Docker Containerization Patterns

Build efficient, secure Docker images using modern patterns.

Multi-Stage Builds

Always use multi-stage builds to minimize image size:

Build stage

FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production

Production stage

FROM node:20-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY . . USER node CMD ["node", "server.js"]

Security Best Practices

• Never run as root - use USER directive

• Use specific version tags, not latest

• Scan images with docker scout or Trivy

• Use .dockerignore to exclude sensitive files

Health Checks

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3
CMD curl -f http://localhost:3000/health || exit 1

Compose Patterns

services: app: build: context: . target: production environment: - NODE_ENV=production deploy: resources: limits: memory: 512M