Useful Dockerfile templates

Collection of Dockerfile templates for different tech stacks.

4 min read

I. What is a good Dockerfile?

A Dockerfile is a text file that contains a set of instructions to build a Docker image. It defines the environment in which your application will run, including the base image, dependencies, and configuration settings. A good Dockerfile should be efficient, maintainable, and easy to understand. Here are some best practices for writing a good Dockerfile:

Use a small base image: Start with a minimal base image to reduce the size of your final image. For example, use alpine or scratch instead of ubuntu or debian if possible.
Use multi-stage builds: If your application requires a build step, use multi-stage builds to separate the build environment from the runtime environment. This helps to keep the final image size small and reduces the attack surface.
Minimize the number of layers: Each instruction in a Dockerfile creates a new layer in the image. Combine related instructions into a single RUN command to reduce the number of layers and improve build performance.
Use .dockerignore: Create a .dockerignore file to exclude unnecessary files and directories from being copied into the image. This helps to reduce the image size and build time.
Use environment variables: Use environment variables to configure your application and avoid hardcoding values in the Dockerfile. This makes it easier to change configurations without modifying the Dockerfile.
Use explicit versioning: Specify the exact version of dependencies in your Dockerfile to ensure consistent builds. Avoid using latest tags, as they can lead to unexpected changes in your application behavior.
Use COPY instead of ADD: Use the COPY instruction to copy files into the image instead of ADD, unless you need to extract a tar file or download a remote file. COPY is more explicit and avoids unnecessary complexity.
Clean up after installation: Remove unnecessary files and dependencies after installing packages to keep the image size small. Use apt-get clean or similar commands to clean up package manager caches.
Use health checks: Add a HEALTHCHECK instruction to your Dockerfile to monitor the health of your application. This helps to ensure that your application is running correctly and can be restarted if necessary.
Document your Dockerfile: Add comments to explain the purpose of each instruction in your Dockerfile. This makes it easier for others (and yourself) to understand the build process and maintain the Dockerfile in the future.
Use a specific user: Avoid running your application as the root user inside the container. Create a non-root user and switch to that user using the USER instruction. This improves security and reduces the risk of privilege escalation attacks.
Use a specific working directory, entry point: Set a specific working directory using the WORKDIR instruction. This helps to keep your application files organized and makes it easier to run commands inside the container.

II. Templates

1. Dockerfile NodeJS

Npm

Pm2

  FROM node:18-alpine AS build
  WORKDIR /app
  COPY package*.json ./
  RUN npm ci --only=production
  COPY . .
  RUN npm run build

  FROM node:18-alpine
  WORKDIR /app
  COPY --from=build /app/node_modules ./node_modules
  COPY --from=build /app .
  ENV NODE_ENV=production
  ENV PORT=3000
  EXPOSE 3000
  CMD ["node", "server.js"]

2. Dockerfile NestJS

  FROM node:18-alpine AS build
  WORKDIR /app
  COPY package*.json ./
  RUN npm ci
  COPY . .
  RUN npm run build

  FROM node:18-alpine
  WORKDIR /app
  COPY --from=build /app/node_modules ./node_modules
  COPY --from=build /app/dist ./dist
  EXPOSE 3000
  CMD ["node", "dist/main".js"]

3. Dockerfile Express.js

  FROM node:18-alpine AS build
  WORKDIR /app
  COPY package*.json ./
  RUN npm ci
  COPY . .

  FROM node:18-alpine
  WORKDIR /app
  COPY --from=build /app/node_modules ./node_modules
  COPY --from=build /app .
  EXPOSE 3000
  CMD ["node", "index.js"]

4. Dockerfile React.js

  FROM node:18-alpine AS build
  WORKDIR /app
  COPY package*.json ./
  RUN npm ci
  COPY . .
  RUN npm run build

  FROM nginx:alpine
  COPY --from=build /app/build /usr/share/nginx/html
  COPY nginx.conf /etc/nginx/nginx.conf
  EXPOSE 3000
  CMD ["nginx", "-g", "daemon off;"]

nginx/nginx.conf

  worker_processes auto;
  error_log /var/log/nginx/error.log warn;
  pid /var/run/nginx.pid;

  events {
      worker_connections 1024;
  }

  http {
      include /etc/nginx/mime.types;
      default_type application/octet-stream;

      log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

      access_log /var/log/nginx/access.log main;

      server_tokens off;

      gzip on;
      gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

      server {
          listen 3000;  # Lắng nghe trên cổng 3000
          server_name localhost;

          root /usr/share/nginx/html;
          index index.html;

          location / {
              try_files $uri $uri/ /index.html;
          }

          location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
              expires 1y;
              add_header Cache-Control "public, no-transform";
          }

          error_page 404 /404.html;
          location = /404.html {
              internal;
          }

          error_page 500 502 503 504 /50x.html;
          location = /50x.html {
              internal;
          }

          location ~ /\.ht {
              deny all;
          }

          add_header X-Frame-Options "SAMEORIGIN";
          add_header X-Content-Type-Options "nosniff";
          add_header X-XSS-Protection "1; mode=block";
          add_header Referrer-Policy "no-referrer-when-downgrade";
          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'self';";
      }
  }

5. Dockerfile Go

  FROM golang:1.20-alpine AS build
  WORKDIR /app
  COPY go.mod go.sum ./
  RUN go mod download
  COPY . .
  RUN CGO_ENABLED=0 GOOS=linux go build -o /app/myapp

  FROM alpine:latest
  WORKDIR /app
  COPY --from=build /app/myapp /app/myapp
  EXPOSE 8080
  CMD ["/app/myapp"]

6. Dockerfile Python

Flask

Django

  FROM python:3.9-slim AS build
  WORKDIR /app
  COPY requirements.txt .
  RUN pip install --user --no-cache-dir -r requirements.txt
  COPY . .

  FROM python:3.9-slim
  WORKDIR /app
  COPY --from=build /root/.local /root/.local
  COPY --from=build /app .
  ENV PATH=/root/.local/bin:$PATH
  EXPOSE 5000
  CMD ["flask", "run", "--host=0.0.0.0"]

7. Dockerfile NetCore

  FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build
  WORKDIR /src
  COPY *.csproj .
  RUN dotnet restore
  COPY . .
  RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false

  FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS runtime
  WORKDIR /app
  COPY --from=build /app/publish .
  ENV ASPNETCORE_URLS=http://+:80
  ENV DOTNET_RUNNING_IN_CONTAINER=true
  ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

  RUN find /app -name "*.pdb" -delete && \
      find /app -name "*.xml" -delete
  EXPOSE 80
  ENTRYPOINT ["dotnet", "YourApp.dll"]

Tags:
devops
docker

Apr 08, 2025

Docker commands essentials

Setup Docker on Window

📑 On This Page

🍃 Related posts

Want to update?

Subscribe to my blog to receive the latest updates from us.

Monthly articles

New articles will be created every month.

No spam

All notification in other notify to you, not spam or advertising.