Shiva Bhusal
Shiva's Blog


Shiva's Blog


Dockerfile cheat-sheet

Shiva Bhusal's photo
Shiva Bhusal
·Jan 14, 2019·

4 min read

Play this article
  • .dockerignore file: its like .gitignore file. This helps to avoid unnecessarily sending large or sensitive files and directories to the daemon and potentially adding them to images using ADD or COPY.

      # comment

  • FROM: A valid Dockerfile must start with a FROM instruction sets the Base Image for subsequent instruction

      FROM <image> [AS <name>]


      FROM <image>[:<tag>] [AS <name>]


      FROM <image>[@<digest>] [AS <name>]

  • RUN:

    RUN has 2 forms:

    • (shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows)

        RUN <command>
        RUN /bin/bash -c 'source $HOME/.bashrc; \
          echo $HOME'
        RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
    • Exec form

        RUN ["executable", "param1", "param2"]

  • CMD: The CMD instruction has three forms:

    • CMD ["executable","param1","param2"] (exec form, this is the preferred form)
    • CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
    • CMD command param1 param2 (shell form)

      Note: Unlike the shell form, the exec form does not invoke a command shell. This means that normal shell processing does not happen. For example, CMD [ "echo", "$HOME" ] will not do variable substitution on $HOME. If you want shell processing then either use the shell form or execute a shell directly, for example: CMD [ "sh", "-c", "echo $HOME" ]. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, not docker.

  • LABEL:

      LABEL <key>=<value> <key>=<value> <key>=<value> ...

    The LABEL instruction adds metadata to an image.

        LABEL "com.example.vendor"="ACME Incorporated"
        LABEL com.example.label-with-value="foo"
        LABEL version="1.0"
        LABEL description="This text illustrates \
        that label-values can span multiple lines."

    To view an image’s labels, use the docker inspect command.

      "Labels": {
          "com.example.vendor": "ACME Incorporated"
          "com.example.label-with-value": "foo",
          "version": "1.0",
          "description": "This text illustrates that label-values can span multiple lines.",
          "multi.label1": "value1",
          "multi.label2": "value2",
          "other": "value3"


      EXPOSE <port> [<port>/<protocol>...]

    The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.

      To expose on both TCP and UDP, include two lines:
      EXPOSE 80/tcp
      EXPOSE 80/udp

    using docker network you can make communication from one container to another without exposing any port.

  • ENV

      ENV <key> <value>
      ENV <key>=<value> ...

    The ENV instruction sets the environment variable <key> to the value <value>. This value will be in the environment for all subsequent instructions in the build stage and can be replaced inline in many as well.

      # Example
      ENV myName John Doe
      ENV myDog Rex The Dog
      ENV myCat fluffy

  • ADD: ADD has two forms:

    • ADD [--chown=<user>:<group>] <src>... <dest>
    • ADD [--chown=<user>:<group>] ["<src>",... "<dest>"] (this form is required for paths containing whitespace)

      Note: The --chown feature is only supported on Dockerfiles used to build Linux containers, and will not work on Windows containers. Since user and group ownership concepts do not translate between Linux and Windows, the use of /etc/passwd and /etc/group for translating user and group names to IDs restricts this feature to only be viable for Linux OS-based containers. ```

  • COPY has two forms:

      COPY [--chown=<user>:<group>] <src>... <dest>
      COPY [--chown=<user>:<group>] ["<src>",... "<dest>"] (this form is required for paths containing whitespace)


        COPY hom* /mydir/        # adds all files starting with "hom"
        COPY hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"

  • ENTRYPOINT ENTRYPOINT has two forms:

    • ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)
    • ENTRYPOINT command param1 param2 (shell form)

      FROM ubuntu
      ENTRYPOINT ["top", "-b"]
      CMD ["-c"]


      WORKDIR /path/to/workdir
      WORKDIR /a
      WORKDIR b
      WORKDIR c
      RUN pwd

    The output of the final pwd command in this Dockerfile would be /a/b/c.


Share this