Docker images & containers for Node.js
Core details
Image = immutable filesystem + metadata; container = running instance from image + writable layer + cgroups limits.
Practices for Node services
| Practice | Why |
|---|---|
| Multi-stage build | tiny final image; dev deps don’t ship |
NODE_ENV=production | leaner installs, behavior flags |
| Non-root USER | blast radius on escape |
| dumb-init / init | PID 1 reaps zombies; signals reach Node |
| Read-only root where possible | reduce tamper surface |
.dockerignore | faster builds; no node_modules copy from host |
Signals: container stop sends SIGTERM—shutdown hooks close server gracefully before SIGKILL.
Healthcheck: HTTP /health or TCP; distinct liveness vs readiness (Kubernetes split).
Understanding
Layer caching: order Dockerfile so dependency layers change less often than app code. Pin base images with digest for reproducibility.
Senior understanding
| Pitfall | Story |
|---|---|
| Fat images | slow pull → cold start on scale-out |
| Logging to file in container | use stdout for collector |
| Secrets in image | use runtime injection only |
Diagram
Loading diagram…
See also
Last updated on
Spotted something unclear or wrong on this page?