$ loading_
提供 Docker 与 Compose 实战模式,优化本地开发、容器安全与多服务编排。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "docker-patterns" 技能: 1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/docs/tr/skills/docker-patterns/SKILL.md 2. 保存为 ~/.claude/skills/docker-patterns/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为一个包含前端、后端、PostgreSQL 和 Redis 的项目设计 Docker Compose 模式,要求支持本地开发热重载、环境变量管理、健康检查、服务依赖与调试端口映射,并说明目录结构与注意事项。
一套适用于本地开发的 Compose 配置模式,包含服务定义、挂载策略、依赖关系和实施建议。
请总结 Docker 容器安全最佳实践,重点包括非 root 用户运行、镜像瘦身、敏感信息管理、只读文件系统、capabilities 控制、网络隔离和镜像漏洞扫描,并给出可执行的配置示例。
一份面向生产环境的容器安全模式清单,附带配置片段与落地建议。
我需要为使用 Docker Compose 的微服务系统制定 volume 和网络策略。请分别说明持久化数据、临时缓存、配置文件挂载的推荐方式,以及前后端、数据库、内部服务之间的网络隔离与命名规范。
清晰的 volume 分类方案与网络拓扑建议,便于提升可维护性、安全性与协作效率。
Konteynerize edilmiş geliştirme için Docker ve Docker Compose en iyi uygulamaları.
# docker-compose.yml
services:
app:
build:
context: .
target: dev # Multi-stage Dockerfile'ın dev aşamasını kullan
ports:
- "3000:3000"
volumes:
- .:/app # Hot reload için bind mount
- /app/node_modules # Anonim volume -- konteyner bağımlılıklarını korur
environment:
- DATABASE_URL=postgres://postgres:postgres@db:5432/app_dev
- REDIS_URL=redis://redis:6379/0
- NODE_ENV=development
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
command: npm run dev
db:
image: postgres:16-alpine
ports:
- "5432:5432"
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: app_dev
volumes:
- pgdata:/var/lib/postgresql/data
- ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init.sql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 3s
retries: 5
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
- redisdata:/data
mailpit: # Yerel email testi
image: axllent/mailpit
ports:
- "8025:8025" # Web UI
- "1025:1025" # SMTP
volumes:
pgdata:
redisdata:
# Aşama: bağımlılıklar
FROM node:22-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
# Aşama: dev (hot reload, debug araçları)
FROM node:22-alpine AS dev
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "run", "dev"]
# Aşama: build
FROM node:22-alpine AS build
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build && npm prune --production
# Aşama: production (minimal image)
FROM node:22-alpine AS production
WORKDIR /app
RUN addgroup -g 1001 -S appgroup && adduser -S appuser -u 1001
USER appuser
COPY --from=build --chown=appuser:appgroup /app/dist ./dist
COPY --from=build --chown=appuser:appgroup /app/node_modules ./node_modules
COPY --from=build --chown=appuser:appgroup /app/package.json ./
ENV NODE_ENV=production
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]
# docker-compose.override.yml (otomatik yüklenir, sadece dev ayarları)
services:
app:
environment:
- DEBUG=app:*
- LOG_LEVEL=debug
ports:
- "9229:9229" # Node.js debugger
# docker-compose.prod.yml (üretim için açıkça)
services:
app:
build:
target: production
restart: always
deploy:
resources:
limits:
cpus: "1.0"
memory: 512M
# Geliştirme (override'ı otomatik yükler)
docker compose up
# Üretim
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
Aynı Compose ağındaki servisler servis adıyla çözümlenir:
# "app" konteynerinden:
postgres://postgres:postgres@db:5432/app_dev # "db" db konteynerine çözümlenir
redis://redis:6379/0 # "redis" redis konteynerine çözümlenir
services:
frontend:
networks:
- frontend-net
api:
networks:
- frontend-net
- backend-net
db:
networks:
…
通过双评审智能体对结果进行对抗式校验,提升输出发布前的可靠性
帮助你安全编排 Docker 容器任务,并搭建可复现的开发运行环境