π³ Docker Visual Guide
Every command explained with a diagram showing exactly what happens under the hood.
Images
Containers
Volumes
Networking
Docker Compose
What is Docker? β core concept
Image vs Container
Container vs VM
Docker Engine β three components
Docker Image Layers β how caching works
All Dockerfile instructions β what each does
CMD vs ENTRYPOINT β the difference
Production Dockerfile example (multi-stage)
# ββ Stage 1: build βββββββββββββββββββββββββββββββββββ
FROM python:3.11-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir --user -r requirements.txt
# ββ Stage 2: final (tiny) image ββββββββββββββββββββββ
FROM python:3.11-slim
WORKDIR /app
COPY --from=builder /root/.local /root/.local # only runtime deps
COPY . .
ENV PATH=/root/.local/bin:$PATH \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
EXPOSE 8000
USER nobody # never run as root
HEALTHCHECK --interval=30s --timeout=5s \
CMD curl -f http://localhost:8000/health || exit 1
CMD ["gunicorn","--bind","0.0.0.0:8000","app:app"]
Multi-stage build: build tools stay in Stage 1. Only the runtime dependencies reach the final image β dramatically smaller size.
docker build -t myapp:v1 .
The . = build context (current dir). -t tags the image. Each Dockerfile instruction = one cached layer.
docker images Β· docker rmi Β· docker image prune Β· docker history
docker ps / docker ps -a β list containers
docker ps = only running. docker ps -a = all including stopped.
Container state machine β start / stop / pause / rm
-d detached Β· -it interactive Β· -p port Β· -v volume Β· -e env Β· --name Β· --rm
docker run -d --name myapp --rm -e DB=postgres -v pgdata:/data -p 8080:80 --restart unless-stopped nginx
-p host:container β port mapping visualised
docker logs -f <container>
Flags: -f follow live Β· --tail 50 last 50 lines Β· --since 5m last 5 minutes Β· --timestamps show time
docker exec -it <container> /bin/bash
docker stats Β· docker top Β· docker diff Β· docker cp Β· docker inspect
Named volume vs Bind mount vs tmpfs β three storage types
docker volume create / ls / inspect / rm / prune
Default bridge vs Custom bridge β DNS difference
Network drivers at a glance
| Driver | Description | Use case |
|---|
bridge | Default. Virtual network, container DNS on custom bridges | Multi-container single host |
host | Shares host's network β no isolation | High-performance, no port mapping |
none | No networking β fully isolated | Batch jobs, security-sensitive |
overlay | Spans multiple Docker hosts (Swarm) | Distributed / clustered apps |
macvlan | Assigns MAC address, appears as physical device | Legacy apps needing direct net access |
docker tag Β· docker push Β· docker pull β the full flow
Dockerfile β Image β Container β Cleanup β end to end
docker system prune β full cleanup
Quick reference β all commands
| Category | Command | What it does |
|---|
| Images | docker images | List all local images |
| docker build -t name:tag . | Build image from Dockerfile |
| docker rmi <image> | Delete an image |
| docker image prune | Remove dangling images |
| Containers | docker run -d -p 80:80 nginx | Run detached with port mapping |
| docker ps / ps -a | List running / all containers |
| docker stop / start <name> | Stop / start container |
| docker rm <name> | Remove container |
| Debug | docker logs -f <name> | Stream container logs |
| docker exec -it <name> bash | Shell into container |
| docker stats | Live CPU/RAM usage |
| docker inspect <name> | Full JSON config |
| Volumes | docker volume create mydata | Create named volume |
| docker volume ls / prune | List / remove unused volumes |
| Networks | docker network create mynet | Create custom bridge network |
| docker network ls | List all networks |
| Registry | docker login / logout | Authenticate to DockerHub |
| docker push user/img:tag | Push image to registry |
| docker pull <image> | Pull image from registry |
| System | docker system prune -a | Remove all unused resources |
| docker system df | Show disk usage |