Docker Patterns for Local Development is a development claude skill built by Affaan M. Best for: Backend developers and DevOps engineers need Docker patterns to set up consistent, secure multi-container development environments locally..
- What it does
- Configure Docker and Docker Compose for secure, multi-service containerized local development with networking and volume best practices.
- Category
- development
- Created by
- Affaan M
- Last updated
Claude Skilldevelopment GitHub-backed CuratedintermediateClaude Code
Docker Patterns for Local Development
Configure Docker and Docker Compose for secure, multi-service containerized local development with networking and volume best practices.
Skill instructions
name: docker-patterns description: 用于本地开发的Docker和Docker Compose模式,包括容器安全、网络、卷策略和多服务编排。 origin: ECC
Docker 模式
适用于容器化开发的 Docker 和 Docker Compose 最佳实践。
何时启用
- 为本地开发设置 Docker Compose
- 设计多容器架构
- 排查容器网络或卷问题
- 审查 Dockerfile 的安全性和大小
- 从本地开发迁移到容器化工作流
用于本地开发的 Docker Compose
标准 Web 应用栈
# docker-compose.yml
services:
app:
build:
context: .
target: dev # Use dev stage of multi-stage Dockerfile
ports:
- "3000:3000"
volumes:
- .:/app # Bind mount for hot reload
- /app/node_modules # Anonymous volume -- preserves container deps
environment:
- DATABASE_URL=postgres://postgres:postgres@db:5432/app_dev
- REDIS_URL=redis://redis:6379/0
- NODE_ENV=development
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
command: npm run dev
db:
image: postgres:16-alpine
ports:
- "5432:5432"
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: app_dev
volumes:
- pgdata:/var/lib/postgresql/data
- ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init.sql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 3s
retries: 5
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
- redisdata:/data
mailpit: # Local email testing
image: axllent/mailpit
ports:
- "8025:8025" # Web UI
- "1025:1025" # SMTP
volumes:
pgdata:
redisdata:
开发与生产 Dockerfile
# Stage: dependencies
FROM node:22-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
# Stage: dev (hot reload, debug tools)
FROM node:22-alpine AS dev
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "run", "dev"]
# Stage: build
FROM node:22-alpine AS build
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build && npm prune --production
# Stage: production (minimal image)
FROM node:22-alpine AS production
WORKDIR /app
RUN addgroup -g 1001 -S appgroup && adduser -S appuser -u 1001
USER appuser
COPY --from=build --chown=appuser:appgroup /app/dist ./dist
COPY --from=build --chown=appuser:appgroup /app/node_modules ./node_modules
COPY --from=build --chown=appuser:appgroup /app/package.json ./
ENV NODE_ENV=production
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]
覆盖文件
# docker-compose.override.yml (auto-loaded, dev-only settings)
services:
app:
environment:
- DEBUG=app:*
- LOG_LEVEL=debug
ports:
- "9229:9229" # Node.js debugger
# docker-compose.prod.yml (explicit for production)
services:
app:
build:
target: production
restart: always
deploy:
resources:
limits:
cpus: "1.0"
memory: 512M
# Development (auto-loads override)
docker compose up
# Production
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
网络
服务发现
同一 Compose 网络中的服务可通过服务名解析:
# 从 "app" 容器:
postgres://postgres:postgres@db:5432/app_dev # "db" 解析到 db 容器
redis://redis:6379/0 # "redis" 解析到 redis 容器
自定义网络
services:
frontend:
networks:
- frontend-net
api:
networks:
- frontend-net
- backend-net
db:
networks:
- backend-net # Only reachable from api, not frontend
networks:
frontend-net:
backend-net:
仅暴露所需内容
services:
db:
ports:
- "127.0.0.1:5432:5432" # Only accessible from host, not network
# Omit ports entirely in production -- accessible only within Docker network
卷策略
volumes:
# Named volume: persists across container restarts, managed by Docker
pgdata:
# Bind mount: maps host directory into container (for development)
# - ./src:/app/src
# Anonymous volume: preserves container-generated content from bind mount override
# - /app/node_modules
常见模式
services:
app:
volumes:
- .:/app # Source code (bind mount for hot reload)
- /app/node_modules # Protect container's node_modules from host
- /app/.next # Protect build cache
db:
volumes:
- pgdata:/var/lib/postgresql/data # Persistent data
- ./scripts/init.sql:/docker-entrypoint-initdb.d/init.sql # Init scripts
容器安全
Dockerfile 加固
# 1. Use specific tags (never :latest)
FROM node:22.12-alpine3.20
# 2. Run as non-root
RUN addgroup -g 1001 -S app && adduser -S app -u 1001
USER app
# 3. Drop capabilities (in compose)
# 4. Read-only root filesystem where possible
# 5. No secrets in image layers
Compose 安全
services:
app:
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp
- /app/.cache
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE # Only if binding to ports < 1024
密钥管理
# GOOD: Use environment variables (injected at runtime)
services:
app:
env_file:
- .env # Never commit .env to git
environment:
- API_KEY # Inherits from host environment
# GOOD: Docker secrets (Swarm mode)
secrets:
db_password:
file: ./secrets/db_password.txt
services:
db:
secrets:
- db_password
# BAD: Hardcoded in image
# ENV API_KEY=sk-proj-xxxxx # NEVER DO THIS
.dockerignore
node_modules
.git
.env
.env.*
dist
coverage
*.log
.next
.cache
docker-compose*.yml
Dockerfile*
README.md
tests/
调试
常用命令
# View logs
docker compose logs -f app # Follow app logs
docker compose logs --tail=50 db # Last 50 lines from db
# Execute commands in running container
docker compose exec app sh # Shell into app
docker compose exec db psql -U postgres # Connect to postgres
# Inspect
docker compose ps # Running services
docker compose top # Processes in each container
docker stats # Resource usage
# Rebuild
docker compose up --build # Rebuild images
docker compose build --no-cache app # Force full rebuild
# Clean up
docker compose down # Stop and remove containers
docker compose down -v # Also remove volumes (DESTRUCTIVE)
docker system prune # Remove unused images/containers
调试网络问题
# Check DNS resolution inside container
docker compose exec app nslookup db
# Check connectivity
docker compose exec app wget -qO- http://api:3000/health
# Inspect network
docker network ls
docker network inspect <project>_default
反模式
# 错误做法:在生产环境中使用 docker compose 而不进行编排
# 生产环境多容器工作负载应使用 Kubernetes、ECS 或 Docker Swarm
# 错误做法:在容器内存储数据而不使用卷
# 容器是临时性的——不使用卷时,重启会导致所有数据丢失
# 错误做法:以 root 用户身份运行
# 始终创建并使用非 root 用户
# 错误做法:使用 :latest 标签
# 固定到特定版本以实现可复现的构建
# 错误做法:将所有服务放入一个巨型容器
# 关注点分离:每个容器运行一个进程
# 错误做法:将密钥放入 docker-compose.yml
# 使用 .env 文件(在 git 中忽略)或 Docker secrets
Use this skill
Most skills are portable instruction packages. Claude Code supports SKILL.md directly. Other agents can use adapted files like AGENTS.md, .cursorrules, and GEMINI.md.
Claude Code
Save SKILL.md into your Claude Skills folder, then restart Claude Code.
mkdir -p ~/.claude/skills/docker-patterns-for-local-development && curl -L "https://raw.githubusercontent.com/affaan-m/everything-claude-code/HEAD/docs/zh-CN/skills/docker-patterns/SKILL.md" -o ~/.claude/skills/docker-patterns-for-local-development/SKILL.mdInstalls to ~/.claude/skills/docker-patterns-for-local-development/SKILL.md.
Use cases
Backend developers and DevOps engineers need Docker patterns to set up consistent, secure multi-container development environments locally.
Reviews
No reviews yet. Be the first to review this skill.
No signup required
Stats
Installs0
GitHub Stars174.1k
Forks26970
LicenseMIT
UpdatedMar 27, 2026
Creator
AAffaan M
@affaan-m