Skip to content

juan131/dockerfile-best-practices

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

Best Practices writing a Dockerfile

Use non-root approach to enforce the container security!

Main changes

Change the default user from root to nonroot (this user should belong to the root group to be compatible with arbitrary UIDs):

...
EXPOSE 80
  RUN useradd -r -u 1001 -g root nonroot
  USER nonroot
CMD ["node", "/app/server.js"]
...

Adapt the container to use alternative port such as 8080:

  • Dockerfile:
...
COPY --from=builder /tiller-proxy /proxy
- EXPOSE 80
  EXPOSE 8080
USER nonroot
...
  • server.js:
...
const serverHost = '127.0.0.1';
- const serverPort = 80;
  const serverPort = 8080;
...

Give permissions to the group in the /var/log/ directory (nonroot will be able to write since it belongs to the root group):

...
RUN useradd -r -u 1001 -g root nonroot
  RUN chmod -R g rwX /var/log
USER nonroot
...

Next step

About

Best Practices writing a Dockerfile

Topics

docker docker-image

Resources

Readme

License

Apache-2.0 license
Activity

Stars

96 stars

Watchers

5 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages