What are the common docker run flags you'd use in practice?

5 minbeginnerdocker-runcli-flagsfundamentals

Quick Answer

-d runs the container in the background (detached). -p host:container publishes a port. -v/--mount attaches a volume or bind mount. -e sets an environment variable. --name gives the container a memorable name instead of a random one. --rm automatically removes the container when it exits (useful for one-off/throwaway runs). --network attaches it to a specific network. These cover the overwhelming majority of everyday docker run invocations.

Detailed Answer

A representative real-world command

docker run -d \
  --name my-api \
  -p 8080:80 \
  -e NODE_ENV=production \
  -v api-data:/app/data \
  --network my-network \
  --restart unless-stopped \
  myapp:1.0

Flag by flag

  • -d (--detach) — runs the container in the background, returning control of your terminal immediately, rather than attaching your terminal to the container's stdout/stderr (the default, "foreground" mode). Almost always what you want for a long-running server process; foreground mode is more useful for quick, interactive, or debugging runs.
  • -p host_port:container_port — publishes a port, mapping a port on the host to a port inside the container (see the networking topic for exactly what this does internally). Without this, the container's port is only reachable from other containers on the same Docker network, not from the host machine or the outside world.
  • -e KEY=value — sets an environment variable inside the container, exactly as if it had been set via a Dockerfile ENV instruction, but specified at run time instead of baked into the image. This is the standard way to inject runtime configuration (see the security topic for how to handle sensitive values differently).
  • -v / --mount — attaches persistent storage (a named volume or a bind mount — see the storage topic) so data survives beyond this one container's lifetime, or so the container can access files from the host.
  • --name — assigns a specific, memorable name (my-api) instead of Docker's default random name (like happy_euler). This makes subsequent commands (docker logs my-api, docker stop my-api) much easier to work with.
  • --rm — automatically removes the container (and its writable layer) the moment it exits. This is ideal for short-lived, one-off tasks (running a quick script, a database migration, a debug shell) where you don't want leftover stopped containers cluttering docker ps -a afterward.
  • --network — attaches the container to a specific, named Docker network (see the networking topic), rather than the default bridge network — necessary for containers that need reliable DNS-based service discovery of each other.
  • --restart — sets the container's restart policy (see that question) — how Docker should behave if the container exits unexpectedly or the host reboots.

A useful one-off, throwaway invocation

docker run --rm -it ubuntu bash

-it combines -i (interactive — keep stdin open) and -t (allocate a pseudo-TTY). Together, these give you an interactive shell session inside a freshly started container. --rm ensures it's cleaned up automatically the moment you exit the shell, leaving nothing behind.

Why fluency with these specific flags matters

These flags collectively answer the handful of questions every container needs answered: how does it run (foreground/background), how is it reachable (ports, networks), what does it need to know (environment variables), where does its data live (volumes), what happens if it dies (restart policy), and how is it identified for later management (name). Real production docker run invocations (or their Compose/Kubernetes equivalents) are almost always some combination of exactly these concerns, expressed through exactly these flags or their higher-level equivalents.

Related Resources