How to Debug Docker Containers Like a PRO

Docker containers are the backbone of modern self-hosting and homelab infrastructure. They package applications cleanly, but when something goes wrong, debugging a container can feel like working in the dark. Whether you are dealing with a crashed service, a misconfigured environment variable, or a container that refuses to start, knowing the right debugging commands makes all the difference.

This guide covers the essential Docker CLI tools and techniques that experienced operators use to debug containers in production and homelab environments. All commands referenced here are drawn from official Docker documentation and widely accepted best practices.

Prerequisites

Before diving into debugging, ensure you have the following in place:

Docker Engine installed and running on your system

CLI access to the Docker host (via SSH or direct terminal)

Basic familiarity with the docker command-line interface

Container images you have permission to inspect and modify

Verifying that Docker is responsive is your first sanity check. Run:

bash

docker version

If this returns version information for both the client and server, your Docker daemon is running and reachable.

The Debugging Workflow

A structured debugging workflow saves time and reduces guesswork. Follow these steps in order:

1. List All Containers

Start by identifying the state of all containers on your host. A container may have exited without you noticing.

bash

docker container ls --all

This command shows every container on the system, including stopped and exited ones. The STATUS column tells you whether a container is running, how long it has been up, or why it exited. Pay close attention to exit codes and time stamps.

2. Inspect Container Logs

The first place to look when a container behaves unexpectedly is its logs. Docker captures standard output and standard error from the container's main process.

bash

docker logs container-name

To stream logs in real time, add the --follow flag:

bash

docker logs -f --tail 100 container-name

This command shows the last 100 log lines and continues streaming new output. You can also filter logs by time:

bash

docker logs --since 30m container-name

This shows only logs generated in the last 30 minutes, which is useful when investigating recent failures.

Note: The docker logs command batch-retrieves logs present at the time of execution. Use --follow to keep the stream open for real-time monitoring.

3. Inspect Container Configuration

Sometimes the issue is not in the application code but in the container's configuration. The docker inspect command provides detailed metadata about a container in JSON format.

bash

docker inspect container-name

This outputs a wealth of information including:

Mount points and volume bindings

Environment variables passed to the container

Network settings (IP address, ports, network mode)

Restart policy and exit codes

Resource limits (CPU, memory)

To extract a specific value, use the --format flag. For example, to check the exit code of a stopped container:

bash

docker inspect --format '{{.State.ExitCode}}' container-name

Common exit codes to watch for:

0 — Success

1 — Application error

125 — Docker daemon error

126 — Command cannot be invoked

127 — Command not found

137 — Container killed (OOM or SIGKILL)

139 — Segmentation fault

143 — Graceful termination (SIGTERM)

To check the health status of a container (if a health check is defined):

bash

docker inspect --format='{{.State.Health.Status}}' container-name

4. Execute Commands Inside a Running Container

When logs and configuration inspection are not enough, you need to go inside the container. The docker exec command runs a process inside an already running container.

bash

docker exec -it container-name bash

If the container does not have bash installed, try sh instead:

bash

docker exec -it container-name sh

Once inside, you can inspect the filesystem, check running processes, test network connectivity, and verify environment variables. For environments with limited tools, you can often install debugging utilities temporarily using the container's package manager.

If the container is not running, you cannot use docker exec. In that case, you have two options:

Run a new container from the same image with an interactive shell:

bash

docker run --rm -it --name debug-container IMAGE bash

Use Docker Debug if available (see section below).

5. Monitor Resource Usage with docker stats

Performance issues often masquerade as application bugs. Use docker stats to view real-time CPU, memory, network I/O, and block I/O for one or more containers.

bash

docker stats container-name

To see all running containers at once:

bash

docker stats

For a single snapshot without continuous streaming:

bash

docker stats --no-stream

High memory usage or CPU spikes can indicate memory leaks, inefficient code, or insufficient resource limits.

6. View Changed Files with docker diff

If a container has been running for a while and you suspect files have been modified outside of the intended application behavior, use docker diff to compare the container's filesystem against the original image.

bash

docker diff container-name

This outputs a list of files that have been added (A), changed (C), or deleted (D) since the container was created.

7. View Running Processes with docker top

To see the processes running inside a container from the host side:

bash

docker top container-name

This shows the processes, their PIDs, and the commands that started them, which helps identify runaway processes or unexpected child processes.

Using Docker Debug (Docker Desktop Feature)

Docker Desktop includes a docker debug CLI plugin that provides a debug shell into any container or image, even if they do not contain a shell. According to the official Docker documentation, with docker debug you can:

Get a debug shell into any container or image

Modify files in any running container

Start debugging without needing to pull the image first (it happens automatically)

Example usage:

bash

docker debug container-name

This command spawns a debug shell using a dedicated debug image that includes common troubleshooting tools. It is especially useful for distroless or minimal images that lack a shell entirely.

Note: As of the latest updates, docker debug is a closed-source CLI plugin available with Docker Desktop. It is not available for standalone Docker Engine installations without Docker Desktop.

Debugging Docker Compose Stacks

If you run containers using Docker Compose, you can adapt the same commands by referencing service names.

List all services in your Compose project:

bash

docker compose ps

View logs for a specific service:

bash

docker compose logs service-name

Stream logs from all services:

bash

docker compose logs -f

Inspect the Compose configuration that Docker is actually using:

bash

docker compose config

This resolves all variables and shows the effective configuration, which is invaluable when environment variables are not being interpolated as expected.

Advanced Troubleshooting Tips

Check the Host System

Sometimes the issue is not inside the container but on the host. Check:

Disk space: docker system df shows disk usage by images, containers, volumes, and build cache

Docker events: docker events streams real-time events from the Docker daemon

System resource pressure: Use docker system prune with caution to clean up unused resources

Recreate the Container with Foreground Mode

When a container exits immediately, run the image interactively in the foreground to see the error directly:

bash

docker run -it IMAGE

This bypasses any restart policies and lets you see the startup error in real time.

Copy Files Out of a Container

If you need to examine configuration files or logs that are not streamed to stdout, use docker cp:

bash

docker cp container-name:/path/to/file /host/destination

This copies files from the container's filesystem to the host.

Troubleshooting Common Scenarios

Container Exits Immediately

1. Run docker container ls --all and note the exit code

2. Check logs with docker logs container-name

3. Run the image interactively: docker run -it IMAGE

4. Verify environment variables with docker inspect container-name

Container Runs but Service Unreachable

1. Check port mappings with docker port container-name

2. Inspect network settings: docker inspect container-name | grep IPAddress

3. Verify the container is bound to the correct network: docker network ls

4. Test connectivity from inside the container using docker exec -it container-name curl localhost:PORT

Container Consuming Too Much Memory

1. Run docker stats container-name to confirm high usage

2. Check logs for error loops that may indicate a memory leak

3. Review the container's memory limits with docker inspect container-name

4. Consider adding memory limits in your docker run command or Compose file

Best Practices for Easier Debugging

Always name your containers using --name so you do not have to reference random IDs

Use health checks in your Dockerfiles or Compose files to let Docker monitor application health

Set restart policies (always, unless-stopped) for production containers

Configure proper logging drivers to ensure logs are available when you need them

Keep images lean but consider including basic debugging tools (curl, ping, bash) in development images

Regularly clean up unused images, stopped containers, and dangling volumes with docker system prune

Conclusion

Debugging Docker containers does not have to be a guessing game. By following a structured workflow — list containers, check logs, inspect configuration, exec into the container, monitor resources, and use specialized debug tools — you can quickly identify and resolve issues in your homelab or production environment.

Master these commands and you will debug Docker containers like a PRO, reducing downtime and keeping your self-hosted services running smoothly.

bash

# Quick reference: Essential debug commands
docker container ls --all
docker logs -f --tail 100 container-name
docker inspect container-name
docker exec -it container-name bash
docker stats --no-stream
docker diff container-name
docker top container-name
docker system df

How to Debug Docker Containers Like a PRO: Essential CLI Tools and Techniques

How to Debug Docker Containers Like a PRO

Prerequisites

The Debugging Workflow

1. List All Containers

2. Inspect Container Logs

3. Inspect Container Configuration

4. Execute Commands Inside a Running Container

5. Monitor Resource Usage with docker stats

6. View Changed Files with docker diff

7. View Running Processes with docker top

Using Docker Debug (Docker Desktop Feature)

Debugging Docker Compose Stacks

Advanced Troubleshooting Tips

Check the Host System

Recreate the Container with Foreground Mode

Copy Files Out of a Container

Troubleshooting Common Scenarios

Container Exits Immediately

Container Runs but Service Unreachable

Container Consuming Too Much Memory

Best Practices for Easier Debugging

Conclusion

Related Articles

OpenClaw Agent Stuck: Root Causes and Fixes for Homelab Users

OpenClaw No Output / Empty Response Fix: A Homelab Practitioner's Guide to Debugging Silent Agent Failures

Why OpenClaw Is Not Responding: Full Fix Guide (2026)

6 Alternative CLI Tools I Immediately Install on Every Linux Machine — And Why You Should Too

More in Docker

GPU Not Used in Ollama? Full Fix Guide (NVIDIA / AMD) 2025

Best Apps to Run on TrueNAS for Your Homelab in 2025