Comparing Docker Stop vs. Kill: When to Use Each Command
Master Docker container management by understanding the critical differences between `docker stop` and `docker kill`. Learn when to use `SIGTERM` for graceful shutdowns, preserving data integrity, and when `SIGKILL` is necessary for immediate termination of unresponsive containers. This guide provides practical examples and best practices for choosing the right command for optimal application stability and efficient workflow.
Comparing Docker Stop vs. Kill: When to Use Each Command
When your container needs to shut down, docker stop and docker kill are not interchangeable. The difference matters most when your app writes data, holds network connections, or needs cleanup time before it exits.
Use docker stop for normal shutdowns. Use docker kill when you need an immediate signal, usually because the container ignored a graceful stop or you are testing failure behavior.
Understanding docker stop
The docker stop command asks the container's main process to exit cleanly. By default, Docker sends SIGTERM to PID 1 inside the container, waits for a grace period, and then sends SIGKILL if the process is still running.
That first signal can be changed by the image's STOPSIGNAL instruction or by the --stop-signal option used when the container is created. In most day-to-day cases, though, you can think of docker stop as "send the app a shutdown request, then force it only if it does not exit."
- Save its current state.
- Close open network connections.
- Release resources it holds.
- Complete any ongoing operations (like writing data to disk).
On Linux containers, the default wait time is commonly 10 seconds unless a different stop timeout was configured for the container. Windows containers use a longer default. You can override the wait time per command with -t or --time.
How docker stop works
- Send
SIGTERM: Docker sends aSIGTERMsignal to the primary process (PID 1) within the container. - Wait for the grace period: Docker waits for the process to exit.
- Send
SIGKILL(if necessary): If the process hasn't exited by the end of the grace period, Docker sends aSIGKILLsignal.
When to use docker stop
- Normal application shutdown: This is the preferred method for stopping applications that need to shut down cleanly, such as databases, web servers, or applications that perform critical writes.
- Development environments: For routine stops during development,
docker stopensures you don't accidentally interrupt ongoing processes. - Production environments for planned maintenance: When you need to restart a service or perform updates,
docker stopallows the application to finish its work.
Example
# Start a container named 'my-web-server'
docker run -d --name my-web-server -p 80:80 nginx
# Stop the container gracefully
docker stop my-web-server
# Verify the container is stopped
docker ps -a | grep my-web-server
If your app needs more time to flush queues or close database connections, give it a longer timeout:
docker stop --time 30 my-web-server
Understanding docker kill
The docker kill command sends a signal to the container's main process immediately. By default, that signal is SIGKILL. Unlike SIGTERM, SIGKILL cannot be caught, ignored, or handled by the process. The operating system ends the process without giving it a chance to clean up.
That means unsaved data, open connections, or in-flight writes may be cut off. A stateless test container may not care. A database, queue worker, or file-processing job probably does.
You can also use docker kill --signal to send a different signal, such as SIGHUP, but if your intent is a graceful shutdown, docker stop is usually clearer.
How docker kill works
- Send
SIGKILL: Docker sends aSIGKILLsignal directly to the primary process (PID 1) within the container. - Immediate termination: The process is terminated by the operating system.
When to use docker kill
- Unresponsive containers: When a container is stuck and
docker stophas failed to terminate it even after the grace period. - Emergency stops: In situations where you need to stop a container immediately, regardless of the consequences, such as security incidents or critical failures.
- Resilience testing: To see how your application behaves when the process disappears without cleanup.
Example
# Start a container named 'my-test-app'
docker run -d --name my-test-app ubuntu sleep infinity
# Forcefully kill the container
docker kill my-test-app
# Verify the container is stopped
docker ps -a | grep my-test-app
Key Differences Summarized
| Feature | docker stop |
docker kill |
|---|---|---|
| Signal Sent | Usually SIGTERM, then SIGKILL if the timeout expires |
SIGKILL by default |
| Termination | Graceful, allows cleanup | Immediate, forceful, no cleanup |
| Data Integrity | Generally preserves data integrity | Risks data corruption or inconsistent state |
| Use Case | Normal shutdown, planned maintenance | Unresponsive containers, emergency stops |
| Grace Period | Yes | No |
Best Practices and Considerations
- Always try
docker stopfirst: For routine operations,docker stopshould be your default choice. It protects your applications and data. - Understand your application's signals: Applications can be programmed to handle
SIGTERMsignals. Ensure your application's entry point script or process manager is set up to listen for and respond toSIGTERMgracefully. - Adjust grace period for
docker stop: You can specify a custom grace period fordocker stopusing the-tor--timeflag. For example,docker stop -t 30 my-containergives the container 30 seconds to shut down. - Use
docker killas a last resort: Only resort todocker killwhendocker stopis ineffective or in critical, urgent situations. - Monitor container health: Implementing health checks in your Docker setup can help identify containers that are becoming unresponsive, allowing you to potentially address issues before they require a
docker kill. - Check PID 1 behavior: Shell wrapper scripts can swallow signals if they do not forward them to the real app process. Prefer
execin entrypoint scripts so the app receives shutdown signals directly.
Practical Takeaway
Make docker stop your normal habit, especially for anything stateful. Reach for docker kill only when the container will not respond, when speed matters more than cleanup, or when you are deliberately testing crash behavior.