Intermediate

Prevent containers from consuming all available resources. Set CPU and memory limits to ensure stable multi-service deployments. The basics Resource limits protect your system from runaway containers: services: api: image: node:20 deploy: resources: limits: cpus: '0.5' # Half a CPU core memory: 512M # 512 megabytes reservations: cpus: '0.25' # Minimum guaranteed memory: 256M The container can use up to 512MB memory and 50% of one CPU core. ...

Running containers as root is a security risk. Configure your services to use non-root users for defense in depth. The problem By default, many containers run as root: services: app: image: nginx # Runs as root user (uid 0) - security risk! If compromised, attackers have root privileges inside the container. The solution Set the user in compose.yml: services: app: image: node:20 user: "1000:1000" # Run as uid:gid 1000 working_dir: /app volumes: - ./app:/app Or use the image’s built-in user: ...

Need your frontend project to talk to a backend in another Compose project? External networks let you connect containers across different stacks. The problem Two separate Compose projects need to communicate: frontend/compose.yml - React app backend/compose.yml - API service By default, each creates its own isolated network. The solution Create a shared external network: # Create the network once docker network create shared-network Then reference it in both projects: backend/compose.yml: ...

One Dockerfile, multiple environments. Use target to build only the stage you need - faster builds, smaller images, cleaner separation. The basics Multi-stage Dockerfile: # Development stage FROM node:20-alpine AS development WORKDIR /app COPY package*.json ./ RUN npm install COPY . . CMD ["npm", "run", "dev"] # Production stage FROM node:20-alpine AS production WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build CMD ["npm", "start"] Target specific stages in compose.yml: ...

Stop manually restarting containers when code changes. Docker Compose Watch automatically syncs files and reloads services - zero interruption development. The basics Enable watch mode with: docker compose up --watch # If you don't want mixed logs, you can run it in a dedicated process, you need to have your stack started on its own process docker compose watch Then configure watching in your compose.yml: services: web: image: node:20 command: npm start develop: watch: - path: ./src target: /app/src action: sync - path: package.json action: rebuild Files in ./src sync instantly. Changes to package.json trigger a rebuild. ...