Quickly Improve Your Docker and Node.Js Containers - Better Programming - Medium
source link: https://medium.com/better-programming/quickly-improve-your-docker-and-node-js-containers-b841858a0b38
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Responses
You have 2 free member-only stories left this month.
Quickly Improve Your Docker and Node.Js Containers
Better containers
We all know how to makes a basic Dockerfile
for Node.js app, like Express. A simple, single-stage build will look like this:
FROM node:12-alpineWORKDIR /app
COPY package.json /app/package.json
RUN npm install
COPY . /appEXPOSE 8080
CMD ["npm", "start"]
It really couldn’t be simpler. Unfortunately this solution has a couple of flaws. We’re going to fix them.
By default, Docker runs all Node.js as theroot
user, which can lead to security vulnerabilities. In most cases we want the non-root
user running our containers. The solution is to use a different user in Dockerfile
. All Node.js images for Docker come with a non-root
user called node
.
The user can be added in Dockerfile
with the USER
statement:
FROM node:12-alpineWORKDIR /app
COPY package.json /app/package.json
RUN npm install
COPY . /appEXPOSE 8080## define user just at the end
USER node
CMD ["npm", "start"]
Or, if you’re using Docker CLI to run an already built container, you can use --user, -u
flags.
docker run --user node my_image
Sometimes we use npm start
or yarn start
as CMD command to start Docker container. I guess it’s just out of habit when working with npm/yarn.
There are two problems with this solution. First, we add additional processes to our container, which are unnecessary. Second, we block some exit signals like SIGTERM
between Docker and Node.js as they’re being captured by npm/yarn.
The solution is pretty straightforward. We use node
as the starting command:
FROM node:12-alpineWORKDIR /app
COPY package.json /app/package.json
RUN npm install
COPY . /appEXPOSE 8080
USER node## use node instead of npm/yarn
CMD ["node", "index.js"]
If you have some env
variables in npm start
command you can still pass them to your container with ENV
.
Bcrypt
Bcrypt is a popular library for hashing password but it won’t work on node:alpine
containers. Some people just back up to full node
or node:slim
images but they’re still heavier than alpine
.
It’s a well-known problem. The solution is to install additional packages and Python before installing npm packages.
FROM node:12-alpineWORKDIR /app
COPY package.json /app/package.json## install required packages before npm
RUN apk --no-cache add --virtual builds-deps build-base pythonRUN npm install
COPY . /appEXPOSE 8080
USER node
CMD ["node", "index.js"]
These were three quick tips to improve work with Docker. But don’t stop here, read some more at Docker and Node.js Best Practices and Bcrypt Wiki.
Thanks for taking the time to read this.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK