Release: 2021-08-04
This article will use the Node program to show how to optimize the Docker image (the optimization idea is universal, regardless of program), mainly solving the problem of excessive image size, CI/CD Regarding the speed of building images, this article demonstrates how to optimize the Dockerfile step by step. It is absolutely useful information. It is recommended to like it first and then read it. After reading it, it is not useful and then unlike it.

The optimization results are as follows:

  • The size ranges from 1.06G to 73.4M

  • Build speed from 29.6 seconds to 1.3 seconds (compared to the speed of the second build)

Node project

I simply wrote a wechat-bot for my own use. Next, I will use this project to demonstrate how to optimize it. Docker image

The following is the Dockerfile I first wrote without studying Docker carefully

FROM node:14.17.3

# 设置环境变量
ENV NODE_ENV=production
ENV APP_PATH=/node/app

# 设置工作目录

# 把当前目录下的所有文件拷贝到镜像的工作目录下 .dockerignore 指定的文件不会拷贝

# 安装依赖
RUN yarn

# 暴露端口

CMD yarn start
After the build, as shown below, my simple Node program image actually has 1G Next, we will gradually optimize and reduce this size

Optimization Preface

Before optimizing, there are some things we must understand , the first step to solve the problem is to find out the cause of the problem.

  • Dockerfile file contains instructions one by one. Each instruction builds a layer, so each instruction The content is to describe how this layer is constructed.

  • Docker image is not just a file, but consists of a bunch of files. The most important file is layer (Layers )

    • When the image is built, it will be built layer by layer. The previous layer is the basis of the next layer.

      There will be no changes after each layer is built. Any changes on the latter layer only occur on the own layer. For example, the operation of deleting a file at the previous level does not actually delete the file at the previous level, but only marks the file as deleted at the current level. When the final container is run, although this file will not be seen, in fact the file will always follow the image

    • The image layer will be cached and reused (this is also from Chapter 1 The reason why the speed will be faster when you start building the image for the second time is that the principle of optimizing the image building speed is also based on the caching principle)

    • When the instructions of the Dockerfile are modified, the file being operated changes. , or the variables specified when building the image are different, the corresponding image layer cache will be invalid

      caching mechanism of docker build, how does docker know the file changes?

      The strategy adopted by Docker is to obtain the contents of the Dockerfile (including part of the inode information of the file) and calculate a unique hash value. If the hash value does not change, it can be considered that the file content has not changed. Changes can use caching mechanisms and vice versa.

    • After the image cache of a certain layer becomes invalid, the cache of the image layers after it will become invalid

    • Each layer of the image only records file changes , when the container starts, Docker will calculate each layer of the image, and finally generate a file system

      When I knew this, I suddenly realized that the operating systems we use, such as Android, ios, win, Mac, etc., are actually a file system. Our software interface interaction, etc., are actually reading and writing files. When we write a pop-up box on our web page and operate the dom, we are reading and writing local files or reading and writing data in the memory. Personal I don’t know if some of my opinions are correct or not. I am a front-end coder with a non-major background.

    Reference: docker image layering principle

ok, we already know that the image is composed of a multi-layered file system. If you want to optimize its size, you need to reduce the number of layers. Each layer should only contain what is needed by that layer. Any additional things should be in that layer. Clean it up before the end of the build, start the text below

优化 Dockerfile

优化第一层 FROM node:14.17.3

方案一:使用 node 的 Alpine 版本

这也是绝多数人知道的优化镜像手段,Alpine 是一个很小的 Linux 发行版,只要选择 Node 的 Alpine 版本,就会有很大改进,我们把这一句改成指令改成 FROM node:14.17.4-alpine (可以去 dockerhub 查看 node 有哪些版本标签),build 后镜像大小如下图,瞬间从 1.06G 降到 238M,可以说是效果显著

还可以使用其它的基础小镜像,比如 mhart/alpine-node,这个还能再小,改成 FROM mhart/alpine-node:14.17.3 再试试,可以看到又小了 5M ,虽然不多,但是秉着能压榨一点是一点的“老板原则”,积少成多,极致压榨

方案二:使用纯净 Alpine 镜像手动装 Node

既然 Alpine 是最小的 Linux,那我们试下用纯净的 Alpine 镜像,自己再装 Node 试试

FROM alpine:latest

# 使用 apk 命令安装 nodejs 和 yarn,如果使用 npm 启动,就不需要装 yarn
RUN apk add --no-cache --update nodejs=14.17.4-r0 yarn=1.22.10-r0

# ... 后面的步骤不变
build 后看下图,只有 174M 了,又小了不少

结论就是不嫌麻烦追求极致就用方案二,从 1.06G 减少到 174M

  • ENV 指令是可以一次性设置多个环境变量,能一次指令执行完,就不用两次,多一个指令就多一层

  • EXPOSE 指令是暴露端口,其实也可以不用写这个指令,在启动容器的时候自己映射端口,如果写了这个指令的话,因为端口不经常变,所以把这个指令提前,写上这个指令有两个好处:

    • 帮助镜像使用者理解这个镜像服务的守护端口,以方便配置映射

    • 在运行时使用随机端口映射时,也就是 docker run -P 时,会自动随机映射 EXPOSE 的端口

    至于写还是不写,看个人吧,我个人一般不写,因为我在项目启动命令会指定项目端口,启动容器的时候映射出来就好,这样我就要维护一个地方,Dockerfile 也写了的话,项目端口变了,这里也要修改,多了点维护成本,当然也有办法让两边端口变量取自配置文件,只要改配置文件即可

下面是改写后的 Dockerfile

FROM alpine:latest

# 使用 apk 命令安装 nodejs 和 yarn,如果使用 npm 启动,就不需要装 yarn
RUN apk add --no-cache --update nodejs=14.17.4-r0 yarn=1.22.10-r0

# 暴露端口

# 设置环境变量
ENV NODE_ENV=production \

# 设置工作目录

# 把当前目录下的所有文件拷贝到镜像的工作目录下 .dockerignore 指定的文件不会拷贝

# 安装依赖
RUN yarn

# 启动命令
CMD yarn start
package.json 提前提高编译速度

从下图可以看到每次我们 build 的时候最耗时的就是在执行 yarn 命令装依赖的时候,大部分时候我们只是改代码,依赖不变,这时候如果可以让这一步缓存起来,依赖没有变化的时候,就不需要重新装依赖,就可以大大改进编译速度

Teach you step by step how to optimize docker images in Node.js projects

前面我们说了镜像构建时,是一层层构建,前一层是后一层的基础,既然是这样的话,我们就把 package.json 文件单独提前拷贝到镜像,然后下一步装依赖,执行命令装依赖这层的前一层是拷贝 package.json 文件,因为安装依赖命令不会变化,所以只要 package.json 文件没变化,就不会重新执行 yarn 安装依赖,它会复用之前安装好的依赖,原理讲清楚了,下面我们看效果

改变后的 Dockerfile 文件

FROM alpine:latest

# 使用 apk 命令安装 nodejs 和 yarn,如果使用 npm 启动,就不需要装 yarn
RUN apk add --no-cache --update nodejs=14.17.4-r0 yarn=1.22.10-r0

# 暴露端口

# 设置环境变量
ENV NODE_ENV=production \

# 设置工作目录

# 拷贝 package.json 到工作跟目录下
COPY package.json .

# 安装依赖
RUN yarn

# 把当前目录下的所有文件拷贝到镜像的工作目录下 .dockerignore 指定的文件不会拷贝
COPY . .

# 启动命令
CMD yarn start
build 看下图,编译时间从 29.6s 到 1.3s,使用了缓存的层前面会有个 CACHED 字眼,仔细看下图可以看到

充分利用 docker 缓存特性是优化构建速度的利器

因为我们运行 node 程序是只需要生产的依赖和最终 node 可以运行的文件,就是说我们运行项目只需要 package.js 文件里 dependencies 里的依赖,devDependencies 依赖只是编译阶段用的,比如 eslint 等这些工具在项目运行时是用不到的,再比如我们项目是用 typescript 写的,node 是不能直接运行 ts 文件,ts 文件需要编译成 js 文件,运行项目我们只需要编译后的文件和 dependencies 里的依赖就可以运行,也就是说最终镜像只需要我们需要的东西,任何其他东西都可以删掉,下面我们使用多阶段改写 Dockerfile

# 构建基础镜像
    FROM alpine:3.14 AS base

    # 设置环境变量
    ENV NODE_ENV=production \
    # 设置工作目录

    # 安装 nodejs 和 yarn
    RUN apk add --no-cache --update nodejs=14.17.4-r0 yarn=1.22.10-r0

# 使用基础镜像 装依赖阶段
    FROM base AS install

    # 拷贝 package.json 到工作跟目录下
    COPY package.json ./

    # 安装依赖
    RUN yarn

# 最终阶段,也就是输出的镜像是这个阶段构建的,前面的阶段都是为这个阶段做铺垫
    FROM base

    # 拷贝 装依赖阶段 生成的 node_modules 文件夹到工作目录下
    COPY --from=install $APP_PATH/node_modules ./node_modules

    # 将当前目录下的所有文件(除了.dockerignore排除的路径),都拷贝进入镜像的工作目录下
    COPY . .

    # 启动
    CMD yarn start
细心的朋友会发现我这里有指定 alpine 版本,而上面都是用的 latest 版本,因为就在刚刚发现有个坑需要注意下,就是我们选择 alpine 版本的时候,最好不要选择 latest 版本,因为后面要装的软件版本可能会在 alpine 的 latest 版本没有对应软件的版本号,就会安装错误,我刚刚就翻车了,点击查看 alpine 版本下的包信息

1Teach you step by step how to optimize docker images in Node.js projects



  • 第一阶段:构建基础镜像

    安装依赖、编译、运行等等阶段,就是所有阶段共用的东西都在第一阶段封到一个基础镜像里供其它阶段使用,比如设置环境变量、设置工作目录、安装 nodejs、yarn 等等

  • 第二阶段:装依赖阶段


    这里在说下装依赖的小细节,就是执行 yarn --production 加个 production 参数或者环境变量 NODE_ENVproduction,yarn 将不会安装 devDependencies 中列出的任何软件包,点我查看官方文档说明,因为我设置了环境变量所以就没加这个参数

  • 第三阶段:最终使用镜像





  • 大小从 1.06G 到 73.4M

  • 构建速度从 29.6 秒到 1.3 秒(对比的是第二次构建的速度)



github 的 actions 构建镜像问题

github 提供的 actions,每次都是一个干净的实例,什么意思,就是每次执行,都是干净的机器,这会导致一个问题,会导致 docker 没法使用缓存,那有没有解决办法呢,我想到了两种解决办法:

Reference materials:


Project warehouse address https://github.com/iamobj/wechat-bot

Welcome to correct any errors in the article to avoid misleading others

Original address: https://juejin.cn/post/6991689670027542564

Author: iamc

