# List containers
docker ps
docker ps -a

# Run container
docker run <image>
docker run -d <image>  # detached
docker run -p 8080:80 <image>  # port mapping

# Stop container
docker stop <container>
docker stop $(docker ps -q)  # all containers

# Remove container
docker rm <container>
docker rm -f <container>  # force

# List images
docker images

# Pull image
docker pull <image>

# Build image
docker build -t <name> .
docker build -f Dockerfile.dev .

# Remove image
docker rmi <image>
docker rmi $(docker images -q)  # all images

# Basic Dockerfile
FROM node:16

WORKDIR /app

COPY package*.json ./
RUN npm install

COPY . .

EXPOSE 3000

CMD ["npm", "start"]

# Multi-stage build
FROM node:16 AS builder
WORKDIR /app
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/build /usr/share/nginx/html

# List networks
docker network ls

# Create network
docker network create <name>

# Connect container
docker network connect <network> <container>

# Inspect network
docker network inspect <network>

# Remove network
docker network rm <network>

# List volumes
docker volume ls

# Create volume
docker volume create <name>

# Mount volume
docker run -v <volume>:/app/data <image>

# Inspect volume
docker volume inspect <volume>

# Remove volume
docker volume rm <volume>

# Basic docker-compose.yml
version: '3'
services:
  web:
    build: .
    ports:
      - "3000:3000"
    volumes:
      - .:/app
    depends_on:
      - db
  db:
    image: postgres
    environment:
      POSTGRES_PASSWORD: secret

# Commands
docker-compose up
docker-compose up -d
docker-compose down
docker-compose logs

# View stats
docker stats
docker stats <container>

# Resource limits
docker run --memory=512m <image>
docker run --cpus=2 <image>

# Logs
docker logs <container>
docker logs -f <container>  # follow
docker logs --tail 100 <container>

# Inspect container
docker inspect <container>

# Container processes
docker top <container>

# Container changes
docker diff <container>

# Container events
docker events

# Dockerfile healthcheck
HEALTHCHECK --interval=30s --timeout=3s \
  CMD curl -f http://localhost/ || exit 1

# Compose healthcheck
services:
  web:
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
      timeout: 3s
      retries: 3

# Run as non-root
USER node

# Use specific versions
FROM node:16-alpine

# Scan images
docker scan <image>

# Limit capabilities
docker run --cap-drop=ALL <image>

# Read-only filesystem
docker run --read-only <image>

# Docker secrets
docker secret create <name> <file>
docker secret ls
docker secret inspect <name>

# Compose secrets
version: '3.8'
services:
  web:
    secrets:
      - db_password
secrets:
  db_password:
    file: ./db_password.txt

# Login to registry
docker login <registry>

# Tag image
docker tag <image> <registry>/<image>

# Push image
docker push <registry>/<image>

# Pull image
docker pull <registry>/<image>

# Use .dockerignore
node_modules
npm-debug.log
.git
.env

# Multi-stage builds
FROM node:16 AS builder
WORKDIR /app
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/build /usr/share/nginx/html

# Layer optimization
COPY package*.json ./
RUN npm install
COPY . .

# One process per container
- Single responsibility
- Easy to scale
- Simple to maintain

# Stateless containers
- No local storage
- Use volumes
- Environment variables

# Health checks
- Regular checks
- Proper timeouts
- Meaningful tests

# Build pipeline
1. Build image
2. Run tests
3. Scan security
4. Push to registry
5. Deploy

# Deployment
- Rolling updates
- Health checks
- Rollback strategy
- Monitoring

# Maintenance
- Regular updates
- Cleanup old images
- Monitor resources
- Backup volumes