ENTRYPOINT is one of Docker’s most important configuration options. It’s found in the Dockerfile and allows you to dictate the container’s default behavior. This capability makes ENTRYPOINT extremely helpful for automating the behavior of containers at runtime.

This article thoroughly explores the use of ENTRYPOINT in Docker, including how it works, why it’s essential, and how to configure it correctly.

Docker ENTRYPOINT Explained

ENTRYPOINT serves as the starting point for a Docker container’s runtime process. When you create a Docker image and instantiate it as a container, the ENTRYPOINT command executes by default.

ENTRYPOINT lets you set the container’s primary purpose, like running a web server, database, or application. It also allows you to pass arguments at runtime to customize the container’s behavior.

Syntax and Usage of ENTRYPOINT

The two syntax options for defining ENTRYPOINT in a Dockerfile are shell form and exec form. Both approaches involve inserting a line into the Dockerfile. As ENTRYPOINT configuration doesn’t directly affect the build process, you can place it anywhere in the file. However, most programmers tend to put the ENTRYPOINT command toward the end.

Shell Form Syntax

When ENTRYPOINT runs using shell form, it invokes a command shell for processing. This method includes environment variable substitutions but blocks the ability to append arguments in exec form:

ENTRYPOINT command param1 param2

Here, command is the primary command that executes when the container starts. param1 and param2 are arguments to the command.

Exec Form Syntax

Exec form doesn’t invoke a command shell. Instead, it executes the specified command and parameters directly. This method allows you to append arguments via CMD or the runtime command line:

ENTRYPOINT ["executable", "param1", "param2"]

Here, executable is the primary command, and param1 and param2 are arguments to the executable.


Let’s assemble a simple ENTRYPOINT command for a Dockerfile to see how it works. You can’t test it without starting your container because its instruction processes at runtime, not at build time.

Here’s an example using exec form:

ENTRYPOINT ["python", "app.py"]

When this container starts, it launches a Python interpreter and executes the app.py script to act as your container’s default behavior.

To repeat this example with shell form, you need to make a slight change:

ENTRYPOINT python app.py

This example starts the Python interpreter from a shell command instead of running it directly.


CMD is a Dockerfile instruction that provides the default arguments for an executing container. These can take the form of an executable command or serve as additional parameters for the ENTRYPOINT instruction. When starting a container, you can override these parameters by providing arguments to the docker run command.

Like ENTRYPOINT, you can write CMD in either exec or shell form. The key difference is that CMD sets default commands or parameters you can override from the command line. Meanwhile, ENTRYPOINT configures containers to run as executables, meaning you can’t override the command from the command line.

You can use CMD to extend ENTRYPOINT’s functionality to give your image greater flexibility. Combining the two allows you to customize your image’s behavior, with the CMD values acting as default arguments for the ENTRYPOINT instruction. This method lets you set a default command via ENTRYPOINT and default arguments via CMD.

Unlike using ENTRYPOINT alone, this approach lets you override parameters passed during the docker run command.

To make the above example more flexible, you can include a CMD command:

ENTRYPOINT ["python", "app.py"]
CMD ["--help"]

In this example, starting a Docker container without providing any command line arguments means python app.py --help will execute by default. However, providing arguments when starting the container (such as docker run <image> --version) will replace the default CMD arguments, resulting in python app.py --version. This approach gives you greater flexibility when running your containers.

Use Cases for ENTRYPOINT in Docker

The most common use for ENTRYPOINT is to set up images for specific applications or services. For example, if you create an image to run a Python application, you can use ENTRYPOINT to specify that the Python interpreter should run.

You can also use ENTRYPOINT when building Docker images for Continuous Integration and Continuous Deployment (CI/CD) pipelines. You can use these images to encapsulate the environment needed for each stage to ensure consistency. For example, you can create a Docker image with the ENTRYPOINT set to a testing script. This image executes these tests automatically whenever it runs to provide a consistent, repeatable testing environment.

ENTRYPOINT is also useful for debugging containerized applications. By starting a shell session with ENTRYPOINT, you can interact with the application environment inside the container. These interactions include executing commands, exploring files, and inspecting the application’s state. Once you’ve resolved the issue, you can rebuild the Docker image with the appropriate ENTRYPOINT to run the application.

How To Override ENTRYPOINT

It’s possible to override the ENTRYPOINT of a Docker image at runtime for extra flexibility. You can do this by providing a command after the image name in the docker run command.

For example, if your image has a Python script as its ENTRYPOINT, but you want to open a shell inside the container instead, you can run the following:

docker run --entrypoint <image> “/bin/bash”

This script overrides the application’s default ENTRYPOINT and starts a bash shell.

Similarly, to run a different Python script, you can provide that script as the command. This tactic gives you the flexibility to run your container with a different parameter than those originally depicted in your Dockerfile’s ENTRYPOINT.

Best Practices for Using ENTRYPOINT in Docker

Because ENTRYPOINT is such a crucial command for Docker, it’s important to follow these best practices to maximize its use.

Keep Containers Focused on a Single Responsibility

ENTRYPOINT specifies your Docker container’s responsibilities. Like microservices, each container should focus on a single responsibility, service, or part of an application. This approach increases your application’s modularity and scalability, making it easier to develop, test, and maintain.

Ensure ENTRYPOINT Scripts Are Executable and Properly Formatted

Making the ENTRYPOINT scripts executable and properly formatted can prevent issues like syntax and permission errors.

To ensure that the ENTRYPOINT scripts are executable, you can use the following RUN chmod +x instruction:

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

This example copies the entrypoint.sh script into the container and uses the RUN chmod +x instruction to make it executable. It then defines the ENTRYPOINT to use the entrypoint.sh script.

You can also use a linter like ShellCheck to check the syntax and style of the scripts to ensure proper formatting.

Avoid Hard-Coding Values in ENTRYPOINT Scripts

Using environment variables or command-line arguments instead of hard-coding can make your scripts more flexible. It also lets you configure the file path from outside the container.

For example, instead of hard-coding a file path in the ENTRYPOINT script like this:

echo "Starting my application..."
./my-app -f /path/to/my/file.txt

You can use a variable like this:

echo "Starting my application..."
./my-app -f "${MY_FILE}"

Using variables gives your image greater customizability on the fly, allowing you to do more without rewriting your Dockerfile.

Docker and Kinsta Work Together

Kinsta offers a powerful, flexible platform for deploying web applications using Docker. It helps you build and deploy custom Docker images for greater control and flexibility over your hosting environment.

Whether you’re building a custom hosting environment or scaling your application to handle more traffic, Kinsta provides the tools and support you need to succeed.


ENTRYPOINT is an essential tool for configuring Docker containers. It sets the default command that executes when a container starts from an image, defining its primary function. You can use ENTRYPOINT to run specific applications, help in CI/CD pipelines, or combine with CMD for more flexible container behavior.

Docker is currently the most popular developer tool, making it critical for diverse containerized deployments. To learn more about Docker, browse Kinsta’s articles and check out Kinsta for hosting your containerized applications.

Kinsta makes your development workflow easier and more efficient. Features such as containerized apps on GCP infrastructure running on C2 machines with 37 data centers available, premium integration with Cloudflare for a high-performance CDN that serves your site from 260+ Points of Presence (PoPs), enterprise-level firewall DDoS protection, Edge Caching, and uptime monitoring (with 99% uptime guarantee), ensure your app runs fast, secure, and is reliably available to the internet.

Marcia Ramos Kinsta

I'm the Editorial Team Lead at Kinsta. I'm a open source enthusiast and I love coding. With more than 7 years of technical writing and editing for the tech industry, I love collaborating with people to create clear and concise pieces of content and improve workflows.