Przejdลบ do treล›ci

๐Ÿง  Docker Best Practices

Productionโ€‘grade guidelines for building, running and maintaining Dockerโ€‘based environments.

๐Ÿ—๏ธ Image Design

  • Use minimal base images (alpine, distroless)
  • Prefer multiโ€‘stage builds
  • Pin versions of base images
  • Avoid unnecessary packages
  • Always include a .dockerignore
  • Clean caches in the same layer
  • Use nonโ€‘root users (USER appuser)

๐Ÿš€ Container Runtime

  • Use restart: unless-stopped for production
  • Add healthchecks for critical services
  • Avoid writing logs to files inside containers
  • Keep containers stateless
  • Use volumes for persistent data
  • Prefer environment variables over bakedโ€‘in config

๐ŸŒ Networking

  • Use dedicated networks for isolation
  • Avoid exposing ports unless required
  • Use service names instead of IPs
  • Keep Traefik on its own network (traefik-net)

๐Ÿ” Security

  • Scan images regularly (trivy, docker scout)
  • Do not store secrets in images
  • Use readโ€‘only root filesystem when possible
  • Limit container capabilities
  • Keep host OS updated