Docker 文档
docker (Docker version 20.10.21, build baeda1f)
1 Docker CLI
1.1 使用方式
Usage: docker [OPTIONS] COMMAND
1.2 Options
windows默认.docker=C:\\Users\\admin\\.docker
linux默认.docker=/root/.docker
--config string使用的client config的文件位置 (默认.docker目录下")-c, --context string用于连接到守护进程的上下文的名称 (overrides DOCKER_HOST env var and default context set with "docker context use")-D, --debug启用debug模式-H, --host list要连接的守护程序socket-l, --log-level string设置日志等级("debug"|"info"|"warn"|"error"|"fatal")(默认 "info")--tls使用tls--tlscacert string信任仅由该 CA 签名的证书 (默认 .docker/ca.pem")--tlscert stringTLS 证书文件位置 (默认 .docker/cert.pem")--tlskey stringTLS key文件位置 (默认 .docker/key.pem")--tlsverify使用 TLS 并验证连接-v, --version打印版本信息
1.2 Management Commands(docker 管理命令)
builder
Usage: docker builder COMMAND
Manage builds
Commands:
build Build an image from a Dockerfile
prune Remove build cache
buildx*
Extended build capabilities with BuildKit
Usage: docker buildx [OPTIONS] COMMAND
Options:
--builder string Override the configured builder instance
Management Commands:
imagetools Commands to work on images in registry
Commands:
bake Build from a file
build Start a build
create Create a new builder instance
du Disk usage
inspect Inspect current builder instance
ls List builder instances
prune Remove build cache
rm Remove a builder instance
stop Stop builder instance
use Set the current builder instance
version Show buildx version information
compose*
compose
config
管理 Docker configs
container`
管理 containers
context
管理 contexts
dev*
Docker Dev Environments (Docker Inc., v0.0.3)
extension*
管理 Docker extensions (Docker Inc., v0.2.13)
image
管理 images
manifest
管理 Docker image manifests and manifest lists
network
管理 networks
node
管理 Swarm nodes
plugin
管理 plugins
sbom*
View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
scan*
Docker Scan (Docker Inc., v0.21.0)
secret
管理 Docker secrets
service
管理 services
stack
管理 Docker stacks
swarm
管理 Swarm
system
管理Docker
trust
管理trust on Docker images
volume
管理挂载卷
1.3 Commands(一般命令)
attach
使用方式: docker attach [OPTIONS] CONTAINER
使用docker attach容器的 ID 或名称将终端的标准输入、输出和错误(或三者的任意组合)附加到正在运行的容器。
这允许您查看其正在进行的输出或以交互方式控制它,就好像命令直接在您的终端中运行一样。
Options:
--detach-keys string 指定退出attach模式的快捷键操作,默认是Ctrl+P+Q
--no-stdin 不要attach标准输入
--sig-proxy 将所有接收到的信号代理到进程
build
使用方式: docker build [OPTIONS] PATH | URL | -
从 Dockerfile 构建镜像
Options:
--add-host list 添加自定义host:ip映射
--build-arg list 设置构建时变量
--cache-from strings 被视为缓存源的图像
--disable-content-trust 跳过镜像验证 (默认 true)
-f, --file string Dockerfile 的名称(默认为“PATH/Dockerfile”)
--iidfile string 将镜像ID写入文件
--isolation string Container isolation technology
--label list Set metadata for an image
--network string Set the networking mode for the RUN instructions during build (default "default")
--no-cache Do not use cache when building the image
-o, --output stringArray Output destination (format: type=local,dest=path)
--platform string Set platform if server is multi-platform capable
--progress string Set type of progress output (auto, plain,tty). Use plain to show container output(default "auto")
--pull Always attempt to pull a newer version ofthe image
-q, --quiet Suppress the build output and print image ID on success
--secret stringArray Secret file to expose to the build (only if BuildKit enabled):id=mysecret,src=/local/secret
--ssh stringArray SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
-t, --tag list Name and optionally a tag in the 'name:tag' format
--target string Set the target build stage to build.
commit
Create a new image from a container's changes
cp
Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
左边复制到右边
在容器和本地文件系统之间复制文件/文件夹
Use '-' as the source to read a tar archive from stdin and extract it to a directory destination in a container.
Use '-' as the destination to stream a tar archive of a container source to stdout.
Options:
-a, --archive 归档模式(复制所有uid/gid信息)
-L, --follow-link 始终遵循 SRC_PATH 中的符号链接
create
Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
创建新的容器
Options:
--add-host list Add a custom host-to-IP mapping(host:ip)
-a, --attach list Attach to STDIN, STDOUT or STDERR
--blkio-weight uint16 Block IO (relative weight),
between 10 and 1000, or 0 to
disable (default 0)
--blkio-weight-device list Block IO weight (relative device
weight) (default [])
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--cgroup-parent string Optional parent cgroup for the
container
--cgroupns string Cgroup namespace to use (host|private) 'host': Run the container in
the Docker host's cgroup namespace
'private': Run the container in
its own private cgroup namespace
'': Use the cgroup
namespace as configured by the
default-cgroupns-mode
option on the daemon (default)
--cidfile string Write the container ID to the file
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--device list Add a host device to the container
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--expose list Expose a port or a range of ports
--gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs)
--group-add list Add additional groups to join
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage
-h, --hostname string Container host name
--init Run an init inside the container that forwards signals and reaps processes
-i, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--ipc string IPC mode to use
--isolation string Container isolation technology
--kernel-memory bytes Kernel memory limit
-l, --label list Set meta data on a container
--label-file list Read in a line delimited file of labels
--link list Add link to another container
--link-local-ip list Container IPv4/IPv6 link-local addresses
--log-driver string Logging driver for the container
--log-opt list Log driver options
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container
--name string Assign a name to the container
--network network Connect a container to a network
--network-alias list Add network-scoped alias for the container
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--platform string Set platform if server is multi-platform capable
--privileged Give extended privileges to this container
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--pull string Pull image before creating("always"|"missing"|"never") (default "missing")
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt list Security Options
--shm-size bytes Size of /dev/shm
--stop-signal string Signal to stop a container (default "15")
--stop-timeout int Timeout (in seconds) to stop a container
--storage-opt list Storage driver options for the container
--sysctl map Sysctl options (default map[])
--tmpfs list Mount a tmpfs directory
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-w, --workdir string Working directory inside the container
diff
Inspect changes to files or directories on a container's filesystem
events
Get real time events from the server
exec
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
在正在执行的容器中运行命令
Options:
-d, --detach 分离模式:在后台运行命令
--detach-keys string 覆盖用于分离容器的快捷键
-e, --env list 设置环境变量
--env-file list 读入环境变量文件
-i, --interactive 即使未附加,也要保持 STDIN 打开
--privileged 赋予命令扩展权限
-t, --tty 分配伪 TTY
-u, --user string 用户名或 UID(格式:<name|uid>[:<group|gid>])
-w, --workdir string 容器内的工作目录
export
Export a container's filesystem as a tar archive
history
Show the history of an image
images
List images
import
Import the contents from a tarball to create a filesystem image
info
Display system-wide information
inspect
Return low-level information on Docker objects
kill
Kill one or more running containers
load
Load an image from a tar archive or STDIN
login
Log in to a Docker registry
logout
Log out from a Docker registry
logs
Fetch the logs of a container
pause
Pause all processes within one or more containers
port
List port mappings or a specific mapping for the container
ps
List containers
pull
Pull an image or a repository from a registry
push
Push an image or a repository to a registry
rename
Rename a container
restart
Restart one or more containers
rm
Remove one or more containers
rmi
Remove one or more images
run
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
Options:
--add-host list Add a custom host-to-IP mapping(host:ip)
-a, --attach list Attach to STDIN, STDOUT or STDERR
--blkio-weight uint16 Block IO (relative weight),between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list Block IO weight (relative device weight) (default [])
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--cgroup-parent string Optional parent cgroup for the container
--cgroupns string Cgroup namespace to use (host|private)
'host': Run the container in the Docker host's cgroup namespace
'private': Run the container in its own private cgroup namespace
'': Use the cgroup namespace as configured by the
default-cgroupns-mode option on the daemon (default)
--cidfile string Write the container ID to the file
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys string Override the key sequence for detaching a container
--device list Add a host device to the container
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--expose list Expose a port or a range of ports
--gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs)
--group-add list Add additional groups to join
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before starting health-retries countdown
ms|s|m|h) (default 0s)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage
-h, --hostname string Container host name
--init Run an init inside the container that forwards signals and reaps processes
-i, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--ipc string IPC mode to use
--isolation string Container isolation technology
--kernel-memory bytes Kernel memory limit
-l, --label list Set meta data on a container
--label-file list Read in a line delimited file of labels
--link list Add link to another container
--link-local-ip list Container IPv4/IPv6 link-local addresses
--log-driver string Logging driver for the container
--log-opt list Log driver options
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container
--name string Assign a name to the container
--network network Connect a container to a network
--network-alias list Add network-scoped alias for the container
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--platform string Set platform if server is multi-platform capable
--privileged Give extended privileges to this container
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--pull string Pull image before running("always"|"missing"|"never")(default "missing")
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt list Security Options
--shm-size bytes Size of /dev/shm
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container (default "15")
--stop-timeout int Timeout (in seconds) to stop a container
--storage-opt list Storage driver options for the container
--sysctl map Sysctl options (default map[])
--tmpfs list Mount a tmpfs directory
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-w, --workdir string Working directory inside the container
save
Save one or more images to a tar archive (streamed to STDOUT by default)
search
Search the Docker Hub for images
start
Start one or more stopped containers
stats
Display a live stream of container(s) resource usage statistics
stop
Stop one or more running containers
tag
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top
Display the running processes of a container
unpause
Unpause all processes within one or more containers
update
Update configuration of one or more containers
version
Usage:docker version [flags]
Flags:
-f, --format string Format the output. Values: [pretty | json]. (Default: pretty)
-h, --help Help for version
--kubeconfig string Kubernetes config file
wait
Block until one or more containers stop, then print their exit codes
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律