19.2 Container CLI Commands

Container CLI commands are the set of Docker commands used to create, start, stop, inspect, and manage the lifecycle of containers. While images define what a container will run, container commands control the actual execution: how containers are created from images, how they are configured at runtime, how their output is accessed, and how they are stopped and removed. These commands form the operational core of day-to-day Docker usage.

Container Lifecycle Overview

A container moves through a defined set of states during its lifetime:

Container CLI commands map directly to these state transitions.

Creating and Starting Containers

docker run

The primary command that creates and starts a container in one step:

docker run nginx:latest

Common options:

# Run in detached (background) mode
docker run -d nginx:latest

# Assign a name
docker run -d --name web-server nginx:latest

# Map host port 8080 to container port 80
docker run -d -p 8080:80 nginx:latest

# Mount a host directory
docker run -d -v /host/path:/container/path nginx:latest

# Set environment variables
docker run -d -e DATABASE_URL=postgres://... myapp:1.0.0

# Automatically remove after exit
docker run --rm myapp:1.0.0

docker create

Creates a container without starting it. Useful when you want to configure a container ahead of time:

docker create --name my-container nginx:latest

The container is in the "Created" state until explicitly started.

docker start

Starts one or more stopped or created containers:

docker start my-container

To attach stdin and output:

docker start -ai my-container

Inspecting Running Containers

docker ps

Lists running containers:

docker ps

To include stopped containers:

docker ps -a

To show only container IDs:

docker ps -q

docker inspect

Returns detailed JSON metadata about a container:

docker inspect my-container

Useful for checking network settings, mounts, environment variables, and resource limits. Specific fields can be extracted:

docker inspect --format '{{.NetworkSettings.IPAddress}}' my-container

docker logs

Shows the stdout and stderr output from a container:

docker logs my-container

Follow logs in real time:

docker logs -f my-container

Show the last 100 lines:

docker logs --tail 100 my-container

Include timestamps:

docker logs -t my-container

docker stats

Displays a live stream of resource usage (CPU, memory, network I/O, disk I/O) for running containers:

docker stats

For a snapshot without streaming:

docker stats --no-stream

docker top

Shows the processes running inside a container:

docker top my-container

Executing Commands Inside Containers

docker exec

Runs a command inside a running container:

docker exec my-container ls /app

Open an interactive shell:

docker exec -it my-container bash

Run as a specific user:

docker exec -u root my-container whoami

Set an environment variable for the exec session:

docker exec -e DEBUG=true my-container ./run-debug.sh

docker attach

Attaches the terminal to a running container's primary process (stdin/stdout/stderr):

docker attach my-container

To detach without stopping the container: press Ctrl+P then Ctrl+Q.

Stopping and Removing Containers

docker stop

Sends a SIGTERM to the container's main process, then SIGKILL after a grace period (default 10 seconds):

docker stop my-container

Custom timeout:

docker stop --time 30 my-container

docker kill

Sends SIGKILL immediately (or a custom signal):

docker kill my-container
docker kill --signal SIGHUP my-container

docker restart

Stops and then starts the container again:

docker restart my-container

docker rm

Removes a stopped container:

docker rm my-container

Force removal of a running container:

docker rm -f my-container

Remove all stopped containers:

docker container prune

Or:

docker rm $(docker ps -a -q)

Pausing and Unpausing

docker pause

Suspends all processes in the container using cgroup freezer:

docker pause my-container

docker unpause

Resumes execution:

docker unpause my-container

Copying Files

docker cp

Copies files between a container and the host filesystem:

# Copy from container to host
docker cp my-container:/app/config.json ./config.json

# Copy from host to container
docker cp ./config.json my-container:/app/config.json

Renaming

docker rename

Renames an existing container:

docker rename my-container new-name

Waiting and Exit Codes

docker wait

Blocks until a container stops and returns its exit code:

docker wait my-container

Useful in scripts that need to react to a container's completion.

Updating Resource Limits

docker update

Changes resource constraints on a running or stopped container without recreating it:

docker update --memory 512m --cpus 1.5 my-container

Exporting and Importing Container Filesystems

docker export

Exports the container's filesystem as a tar archive:

docker export my-container > container-snapshot.tar

This captures the current filesystem state, not the image layers.

docker import

Creates a new image from a tar archive produced by docker export:

docker import container-snapshot.tar myapp:recovered