Skip to main content

Dockerfile Cheat Sheet

The Dockerfile is a script that contains a collection of commands and instructions for building a Docker container image. This cheat sheet provides essential keys and commands to help programmers write efficient Dockerfiles.

Essential keys


This instruction sets the base image for your Docker container.

FROM ubuntu:20.04

The example above starts the Dockerfile by using the Ubuntu 20.04 image as the base. It's the first instruction in a Dockerfile.


This key sets the author field of the generated images.


In the modern Docker versions, it's recommended to use the LABEL instruction for this.


This key executes commands in a new layer on top of the current image.

RUN apt-get update && apt-get install -y curl

The above command updates the package lists and installs curl.


Provides defaults for the executing container. Only one CMD is allowed.

CMD ["echo", "Hello, World!"]

If the container is run without specifying a command, it will execute the above echo command.


Allows you to configure the container to run as an executable.

CMD ["Hello, World!"]

With this configuration, if you run the container without arguments, it will echo "Hello, World!".


This key sets the working directory inside the container.


All the following instructions in the Dockerfile will be run in the /app directory.


This instruction sets the user or UID and optionally the group or GID to use when running the image.

USER developer

The image will be run using the "developer" user.


Informs Docker that the container will listen on the specified network ports at runtime.


This tells Docker that our container will listen on port 80.


Sets an environment variable.


This sets an environment variable called MY_NAME with the value "John".

Copying and adding files


This instruction copies new files, directories, or remote file URLs and adds them to the filesystem of the image.

ADD source /destination

While powerful, it's often recommended to use COPY unless you need the tar and remote URL handling of ADD.


This key is similar to ADD, but without the tar and remote URL capabilities.

COPY local-file-path /destination-in-container
COPY is more transparent because it only supports the basic copying of local files into the container.



This key creates a mount point for externally mounted volumes or other containers.

VOLUME /data

This will create a mount point at /data which can be mounted by the host or other containers.

Arguments and environment variables


Defines a variable that users can pass at build-time to the builder.

ARG MY_VAR=default_value

You can pass a value to this during build with the --build-arg flag.


We already covered ENV under essential keys. It's important to note that while both ARG and ENV can set environment variables, ARG is only available during the build of a Docker image and not in the container when it runs.

Layer optimization

Minimize the number of layers

Docker images are composed of layers. To make images smaller, you can minimize the number of layers.

RUN apt-get update && apt-get install -y curl && apt-get clean

By combining commands with &&, you create a single layer instead of three.

Grouping commands

By grouping related commands, you can reduce the number of layers and make your Dockerfile more readable.

RUN apt-get update && \
apt-get install -y curl vim && \
apt-get clean

The backslashes allow us to break one long command into readable segments.

Cleaning up in the same layer

After installing packages, it's good to clean up cache to reduce image size.

RUN apt-get update && \
apt-get install -y curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

The cleanup commands ensure that the intermediate cache and package data are not stored in the final image layer.