Docker File

Dockerfile Examples

Installing packages

FROM debian:username

ENV DEBIAN_FRONTEND=noninteractive             # Always have this on Debian-based distros!

# Always
# - combine update + install to avoid apt caching issues!
# - disable recommends to get no extra packages!
# - clean lists afterwards
RUN apt-get update \
 && apt-get install -y --no-install-recommends python git
 && apt-get clean \
 && rm -rf /var/lib/apt/lists/*

Copy files

COPY sourcefile.txt /app
COPY sourcefile.txt config.ini /app/           # Note the trailing slash on target with multiple files 
COPY dir1 /app

Adding users

Defining work directories and environment

Mounts

Opening ports

Start command

Start command with parameters

Setting timezone

Using variables

Pass those variables using --build-arg JAR_DOWNLOAD=... --build-arg JAVA_OPTS="-D..."

For longer commands use CMD array syntax

Ensure pipe errors to break the build

Clear apt cache

Working with private registries

In Dockerfile use syntax with /

Define a variable registry in FROM clause and pass the hostname with --build-arg MY_REGISTRY=docker.example.com

Multi-stage Dockerfiles

Starting with Docker 17.05 you can do multi-stage builds by having multiple FROM commands in one Dockerfile

Above syntax example will automatically trigger two builds. Stages also can be named:

and explicitely called on the CLI

Hardening Dockerfiles

Things you should do

• Ensure there is a .dockerignore file in your base directory

• Ensure there is a USER statement

• Ensure there is a HEALTHCHECK statement (for non-k8s use cases)

• Check FROM clause for trusted base images

• Check curl/wget fetching from trusted domains only

• Check your base image limits typical package managers (Python, Node, Maven…) to trusted repositories

In the end: firewall your build environment to avoid all unintended internet access