Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

      July 9, 2025

      10 Reasons to Choose Full-Stack Techies for Your Next React.js Development Project

      July 9, 2025

      Anthropic proposes transparency framework for frontier AI development

      July 8, 2025

      Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

      July 8, 2025

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025

      You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

      July 9, 2025

      Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

      July 9, 2025

      It doesn’t matter how many laptops I review or how great the deals are — this is the one I keep coming back to over and over again

      July 9, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Leading Experts in Meme Coin Development – Beleaf Technologies

      July 9, 2025
      Recent

      Leading Experts in Meme Coin Development – Beleaf Technologies

      July 9, 2025

      Redefining Quality Engineering – Tricentis India Partner Event

      July 9, 2025

      Enhancing JSON Responses with Laravel Model Appends

      July 9, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025
      Recent

      Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

      July 9, 2025

      You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

      July 9, 2025

      Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

      July 9, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Operating Systems»Linux»How to Optimize Dockerfile for a Lean, Secure Production

    How to Optimize Dockerfile for a Lean, Secure Production

    April 3, 2025

    Hi friends! If you’re using Docker, you know it’s like a magic box for your app—it runs the same everywhere, from your laptop to a big server. But the file that makes this box, the Dockerfile, needs some care. If it’s not done right, your app can become slow, heavy, or even unsafe when real users start using it in production. Don’t worry, I’ll show you how to make it small, fast, and secure in simple steps. Plus, I’ll give an example you can try!

    Why Bother Optimizing?

    In production, your app should be quick to start, use less space, and stay safe from hackers. A bad Dockerfile can make your container fat with extra files or risky to run. Let’s fix that, step by step, in a way anyone can understand.

    1. Pick a Small Base Image

    Every Dockerfile starts with a base image—like the foundation of a house. Big images like Ubuntu have too much stuff we don’t need. Instead, use something small like Alpine Linux. It’s tiny but does the job well.
    General Uses:

    
    FROM ubuntu:latest
    
    

    Better Option:

    
    FROM alpine:latest
    
    

    Alpine is just 5 MB—Ubuntu is over 100 MB! Smaller means faster and safer.

    2. Use Multi-Stage Builds to Cut Junk

    When you build an app, you need tools—like a carpenter needs a hammer. But once the app is ready, you don’t need those tools running it. Multi-stage builds let you use tools in one step, then throw them away for the final container. This keeps it light.

    For example, with a Node.js app, you build it first, then copy only the final files to a small image. No extra baggage!

    3. Don’t Run as Root

    By default, Docker runs as “root”—like giving full keys to your house. If a hacker gets in, they control everything. Better to use a normal user. It’s like locking extra doors for safety. Here’s how you can do it:

    • Create a User: Add a new user in your Dockerfile with a command like RUN adduser -D myuser. The -D means no password, so it’s simple.
    • Switch to That User: Use USER myuser before your app runs. This tells Docker to stop using root and use your new user instead.
    • Fix File Permissions: If your app needs to read or write files, make sure your user owns them. Add RUN chown -R myuser /app after copying files.
    • Test It: Build and run your container, then check with docker exec -it [container_name] whoami. It should say “myuser,” not “root.”

    Doing this keeps your app safer—like not leaving your house keys under the mat!

    4. Speed Up Builds with Smart Order

    Docker builds in layers. If you put things that change a lot—like your code—at the end, it reuses earlier steps and saves time. So, install dependencies first, then copy your app code.

    5. Fix Versions for No Surprises

    If you write FROM node:latest, the image might update and break your app later. Use a fixed version like node:18-alpine. It’s like sticking to one recipe—no sudden changes!

    Example: Optimizing a Node.js App

    Let’s take a simple Node.js app with two files: package.json (for dependencies) and index.js (the app). Here’s a basic Dockerfile:

    
    FROM node:latest
    COPY . /app
    WORKDIR /app
    RUN npm install
    CMD ["node", "index.js"]
    
    

    Problems? It’s big, keeps extra tools, runs as root, and copies everything—even useless files.
    Now, here’s the optimized version:

    
    # Step 1: Build the app
    FROM node:18-alpine AS builder
    WORKDIR /app
    COPY package.json .
    RUN npm install
    COPY index.js .
    
    # Step 2: Create the production image
    FROM node:18-alpine
    WORKDIR /app
    
    # Create a non-root user
    RUN adduser -D myuser
    
    # Copy files from builder stage
    COPY --from=builder /app/node_modules ./node_modules
    COPY --from=builder /app/index.js .
    
    # Fix permissions for the new user
    RUN chown -R myuser /app
    
    # Switch to the non-root user
    USER myuser
    
    # Run the app
    CMD ["node", "index.js"]
    
    

    What’s good here?

    • Uses node:18-alpine—small and fixed image version.
    • Multi-stage build keeps only the app, no unnecessary tools.
    • Installs dependencies first for faster builds.
    • Runs as myuser, not root—safer!

    Extra Tips for Production

    1. Check Health: Add this to see if your app is alive:
      
      HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
      
      

      (Change the URL to your app’s.)

    2. Scan It: Use docker scan to find security holes.
    3. Hide Secrets: Don’t write passwords here—use environment variables.

    You can also use tools like Trivy – recommended by the DevSecOps. To know more about it visit: https://tecadmin.net/getting-started-with-trivy/

    Wrapping Up

    A good Dockerfile makes your app fast, light, and safe. Use small images, cut extra stuff, avoid root, and keep things predictable. Your production server—and your users—will love it. Have questions? Let me know, I’m happy to help!

    The post How to Optimize Dockerfile for a Lean, Secure Production appeared first on TecAdmin.

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleMozilla Thunderbird Pro: un client email open source che evolve in una piattaforma completa
    Next Article shotgun is a minimal screenshot utility for X11

    Related Posts

    News & Updates

    Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

    July 9, 2025
    News & Updates

    You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

    July 9, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Rilasciato Auto-cpufreq 2.6: Ottimizzazione avanzata della CPU su GNU/Linux

    Linux

    Prepare for Contact Center Week with Colleen Eager

    Development

    CVE-2025-49253 – ThemBay Lasa PHP Remote File Inclusion Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-32307 – LambertGroup Chameleon HTML5 Audio Player SQL Injection

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    CVE-2023-44755 – Sacco Management System SQL Injection

    April 22, 2025

    CVE ID : CVE-2023-44755

    Published : April 22, 2025, 6:15 p.m. | 31 minutes ago

    Description : Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Brisa v0.2.10 release

    April 5, 2025

    ChatGPT’s new image generator is insanely good at faking receipts — but OpenAI isn’t losing any sleep over it

    April 3, 2025
    7 features in Windows 11 I wish were enabled by default

    7 features in Windows 11 I wish were enabled by default

    April 9, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.