See these pages for more information:
Docker CLI: docker run (run a command in a new container)
https://docs.docker.com/engine/containers/run/

The 'docker run' command has the following syntax:
$ docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
The command 'docker run' is a convenient method that executes two commands: first it creates the container (docker create) and then it starts it (docker start) .

Let's run the nginx image:
$ docker run --rm -d nginx:latest c8a35eab0aabf68335f88268c3ed0dd6cb77a30503db4e9ba5cdd8ca0cf8c1ab
The option '-d' (--detach) run the container in background and print container ID.

The option '--rm' instructs Docker to automatically remove the container when it exits.

Let's verify that nginx is up and running:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c8a35eab0aab nginx:latest "/docker-entrypoint.…" 25 seconds ago Up 25 seconds 80/tcp blissful_kar
You can notice that the name of the container (vibrant_mose) is a random name generated by Docker.
To give a custom name to the container, you can use the option '--name'.

Note that the container's port (80) is not published to the Docker's host.
To publish an exposed container's port and map it to a host's port, you can use the option '-p HOST_PORT:CONTAINER_PORT'.
You can also use the option '-P' to publish all exposed ports to random ports in the Docker's host.

Let's use the two options ('-p', '--name') and run again the nginx image:
$ docker run -d -p 8080:80 --name "nginx-latest" nginx:latest e6c31a81c909695475a97a0cb851cea2befa2fbfe1340d8e760c50f06dd2fb5c
Let's verify that both the specified port (the container port 80 is mapped to the Docker host port 8080) and the name were used:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e6c31a81c909 nginx:latest "/docker-entrypoint.…" 30 seconds ago Up 29 seconds 0.0.0.0:8080->80/tcp nginx-latest c8a35eab0aab nginx:latest "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp blissful_kar
You can use the option '--no-trunc' of the 'ps' command to print the full container ID and the command used to start the nginx process.
$ docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e6c31a81c909695475a97a0cb851cea2befa2fbfe1340d8e760c50f06dd2fb5c nginx:latest "/docker-entrypoint.sh nginx -g 'daemon off;'" 56 seconds ago Up 55 seconds 0.0.0.0:8080->80/tcp nginx-latest c8a35eab0aabf68335f88268c3ed0dd6cb77a30503db4e9ba5cdd8ca0cf8c1ab nginx:latest "/docker-entrypoint.sh nginx -g 'daemon off;'" About a minute ago Up About a minute 80/tcp blissful_kare
We can also run a container in an interactive mode by using the flag -it:
$ docker run --rm -i -t ubuntu:latest /bin/bash root@651d1a7e5cd7:/# exit exit $
The flag -i instructs docker to start an interactive session and connect the user's terminal with the container's STDIN/STDOUT stream. It allows the user to send command to the container.

The flag -t instructs docker to allocate a pseudo terminal (TTY). It provides the user a terminal interface to execute commands interactively.

Note that the terminal prompt is different when we are running commands inside the container (root@651d1a7e5cd7:/#) from the prompt when are running commands inside the Docker host ($). This might look different for you depending on your configuration but usually the prompt inside the container takes this format CONTAINER_USER@CONTAINER_ID:/#.

We can also run a specific command in the container and exit immediately:
$ $ docker run --rm -i -t ubuntu:latest /bin/bash -c "id" uid=0(root) gid=0(root) groups=0(root) $
Because we have used the flag --rm, the two Ubuntu containers we created above will be automatically deleted when we exit the container (first scenario above) or the command exits (second scenario above).

To stop the container we can use the command 'docker stop'.
The command can accept either the container name, short ID or full ID.
It's also possible to use few characters of the container ID as long as it's unique.
Any of the following should work:
$ docker stop nginx-latest $ docker stop e6 $ docker stop e6c31a81c909 $ docker stop e6c31a81c909695475a97a0cb851cea2befa2fbfe1340d8e760c50f06dd2fb5c
Let's verify that the container was stopped:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e6c31a81c909 nginx:latest "/docker-entrypoint.…" About a minute ago Exited (0) 7 seconds ago nginx-latest c8a35eab0aab nginx:latest "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 80/tcp blissful_kare
Notes:
- the status of the stopped container is showing 'Exited (0) 7 seconds ago'.
- we used the option -a to list all the containers. Without this option the docker command docker ps list running containers only.
- When you stop a container, all its temporary data is lost (memory, tmpfs).

If we want to start the container again we can use the start command (no need to create the container).
$ docker start nginx-latest
Let's verify that the container was started:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e6c31a81c909 nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 25 seconds 0.0.0.0:8080->80/tcp nginx-latest c8a35eab0aab nginx:latest "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp blissful_kare
The stop command sends a Unix signal SIGTERM to the the main process running in the container so it can terminate gracefully.
After waiting 10 seconds, Docker will send the Unix signal SIGKILL to force terminating the container.
It's possible to override this behavior by using the options --signal (specify the Unix signal to send to the container) and --timeout (specify the number of seconds to wait before Docker can kill the container).

If we need to remove the container completely, we need to stop it first then remove it using the 'docker rm' command:
$ docker stop nginx-latest $ docker rm nginx-latest
Let's verify that the container was removed:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c8a35eab0aab nginx:latest "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 80/tcp blissful_kare
When the container is removed, all its data is lost (port bindings, environment variables, labels, ...).

It's possible to use the option --force with the command docker rm to force the removal of the container (Docker will send the Unix signal SIGKILL to the container).

The remaining container was started using the option '--rm', meaning if we stop it, Docker will remove it automatically:
$ docker stop blissful_kare
Let's verify that the container was removed:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Instead of using the run command we can also use the create and start command to start a container.
Let's first create the container: $ docker create -p 8080:80 --name "nginx-latest" nginx:latest 6add1be3be97b2bf946416820d9434104a097a89edfa4b78b65399b15a0581b4
Let's verify that the container was created:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6add1be3be97 nginx:latest "/docker-entrypoint.…" 58 seconds ago Created nginx-lates
Note that the status of the container is showing 'Created'.

To start the container:
$ docker start nginx-latest
Let's verify that the container was started:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6add1be3be97 nginx:latest "/docker-entrypoint.…" 2 minutes ago Up 1 second 0.0.0.0:8080->80/tcp nginx-latest
It's possible to pause a container (all its activity will be stopped) by using the command 'docker pause':
$ docker pause nginx-latest
Let's verify that the container was paused:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6add1be3be97 nginx:latest "/docker-entrypoint.…" 2 hours ago Up 2 hours (Paused) 0.0.0.0:8080->80/tcp nginx-latest
Note that the status of the container is showing 'Paused'.

To resume the container we can use the command 'docker unpause':
:
$ docker unpause nginx-latest
Let's verify that the container is running:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6add1be3be97 nginx:latest "/docker-entrypoint.…" 2 hours ago Up 2 hours 0.0.0.0:8080->80/tcp nginx-latest
Note that the created and status columns are still showing the same information because the container state didn't change while it was paused. Actually if we have waited longer time before resuming the container, that time would have been reflected in the created and status columns.

We can use the command docker kill to force terminating container:
$ docker kill nginx-latest
Let's verify that the container was killed:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6add1be3be97 nginx:latest "/docker-entrypoint.…" 11 hours ago Exited (137) 54 seconds ago nginx-latest
It's possible to use the option --signal with the command docker kill to specify the Unix signal to send to the container.

By default, a container is not restarted when it exits.
We can adjust this behavior, by using the option '--restart'.
It accepts four values: no (default), always, unless-stopped, and on-failure[:n].
The first value (no) instructs Docker to not restart the container if it exits.
The second value (always) instructs Docker to always restart the container whenever it exits.
The third value (unless-stopped) instructs Docker to always restart the container whenever it exits, unless it's stopped.
The last value (on-failure[:n]) instructs Docker to always restart the container whenever it exits with a nonzero exit code.
It's possible to use the on-failure with a number to instruct Docker to restart the container the number of times specified (e.g., on-failure:2 instructs Docker to restart the container 2 times after which the container won't be restarted again).

The "docker run" command has two options that allow you to set environment variables for your containers:
-e, --env NAME=VALUE Set environment variables --env-file file Read in a file of environment variables
Let's try the option "-e" ("--env"):
$ docker run --rm --env my_env_var_1="my env var 1 value" --env my_env_var_2="my env var 2 value" ubuntu:latest /bin/bash -c "env | grep my_env_var_" my_env_var_1=my env var 1 value my_env_var_2=my env var 2 value
The two environment variables were set properly. The applications running inside the container can use them as they would in a regular deployment in a native host.

In some cases, setting environment variables using the option "--env" can be cumbersome especially if we want to set many of them. Optionally, you can group all the environment variables in a property file and use the option "--env-file" to pass the file to "docker run" command.

Let's create a property file:
$ vi env-file-1 my_env_var_1=my env var 1 value my_env_var_2=my env var 2 value my_env_var_3=my env var 3 value
Let's use the option "--env-file":
$ docker run --rm --env-file env-file-1 ubuntu:latest /bin/bash -c "env | grep my_env_var_" my_env_var_1=my env var 1 value my_env_var_2=my env var 2 value my_env_var_3=my env var 3 value

The "docker run" command has two options that allow you to set labels for your containers:
-l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels
Let's try the option "-l" ("--label"):
$ docker run --rm -d --label my_label_1="my label 1 value" --label my_label_2="my label 2 value" nginx:latest 9da697d8336291e8afb968224ff9402bf2d1dfc904275c7c392e44d8c1155e6b
Let's check the labels:
$ docker inspect b0411f9636 --format '{{json .Config.Labels }}' | jq { "my_label_1": "my label 1 value", "my_label_2": "my label 2 value" }
The two labels were set properly. We can use them to filter containers:
$ docker container ls -a --filter label="my_label_1=my label 1 value" CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b0411f9636d8 nginx:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 80/tcp modest_ishizaka
In some cases, setting labels using the option "--label" can be cumbersome especially if we want to set many of them. Optionally, you can group all the labels in a property file and use the option "--label-file" to pass the file to "docker run" command.

Let's create a property file:
$ vi label-file-1 my_label_1=my label 1 value my_label_2=my label 2 value my_label_3=my label 3 value
Let's use the option "--env-file":
$ docker run --rm -d --label-file label-file-1 nginx:latest cc5164ddc8993f3d383e00345195dc495d72479271752bf812f11024208cc109
Let's check the labels:
$ docker inspect cc5164ddc --format '{{json .Config.Labels }}' | jq { "my_label_1": "my label 1 value", "my_label_2": "my label 2 value", "my_label_3": "my label 3 value" }

When you run a container, it gets automatically the /etc/hostname file initialized with its ID:
$ docker run --rm ubuntu:latest /bin/bash -c "cat /etc/hostname" 20f335d7ac41
To assign a specific host name to the container, we can use the option -h (--hostname) with the command docker run:
$ docker run --rm --hostname ubuntu-latest ubuntu:latest /bin/bash -c "cat /etc/hostname" ubuntu-latest

The "docker run" command has two options that allow you to mount local files and directories into your containers:
-v, --volume list Bind mount a volume --mount mount Attach a filesystem mount to the container
Let's bind mount a directory and a file using the -v (--volume) option:
$ touch ./dockerhostfile.txt $ sudo chown root:root ./dockerhostfile.txt $ docker run --rm \ --volume /usr/local/bin:/tmp/ulb:ro \ --volume ./dockerhostfile.txt:/tmp/containerfile.txt \ ubuntu:latest \ /bin/bash -c "ls -1 /tmp/ulb | wc -l; echo 'test' > /tmp/containerfile.txt"
Note that:
- We are mounting a directory (/usr/local/bin) and a file (./dockerhostfile.txt) from the Docker host into the container.
- The files/directories from the source (docker host) and the target (container) are separated by the colon character (:).
- The ro flag indicates that the source directory is mounted using the read-only mode (otherwise mounted read-write by default: rw).
- The source file (docker host) needs to be created in advance (otherwise it will be mounted as a directory).
- The user that run the container (in this example root) should have write access if needed.
- If the directories don't exist, they will be automatically created if no permission issues.
- The created directories will be owned by the user that run the container.

Let's do the same with the --mount option:
$ docker run --rm \ --mount type=bind,source=/usr/local/bin,target=/tmp/ulb,readonly \ --mount type=bind,source=./dockerhostfile.txt,target=/tmp/containerfile.txt \ ubuntu:latest \ /bin/bash -c "ls -1 /tmp/ulb | wc -l; echo 'test' > /tmp/containerfile.txt"
The same notes discussed above apply to the --mount option, with the following exceptions:
- The files/directories from the source (docker host) and the target (container) are separated by the comma character (,).
- To indicate a read only mount, we need to use the flag readonly (otherwise mounted read-write by default).
- The flag source is used for the source file/directory in the Docker host.
- The flag target is used for the target file/directory in the container.

The command "docker run" provides the option --tmpfs to mount a temporary filesystem.
The data of a tmpfs filesystem is stored in RAM and lost when the container is stopped.

Let's check the default "/tmp" folder:
$ docker run --rm ubuntu:latest /bin/bash -c "df -h /tmp" Filesystem Size Used Avail Use% Mounted on overlay 507G 5.3G 451G 1% /
By default the /tmp folder is mounted as the root filesystem. This can be an issue if the container's root filesystem is mounted read only (option --read-only).

Let's use the the option --tmpfs:
$ docker run --rm --tmpfs /tmp ubuntu:latest /bin/bash -c "df -h /tmp" Filesystem Size Used Avail Use% Mounted on tmpfs 7.8G 0 7.8G 0% /tmp
We can use the --mount option to mount a tmpfs filesystem and set it size:
$ docker run --rm --mount type=tmpfs,destination=/tmp,tmpfs-size=1G ubuntu:latest /bin/bash -c "df -h /tmp" Filesystem Size Used Avail Use% Mounted on tmpfs 1.0G 0 1.0G 0% /tmp