Optimize Dockerfile for Security and Best Practices

[jsandov]

Current Dockerfile

FROM nginx:alpine
LABEL MAINTAINER="Jonathan Nguyen jonathan@jdnguyen.tech"
COPY website /website
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80

Proposed Optimizations

1. Base Image and Security

FROM nginx:alpine-slim

# Use non-root user
USER nginx

• Smaller attack surface
• Enhanced security with non-root user
• Reduced image size

2. Modern Label Schema

LABEL org.opencontainers.image.authors="Jonathan Nguyen <jonathan@jdnguyen.tech>" \
      org.opencontainers.image.description="Website served via Nginx" \
      org.opencontainers.image.source="https://github.com/yourusername/repo"

• Follows OCI standards
• Better metadata organization
• Improved maintainability

3. File Operations

COPY --chown=nginx:nginx website /website
COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
WORKDIR /website

• Proper file permissions
• Explicit working directory
• Security best practices

4. Health Monitoring

HEALTHCHECK --interval=30s --timeout=3s \
    CMD wget -q --spider http://localhost/ || exit 1

• Container health monitoring
• Better orchestration support
• Improved reliability

Additional Recommendations

1. Add .dockerignore file
2. Implement multi-stage builds if needed
3. Enable container security scanning
4. Use COPY --link for better caching
5. Consider implementing content hashing

Benefits

• Enhanced security
• Reduced image size
• Better maintainability
• Improved monitoring
• Industry best practices

Implementation Steps

1. Update Dockerfile with optimizations
2. Add health check
3. Create .dockerignore
4. Test changes in staging
5. Update CI/CD pipeline if needed

Resources

• Docker Best Practices
• OCI Image Spec
• Nginx Docker Official Images