Generates optimized Dockerfiles following Docker's official best practices for building efficient, secure, and maintainable container images.
Generates production-ready Dockerfiles following Docker's official best practices for building efficient, secure, and maintainable container images.
This skill helps you create optimized Dockerfiles by applying Docker's recommended practices including:
When the user requests a Dockerfile or asks to containerize an application:
1. **Analyze the Application**
- Identify the application type (Node.js, Python, Go, Java, etc.)
- Examine project structure and dependencies (package.json, requirements.txt, go.mod, pom.xml, etc.)
- Determine build requirements and runtime dependencies
2. **Select Base Image**
- Choose official, minimal base images (prefer alpine variants for smaller size)
- Use specific version tags, never `latest`
- Example: `node:22-alpine`, `python:3.13-alpine`, `golang:1.21-alpine`
3. **Structure the Dockerfile**
Follow this recommended order:
```dockerfile
# 1. Base image
FROM <runtime>:<version>-alpine
# 2. Working directory
WORKDIR /app
# 3. Copy dependency files first (for layer caching)
COPY package.json yarn.lock ./
# or: COPY requirements.txt ./
# or: COPY go.mod go.sum ./
# 4. Install dependencies
RUN <package-manager> install --production
# 5. Copy application source
COPY . .
# 6. Build step (if needed)
RUN <build-command>
# 7. Expose ports
EXPOSE <port>
# 8. Create non-root user
RUN adduser -D appuser
USER appuser
# 9. Define startup command
CMD ["<command>", "<args>"]
```
4. **Apply Optimization Techniques**
- **Layer Caching**: Copy dependency files before source code
- **Multi-stage Builds**: Separate build and runtime stages for compiled languages
- **Minimize Layers**: Combine RUN commands with `&&` where logical
- **Clean Up**: Remove cache and temporary files in the same RUN command
- **Use .dockerignore**: Create .dockerignore to exclude node_modules, .git, etc.
5. **Security Best Practices**
- Run as non-root user (create with `adduser` or `useradd`)
- Use `--no-cache-dir` flags when installing packages
- Scan for vulnerabilities in base images
- Don't include secrets or credentials
6. **Multi-Stage Build Example** (for compiled languages)
```dockerfile
# Build stage
FROM golang:1.21-alpine AS builder
WORKDIR /build
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -o app
# Runtime stage
FROM alpine:3.19
WORKDIR /app
COPY --from=builder /build/app .
RUN adduser -D appuser
USER appuser
EXPOSE 8080
CMD ["./app"]
```
7. **Create .dockerignore**
Always generate a .dockerignore file alongside the Dockerfile:
```
node_modules
npm-debug.log
.git
.gitignore
.env
.env.local
.DS_Store
*.md
dist
build
coverage
```
8. **Include Build and Run Instructions**
Provide commands to build and run the container:
```bash
# Build
docker build -t app-name:tag .
# Run
docker run -p 8080:8080 app-name:tag
```
**User Request**: "Create a Dockerfile for my Node.js Express app"
**Your Response**:
1. Read package.json to understand dependencies
2. Generate optimized Dockerfile with node:alpine base
3. Create .dockerignore file
4. Provide build and run commands
5. Explain key optimizations applied
**User Request**: "Optimize this Dockerfile for production"
**Your Response**:
1. Read existing Dockerfile
2. Apply multi-stage build if applicable
3. Add non-root user if missing
4. Optimize layer caching
5. Add security improvements
6. Explain changes made
Leave a review
No reviews yet. Be the first to review this skill!
# Download SKILL.md from killerskills.ai/api/skills/dockerfile-best-practices-generator/raw