π³ Docker Image Optimization Guide β The Ultimate Cheat Sheet π
Optimize your Docker images for faster builds, smaller size, better caching, and production readiness. Letβs go!
𧱠1. Use a Small & Specific Base Image π₯
β Do This:
# Use lightweight Alpine variant FROM node:20-alpine β Avoid This:
# Heavy image β more layers, longer build times FROM ubuntu π Why?
- Smaller base = smaller image.
- Alpine images are ~5MB vs Ubuntuβs ~100MB.
- Smaller size = faster download, upload, deploy.
πͺ 2. Order Instructions for Layer Caching π
β Do This:
# Caches `npm install` unless package.json changes COPY package*.json ./ RUN npm install # Copy rest of the source after deps are installed COPY . . β Avoid This:
COPY . . # π invalidates cache if any file changes RUN npm install π Why?
Docker caches layers. Changing a later step invalidates all subsequent layers. Put stable steps early for faster rebuilds.
π§Ή 3. Remove Unnecessary Files with .dockerignore π«
β
Example .dockerignore:
node_modules Dockerfile .dockerignore .git npm-debug.log π Why?
It prevents Docker from copying unnecessary files into the build context. Less context = faster build and smaller image.
ποΈ 4. Use Multi-Stage Builds π§ͺ
β Example:
# Stage 1: Builder FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm install COPY . . # Stage 2: Runtime FROM node:20-alpine WORKDIR /app COPY --from=builder /app . EXPOSE 8000 CMD ["npm", "start"] π Why?
- Separate build dependencies from runtime.
- Final image contains only whatβs needed to run the app.
- Reduces image size by up to 70%.
π§Ό 5. Remove Unused Dependencies π§Ή
β
Use --production for Node.js:
RUN npm ci --only=production OR
npm prune --production π Why?
Avoid bundling dev tools and test libraries into your production image.
π¦ 6. Combine RUN Commands π
β Do This:
RUN apk add --no-cache bash curl && \ rm -rf /var/cache/apk/* β Donβt Do:
RUN apk add bash RUN apk add curl π Why?
Each RUN creates a layer. Combining reduces total layers = smaller image size.
π 7. Use --no-cache for Package Managers π₯
β Alpine:
RUN apk add --no-cache curl β APT (Debian/Ubuntu):
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* π Why?
Avoids unnecessary cache files and reduces image size.
π 8. Avoid Root User (Security Best Practice) π
# Create a non-root user RUN addgroup -S appgroup && adduser -S appuser -G appgroup USER appuser π Why?
Running as root inside containers is risky. Use non-root users for security.
πͺ 9. Clean Up Temporary Files π§Ό
RUN npm install && \ npm cache clean --force π Why?
Removes package cache after install to reduce bloat.
πͺ 10. Use Specific Tags (Not latest) π―
FROM node:20.11.1-alpine π Why?
Using latest can break builds if the base image updates and introduces changes. Always pin versions for reliability.
π 11. Scan for Vulnerabilities π§¬
docker scan my-node-app Or use:
- Docker Scout
- Trivy (Aqua Security)
- Snyk
π§ͺ 12. Analyze Image Size and Layers π
docker image inspect my-node-app docker history my-node-app Or use tools like:
- Dive:
dive my-node-app - DockerSlim:
docker-slim build my-node-app
π§ Final Pro Tips π‘
| Tip | Benefit |
|---|---|
Use npm ci instead of npm install | Faster and more reliable |
Group COPY steps wisely | Better cache usage |
Avoid adding .env or secrets | Security risk |
Label images (LABEL maintainer=...) | Better documentation |
Run production builds with NODE_ENV=production | Removes dev dependencies |
π Sample Optimized Dockerfile for Node.js App
# π· Stage 1: Build FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . # β¨ Stage 2: Runtime FROM node:20-alpine WORKDIR /app COPY --from=builder /app . ENV NODE_ENV=production RUN npm prune --production EXPOSE 8000 CMD ["npm", "start"] 
Top comments (0)