Master Dockerfile: Build Custom Images Like a Pro

Using Dockerfile to Customize Images

Customizing an image means defining each layer’s configuration, files, and commands in a script called a Dockerfile. A Dockerfile is a text file containing a series of Instruction s, each creating a new layer.

FROM – Specify Base Image

The first instruction must be FROM, which selects the base image (e.g., nginx, ubuntu, scratch). Official images such as nginx, redis, mongo, node, python, etc., can be used as bases.

RUN – Execute Commands

RUN

executes a command in a new layer. Two formats exist:

shell format: RUN <command> exec format: RUN ["executable", "arg1", ...] Combining multiple commands with && in a single RUN reduces the number of layers and image size.

COPY and ADD – Copy Files

COPY <src>... <dest>

copies files from the build context into the image, preserving permissions. Wildcards are supported. ADD works like COPY but can also download URLs and automatically extract tar archives. Use COPY whenever possible; ADD only when auto‑extraction is needed.

CMD – Default Container Command

CMD

defines the default command when the container runs. Two formats:

Shell: CMD <command> Exec: CMD ["executable", "arg1"] When combined with ENTRYPOINT, CMD supplies additional arguments.

ENTRYPOINT – Fixed Entry Point

ENTRYPOINT

sets the container’s entry point. Using ENTRYPOINT with CMD lets the image behave like a command where extra arguments are appended, e.g., a utility that can accept flags.

ENV – Environment Variables

ENV KEY VALUE

or ENV KEY1=VAL1 KEY2=VAL2 defines variables that can be referenced in later instructions (e.g., $NODE_VERSION) and at runtime.

VOLUME – Declare Mount Points

VOLUME ["/data"]

declares a directory as a volume, ensuring data is stored outside the image’s read‑only layers. Users can override with named or host volumes.

EXPOSE – Declare Ports

EXPOSE 80 443

documents which ports the container listens on. It does not publish them; -p or -P must be used at run time.

WORKDIR – Set Working Directory

WORKDIR /app

creates (if needed) and sets the current directory for subsequent instructions, avoiding the need for cd in separate RUN steps.

Building an Image

Place the Dockerfile in an empty directory, then run: docker build -t myimage . The output shows each step (e.g., Step 1 : FROM nginx) and the resulting layer IDs.

Build Context

The final . in docker build -t myimage . specifies the build context directory. Docker packs all files in that directory (excluding those listed in .dockerignore) and sends them to the daemon. COPY and ADD paths are relative to this context.

Advanced Build Sources

Docker can build directly from a Git repository, a tar archive URL, or standard input ( docker build - < Dockerfile), but stdin builds have no context, so COPY cannot be used.

Best Practices

Use a single RUN with && to minimize layers.

Prefer COPY over ADD unless auto‑extraction is required.

Declare EXPOSE and VOLUME for documentation and safety.

Leverage ENV for version numbers to simplify updates.

Use ENTRYPOINT when you want the image to behave like an executable that accepts additional arguments.

Following these guidelines results in smaller, more maintainable Docker images.