Docker changed the way applications are deployed and run. For that to function at full throttle, one has to take care of the optimization of their containers. Here are ten best practices that help improve your Docker container performance, organized at the Build, Ship, and Run phases:
Build Phase
Use Official and Verified Base Images
Starting with official and verified base images means you are off to a great base of security and performance for your container.
Example:
FROM nginx:latest
Use Specific Image Versions
Always use a specific version of a base image to avoid any unexpected changes, in order to keep the builds consistent.
Example:
FROM nginx:1.27.0
Use Small Sized Official Images
Smaller base images, like Alpine, reduce the attack surface and improve build times.
Example:
FROM nginx:1.27.0-alpine
Use Multi-stage Builds
Multi-stage builds are a way to create smaller, more efficient Docker images. Isolation of the build environment from the runtime environment is possible, and the size of the final image dramatically goes down. This is where you’ll make sure to include in the final image only the necessary artifacts, reducing its size and potential security vulnerabilities.
Example:
FROM node:22 AS build
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
FROM node:22.5-alpine
WORKDIR /app
COPY --from=build /app/dist ./dist
COPY package*.json ./
RUN npm install --production
CMD ["npm", "start"]
Minimize Layer Count
Every instruction in a Dockerfile adds a new layer. Fewer layers generally mean faster builds and smaller images. Combine related commands using the && operator and clean up in the same RUN instruction.
Example:
RUN apt-get update && \
apt-get install -y python3 python3-pip && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
Leverage Docker Cache
Docker uses caching of intermediate layers between runs to speed up subsequent builds. Order your Dockerfile instructions from least to most frequently changing. This maximizes cache usage and reduces build times.
Example:
COPY package.json package-lock.json ./
RUN npm install
COPY . .
Use .dockerignore
A .dockerignore file will prevent unwanted files from being copied into the build context, reducing both build time and image size.
Example .dockerignore:
node_modules
npm-debug.log
Dockerfile
.git
.gitignore
Ship Phase
Scan Your Images for Security Vulnerabilities
Scan Docker images regularly against known vulnerabilities with tools like Docker Scout, Trivy, or Snyk.
Example:
docker run -it \
-e DOCKER_SCOUT_HUB_USER=<your Docker Hub user name> \
-e DOCKER_SCOUT_HUB_PASSWORD=<your Docker Hub PAT> \
docker/scout-cli <command>
Run Phase
Use the Least Privileged User
Run all your applications with a nonprivileged user to maximize security.
Example:
FROM node:22.5-alpine
WORKDIR /app
COPY . .
RUN adduser -D myuser
USER myuser
CMD ["npm", "start"]
Implement Resource Limits
Set a memory and CPU limit for your containers so that contention for common resources is avoided and performance is consistent across different environments.
Example docker-compose.yml:
version: '3'
services:
app:
image: myapp:latest
deploy:
resources:
limits:
cpus: '0.50'
memory: 512M
The best practices provided here will enable you to create leaner, fitter Docker containers for better performance. Optimization in itself is a continuous process; therefore, based on changing requirements of your Dockerfiles and configurations of the containers, keep reviewing them to keep the performance at its peak.
As a developer, these practices have been invaluable to me for both my own personal and professional projects, helping me design lighter, faster, more reliable, and often more complex applications. I encourage you to experiment with these different techniques and see how they can help improve your Docker workflow.