Docker 命令汇总
docker --help
| Bash |
|---|
| root@test:~# docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
bake Build from a file
pull Download an image from a registry
push Upload an image to a registry
images List images
login Authenticate to a registry
logout Log out from a registry
search Search Docker Hub for images
version Show the Docker version information
info Display system-wide information
Management Commands:
builder Manage builds
buildx* Docker Buildx
compose* Docker Compose
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
model* Docker Model Runner (EXPERIMENTAL)
network Manage networks
plugin Manage plugins
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Swarm Commands:
swarm Manage Swarm
Commands:
attach Attach local standard input, output, and error streams to a running container
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
export Export a container's filesystem as a tar archive
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until one or more containers stop, then print their exit codes
Global Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default
context set with "docker context use")
-D, --debug Enable debug mode
-H, --host string Daemon socket to connect to
-l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Run 'docker COMMAND --help' for more information on a command.
For more help on how to use Docker, head to https://docs.docker.com/go/guides/
|
Common
docker search
| Bash |
|---|
| root@test:~# docker search mysql
Error response from daemon: Get "https://index.docker.io/v1/search?q=mysql&n=25": dial tcp 108.160.170.44:443: connect: connection refused
#因为国内访问官方镜像基本不可达, 可以从加速源去搜索
root@test:~# docker search docker.1ms.run/mysql
NAME DESCRIPTION STARS OFFICIAL
mysql MySQL is a widely used, open-source relation… 15911 [OK]
# docker search --help
Options:
-f, --filter filter # 根据提供的条件过滤输出
--format string # 使用Go模板进行漂亮打印搜索
--limit int # 搜索结果的最大数量
--no-trunc # 不要截断输出
#常用过滤
--filter=stars=3000 #搜索stars大于3000的镜像
--limit 5 # 显示前5
--no-trunc # 不截断输出,即显示全部描述
|
docker images
| Bash |
|---|
| root@test:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker_test latest ed80b18e826d 4 days ago 145MB
#解释
REPOSITORY 镜像的仓库源
TAG 镜像标签
IMAGE ID 镜像ID
CREATED 创建时间
SIZE 大小
#可选项
-a, --all #列出所有镜像
-q, --quiet #仅列出镜像ID
|
docker pull
| Bash |
|---|
| # 下载镜像 docker pull 镜像名[:tag]
root@test:~# docker pull mysql
Using default tag: latest # 如果不写tag,默认latest
latest: Pulling from library/mysql
500d7b2546c4: Pull complete # 分层下载,docker image核心,联合文件系统
...
1421f5b704d5: Pull complete
Digest: sha256:94254b456a6db9b56c83525a86bff4c7f1e52335f934cbed686fe1ce763116a0 #签名
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest #真实地址
#等价命令
docker pull mysql
docker pull docker.io/library/mysql:latest
#指定版本下载,需在仓库有支持的tag
root@test:~# docker pull mysql:8.0
8.0: Pulling from library/mysql
500d7b2546c4: Already exists #联合文件系统优点,上述已下载过的,不需要下载。
48934deb9770: Pull complete
...
d8f78235dcb8: Pull complete
Digest: sha256:d2fdd0af28933c6f28475ff3b7defdbc0e0475d9f7346b5115b8d3abf8848a1d
Status: Downloaded newer image for mysql:8.0
docker.io/library/mysql:8.0
root@test:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql latest 380443b0f0da 38 hours ago 920MB
mysql 8.0 6f19538dd7d2 38 hours ago 780MB
|
docker run
| Bash |
|---|
| # 启动镜像
docker run [可选参数] image
# 参数说明
--name="Name" # 容器名字,tomcat01 tomcat02,用来区分容器
-d # 后台方式运行
-it # 交互运行,进入容器
-p # 指定端口
-p ip:主机端口:容器端口 # 带IP的映射
-p 主机端口:容器端口 # 做映射(常用)
-p 容器端口 # 不映射,单独指定容器端口
容器端口 # 不用-p,直接配置容器端口
-P # 随机指定端口
--rm # 一般测试使用,用完即删除
# 临时启动进入容器
docker run -it centos /bin/bash
exit # 退出并停止容器
Ctrl + P + Q # 退出不停止
# 常见坑:容器使用后台运行,必须要有前台进程,docker发现没有应用,会自动停止
# 比如:运行一个centos 系统,里边什么程序都没有,启动后就立即停止了
root@pts/0 # docker run -d centos # 后台运行
099774660b4c6f54c05ec3133272fa33f5b4c3232db956a618be38dea9ddfdc3
root@pts/0 # docker ps # 查看是没有运行的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
docker ps
| Bash |
|---|
| docker ps # 列出当前运行容器
# docker ps --help
Options:
-a # 列出所有容器,正在运行及历史运行
-n=? # 显示最近创建的容器,?[1|2|3]
-q # 只显示容器id,可以与-a 配合显示所有ID
-s # 显示总文件大小
-f # 根据提供的条件过滤输出
|
docker exec
| Bash |
|---|
| # 进入容器命令,开启新的终端
docker exec -it f3b6c47b987c /bin/bash
# docker exec --help
Options:
-d, --detach # 分离模式:在后台运行命令
--detach-keys string # 覆盖用于分离容器的键序列
-e, --env list # 设置环境变量
--env-file list # 读入环境变量文件
-i, --interactive # 保持STDIN打开,即使没有连接
--privileged # 为该命令提供扩展权限
-t, --tty # 分配一个伪tty
-u, --user string # 用户名或UID (format: "<name|uid>[:<group|gid>]")
-w, --workdir string # 容器内的工作目录
|
Management
| Bash |
|---|
| builder Manage builds
buildx* Docker Buildx
compose* Docker Compose
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
plugin Manage plugins
system Manage Docker
volume Manage volumes
|
Commands
docker cp
| Bash |
|---|
| # 从容器内copy 文件到本地
root@pts/0 # docker cp f3b6c47b987c:/home/file.txt /home/
Successfully copied 1.54kB to /home/
root@pts/0 # ll /home/file.txt
-rw-r--r-- 1 root root 0 9月 11 16:06 /home/file.txt
# docker cp --help
Options:
-a, --archive # 归档模式(复制所有uid/gid信息)
-L, --follow-link # 始终跟随SRC_PATH中的符号link
-q, --quiet # 拷贝过程中禁止输出进度。如果没有附加终端,则自动抑制进度输出
|
docker rm
| Bash |
|---|
| docker rm 容器ID # 删除指定容器(不能删除正在运行的容器)
docker rm -f $(docker ps -aq) # 强制删除所有容器
docker ps -aq |xargs docker rm # 传参数
# docker rm --help
Options:
-f, --force # 强制移除正在运行的容器(使用SIGKILL)
-l, --link # 删除指定的链接
-v, --volumes # 删除与容器关联的匿名卷
|
docker rmi
| Bash |
|---|
| docker rmi 容器ID # 删除指定镜像
docker rmi 容器ID 容器ID 容器ID # 删除多个镜像
docker rmi -f $(docker images -aq) # 删除所有镜像
|
docker stats
| Bash |
|---|
| # 启动一个ES容器
docker run -d --name elasticsearch \
-p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
elasticsearch:7.6.1
# 查看容器状态
docker stats elasticsearch
CONTAINER ID NAME CPU % MEM USAGE /LIMIT MEM % NET I/O BLOCK I/O PIDS
ef54f9463021 elasticsearch 0.50% 1.3GiB /13.59GiB 9.57% 11.8kB /9.04kB 53.2kB /1.09MB 60
# 传参数调整容器内存
docker run -d --name elasticsearch \
-p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
elasticsearch:7.6.1
# 再次查看变化
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/0 PIDS
d4fdb9b8f184 elasticsearch 0.63% 790.6MiB / 13.59GiB 5.68% 5.41kB / 1.4kB 0B / 1.11MB 53
|
docker logs
| Bash |
|---|
| # 启动一个测试日志的容器
root@pts/0 # docker run -d centos /bin/bash -c "while true;do echo test--;sleep 2;done"
root@pts/0 # docker logs -tf -n 20 f3b6c47b987c
2025-09-11T07:42:28.461052760Z test--
2025-09-11T07:42:30.464544104Z test--
...
# docker logs --help
Options:
--details # 显示提供给日志的额外详细信息
-f, --follow # 跟踪输出
--since string # 显示自时间戳以来的日志(例如:“2013-01-02T13:23:37Z”)或相对的(例如:“42m”(42分钟)
-n, --tail string # 从日志末尾开始显示的行数(默认为“all”)
-t, --timestamps # 打印时间戳
--until string # 在时间戳之前显示日志(例如:“2013-01-02T13:23:37Z”)或相对的(例如:“42m”(42分钟)
|
docker top
| Bash |
|---|
| # 显示容器正在运行的进程
docker top ac1147798e9c
Usage: docker top CONTAINER [ps OPTIONS]
docker top 容器ID
|
docker inspect
| Bash |
|---|
| # 查看 [容器|镜像] 详细信息
docker inspect 容器ID|镜像名称
# docker inspect --help
Options:
-f, --format string # 使用自定义模板格式化输出:
'json': 以JSON格式打印
'TEMPLATE': 使用给定的Go模板打印输出
-s, --size # 如果类型为容器,则显示总文件大小
--type string # 只检查给定类型的对象
|
docker save
将一个或多个image保存到tar存档(默认情况下流式传输到STDOUT)
| Bash |
|---|
| $ docker save --help
Options:
-o, --output string # 写入文件,而不是STDOUT
# 导出自定义的镜像
$ docker image save -o tomcat01.tar.gz tomcat01:1.0
# 解释
docker image save 等同于 docker save
-o # 输出压缩包
# 后边可以跟多个容器,导出多个容器到一个压缩包
|
docker load
导入压缩包的镜像
| Bash |
|---|
| # docker load --help
Options:
-i, --input string # 从tar存档文件读取,而不是从STDIN读取
-q, --quiet # 抑制负载输出
# 导入压缩包的镜像
$ docker load -i tomcat01.tar.gz
# 解释
docker load 等同于 docker image load
-i # 需要导入的压缩包
|
docker tag
给现有镜像新建标签
| Bash |
|---|
| docker tag tomcat:8 mytomcat:8
|