Posts

Running containers as root is a security risk. Configure your services to use non-root users for defense in depth. The problem By default, many containers run as root: services: app: image: nginx # Runs as root user (uid 0) - security risk! If compromised, attackers have root privileges inside the container. The solution Set the user in compose.yml: services: app: image: node:20 user: "1000:1000" # Run as uid:gid 1000 working_dir: /app volumes: - ./app:/app Or use the image’s built-in user: ...

Need your frontend project to talk to a backend in another Compose project? External networks let you connect containers across different stacks. The problem Two separate Compose projects need to communicate: frontend/compose.yml - React app backend/compose.yml - API service By default, each creates its own isolated network. The solution Create a shared external network: # Create the network once docker network create shared-network Then reference it in both projects: backend/compose.yml: ...

One Dockerfile, multiple environments. Use target to build only the stage you need - faster builds, smaller images, cleaner separation. The basics Multi-stage Dockerfile: # Development stage FROM node:20-alpine AS development WORKDIR /app COPY package*.json ./ RUN npm install COPY . . CMD ["npm", "run", "dev"] # Production stage FROM node:20-alpine AS production WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build CMD ["npm", "start"] Target specific stages in compose.yml: ...

Stop manually restarting containers when code changes. Docker Compose Watch automatically syncs files and reloads services - zero interruption development. The basics Enable watch mode with: docker compose up --watch # If you don't want mixed logs, you can run it in a dedicated process, you need to have your stack started on its own process docker compose watch Then configure watching in your compose.yml: services: web: image: node:20 command: npm start develop: watch: - path: ./src target: /app/src action: sync - path: package.json action: rebuild Files in ./src sync instantly. Changes to package.json trigger a rebuild. ...

Zombie processes in your containers? Slow shutdowns? Your app shouldn’t run as PID 1. Here’s the simple fix. The problem When your app runs as PID 1, it has special responsibilities: Handle system signals (SIGTERM, SIGINT) Reap zombie processes Forward signals to child processes Most apps (especially Node.js, Python) don’t handle these well. The solution Add init: true to your service: services: app: image: node:20 init: true # Adds Tini as PID 1 command: node server.js Docker automatically injects a tiny init system (Tini) that handles PID 1 responsibilities properly. ...