Build and deploy Docker containers for Node.js applications. Use when containerizing applications, optimizing Docker builds, or configuring container security.
Build secure, optimized Docker containers for Node.js applications.
| Principle | Description |
|---|---|
| Minimal Images | Use slim base images, multi-stage builds |
| Non-root User | Never run as root in production |
| Layer Caching | Order Dockerfile for optimal caching |
| Security First | No secrets in images, scan for vulnerabilities |
| Reproducible | Pin versions, use lock files |
project/
├── Dockerfile # Production image
├── Dockerfile.dev # Development with hot reload
├── docker-compose.yml # Multi-container orchestration
├── docker-compose.dev.yml # Development overrides
├── .dockerignore # Files to exclude from build
└── .env.example # Environment variable template
# syntax=docker/dockerfile:1
# Stage 1: Dependencies
FROM node:20-slim AS deps
WORKDIR /app
# Install dependencies only (cached unless package files change)
COPY package.json package-lock.json ./
RUN npm ci --only=production
# Stage 2: Build
FROM node:20-slim AS build
WORKDIR /app
# Install all dependencies including devDependencies
COPY package.json package-lock.json ./
RUN npm ci
# Copy source and build
COPY . .
RUN npm run build
# Stage 3: Production
FROM node:20-slim AS production
WORKDIR /app
# Create non-root user
RUN groupadd --gid 1001 nodejs && \
useradd --uid 1001 --gid nodejs --shell /bin/bash --create-home nodejs
# Copy production dependencies from deps stage
COPY --from=deps --chown=nodejs:nodejs /app/node_modules ./node_modules
# Copy built application from build stage
COPY --from=build --chown=nodejs:nodejs /app/dist ./dist
COPY --from=build --chown=nodejs:nodejs /app/package.json ./
# Set environment
ENV NODE_ENV=production
ENV PORT=3000
# Switch to non-root user
USER nodejs
# Expose port
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"
# Start application
CMD ["node", "dist/server.js"]
# syntax=docker/dockerfile:1
# Stage 1: Build
FROM node:20-slim AS build
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
RUN npm run build
# Stage 2: Serve
FROM nginx:alpine AS production
# Copy custom nginx config
COPY nginx.conf /etc/nginx/nginx.conf
# Copy built static files
COPY --from=build /app/dist /usr/share/nginx/html
# Create non-root user for nginx
RUN chown -R nginx:nginx /usr/share/nginx/html && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid
USER nginx
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=3s \
CMD wget --quiet --tries=1 --spider http://localhost:8080/health || exit 1
CMD ["nginx", "-g", "daemon off;"]
# Dockerfile.dev
FROM node:20-slim
WORKDIR /app
# Install dependencies (will be mounted over in dev)
COPY package.json package-lock.json ./
RUN npm install
# Copy source (will be mounted over in dev)
COPY . .
ENV NODE_ENV=development
EXPOSE 3000
# Use nodemon for hot reload
CMD ["npx", "nodemon", "--watch", "src", "src/server.js"]
# docker-compose.yml