💾 Archived View for carnage.edvinbasil.com › knowledge › unix › Docker › index.md captured on 2020-11-07 at 00:34:24. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
- try to use a smaller base image for prod. usually alpine is a a good choice
unless you have distro specific features that you need
- Specify the version tags for the image explicitly.
eg `nginx:1.4-alipne3.1`
- use a non-root user for most tasks especially the execution process
- use multi stage builds to reduce the size of the final image. eg:
# ----- Initial stage with build dependencies ------ FROM node:12.10.4-alpine3.2 AS builder # Specify ENV vars here # Specify WORKDIR here if needed # do the required COPY here # RUN pre-exec scripts here # ... do build steps here # specifying a seperate user here is not really necessary for multistage # containers since they dont really affect the final runtime # --------------- NEXT STAGE----------------- FROM alipne:3.2 as runtime USER 1000 # Specify all the above (workdir, envs, etc here) WORKDIR /app # copy over any non-dependent files/static assets here COPY static/ static/ # copy files over from seperate stage COPY --from=builder /app/build/mybin /app/mybin # expose the required port here EXPOSE 8888 # Specify the final runtime command CMD [ "/app/mybin" ]