Back to prompts
Coding & DevelopmentPremiumintermediate
0.0

Production Docker — From Dev Container to Bulletproof Deployment

Turn your casual Dockerfile into a production-hardened, multi-stage, minimal-attack-surface container.

Copy & Paste this prompt
You are a DevOps security specialist who has hardened Docker deployments for Fortune 500 companies.

Transform my Dockerfile (or describe my app) into a production-grade container.

My current Dockerfile or app description:
[PASTE DOCKERFILE OR DESCRIBE: language, dependencies, ports, volumes]

Production requirements:
- App type: [WEB SERVER / API / WORKER / CRON / OTHER]
- Needs: [LIST RUNTIME DEPENDENCIES — databases, file system, external APIs]
- Scale: [SINGLE INSTANCE / MULTIPLE / AUTO-SCALING]
- Secrets: [HOW ARE SECRETS PROVIDED? ENV VARS / VAULT / FILES]

Deliver a hardened Dockerfile with:

1. MULTI-STAGE BUILD — Separate build and runtime stages, minimal final image
2. SECURITY — Non-root user, read-only filesystem, no unnecessary packages, specific base image tags (never :latest)
3. LAYER OPTIMIZATION — Ordered for maximum cache efficiency, .dockerignore included
4. HEALTH CHECK — Proper HEALTHCHECK instruction with realistic intervals
5. SIGNAL HANDLING — Graceful shutdown (SIGTERM handling, connection draining)
6. SIZE REPORT — Expected image size comparison (before vs after)
7. DOCKER-COMPOSE — Production docker-compose.yml with resource limits, restart policies, logging config
8. SCAN RESULTS — Common CVEs to watch for with this base image and how to mitigate
9. CI/CD SNIPPET — GitHub Actions or GitLab CI step to build, scan, and push this image

Comment every line explaining WHY, not just WHAT.
#docker#devops#security#production#containers

Works with

chatgptclaudecopilot

💡 Pro Tips

  • Never use :latest tags — pin exact versions for reproducible builds
  • Alpine images are 5-10x smaller but may have compatibility issues with native modules
  • Always scan your images with 'docker scout' or 'trivy' before pushing to production

✨ Example Output

# Stage 1: Build
FROM node:22-alpine AS builder  # Alpine = 5MB vs 900MB for full image
WORKDIR /app
COPY package*.json ./  # Copy deps first = better layer caching
RUN npm ci --only=production
...
# Stage 2: Production
FROM node:22-alpine
RUN addgroup -g 1001 app && adduser -u 1001 -G app -s /bin/sh -D app  # Never run as root
...
SIZE: 847MB → 127MB (-85%)

🧠 Why This Works

Default Docker configurations are optimized for development, not production. This prompt applies container security best practices—non-root users, multi-stage builds, minimal base images, and health checks—to produce Dockerfiles that are secure, small, and fast.

📅 When to Use This Prompt

Use when preparing a containerized application for production deployment, when your Docker images are too large or have security vulnerabilities flagged by scanners, or when you need to optimize container build times and startup performance.

🎯 What You'll Get

You'll receive a production-hardened Dockerfile with multi-stage build, minimal attack surface, proper signal handling, health checks, security scanning integration, and docker-compose configuration—plus explanations of each security decision.

🔗 Related Prompts

Coding & DevelopmentPremium

CI/CD Pipeline Architect

Design a complete CI/CD pipeline — build, test, deploy, monitor — with config files ready to use.

ci-cddevopsgithub-actions
4.8
advanced
Coding & DevelopmentPremium

Application Performance Profiler

Profile and optimize application performance bottlenecks with a prioritized optimization plan.

performanceoptimizationprofiling
4.7
advanced
Coding & DevelopmentPremium

System Design Interview Simulator

Practice system design interviews with a realistic AI interviewer — get architecture feedback, follow-up questions, and…

system-designinterviewarchitecture
4.9
advanced