Dockerfile Optimizer
Optimize Docker images for size, speed, and security.
Quick Start
Analyze current Dockerfile:
docker build -t myapp . docker images myapp
Note the size, then optimize
Instructions
Step 1: Analyze Current Dockerfile
Review for optimization opportunities:
-
Base image choice
-
Layer structure
-
Build dependencies
-
Caching strategy
-
Security practices
Step 2: Optimize Base Image
Choose minimal base:
Before: Large base
FROM ubuntu:22.04 # ~77MB
After: Minimal base
FROM alpine:3.18 # ~7MB
or
FROM node:18-alpine # ~170MB vs node:18 ~990MB
Use specific tags:
Bad: Unpredictable
FROM node:latest
Good: Specific version
FROM node:18.17-alpine3.18
Step 3: Implement Multi-Stage Builds
For compiled languages:
Before: Single stage
FROM golang:1.21 WORKDIR /app COPY . . RUN go build -o app CMD ["./app"]
Result: ~800MB
After: Multi-stage
FROM golang:1.21-alpine AS builder WORKDIR /app COPY . . RUN go build -o app
FROM alpine:3.18 COPY --from=builder /app/app /app CMD ["/app"]
Result: ~15MB
Step 4: Optimize Layer Caching
Order by change frequency:
Bad: Code changes invalidate all layers
FROM node:18-alpine COPY . . RUN npm install CMD ["node", "server.js"]
Good: Dependencies cached separately
FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . CMD ["node", "server.js"]
Step 5: Combine and Minimize Layers
Reduce layer count:
Before: Multiple layers
RUN apt-get update RUN apt-get install -y curl RUN apt-get install -y git RUN apt-get clean
After: Single layer
RUN apt-get update &&
apt-get install -y curl git &&
apt-get clean &&
rm -rf /var/lib/apt/lists/*
Step 6: Use .dockerignore
Create .dockerignore :
node_modules npm-debug.log .git .gitignore README.md .env .DS_Store *.md .vscode .idea dist build coverage
Step 7: Remove Build Dependencies
Clean up after install:
Python example
RUN pip install --no-cache-dir -r requirements.txt
Node example
RUN npm ci --only=production && npm cache clean --force
Alpine example
RUN apk add --no-cache curl &&
apk del build-dependencies
Step 8: Add Security Improvements
Run as non-root:
Create user
RUN addgroup -g 1001 -S appuser &&
adduser -u 1001 -S appuser -G appuser
Switch to user
USER appuser
Or use existing user
USER nobody
Step 9: Verify Optimization
Check image size:
docker images myapp docker history myapp
Analyze layers:
docker history myapp --no-trunc
Use dive tool:
dive myapp
Optimization Patterns
Node.js Optimization:
FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production
FROM node:18-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY . . USER node EXPOSE 3000 CMD ["node", "server.js"]
Python Optimization:
FROM python:3.11-slim AS builder WORKDIR /app COPY requirements.txt . RUN pip install --user --no-cache-dir -r requirements.txt
FROM python:3.11-slim WORKDIR /app COPY --from=builder /root/.local /root/.local COPY . . ENV PATH=/root/.local/bin:$PATH USER nobody CMD ["python", "app.py"]
Go Optimization:
FROM golang:1.21-alpine AS builder WORKDIR /app COPY go.* ./ RUN go mod download COPY . . RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
FROM scratch COPY --from=builder /app/app /app COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ EXPOSE 8080 CMD ["/app"]
Common Issues
Issue: Large image size
-
Use alpine or slim base images
-
Implement multi-stage builds
-
Remove build dependencies
-
Use .dockerignore
Issue: Slow builds
-
Optimize layer caching
-
Order commands by change frequency
-
Use build cache mounts
-
Parallelize where possible
Issue: Security vulnerabilities
-
Use minimal base images
-
Keep images updated
-
Run as non-root
-
Scan with security tools
Issue: Build cache not working
-
Check command order
-
Avoid COPY . . early
-
Use specific COPY commands
-
Check .dockerignore
Advanced
For detailed information, see:
-
Multi-Stage Builds - Advanced multi-stage patterns
-
Layer Caching - Caching strategies and optimization
-
Base Images - Base image selection guide