Docker Security Hardening
Containers are isolated, but the host system needs protection.
1. Do Not Run as Root
Avoid running containers as the root user. Create a dedicated user in your Dockerfile.
dockerfile
FROM node:20-alpine
WORKDIR /app
COPY . .
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser
CMD ["npm", "start"]2. Limit Resources
Prevent Denial of Service (DoS) attacks by limiting memory and CPU.
yaml
version: '3'
services:
web:
image: nginx
deploy:
resources:
limits:
cpus: '0.50'
memory: 512M3. Image Scanning
Regularly scan your images for vulnerabilities using tools like Trivy or Docker Scan.
bash
docker scan my-image:latest4. Rootless Docker
Consider running the Docker daemon in rootless mode to mitigate potential privilege escalation attacks.
Page changelog
Last updated
- 2024-03-20—Initial or baseline update for this page.
Related articles
Security
SSL/TLS Certificates (HTTPS Basics)
What HTTPS really does, what certificates are, and how to get one (including Let's Encrypt).
Security
Backups Explained (Beginner)
A practical guide to backups: what to back up, how often, where to store it, and how to test restores.
Security
Troubleshooting — Fast Checks and Fixes
A practical checklist for diagnosing deploy failures, 502s, TLS issues, disk pressure, and performance problems.
Security
Setting Up a WireGuard VPN
A modern, high-performance VPN tunnel to secure your connection or access private networks.
Was this page helpful?