-
-
Save vahanNasibyan/c8a2a5fd7c2a6200f960d6bdc239c895 to your computer and use it in GitHub Desktop.
docker build -t ${package.config.repo_name} --target=production . |
# Stage-1 dependencies | |
FROM node:8.12.0-alpine as pre | |
RUN apk add --update git && \ | |
rm -rf /tmp/* /var/cache/apk/* | |
RUN mkdir -p /usr/src/app | |
WORKDIR /usr/src/app | |
COPY package.json package.json | |
RUN apk add --no-cache --virtual .build-deps alpine-sdk python \ | |
&& npm install --production --silent \ | |
&& apk del .build-deps | |
COPY . . | |
CMD ["pm2-docker", "npm", "--", "start"] | |
# Stage-2 final image | |
FROM node:8.12.0-alpine as production | |
RUN mkdir -p /usr/src/app | |
WORKDIR /usr/src/app | |
RUN npm install pm2 -g | |
COPY --from=pre /usr/src/app ./ | |
CMD ["pm2-docker", "npm", "--", "start"] |
grigorkh
commented
Oct 2, 2018
Avoid npm
and pm2
in CMD
When creating an image, you can bypass the package.json's start command and bake it directly into the image itself.
First off this reduces the number of processes running inside of your container.
Secondly it causes exit signals such as SIGTERM and SIGINT to be received by the Node.js process instead of npm swallowing them.
CMD ["node","index.js"]
Non-root user
By default, Docker runs container as root which inside of the container can pose as a security issue. You would want to run the container as an unprivileged user wherever possible. The node images provide the node user for such purpose.
At the end, set the user to use when running this image:
USER node
Add .dockerignore
The COPY instructions in a Dockerfile will skip any files/directories listed in an associated .dockerignore file:
.dockerfile
example for node.js
# Git
.git
.gitignore
# Build step outputs
build
.happypack
# Docker configuration
Dockerfile
Makefile
docker-compose.yml
# NPM dependencies
node_modules
#**/node_modules
# Other
.editorconfig
.ebextensions
logging.conf