Back to Details

docker-composer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Docker Composer Skill

Docker Compose 技能指南

Overview

概述

This skill helps you create efficient Docker configurations for development and production. Covers Dockerfiles, Docker Compose, multi-stage builds, networking, volumes, and container orchestration best practices.
本技能可帮助您为开发和生产环境创建高效的Docker配置,涵盖Dockerfile、Docker Compose、多阶段构建、网络、卷以及容器编排的最佳实践。

Docker Philosophy

Docker 核心理念

Container Principles

容器原则

  1. One process per container: Keep containers focused
  2. Immutable infrastructure: Don't modify running containers
  3. Stateless containers: Store state in volumes or external services
  4. Minimal images: Smaller = faster + more secure
  1. 单容器单进程:保持容器职责单一
  2. 不可变基础设施:不要修改运行中的容器
  3. 无状态容器:将状态存储在卷或外部服务中
  4. 轻量化镜像:镜像越小,速度越快、安全性越高

Best Practices

最佳实践

  • DO: Use multi-stage builds for production
  • DO: Pin specific versions for dependencies
  • DO: Use 
    .dockerignore
    to exclude unnecessary files
  • DO: Run as non-root user
  • DON'T: Store secrets in images or Dockerfiles
  • DON'T: Use 
    latest
    tag in production
  • DON'T: Install unnecessary packages
  • 建议:生产环境使用多阶段构建
  • 建议:为依赖项指定具体版本
  • 建议:使用
    .dockerignore
    排除不必要的文件
  • 建议:以非root用户运行容器
  • 禁止:在镜像或Dockerfile中存储敏感信息
  • 禁止:生产环境使用
    latest
    标签
  • 禁止:安装不必要的软件包

Dockerfile Patterns

Dockerfile 典型模板

Node.js Production Dockerfile

Node.js 生产环境 Dockerfile

dockerfile
undefined
dockerfile
undefined

Dockerfile

Dockerfile

============================================

============================================

Stage 1: Dependencies

Stage 1: Dependencies

============================================

============================================

FROM node:20-alpine AS deps WORKDIR /app
FROM node:20-alpine AS deps WORKDIR /app

Install dependencies only when needed

Install dependencies only when needed

COPY package.json package-lock.json ./ RUN npm ci --only=production
COPY package.json package-lock.json ./ RUN npm ci --only=production

============================================

============================================

Stage 2: Builder

Stage 2: Builder

============================================

============================================

FROM node:20-alpine AS builder WORKDIR /app
COPY package.json package-lock.json ./ RUN npm ci
COPY . .
FROM node:20-alpine AS builder WORKDIR /app
COPY package.json package-lock.json ./ RUN npm ci
COPY . .

Build application

Build application

ENV NEXT_TELEMETRY_DISABLED 1 RUN npm run build
ENV NEXT_TELEMETRY_DISABLED 1 RUN npm run build

============================================

============================================

Stage 3: Runner (Production)

Stage 3: Runner (Production)

============================================

============================================

FROM node:20-alpine AS runner WORKDIR /app
ENV NODE_ENV production ENV NEXT_TELEMETRY_DISABLED 1
FROM node:20-alpine AS runner WORKDIR /app
ENV NODE_ENV production ENV NEXT_TELEMETRY_DISABLED 1

Create non-root user

Create non-root user

RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs
RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs

Copy built assets

Copy built assets

COPY --from=builder /app/public ./public COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
USER nextjs
EXPOSE 3000
ENV PORT 3000 ENV HOSTNAME "0.0.0.0"
CMD ["node", "server.js"]
undefined
COPY --from=builder /app/public ./public COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
USER nextjs
EXPOSE 3000
ENV PORT 3000 ENV HOSTNAME "0.0.0.0"
CMD ["node", "server.js"]
undefined

Python Production Dockerfile

Python 生产环境 Dockerfile

dockerfile
undefined
dockerfile
undefined

Dockerfile

Dockerfile

============================================

============================================

Stage 1: Builder

Stage 1: Builder

============================================

============================================

FROM python:3.11-slim AS builder
WORKDIR /app
FROM python:3.11-slim AS builder
WORKDIR /app

Install build dependencies

Install build dependencies

RUN apt-get update && apt-get install -y --no-install-recommends
build-essential
&& rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends
build-essential
&& rm -rf /var/lib/apt/lists/*

Create virtual environment

Create virtual environment

RUN python -m venv /opt/venv ENV PATH="/opt/venv/bin:$PATH"
RUN python -m venv /opt/venv ENV PATH="/opt/venv/bin:$PATH"

Install dependencies

Install dependencies

COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt
COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt

============================================

============================================

Stage 2: Runner

Stage 2: Runner

============================================

============================================

FROM python:3.11-slim AS runner
WORKDIR /app
FROM python:3.11-slim AS runner
WORKDIR /app

Create non-root user

Create non-root user

RUN groupadd --gid 1000 appgroup
&& useradd --uid 1000 --gid appgroup --shell /bin/bash appuser
RUN groupadd --gid 1000 appgroup
&& useradd --uid 1000 --gid appgroup --shell /bin/bash appuser

Copy virtual environment

Copy virtual environment

COPY --from=builder /opt/venv /opt/venv ENV PATH="/opt/venv/bin:$PATH"
COPY --from=builder /opt/venv /opt/venv ENV PATH="/opt/venv/bin:$PATH"

Copy application

Copy application

COPY --chown=appuser:appgroup . .
USER appuser
EXPOSE 8000
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]
undefined
COPY --chown=appuser:appgroup . .
USER appuser
EXPOSE 8000
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]
undefined

Development Dockerfile

开发环境 Dockerfile

dockerfile
undefined
dockerfile
undefined

Dockerfile.dev

Dockerfile.dev

FROM node:20-alpine
WORKDIR /app
FROM node:20-alpine
WORKDIR /app

Install development dependencies

Install development dependencies

RUN apk add --no-cache git
RUN apk add --no-cache git

Copy package files first (for caching)

Copy package files first (for caching)

COPY package.json package-lock.json ./
COPY package.json package-lock.json ./

Install all dependencies (including devDependencies)

Install all dependencies (including devDependencies)

RUN npm install
RUN npm install

Don't copy files - mount as volume for hot reload

Don't copy files - mount as volume for hot reload

COPY . .

COPY . .

EXPOSE 3000
CMD ["npm", "run", "dev"]
undefined
EXPOSE 3000
CMD ["npm", "run", "dev"]
undefined

Docker Compose Configurations

Docker Compose 配置示例

Full-Stack Development

全栈开发配置

yaml
undefined
yaml
undefined

docker-compose.yml

docker-compose.yml

version: '3.8'
services:

===================

Application

===================

app: build: context: . dockerfile: Dockerfile.dev ports: - "3000:3000" volumes: - .:/app - /app/node_modules # Exclude node_modules environment: - NODE_ENV=development - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: db: condition: service_healthy redis: condition: service_started networks: - app-network

===================

Database

===================

db: image: postgres:15-alpine ports: - "5432:5432" environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: myapp volumes: - postgres_data:/var/lib/postgresql/data - ./init.sql:/docker-entrypoint-initdb.d/init.sql healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s timeout: 5s retries: 5 networks: - app-network

===================

Redis Cache

===================

redis: image: redis:7-alpine ports: - "6379:6379" volumes: - redis_data:/data command: redis-server --appendonly yes networks: - app-network

===================

Admin Tools

===================

adminer: image: adminer ports: - "8080:8080" depends_on: - db networks: - app-network
volumes: postgres_data: redis_data:
networks: app-network: driver: bridge
undefined
version: '3.8'
services:

===================

Application

===================

app: build: context: . dockerfile: Dockerfile.dev ports: - "3000:3000" volumes: - .:/app - /app/node_modules # Exclude node_modules environment: - NODE_ENV=development - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: db: condition: service_healthy redis: condition: service_started networks: - app-network

===================

Database

===================

db: image: postgres:15-alpine ports: - "5432:5432" environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: myapp volumes: - postgres_data:/var/lib/postgresql/data - ./init.sql:/docker-entrypoint-initdb.d/init.sql healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s timeout: 5s retries: 5 networks: - app-network

===================

Redis Cache

===================

redis: image: redis:7-alpine ports: - "6379:6379" volumes: - redis_data:/data command: redis-server --appendonly yes networks: - app-network

===================

Admin Tools

===================

adminer: image: adminer ports: - "8080:8080" depends_on: - db networks: - app-network
volumes: postgres_data: redis_data:
networks: app-network: driver: bridge
undefined

Production Configuration

生产环境配置

yaml
undefined
yaml
undefined

docker-compose.prod.yml

docker-compose.prod.yml

version: '3.8'
services: app: image: myapp:${VERSION:-latest} build: context: . dockerfile: Dockerfile ports: - "3000:3000" environment: - NODE_ENV=production env_file: - .env.production deploy: replicas: 3 resources: limits: cpus: '0.5' memory: 512M reservations: cpus: '0.25' memory: 256M restart_policy: condition: on-failure delay: 5s max_attempts: 3 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s logging: driver: "json-file" options: max-size: "10m" max-file: "3" networks: - app-network depends_on: - db - redis
db: image: postgres:15-alpine environment: POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD_FILE: /run/secrets/db_password POSTGRES_DB: ${DB_NAME} secrets: - db_password volumes: - postgres_data:/var/lib/postgresql/data deploy: resources: limits: cpus: '1' memory: 1G networks: - app-network
redis: image: redis:7-alpine command: redis-server --requirepass ${REDIS_PASSWORD} volumes: - redis_data:/data networks: - app-network
nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./certs:/etc/nginx/certs:ro depends_on: - app networks: - app-network
secrets: db_password: file: ./secrets/db_password.txt
volumes: postgres_data: redis_data:
networks: app-network: driver: overlay
undefined
version: '3.8'
services: app: image: myapp:${VERSION:-latest} build: context: . dockerfile: Dockerfile ports: - "3000:3000" environment: - NODE_ENV=production env_file: - .env.production deploy: replicas: 3 resources: limits: cpus: '0.5' memory: 512M reservations: cpus: '0.25' memory: 256M restart_policy: condition: on-failure delay: 5s max_attempts: 3 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s logging: driver: "json-file" options: max-size: "10m" max-file: "3" networks: - app-network depends_on: - db - redis
db: image: postgres:15-alpine environment: POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD_FILE: /run/secrets/db_password POSTGRES_DB: ${DB_NAME} secrets: - db_password volumes: - postgres_data:/var/lib/postgresql/data deploy: resources: limits: cpus: '1' memory: 1G networks: - app-network
redis: image: redis:7-alpine command: redis-server --requirepass ${REDIS_PASSWORD} volumes: - redis_data:/data networks: - app-network
nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./certs:/etc/nginx/certs:ro depends_on: - app networks: - app-network
secrets: db_password: file: ./secrets/db_password.txt
volumes: postgres_data: redis_data:
networks: app-network: driver: overlay
undefined

Development Override Pattern

开发环境覆盖配置

yaml
undefined
yaml
undefined

docker-compose.override.yml (auto-loaded with docker-compose.yml)

docker-compose.override.yml (auto-loaded with docker-compose.yml)

version: '3.8'
services: app: build: context: . dockerfile: Dockerfile.dev volumes: - .:/app - /app/node_modules environment: - DEBUG=true - LOG_LEVEL=debug command: npm run dev
db: ports: - "5432:5432" # Expose for local tools
redis: ports: - "6379:6379" # Expose for local tools
undefined
version: '3.8'
services: app: build: context: . dockerfile: Dockerfile.dev volumes: - .:/app - /app/node_modules environment: - DEBUG=true - LOG_LEVEL=debug command: npm run dev
db: ports: - "5432:5432" # Expose for local tools
redis: ports: - "6379:6379" # Expose for local tools
undefined

Advanced Patterns

高级配置模式

Multi-Service Monorepo

多服务单体仓库配置

yaml
undefined
yaml
undefined

docker-compose.yml

docker-compose.yml

version: '3.8'
services:

Frontend

web: build: context: . dockerfile: apps/web/Dockerfile ports: - "3000:3000" environment: - API_URL=http://api:4000 depends_on: - api networks: - frontend - backend

Backend API

api: build: context: . dockerfile: apps/api/Dockerfile ports: - "4000:4000" environment: - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: - db - redis networks: - backend

Background Workers

worker: build: context: . dockerfile: apps/worker/Dockerfile environment: - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: - db - redis deploy: replicas: 2 networks: - backend

Shared services

db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data networks: - backend
redis: image: redis:7-alpine volumes: - redis_data:/data networks: - backend
networks: frontend: backend:
volumes: postgres_data: redis_data:
undefined
version: '3.8'
services:

Frontend

web: build: context: . dockerfile: apps/web/Dockerfile ports: - "3000:3000" environment: - API_URL=http://api:4000 depends_on: - api networks: - frontend - backend

Backend API

api: build: context: . dockerfile: apps/api/Dockerfile ports: - "4000:4000" environment: - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: - db - redis networks: - backend

Background Workers

worker: build: context: . dockerfile: apps/worker/Dockerfile environment: - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: - db - redis deploy: replicas: 2 networks: - backend

Shared services

db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data networks: - backend
redis: image: redis:7-alpine volumes: - redis_data:/data networks: - backend
networks: frontend: backend:
volumes: postgres_data: redis_data:
undefined

Local Services Stack

本地服务栈配置

yaml
undefined
yaml
undefined

docker-compose.services.yml

docker-compose.services.yml

Run local versions of external services for development

Run local versions of external services for development

version: '3.8'
services:

Local S3-compatible storage

minio: image: minio/minio ports: - "9000:9000" - "9001:9001" # Console volumes: - minio_data:/data environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: minioadmin command: server /data --console-address ":9001"

Local email testing

mailhog: image: mailhog/mailhog ports: - "1025:1025" # SMTP - "8025:8025" # Web UI

Local Stripe webhooks

stripe-cli: image: stripe/stripe-cli command: listen --api-key ${STRIPE_SECRET_KEY} --forward-to http://app:3000/api/webhooks/stripe depends_on: - app

Elasticsearch

elasticsearch: image: elasticsearch:8.11.0 ports: - "9200:9200" environment: - discovery.type=single-node - xpack.security.enabled=false - "ES_JAVA_OPTS=-Xms512m -Xmx512m" volumes: - elasticsearch_data:/usr/share/elasticsearch/data

Kibana (Elasticsearch UI)

kibana: image: kibana:8.11.0 ports: - "5601:5601" environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200 depends_on: - elasticsearch
volumes: minio_data: elasticsearch_data:
undefined
version: '3.8'
services:

Local S3-compatible storage

minio: image: minio/minio ports: - "9000:9000" - "9001:9001" # Console volumes: - minio_data:/data environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: minioadmin command: server /data --console-address ":9001"

Local email testing

mailhog: image: mailhog/mailhog ports: - "1025:1025" # SMTP - "8025:8025" # Web UI

Local Stripe webhooks

stripe-cli: image: stripe/stripe-cli command: listen --api-key ${STRIPE_SECRET_KEY} --forward-to http://app:3000/api/webhooks/stripe depends_on: - app

Elasticsearch

elasticsearch: image: elasticsearch:8.11.0 ports: - "9200:9200" environment: - discovery.type=single-node - xpack.security.enabled=false - "ES_JAVA_OPTS=-Xms512m -Xmx512m" volumes: - elasticsearch_data:/usr/share/elasticsearch/data

Kibana (Elasticsearch UI)

kibana: image: kibana:8.11.0 ports: - "5601:5601" environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200 depends_on: - elasticsearch
volumes: minio_data: elasticsearch_data:
undefined

Testing Configuration

测试环境配置

yaml
undefined
yaml
undefined

docker-compose.test.yml

docker-compose.test.yml

version: '3.8'
services: app: build: context: . dockerfile: Dockerfile.test environment: - NODE_ENV=test - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp_test depends_on: db: condition: service_healthy command: npm run test:ci
db: image: postgres:15-alpine environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: myapp_test tmpfs: - /var/lib/postgresql/data # Use tmpfs for speed healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 2s timeout: 5s retries: 5

E2E testing

playwright: image: mcr.microsoft.com/playwright:v1.40.0-focal volumes: - .:/app - /app/node_modules working_dir: /app environment: - CI=true - BASE_URL=http://app:3000 depends_on: - app command: npx playwright test
undefined
version: '3.8'
services: app: build: context: . dockerfile: Dockerfile.test environment: - NODE_ENV=test - DATABASE_URL=postgresql://postgres:postgres@db:5432/myapp_test depends_on: db: condition: service_healthy command: npm run test:ci
db: image: postgres:15-alpine environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: myapp_test tmpfs: - /var/lib/postgresql/data # Use tmpfs for speed healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 2s timeout: 5s retries: 5

E2E testing

playwright: image: mcr.microsoft.com/playwright:v1.40.0-focal volumes: - .:/app - /app/node_modules working_dir: /app environment: - CI=true - BASE_URL=http://app:3000 depends_on: - app command: npx playwright test
undefined

.dockerignore

.dockerignore 配置示例

dockerignore
undefined
dockerignore
undefined

.dockerignore

.dockerignore

Dependencies

Dependencies

node_modules npm-debug.log yarn-error.log
node_modules npm-debug.log yarn-error.log

Build output

Build output

.next dist build out
.next dist build out

Development

Development

.git .gitignore *.md !README.md
.git .gitignore *.md !README.md

IDE

IDE

.vscode .idea *.swp *.swo
.vscode .idea *.swp *.swo

Environment

Environment

.env .env.* !.env.example
.env .env.* !.env.example

Tests

Tests

coverage *.test.js *.spec.js tests e2e playwright-report
coverage *.test.js *.spec.js tests e2e playwright-report

Docker

Docker

Dockerfile* docker-compose* .docker
Dockerfile* docker-compose* .docker

Misc

Misc

.DS_Store *.log tmp
undefined
.DS_Store *.log tmp
undefined

Docker Commands Reference

Docker 命令参考

Development Workflow

开发工作流

bash
undefined
bash
undefined

Start development environment

Start development environment

docker-compose up -d
docker-compose up -d

View logs

View logs

docker-compose logs -f app
docker-compose logs -f app

Rebuild after package changes

Rebuild after package changes

docker-compose up -d --build
docker-compose up -d --build

Run one-off commands

Run one-off commands

docker-compose exec app npm run migrate docker-compose exec app npm run seed
docker-compose exec app npm run migrate docker-compose exec app npm run seed

Stop everything

Stop everything

docker-compose down
docker-compose down

Stop and remove volumes (reset database)

Stop and remove volumes (reset database)

docker-compose down -v
undefined
docker-compose down -v
undefined

Production Workflow

生产工作流

bash
undefined
bash
undefined

Build production image

Build production image

docker build -t myapp:1.0.0 .
docker build -t myapp:1.0.0 .

Run with production config

Run with production config

docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d

Scale services

Scale services

docker-compose up -d --scale app=3
docker-compose up -d --scale app=3

Rolling update

Rolling update

docker-compose pull app docker-compose up -d --no-deps app
undefined
docker-compose pull app docker-compose up -d --no-deps app
undefined

Debugging

调试命令

bash
undefined
bash
undefined

Shell into running container

Shell into running container

docker-compose exec app sh
docker-compose exec app sh

Inspect container

Inspect container

docker inspect <container_id>
docker inspect <container_id>

View resource usage

View resource usage

docker stats
docker stats

Clean up unused resources

Clean up unused resources

docker system prune -a
docker system prune -a

View networks

View networks

docker network ls docker network inspect app-network
undefined
docker network ls docker network inspect app-network
undefined

Health Checks

健康检查配置

Application Health Check

应用健康检查接口

typescript
// src/app/api/health/route.ts
import { NextResponse } from 'next/server';

export async function GET() {
  const checks = {
    uptime: process.uptime(),
    timestamp: new Date().toISOString(),
    database: false,
    redis: false,
  };

  try {
    // Check database
    await db.execute('SELECT 1');
    checks.database = true;
  } catch (e) {
    console.error('Database health check failed:', e);
  }

  try {
    // Check Redis
    await redis.ping();
    checks.redis = true;
  } catch (e) {
    console.error('Redis health check failed:', e);
  }

  const isHealthy = checks.database && checks.redis;

  return NextResponse.json(checks, {
    status: isHealthy ? 200 : 503
  });
}
typescript
// src/app/api/health/route.ts
import { NextResponse } from 'next/server';

export async function GET() {
  const checks = {
    uptime: process.uptime(),
    timestamp: new Date().toISOString(),
    database: false,
    redis: false,
  };

  try {
    // Check database
    await db.execute('SELECT 1');
    checks.database = true;
  } catch (e) {
    console.error('Database health check failed:', e);
  }

  try {
    // Check Redis
    await redis.ping();
    checks.redis = true;
  } catch (e) {
    console.error('Redis health check failed:', e);
  }

  const isHealthy = checks.database && checks.redis;

  return NextResponse.json(checks, {
    status: isHealthy ? 200 : 503
  });
}

Docker Health Check

Docker 健康检查配置

dockerfile
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/api/health || exit 1
dockerfile
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/api/health || exit 1

Checklist

检查清单

Dockerfile

Dockerfile 检查项

  • Multi-stage build for production
  • Non-root user
  • Minimal base image (alpine when possible)
  • Layer caching optimized (dependencies before code)
  • Health check defined
  • .dockerignore
    configured
  • 生产环境使用多阶段构建
  • 配置非root用户
  • 使用轻量化基础镜像(优先选择alpine)
  • 优化镜像分层缓存(依赖项复制早于代码)
  • 定义健康检查
  • 配置
    .dockerignore
    文件

Docker Compose

Docker Compose 检查项

  • Services have health checks
  • Volumes for persistent data
  • Networks for service isolation
  • Resource limits defined
  • Restart policies configured
  • Environment variables externalized
  • 服务配置健康检查
  • 使用卷存储持久化数据
  • 配置网络实现服务隔离
  • 定义资源限制
  • 配置重启策略
  • 环境变量外部化

Security

安全检查项

  • No secrets in Dockerfile or docker-compose
  • Images scanned for vulnerabilities
  • Minimal privileges (no root)
  • Network isolation between services
  • 不在Dockerfile或docker-compose中存储敏感信息
  • 镜像已扫描漏洞
  • 使用最小权限运行(非root)
  • 服务间网络隔离

When to Use This Skill

何时使用本技能

Invoke this skill when:
  • Containerizing a new application
  • Setting up development environments with Docker
  • Creating multi-service architectures
  • Optimizing Docker builds
  • Debugging container issues
  • Setting up CI/CD pipelines with Docker
  • Migrating from docker-compose to Kubernetes
在以下场景调用本技能:
  • 对新应用进行容器化
  • 使用Docker搭建开发环境
  • 创建多服务架构
  • 优化Docker构建流程
  • 调试容器相关问题
  • 搭建基于Docker的CI/CD流水线
  • 从docker-compose迁移至Kubernetes