docker-node
docker-node copied to clipboard
nodejs
[Discussion] Node.js in Docker for production
So, in the official guide it states that the Dockerfile is not ment for production, however there is just very little information on what a production environment whould actually look like. I am curious now and really want to create a list of differences in here.
So far I've got the following: A production environment
- might use node index.js over npm start (Thanks @pesho src )
- should not run as root (Thanks @fhemberger src )
But what else really would there be?
This Issue is more of a discussion, evolved from PR666 and is mostly aimed at @nodejs/docker
Hi @FWirtz,
Have you checked out the Node.js Docker Best Practices - the link is kind of hidden in the Docker guide.
Hi @Starefossen,
you are right, there are some more Tips that I have not taken into account yet. Thank you! Can you think of something else that would differ in production?
I had also a hard time finding good tips on workflow and production recommendations. Some good ones I found:
- You can use the same node_modules for dev and production as long as there is no native modules to be compiled
- Don't npm install when running the image because npm can be offline and your deploy will fail
- Make good use of layer caching putting npm install in the image before your code
- Separate your modules in package.json in "dependencies" and "devDependencies", this way you can run npm install --production to skip devDepencencies
- Use npm shrinkwrap to ensure that the same versions are installed
- Don't run node as root
- Use explicit versions of docker images and node modules whenever possible
- Use env variables to store sensitive information (see also http://12factor.net/)
Some interesting stuff:
http://jdlm.info/articles/2016/03/06/lessons-building-node-app-docker.html (very good) http://anandmanisankar.com/posts/docker-container-nginx-node-redis-example/ https://github.com/veggiemonk/awesome-docker
Wow. Thats awesome. Thank you very very much. I didnt have time to read all of it yet, but I will on the weekend. You really give me some interesting insights that I totally did not think of before. Really, thank you very much!
@davidbnk Wow david, that list and the articles really are awesome - THANK YOU!!!
"might use node index.js over npm start (Thanks @pesho src )" If you use a lightweight init system like dumb-init, you can use npm start and still have the init system relay SIGTERM signals sent to your container to npm start's child process (ie, your node app).
If you use a lightweight init system like dumb-init, you can use npm start and still have the init system relay SIGTERM signals sent to your container to npm start's child process (ie, your node app).
If your application launches through a shell script, or spawns children via child_process, it's also a very good idea to use a real init system.
In addition to all that, this is a good time to make sure that your application intercepts and handles SIGTERM correctly, and calls process.exit() after performing any necessary cleanup tasks, instead of waiting for docker to timeout and send SIGKILL. Most Node applications do not handle this adequately -- by default, Node ignores SIGTERM.
(On that note, it's also worth remembering that, by default, docker only waits 5 seconds for the process to exit after sending SIGTERM before it sends SIGKILL. This is a very short amount of time, which can be a problem for applications that require more time to exit cleanly.)
Hi, I tested node14+npm6 & node16+npm 8 I found that npm does NOT swallow SIGTERM signal as many articles said, including Node.js Docker Best Practices guide.
I am also confused with the Pid 1 problem stated in the guide. I asked my question at SO The problem with npm start to start the node app in docker but no answer yet.
So can someone (maybe @Starefossen ) cast some light on it ?
Thanks!
I found this closed issue lifecycle: propagate SIGTERM to child
So npm did fix it but the latest comment (2017) in that said "Yes, this isn’t working, at least with bash; npm runs its lifecycle processes in a shell, and bash doesn’t forward SIGTERM to its children." But that was 5 years ago!
