Generate optimized Dockerfiles with multi-stage builds, non-root users, health checks, and best practices. Templates for Python, Node.js, Go, Java, and Nginx.
A Dockerfile is a text file containing sequential instructions that Docker uses to build a container image. Each instruction creates a layer in the image, and Docker caches layers to speed up subsequent builds. Dockerfiles define the operating system base, application dependencies, source code, configuration, and startup commands for containerized applications.
Writing efficient, secure Dockerfiles is a core DevOps skill. Poorly constructed Dockerfiles produce bloated images with security vulnerabilities, slow build times, and runtime issues. This tool generates Dockerfiles following current best practices for common application stacks.
| Instruction | Purpose | Example |
|---|---|---|
| FROM | Set the base image | FROM node:20-alpine |
| WORKDIR | Set the working directory | WORKDIR /app |
| COPY | Copy files from build context | COPY package*.json ./ |
| RUN | Execute commands during build | RUN npm ci --production |
| ENV | Set environment variables | ENV NODE_ENV=production |
| EXPOSE | Document the container port | EXPOSE 3000 |
| USER | Set the runtime user | USER node |
| CMD | Default runtime command | CMD ["node", "server.js"] |
| ENTRYPOINT | Fixed runtime executable | ENTRYPOINT ["python"] |
| HEALTHCHECK | Define health check | HEALTHCHECK CMD curl -f http://localhost/ |
Multi-stage builds use multiple FROM statements to separate build and runtime stages. Build dependencies stay in build stages, while only runtime artifacts go into the final image. This dramatically reduces image size and attack surface.
Running as root inside containers is a security risk. If an attacker escapes the container, they have root access to the host. Create a non-root user with USER directive and ensure the app has appropriate file permissions.
Use Alpine or distroless base images, multi-stage builds, .dockerignore to exclude unnecessary files, combine RUN commands to reduce layers, and remove package manager caches (apt-get clean, rm -rf /var/lib/apt/lists/*).
HEALTHCHECK instructions let Docker monitor container health. Example: HEALTHCHECK --interval=30s CMD curl -f http://localhost/ || exit 1. Orchestrators like Kubernetes use this to restart unhealthy containers.