Skip to content

Deployment best practices #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
thenikso opened this issue Aug 25, 2015 · 2 comments
Closed

Deployment best practices #36

thenikso opened this issue Aug 25, 2015 · 2 comments

Comments

@thenikso
Copy link

Hi there! I hope this issue can help me and other coming here with a similar problem:

I'm planning to deploy a container based on this image in production behind an https load balancer.

Would a simple npm start --production for an express app.listen(... be enough for production use? Or should something more be done to enhance security/throughput of the service.

Thanks! 🍬

@Starefossen
Copy link
Member

Here are some quick notes from the top of my head. Hopefully they can be used as a part of a discussion around best practices since this is something we do not have enough documentation on.

Environment Variables

I personally prefer to to run with NODE_ENV set to production instead of using the --production flag. This is the way you would pass inn secrets and other runtime configurations to your application as well.

-e "NODE_ENV=production"

Non-root User

By default Docker runs container as root which inside of the container can pose as a security issue. You would want to run the container as an unprivileged user wherever possible. This is however not supported out of the box with the node Docker image.

FROM node:4.1.2
# Add our user and group first to make sure their IDs get assigned consistently
RUN groupadd -r app && useradd -r -g app app 

This Docker Image can than be run with the app user in the following way:

-u "app"

Memory

By default any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host you should probably limit how much memory they can consume.

-m "300M" --memory-swap "1G"

Docker Run

Here is how I would run a default Node.JS Docker Containerized application:

$ docker run \
  -e "NODE_ENV=production" \
  -u "app" \
  -m "300M" --memory-swap "1G" \
  -w "/usr/src/app" \
  --name "my-nodejs-app" \
  npm start

@thenikso
Copy link
Author

thenikso commented Oct 8, 2015

Thank you @Starefossen! I'll keep this among my references 🙇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants