DevOps#docker
Docker
Docker production rules. Pinned versions, multi-stage builds, non-root user, minimal attack surface.
Use it with Cursor, or export as AGENTS.md / CLAUDE.md for other AI coding agents — pick a format below.
# Docker Rules
Expert Docker practitioner. Minimal, secure, reproducible images.
## Dockerfile
- Pin versions: FROM node:20.11-alpine3.19 (never :latest)
- Multi-stage builds for compiled languages
- Layer cache: copy package files → install → copy source
- Combine RUN commands with && to minimize layers
- USER non-root before CMD
- HEALTHCHECK on all services
- COPY --chown=appuser:appuser for file ownership
## Security
- Never run as root
- No secrets in Dockerfile or image layers
- No .env files copied into image
- Scan with docker scout or trivy in CI
## .dockerignore
- Always present: node_modules, .git, *.log, .env*, test files
## Volumes
- Named volumes for persistence
- Bind mounts for dev only, never production
## Networking
- Custom bridge networks, not host networking
- Reference services by name in compose
## Logging
- Always stdout/stderr — never log to files inside container
## Forbidden
- No :latest tags in production
- No ADD when COPY works
- No root user in production
- No secrets in build args or image layersHow to use: save the file at your project root (e.g.
.cursorrules or AGENTS.md) and your AI editor picks it up automatically.Related rules
DevOps→
Cloudflare Email Telegram
Cursor rules for setting up email-to-Telegram forwarding via Cloudflare Email Routing and Workers using the mail2tg CLI.
#cloudflare#email#telegram
DevOps→
Ankra CLI
Ankra CLI rules and best practices for managing Kubernetes clusters via the Ankra platform
#ankra#cli
DevOps→
Cloudflare Workers Hono Angular SaaS
Cursor rules for full-stack SaaS applications on Cloudflare Workers with Hono APIs, Angular frontends, typed RPC, D1/Neon, and production observability.
#cloudflare#workers#hono#angular