This document summarizes the Docker implementation for the RBAC application.
File: Dockerfile
Features implemented:
- Multi-stage build using
node:18-alpinefor smaller image size - Optimized for build caching (dependencies installed before copying source code)
- Separate stages for development and production
- Non-root user (
nodejs) for enhanced security - Uses
dumb-initfor proper signal handling - Production image size optimized with production-only dependencies
- Development stage includes hot reload with nodemon
Security best practices:
- Runs as non-root user (UID 1001, GID 1001)
- Minimal attack surface with Alpine Linux
- Separate build stages
- No unnecessary files in final image
File: .dockerignore
Excludes:
node_modules/(dependencies installed in container).envfiles (for security)- Log files
- IDE/editor configurations
- Git files
- Documentation files
- CI/CD configurations
- Docker files themselves
Benefits:
- Smaller build context
- Faster build times
- Enhanced security (no sensitive files)
- Reduced image size
File: docker-compose.yml
Services implemented:
-
MongoDB Service (
mongodb)- Official MongoDB 7 image
- Persistent data with named volumes
- Health checks implemented
- Configurable credentials via environment variables
- Exposed on port 27017 (configurable)
-
Application Service (
app)- Production-ready Node.js service
- Depends on MongoDB health check
- Health check endpoint configured
- Configurable via environment variables
- Exposed on port 5000 (configurable)
- Restart policy:
unless-stopped
-
Development Service (
app-dev)- Activated with
--profile devflag - Volume mounts for hot reload
- Nodemon for automatic restart
- Same configuration as production but with dev dependencies
- Activated with
Volumes:
mongodb_data- MongoDB data persistencemongodb_config- MongoDB configuration persistence
Network:
- Custom bridge network (
rbac-network) for service isolation
Features:
- Service health checks
- Automatic restart policies
- Environment variable configuration
- Profile-based service activation (dev/prod)
- Service dependencies management
File: .env.example
Variables configured:
NODE_ENV- Application environmentPORT- Application portMONGO_URI- MongoDB connection stringMONGO_ROOT_USERNAME- Database usernameMONGO_ROOT_PASSWORD- Database passwordMONGO_DB_NAME- Database nameJWT_SECRET- JWT signing keyJWT_EXPIRE- Token expiration timeCORS_URL- CORS allowed origin
Security notes:
- Contains example/default values
- Actual
.envfile is gitignored - Production values should be changed
Files created:
-
README.Docker.md - Comprehensive Docker guide
- Prerequisites
- Quick start instructions
- Detailed usage examples
- Environment variable reference
- Security best practices
- Troubleshooting guide
- Production deployment guidelines
- Useful commands reference
-
DOCKER_QUICK_REFERENCE.md - Quick command reference
- Common Docker commands
- Docker Compose commands
- Monitoring commands
- Debugging commands
- Database operations
- Cleanup commands
-
Updated README.md - Added Docker section
- Quick start with Docker
- Link to detailed documentation
- Feature highlights
Changes made:
-
Health Check Endpoint
- Added
/api/auth/healthendpoint inauthRoutes.js - Returns service status and timestamp
- Used by Docker health checks
- Added
-
Package.json Scripts
- Added
startscript for production - Added Docker convenience scripts:
docker:build- Build Docker imagedocker:up- Start servicesdocker:down- Stop servicesdocker:logs- View logsdocker:dev- Start in development mode
- Added
-
Updated .gitignore
- Added Docker-related ignores
- Added log file patterns
- Added IDE/OS-specific patterns
| Criterion | Status | Implementation |
|---|---|---|
| Create Dockerfile with official Node.js image (node:18-alpine) | ✅ Complete | Multi-stage Dockerfile with Alpine Linux |
| Optimize for build caching | ✅ Complete | Dependencies copied and installed before source code |
| Create .dockerignore file | ✅ Complete | Excludes node_modules, .env, logs, and unnecessary files |
| Run as non-root user | ✅ Complete | Uses nodejs user (UID 1001, GID 1001) |
| (Bonus) Docker Compose with MongoDB | ✅ Complete | Full docker-compose.yml with MongoDB service |
cp .env.example .env
docker compose up -ddocker compose --profile dev up -d app-devdocker compose down- Non-root user execution - App runs as
nodejsuser - Minimal base image - Alpine Linux reduces attack surface
- Environment variable isolation - Secrets not baked into image
- .dockerignore - Prevents sensitive file inclusion
- Health checks - Monitors service health
- Network isolation - Custom Docker network
- Multi-stage builds - Smaller final image
- Build caching - Faster subsequent builds
- Alpine Linux - Reduced image size (~70MB vs ~900MB)
- Production dependencies only - Smaller runtime image
- Layer optimization - Efficient Docker layer caching
To verify the Docker setup:
# Build and start
docker compose up -d
# Check services are running
docker compose ps
# Test health endpoint
curl http://localhost:5000/api/auth/health
# View logs
docker compose logs -f
# Clean up
docker compose down- Docker Compose v2 syntax used (
docker composeinstead ofdocker-compose) - Compatible with both v1 and v2
- MongoDB data persists in Docker volumes
- Development mode supports hot reload
- Production-ready with security best practices
- Comprehensive documentation provided
- Consistency - Same environment across development, testing, and production
- Portability - Run anywhere Docker runs
- Isolation - No dependency conflicts with host system
- Scalability - Easy to scale with orchestration tools
- Easy onboarding - New developers can start quickly
- Production-ready - Follows Docker best practices
- Add Nginx reverse proxy
- Implement Docker Secrets for production
- Add monitoring with Prometheus/Grafana
- Multi-architecture builds (ARM64 support)
- CI/CD pipeline integration
- Kubernetes manifests
- Redis caching layer
Implementation Date: October 30, 2025
Docker Version: 28.5.0
Docker Compose Version: v2.33.1
Status: ✅ Complete and tested