Что такое Docker
▸Определение
Docker — платформа для контейнеризации. Контейнеры изолируют приложение с его зависимостями.
▸Контейнер vs VM
Dockerfile для Node.js
▸Базовый Dockerfile
dockerfile
1FROM node:20-alpine23WORKDIR /app45COPY package*.json ./6RUN npm ci --only=production78COPY . .910EXPOSE 30001112CMD ["node", "dist/index.js"]
▸Multi-stage build
dockerfile
1# Stage 1: Build2FROM node:20-alpine AS builder3WORKDIR /app4COPY package*.json ./5RUN npm ci6COPY . .7RUN npm run build89# Stage 2: Production10FROM node:20-alpine11WORKDIR /app12COPY package*.json ./13RUN npm ci --only=production14COPY --from=builder /app/dist ./dist15EXPOSE 300016CMD ["node", "dist/index.js"]
Оптимизация
▸.dockerignore
code
1node_modules2npm-debug.log3dist4.git5.env
▸Кэширование слоёв
dockerfile
1# Сначала копируем package.json2COPY package*.json ./3RUN npm ci45# Потом копируем код6COPY . .
▸Alpine
Используйте Alpine образы для уменьшения размера:
dockerfile
1FROM node:20-alpine # ~180MB vs ~900MB для полного образа
docker-compose
▸Базовый docker-compose.yml
yaml
1version: '3.8'2services:3 app:4 build: .5 ports:6 - "3000:3000"7 environment:8 - NODE_ENV=production9 - DATABASE_URL=postgresql://user:pass@db:5432/mydb10 depends_on:11 - db12 - redis1314 db:15 image: postgres:15-alpine16 environment:17 POSTGRES_USER: user18 POSTGRES_PASSWORD: pass19 POSTGRES_DB: mydb20 volumes:21 - postgres_data:/var/lib/postgresql/data2223 redis:24 image: redis:7-alpine25 ports:26 - "6379:6379"2728volumes:29 postgres_data:
▸Команды
bash
1docker-compose up -d # Запуск в фоне2docker-compose down # Остановка3docker-compose logs -f # Логи4docker-compose exec app sh # Войти в контейнер
Development окружение
yaml
1version: '3.8'2services:3 app:4 build:5 context: .6 dockerfile: Dockerfile.dev7 volumes:8 - .:/app9 - /app/node_modules10 ports:11 - "3000:3000"12 command: npm run dev
▸Dockerfile.dev
dockerfile
1FROM node:20-alpine2WORKDIR /app3COPY package*.json ./4RUN npm install5COPY . .6CMD ["npm", "run", "dev"]
Health checks
dockerfile
1HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \2 CMD curl -f http://localhost:3000/health || exit 1
▸В docker-compose
yaml
1services:2 app:3 healthcheck:4 test: ["CMD", "curl", "-f", "http://localhost:3000/health"]5 interval: 30s6 timeout: 3s7 retries: 3
Безопасность
▸Не запускайте от root
dockerfile
1FROM node:20-alpine2RUN addgroup -g 1001 -S nodejs3RUN adduser -S nodeuser -u 10014WORKDIR /app5COPY --chown=nodeuser:nodejs . .6USER nodeuser
▸Секреты
yaml
1services:2 app:3 secrets:4 - db_password5secrets:6 db_password:7 file: ./secrets/db_password.txt
Multi-platform builds
bash
1docker buildx build --platform linux/amd64,linux/arm64 -t myapp:latest .
Docker Hub
▸Пуш образа
bash
1docker tag myapp:latest username/myapp:latest2docker push username/myapp:latest
▸Pull образа
bash
1docker pull username/myapp:latest2``$34## CI/CD с Docker56### GitHub Actions
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t myapp:latest .
- name: Push to Docker Hub
run: |
docker login -u username -p password
docker push username/myapp:latest