Tavo-IT Logo

📋 Table of Contents

Intermediate20 min read2025-06-10

Docker ContainerizationMasterclass

Complete guide to containerizing applications with Docker – from basics to multi-stage builds and production best practices.

DockerContainerizationDevOpsInfrastructure

🐳 What is Docker?

Docker is a containerization platform that allows you to package applications and their dependencies into lightweight, portable containers. These containers run consistently across any environment – from development to production.

📦 Portability

Containers run the same everywhere

⚡ Efficiency

Lower resource usage than VMs

🔄 Scaling

Fast horizontal scaling

🔧 Docker Installation

Windows Installation

# Download Docker Desktop for Windows
# https://www.docker.com/products/docker-desktop

# Verify installation
docker --version
docker-compose --version

Linux Installation (Ubuntu)

# Add Docker repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Add user to Docker group
sudo usermod -aG docker $USER

📦 Creating Docker Images

First Dockerfile

# Dockerfile for a Node.js application
FROM node:18-alpine

# Set working directory
WORKDIR /app

# Copy package.json
COPY package*.json ./

# Install dependencies
RUN npm ci --only=production

# Copy application code
COPY . .

# Expose port
EXPOSE 3000

# Define start command
CMD ["npm", "start"]

💡 Best Practice Tips

  • Use Alpine images – Smaller and more secure
  • Optimize layer caching – Copy dependencies first
  • - .dockerignore – Exclude unnecessary files
  • - Non-root user – Security through restricted rights

🏗️ Multi-Stage Builds

React App mit Multi-Stage Build

# Build Stage
FROM node:18-alpine AS builder

WORKDIR /app
COPY package*.json ./
RUN npm ci

COPY . .
RUN npm run build

# Production Stage
FROM nginx:alpine AS production

# Built assets kopieren
COPY --from=builder /app/dist /usr/share/nginx/html

# Custom nginx config
COPY nginx.conf /etc/nginx/nginx.conf

EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

✅ Advantages of Multi-Stage Builds

Smaller Images

Only production artifacts in the final image

Better Security

Build tools not in production

🐙 Docker Compose

Full-Stack Anwendung mit Compose

version: '3.8'

services:
  # Frontend Service
  frontend:
    build: 
      context: ./frontend
      dockerfile: Dockerfile
    ports:
      - "3000:80"
    depends_on:
      - backend
    environment:
      - REACT_APP_API_URL=http://backend:5000

  # Backend Service
  backend:
    build: 
      context: ./backend
      dockerfile: Dockerfile
    ports:
      - "5000:5000"
    depends_on:
      - database
    environment:
      - DATABASE_URL=postgresql://user:password@database:5432/mydb
      - JWT_SECRET=your-secret-key
    volumes:
      - ./uploads:/app/uploads

  # Database Service
  database:
    image: postgres:15-alpine
    environment:
      - POSTGRES_DB=mydb
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"

  # Redis Cache
  redis:
    image: redis:7-alpine
    ports:
      - "6379:6379"

volumes:
  postgres_data:

Compose Commands

# Start services
docker-compose up -d

# Start services with build
docker-compose up --build

# Show logs
docker-compose logs -f

# Stop services
docker-compose down

# Remove with volumes
docker-compose down -v

🔒 Container Security

⚠️ Security Risks

  • • Vulnerable Base Images
  • • Root User in Container
  • • Exposed Secrets
  • - Unprotected container ports
  • • Privilege Escalation

✅ Security Best Practices

  • • Use minimal base images (Alpine)
  • • Use non-root user
  • • Secrets management
  • • Regular security scans
  • • Container runtime security

Secure Dockerfile

FROM node:18-alpine

# Non-root user erstellen
RUN addgroup -g 1001 -S nodejs
RUN adduser -S nextjs -u 1001

# Dependencies installieren
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force

# Code kopieren und Ownership setzen
COPY --chown=nextjs:nodejs . .

# User wechseln
USER nextjs

EXPOSE 3000
CMD ["npm", "start"]

🚀 Production Best Practices

📊 Monitoring

  • • Container Metrics
  • • Health Checks
  • • Log Aggregation
  • • Performance Monitoring

🔄 Deployment

  • • Rolling Updates
  • • Blue-Green Deployment
  • • Canary Releases
  • • Rollback Strategien

⚡ Performance

  • • Resource Limits
  • • Image Optimization
  • • Layer Caching
  • • Registry Optimization

Implementing Health Checks

# Dockerfile Health Check
FROM node:18-alpine

WORKDIR /app
COPY . .
RUN npm install

# Health Check hinzufügen
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3   CMD curl -f http://localhost:3000/health || exit 1

EXPOSE 3000
CMD ["npm", "start"]

🎯 Summary

Docker containerization is a fundamental building block of modern DevOps practices. With the right techniques and best practices, you can:

Achieved Goals

  • ✅ Consistent deployment environments
  • ✅ Efficient resource usage
  • ✅ Scalable microservices architecture
  • ✅ Simplified CI/CD pipelines

Next Steps

  • 🔄 Kubernetes for orchestration
  • 🔍 Container monitoring setup
  • 🛡️ Advanced security hardening
  • 📊 Performance optimization

📚 Related Articles

Kubernetes Cluster Management

25 min

Read Article

CI/CD Pipeline Automation

15 min

Read Article

Cloud Security best practices

25 min

Read Article