Writing dockerfiles

  • try to use a smaller base image for prod. usually alpine is a a good choice unless you have distro specific features that you need
  • Specify the version tags for the image explicitly. eg nginx:1.4-alipne3.1
  • use a non-root user for most tasks especially the execution process
  • use multi stage builds to reduce the size of the final image. eg:
# ----- Initial stage with build dependencies ------

FROM node:12.10.4-alpine3.2 AS builder

# Specify ENV vars here
# Specify WORKDIR here if needed
# do the required COPY here
# RUN pre-exec scripts here

# ... do build steps here
# specifying a seperate user here is not really necessary for multistage
# containers since they dont really affect the final runtime

# --------------- NEXT STAGE-----------------

FROM alipne:3.2 as runtime

USER 1000 

# Specify all the above (workdir, envs, etc here)

# copy over any non-dependent files/static assets here
COPY static/ static/
# copy files over from seperate stage
COPY --from=builder /app/build/mybin /app/mybin

# expose the required port here

# Specify the final runtime command
CMD [ "/app/mybin" ]