults to all logs) 1331 1332 The `docker logs` command batch-retrieves logs present at the time of execution. 1333 1334 The `docker logs --follow` command will continue streaming the new output from 1335 the container's `STDOUT` and `STDERR`. 1336 1337 Passing a negative number or a non-integer to `--tail` is invalid and the 1338 value is set to `all` in that case. This behavior may change in the future. 1339 1340 The `docker logs --timestamp` commands will add an RFC3339Nano 1341 timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each 1342 log entry. To ensure that the timestamps for are aligned the 1343 nano-second part of the timestamp will be padded with zero when necessary. 1344 1345 ## pause 1346 1347 Usage: docker pause CONTAINER 1348 1349 Pause all processes within a container 1350 1351 The `docker pause` command uses the cgroups freezer to suspend all processes in 1352 a container. Traditionally, when suspending a process the `SIGSTOP` signal is 1353 used, which is observable by the process being suspended. With the cgroups freezer 1354 the process is unaware, and unable to capture, that it is being suspended, 1355 and subsequently resumed. 1356 1357 See the 1358 [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) 1359 for further details. 1360 1361 ## port 1362 1363 Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] 1364 1365 List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT 1366 1367 You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or 1368 just a specific mapping: 1369 1370 $ sudo docker ps test 1371 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1372 b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test 1373 $ sudo docker port test 1374 7890/tcp -> 0.0.0.0:4321 1375 9876/tcp -> 0.0.0.0:1234 1376 $ sudo docker port test 7890/tcp 1377 0.0.0.0:4321 1378 $ sudo docker port test 7890/udp 1379 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test 1380 $ sudo docker port test 7890 1381 0.0.0.0:4321 1382 1383 ## pause 1384 1385 Usage: docker pause CONTAINER 1386 1387 Pause all processes within a container 1388 1389 The `docker pause` command uses the cgroups freezer to suspend all processes in 1390 a container. Traditionally when suspending a process the `SIGSTOP` signal is 1391 used, which is observable by the process being suspended. With the cgroups freezer 1392 the process is unaware, and unable to capture, that it is being suspended, 1393 and subsequently resumed. 1394 1395 See the 1396 [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) 1397 for further details. 1398 1399 ## rename 1400 1401 Usage: docker rename OLD_NAME NEW_NAME 1402 1403 rename a existing container to a NEW_NAME 1404 1405 The `docker rename` command allows the container to be renamed to a different name. 1406 1407 ## ps 1408 1409 Usage: docker ps [OPTIONS] 1410 1411 List containers 1412 1413 -a, --all=false Show all containers. Only running containers are shown by default. 1414 --before="" Show only container created before Id or Name, include non-running ones. 1415 -f, --filter=[] Provide filter values. Valid filters: 1416 exited=<int> - containers with exit code of <int> 1417 status=(restarting|running|paused|exited) 1418 -l, --latest=false Show only the latest created container, include non-running ones. 1419 -n=-1 Show n last created containers, include non-running ones. 1420 --no-trunc=false Don't truncate output 1421 -q, --quiet=false Only display numeric IDs 1422 -s, --size=false Display total file sizes 1423 --since="" Show only containers created since Id or Name, include non-running ones. 1424 1425 Running `docker ps` showing 2 linked containers. 1426 1427 $ sudo docker ps 1428 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1429 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp 1430 d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db 1431 1432 `docker ps` will show only running containers by default. To see all containers: 1433 `docker ps -a` 1434 1435 #### Filtering 1436 1437 The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more 1438 than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) 1439 1440 Current filters: 1441 * exited (int - the code of exited containers. Only useful with '--all') 1442 * status (restarting|running|paused|exited) 1443 1444 ##### Successfully exited containers 1445 1446 $ sudo docker ps -a --filter 'exited=0' 1447 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1448 ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey 1449 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani 1450 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds 1451 1452 This shows all the containers that have exited with status of '0' 1453 1454 ## pull 1455 1456 Usage: docker pull [OPTIONS] NAME[:TAG] 1457 1458 Pull an image or a repository from the registry 1459 1460 -a, --all-tags=false Download all tagged images in the repository 1461 1462 Most of your images will be created on top of a base image from the 1463 [Docker Hub](https://hub.docker.com) registry. 1464 1465 [Docker Hub](https://hub.docker.com) contains many pre-built images that you 1466 can `pull` and try without needing to define and configure your own. 1467 1468 It is also possible to manually specify the path of a registry to pull from. 1469 For example, if you have set up a local registry, you can specify its path to 1470 pull from it. A repository path is similar to a URL, but does not contain 1471 a protocol specifier (`https://`, for example). 1472 1473 To download a particular image, or set of images (i.e., a repository), 1474 use `docker pull`: 1475 1476 $ sudo docker pull debian 1477 # will pull the debian:latest image, its intermediate layers 1478 # and any aliases of the same id 1479 $ sudo docker pull debian:testing 1480 # will pull the image named debian:testing and any intermediate 1481 # layers it is based on. 1482 # (Typically the empty `scratch` image, a MAINTAINER layer, 1483 # and the un-tarred base). 1484 $ sudo docker pull --all-tags centos 1485 # will pull all the images from the centos repository 1486 $ sudo docker pull registry.hub.docker.com/debian 1487 # manually specifies the path to the default Docker registry. This could 1488 # be replaced with the path to a local registry to pull from another source. 1489 1490 ## push 1491 1492 Usage: docker push NAME[:TAG] 1493 1494 Push an image or a repository to the registry 1495 1496 Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) 1497 registry or to a self-hosted one. 1498 1499 ## restart 1500 1501 Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] 1502 1503 Restart a running container 1504 1505 -t, --time=10 Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. 1506 1507 ## rm 1508 1509 Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] 1510 1511 Remove one or more containers 1512 1513 -f, --force=false Force the removal of a running container (uses SIGKILL) 1514 -l, --link=false Remove the specified link and not the underlying container 1515 -v, --volumes=false Remove the volumes associated with the container 1516 1517 #### Examples 1518 1519 $ sudo docker rm /redis 1520 /redis 1521 1522 This will remove the container referenced under the link 1523 `/redis`. 1524 1525 $ sudo docker rm --link /webapp/redis 1526 /webapp/redis 1527 1528 This will remove the underlying link between `/webapp` and the `/redis` 1529 containers removing all network communication. 1530 1531 $ sudo docker rm --force redis 1532 redis 1533 1534 The main process inside the container referenced under the link `/redis` will receive 1535 `SIGKILL`, then the container will be removed. 1536 1537 This command will delete all stopped containers. The command `docker ps 1538 -a -q` will return all existing container IDs and pass them to the `rm` 1539 command which will delete them. Any running containers will not be 1540 deleted. 1541 1542 ## rmi 1543 1544 Usage: docker rmi [OPTIONS] IMAGE [IMAGE...] 1545 1546 Remove one or more images 1547 1548 -f, --force=false Force removal of the image 1549 --no-prune=false Do not delete untagged parents 1550 1551 #### Removing tagged images 1552 1553 Images can be removed either by their short or long IDs, or their image 1554 names. If an image has more than one name, each of them needs to be 1555 removed before the image is removed. 1556 1557 $ sudo docker images 1558 REPOSITORY TAG IMAGE ID CREATED SIZE 1559 test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) 1560 test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) 1561 test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) 1562 1563 $ sudo docker rmi fd484f19954f 1564 Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories 1565 2013/12/11 05:47:16 Error: failed to remove one or more images 1566 1567 $ sudo docker rmi test1 1568 Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 1569 $ sudo docker rmi test2 1570 Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 1571 1572 $ sudo docker images 1573 REPOSITORY TAG IMAGE ID CREATED SIZE 1574 test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) 1575 $ sudo docker rmi test 1576 Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 1577 Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 1578 1579 ## run 1580 1581 Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] 1582 1583 Run a command in a new container 1584 1585 -a, --attach=[] Attach to STDIN, STDOUT or STDERR. 1586 --add-host=[] Add a custom host-to-IP mapping (host:ip) 1587 -c, --cpu-shares=0 CPU shares (relative weight) 1588 --cap-add=[] Add Linux capabilities 1589 --cap-drop=[] Drop Linux capabilities 1590 --cidfile="" Write the container ID to the file 1591 --cpuset="" CPUs in which to allow execution (0-3, 0,1) 1592 -d, --detach=false Detached mode: run the container in the background and print the new container ID 1593 --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) 1594 --dns=[] Set custom DNS servers 1595 --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) 1596 -e, --env=[] Set environment variables 1597 --entrypoint="" Overwrite the default ENTRYPOINT of the image 1598 --env-file=[] Read in a line delimited file of environment variables 1599 --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host 1600 -h, --hostname="" Container host name 1601 -i, --interactive=false Keep STDIN open even if not attached 1602 --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 1603 'container:<name|id>': reuses another container shared memory, semaphores and message queues 1604 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. 1605 --link=[] Add link to another container in the form of name:alias 1606 --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" 1607 -m, --memory="" Memory limit (format: <number><optional unit>, where unit = b, k, m or g) 1608 --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) 1609 --name="" Assign a name to the container 1610 --net="bridge" Set the Network mode for the container 1611 'bridge': creates a new network stack for the container on the docker bridge 1612 'none': no networking for this container 1613 'container:<name|id>': reuses another container network stack 1614 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. 1615 -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces 1616 -p, --publish=[] Publish a container's port to the host 1617 format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort 1618 Both hostPort and containerPort can be specified as a range of ports. 1619 When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) 1620 (use 'docker port' to see the actual mapping) 1621 --pid=host 'host': use the host PID namespace inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. 1622 --privileged=false Give extended privileges to this container 1623 --read-only=false Mount the container's root filesystem as read only 1624 --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) 1625 --rm=false Automatically remove the container when it exits (incompatible with -d) 1626 --security-opt=[] Security Options 1627 --sig-proxy=true Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. 1628 -t, --tty=false Allocate a pseudo-TTY 1629 -u, --user="" Username or UID 1630 -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) 1631 --volumes-from=[] Mount volumes from the specified container(s) 1632 -w, --workdir="" Working directory inside the container 1633 1634 The `docker run` command first `creates` a writeable container layer over the 1635 specified image, and then `starts` it using the specified command. That is, 1636 `docker run` is equivalent to the API `/containers/create` then 1637 `/containers/(id)/start`. A stopped container can be restarted with all its 1638 previous changes intact using `docker start`. See `docker ps -a` to view a list 1639 of all containers. 1640 1641 There is detailed information about `docker run` in the [Docker run reference]( 1642 /reference/run/). 1643 1644 The `docker run` command can be used in combination with `docker commit` to 1645 [*change the command that a container runs*](#commit-an-existing-container). 1646 1647 See the [Docker User Guide](/userguide/dockerlinks/) for more detailed 1648 information about the `--expose`, `-p`, `-P` and `--link` parameters, 1649 and linking containers. 1650 1651 #### Examples 1652 1653 $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" 1654 1655 This will create a container and print `test` to the console. The `cidfile` 1656 flag makes Docker attempt to create a new file and write the container ID to it. 1657 If the file exists already, Docker will return an error. Docker will close this 1658 file when `docker run` exits. 1659 1660 $ sudo docker run -t -i --rm ubuntu bash 1661 root@bc338942ef20:/# mount -t tmpfs none /mnt 1662 mount: permission denied 1663 1664 This will *not* work, because by default, most potentially dangerous kernel 1665 capabilities are dropped; including `cap_sys_admin` (which is required to mount 1666 filesystems). However, the `--privileged` flag will allow it to run: 1667 1668 $ sudo docker run --privileged ubuntu bash 1669 root@50e3f57e16e6:/# mount -t tmpfs none /mnt 1670 root@50e3f57e16e6:/# df -h 1671 Filesystem Size Used Avail Use% Mounted on 1672 none 1.9G 0 1.9G 0% /mnt 1673 1674 The `--privileged` flag gives *all* capabilities to the container, and it also 1675 lifts all the limitations enforced by the `device` cgroup controller. In other 1676 words, the container can then do almost everything that the host can do. This 1677 flag exists to allow special use-cases, like running Docker within Docker. 1678 1679 $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd 1680 1681 The `-w` lets the command being executed inside directory given, here 1682 `/path/to/dir/`. If the path does not exists it is created inside the container. 1683 1684 $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd 1685 1686 The `-v` flag mounts the current working directory into the container. The `-w` 1687 lets the command being executed inside the current working directory, by 1688 changing into the directory to the value returned by `pwd`. So this 1689 combination executes the command using the container, but inside the 1690 current working directory. 1691 1692 $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash 1693 1694 When the host directory of a bind-mounted volume doesn't exist, Docker 1695 will automatically create this directory on the host for you. In the 1696 example above, Docker will create the `/doesnt/exist` 1697 folder before starting your container. 1698 1699 $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here 1700 1701 Volumes can be used in combination with `--read-only` to control where 1702 a container writes files. The `--read only` flag mounts the container's root 1703 filesystem as read only prohibiting writes to locations other than the 1704 specified volumes for the container. 1705 1706 $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh 1707 1708 By bind-mounting the docker unix socket and statically linked docker 1709 binary (such as that provided by [https://get.docker.com]( 1710 https://get.docker.com)), you give the container the full access to create and 1711 manipulate the host's Docker daemon. 1712 1713 $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash 1714 1715 This binds port `8080` of the container to port `80` on `127.0.0.1` of 1716 the host machine. The [Docker User Guide](/userguide/dockerlinks/) 1717 explains in detail how to manipulate ports in Docker. 1718 1719 $ sudo docker run --expose 80 ubuntu bash 1720 1721 This exposes port `80` of the container for use within a link without 1722 publishing the port to the host system's interfaces. The [Docker User 1723 Guide](/userguide/dockerlinks) explains in detail how to manipulate 1724 ports in Docker. 1725 1726 $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash 1727 1728 This sets environmental variables in the container. For illustration all three 1729 flags are shown here. Where `-e`, `--env` take an environment variable and 1730 value, or if no "=" is provided, then that variable's current value is passed 1731 through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). All 1732 three flags, `-e`, `--env` and `--env-file` can be repeated. 1733 1734 Regardless of the order of these three flags, the `--env-file` are processed 1735 first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will 1736 override variables as needed. 1737 1738 $ cat ./env.list 1739 TEST_FOO=BAR 1740 $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO 1741 TEST_FOO=This is a test 1742 1743 The `--env-file` flag takes a filename as an argument and expects each line 1744 to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment 1745 lines need only be prefixed with `#` 1746 1747 An example of a file passed with `--env-file` 1748 1749 $ cat ./env.list 1750 TEST_FOO=BAR 1751 1752 # this is a comment 1753 TEST_APP_DEST_HOST=10.10.0.127 1754 TEST_APP_DEST_PORT=8888 1755 1756 # pass through this variable from the caller 1757 TEST_PASSTHROUGH 1758 $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env 1759 HOME=/ 1760 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 1761 HOSTNAME=5198e0745561 1762 TEST_FOO=BAR 1763 TEST_APP_DEST_HOST=10.10.0.127 1764 TEST_APP_DEST_PORT=8888 1765 TEST_PASSTHROUGH=howdy 1766 1767 $ sudo docker run --name console -t -i ubuntu bash 1768 1769 This will create and run a new container with the container name being 1770 `console`. 1771 1772 $ sudo docker run --link /redis:redis --name console ubuntu bash 1773 1774 The `--link` flag will link the container named `/redis` into the newly 1775 created container with the alias `redis`. The new container can access the 1776 network and environment of the `redis` container via environment variables. 1777 The `--name` flag will assign the name `console` to the newly created 1778 container. 1779 1780 $ sudo docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd 1781 1782 The `--volumes-from` flag mounts all the defined volumes from the referenced 1783 containers. Containers can be specified by repetitions of the `--volumes-from` 1784 argument. The container ID may be optionally suffixed with `:ro` or `:rw` to 1785 mount the volumes in read-only or read-write mode, respectively. By default, 1786 the volumes are mounted in the same mode (read write or read only) as 1787 the reference container. 1788 1789 The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or 1790 `STDERR`. This makes it possible to manipulate the output and input as needed. 1791 1792 $ echo "test" | sudo docker run -i -a stdin ubuntu cat - 1793 1794 This pipes data into a container and prints the container's ID by attaching 1795 only to the container's `STDIN`. 1796 1797 $ sudo docker run -a stderr ubuntu echo test 1798 1799 This isn't going to print anything unless there's an error because we've 1800 only attached to the `STDERR` of the container. The container's logs 1801 still store what's been written to `STDERR` and `STDOUT`. 1802 1803 $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild 1804 1805 This is how piping a file into a container could be done for a build. 1806 The container's ID will be printed after the build is done and the build 1807 logs could be retrieved using `docker logs`. This is 1808 useful if you need to pipe a file or something else into a container and 1809 retrieve the container's ID once the container has finished running. 1810 1811 $ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} 1812 brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc 1813 brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd 1814 crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo 1815 1816 It is often necessary to directly expose devices to a container. The `--device` 1817 option enables that. For example, a specific block storage device or loop 1818 device or audio device can be added to an otherwise unprivileged container 1819 (without the `--privileged` flag) and have the application directly access it. 1820 1821 By default, the container will be able to `read`, `write` and `mknod` these devices. 1822 This can be overridden using a third `:rwm` set of options to each `--device` 1823 flag: 1824 1825 1826 ``` 1827 $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc 1828 1829 Command (m for help): q 1830 $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc 1831 You will not be able to write the partition table. 1832 1833 Command (m for help): q 1834 1835 $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc 1836 1837 Command (m for help): q 1838 1839 $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc 1840 fdisk: unable to open /dev/xvdc: Operation not permitted 1841 ``` 1842 1843 **Note:** 1844 > `--device` cannot be safely used with ephemeral devices. Block devices that 1845 > may be removed should not be added to untrusted containers with `--device`. 1846 1847 **A complete example:** 1848 1849 $ sudo docker run -d --name static static-web-files sh 1850 $ sudo docker run -d --expose=8098 --name riak riakserver 1851 $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver 1852 $ sudo docker run -d -p 1443:443 --dns=10.0.0.1 --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver 1853 $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log 1854 1855 This example shows five containers that might be set up to test a web 1856 application change: 1857 1858 1. Start a pre-prepared volume image `static-web-files` (in the background) 1859 that has CSS, image and static HTML in it, (with a `VOLUME` instruction in 1860 the Dockerfile to allow the web server to use those files); 1861 2. Start a pre-prepared `riakserver` image, give the container name `riak` and 1862 expose port `8098` to any containers that link to it; 1863 3. Start the `appserver` image, restricting its memory usage to 100MB, setting 1864 two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the 1865 current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`; 1866 4. Start the `webserver`, mapping port `443` in the container to port `1443` on 1867 the Docker server, setting the DNS server to `10.0.0.1` and DNS search 1868 domain to `dev.org`, creating a volume to put the log files into (so we can 1869 access it from another container), then importing the files from the volume 1870 exposed by the `static` container, and linking to all exposed ports from 1871 `riak` and `app`. Lastly, we set the hostname to `web.sven.dev.org` so its 1872 consistent with the pre-generated SSL certificate; 1873 5. Finally, we create a container that runs `tail -f access.log` using the logs 1874 volume from the `web` container, setting the workdir to `/var/log/httpd`. The 1875 `--rm` option means that when the container exits, the container's layer is 1876 removed. 1877 1878 #### Restart Policies 1879 1880 Using the `--restart` flag on Docker run you can specify a restart policy for 1881 how a container should or should not be restarted on exit. 1882 1883 An ever increasing delay (double the previous delay, starting at 100 milliseconds) 1884 is added before each restart to prevent flooding the server. This means the daemaon 1885 will wait for 100 mS, then 200 mS, 400, 800, 1600, and so on until either the 1886 `on-failure` limit is hit, or when you `docker stop` or even `docker rm -f` 1887 the container. 1888 1889 When a restart policy is active on a container, it will be shown in `docker ps` 1890 as either `Up` or `Restarting` in `docker ps`. It can also be useful to use 1891 `docker events` to see the restart policy in effect. 1892 1893 ** no ** - Do not restart the container when it exits. 1894 1895 ** on-failure ** - Restart the container only if it exits with a non zero exit status. 1896 1897 ** always ** - Always restart the container regardless of the exit status. 1898 1899 You can also specify the maximum amount of times Docker will try to 1900 restart the container when using the ** on-failure ** policy. The 1901 default is that Docker will try forever to restart the container. 1902 1903 $ sudo docker run --restart=always redis 1904 1905 This will run the `redis` container with a restart policy of ** always ** so that if 1906 the container exits, Docker will restart it. 1907 1908 $ sudo docker run --restart=on-failure:10 redis 1909 1910 This will run the `redis` container with a restart policy of ** 1911 on-failure ** and a maximum restart count of 10. If the `redis` 1912 container exits with a non-zero exit status more than 10 times in a row 1913 Docker will abort trying to restart the container. Providing a maximum 1914 restart limit is only valid for the ** on-failure ** policy. 1915 1916 ### Adding entries to a container hosts file 1917 1918 You can add other hosts into a container's `/etc/hosts` file by using one or more 1919 `--add-host` flags. This example adds a static address for a host named `docker`: 1920 1921 ``` 1922 $ docker run --add-host=docker:10.180.0.1 --rm -it debian 1923 $$ ping docker 1924 PING docker (10.180.0.1): 48 data bytes 1925 56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms 1926 56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms 1927 ^C--- docker ping statistics --- 1928 2 packets transmitted, 2 packets received, 0% packet loss 1929 round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms 1930 ``` 1931 1932 > **Note:** 1933 > Sometimes you need to connect to the Docker host, which means getting the IP 1934 > address of the host. You can use the following shell commands to simplify this 1935 > process: 1936 > 1937 > $ alias hostip="ip route show 0.0.0.0/0 | grep -Eo 'via \S+' | awk '{ print \$2 }'" 1938 > $ docker run --add-host=docker:$(hostip) --rm -it debian 1939 1940 ## save 1941 1942 Usage: docker save [OPTIONS] IMAGE [IMAGE...] 1943 1944 Save an image(s) to a tar archive (streamed to STDOUT by default) 1945 1946 -o, --output="" Write to a file, instead of STDOUT 1947 1948 Produces a tarred repository to the standard output stream. 1949 Contains all parent layers, and all tags + versions, or specified `repo:tag`, for 1950 each argument provided. 1951 1952 It is used to create a backup that can then be used with `docker load` 1953 1954 $ sudo docker save busybox > busybox.tar 1955 $ ls -sh busybox.tar 1956 2.7M busybox.tar 1957 $ sudo docker save --output busybox.tar busybox 1958 $ ls -sh busybox.tar 1959 2.7M busybox.tar 1960 $ sudo docker save -o fedora-all.tar fedora 1961 $ sudo docker save -o fedora-latest.tar fedora:latest 1962 1963 It is even useful to cherry-pick particular tags of an image repository 1964 1965 $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy 1966 1967 ## search 1968 1969 Search [Docker Hub](https://hub.docker.com) for images 1970 1971 Usage: docker search [OPTIONS] TERM 1972 1973 Search the Docker Hub for images 1974 1975 --automated=false Only show automated builds 1976 --no-trunc=false Don't truncate output 1977 -s, --stars=0 Only displays with at least x stars 1978 1979 See [*Find Public Images on Docker Hub*]( 1980 /userguide/dockerrepos/#searching-for-images) for 1981 more details on finding shared images from the command line. 1982 1983 > **Note:** 1984 > Search queries will only return up to 25 results 1985 1986 ## start 1987 1988 Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] 1989 1990 Restart a stopped container 1991 1992 -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process 1993 -i, --interactive=false Attach container's STDIN 1994 1995 When run on a container that has already been started, 1996 takes no action and succeeds unconditionally. 1997 1998 ## stop 1999 2000 Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] 2001 2002 Stop a running container by sending SIGTERM and then SIGKILL after a grace period 2003 2004 -t, --time=10 Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. 2005 2006 The main process inside the container will receive `SIGTERM`, and after a 2007 grace period, `SIGKILL`. 2008 2009 ## tag 2010 2011 Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG] 2012 2013 Tag an image into a repository 2014 2015 -f, --force=false Force 2016 2017 You can group your images together using names and tags, and then upload 2018 them to [*Share Images via Repositories*]( 2019 /userguide/dockerrepos/#contributing-to-docker-hub). 2020 2021 ## top 2022 2023 Usage: docker top CONTAINER [ps OPTIONS] 2024 2025 Display the running processes of a container 2026 2027 ## unpause 2028 2029 Usage: docker unpause CONTAINER 2030 2031 Unpause all processes within a container 2032 2033 The `docker unpause` command uses the cgroups freezer to un-suspend all 2034 processes in a container. 2035 2036 See the 2037 [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) 2038 for further details. 2039 2040 ## version 2041 2042 Usage: docker version 2043 2044 Show the Docker version information. 2045 2046 Show the Docker version, API version, Git commit, and Go version of 2047 both Docker client and daemon. 2048 2049 ## wait 2050 2051 Usage: docker wait CONTAINER [CONTAINER...] 2052 2053 Block until a container stops, then print its exit code. 2054