How to Build Tiny, Fast Docker Images: 4 Proven Optimization Tricks

Recently I built a fun tool called xbin.io that runs various utilities inside Docker‑compatible sandbox images. To keep the images as small and fast as possible, I gathered a set of Docker image optimization tricks.

Docker images are built on top of Linux overlayfs , which merges a read‑only lower layer with a writable upper layer. At runtime Docker merges successive layers and then uses chroot to change the process root, presenting a single unified filesystem to the container.

This design enables two key efficiencies: if two images share the same Ubuntu base, the base layer is stored only once, and when pulling a new image Docker skips any layers that already exist locally.

Technique 1: Remove Package Caches

Package managers (apt, dnf, pip, etc.) keep caches that are unnecessary in a final image. After installing packages, delete the caches in the same RUN instruction to avoid creating extra layers.

RUN dnf install -y --setopt=tsflags=nodocs \
    httpd vim && \
    systemctl enable httpd && \
    dnf clean all

Each RUN creates a new layer, so the above example would create three layers (install, enable, clean) and the cache would still be present in the earlier layers. Docker’s --squash flag can merge all layers into one, but it defeats layer sharing benefits.

Common cache‑cleaning commands:

yum: yum clean all dnf: dnf clean all rvm: rvm cleanup all gem: gem cleanup cpan: rm -rf ~/.cpan/{build,sources}/* pip: rm -rf ~/.cache/pip/* apt‑get:

apt-get clean

Technique 2: Put Infrequently Changed Content First

Because a change in a layer invalidates that layer and all layers above it, place stable system dependencies (apt, dnf) early in the Dockerfile, then add language‑specific dependencies (pip, npm), and finally copy the application source.

FROM python:3.7-buster
# install system deps
RUN apt-get update && apt-get install -y nginx
# copy requirements and install Python deps
COPY myapp/requirements.txt /opt/app/myapp/requirements.txt
RUN pip install -r requirements.txt
# copy source code
COPY myapp /opt/app/myapp/

Technique 3: Separate Build and Runtime Images

Use a multi‑stage build: compile the application in a heavyweight image (e.g., golang), then copy the resulting binaries into a minimal runtime image (e.g., alpine).

FROM golang AS build
ENV CGO_ENABLED 0
RUN go install github.com/ericchiang/pup@latest

FROM alpine:3.15 AS run
COPY --from=build /go/bin/pup /usr/local/bin/pup

This reduces the final image to a few megabytes, ideal for statically compiled languages.

Technique 4: Inspect Build Artifacts

Use dive, an interactive TUI, to explore each layer’s contents. Run dive ubuntu:latest and use Ctrl+U to show only the changes introduced by the current layer, or Ctrl+Space to collapse directories for a quick overview.

References:

https://jvns.ca/blog/2019/11/18/how-containers-work–overlayfs/

https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html

http://docs.projectatomic.io/container-best-practices/