feat(dockerfile): update for node.js container best practices

julie-ng · Jun 28, 2022 · 58628b0 · 58628b0
1 parent 96d2d1d
commit 58628b0
Showing 1 changed file with 24 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,32 @@
 FROM node:14-alpine
 LABEL maintainer="Julie Ng <[email protected]>"
 
-WORKDIR /workspace
+# Use `dumb-init` to follow security best practices
+# https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker/
+RUN apk add --update --no-cache curl dumb-init
+
+# so app defaults to using TLS
+ENV NODE_ENV production
+
+# bind to host
+ENV HOST '0.0.0.0'
+
+# default to port 80
+EXPOSE ${PORT:-80}
+
+WORKDIR /usr/workspace
 
 # cache dependencies as layer
 COPY ["package.json", "package-lock.json", "./"]
-RUN npm install --production
+RUN npm ci --production
 
-COPY ["assets/", "/workspace/assets/"]
-COPY ["app/", "/workspace/app/"]
+# copy rest of app (respects .dockerignore)
+COPY [".", "./"]
 
-EXPOSE ${PORT:-80}
-CMD ["npm", "start"]
+# Don't run as root
+USER node
+
+HEALTHCHECK --interval=5m --timeout=3s \
+  CMD curl -f http://localhost:${PORT}/health || exit 1
+
+CMD ["dumb-init", "node", "app/server.js"]