Skip to main content

Dockerfile Instructions

A Dockerfile is like a recipe for building images. It’s a simple text file where you list the commands Docker should run to automatically assemble your image. Docker reads the file step by step and creates the image exactly as described.

📖 Production Grade Dockerfile Instruction Order

FROM → Create a new build stage from a base image

MAINTAINER → Specify the author of the image (deprecated, often replaced with LABEL)

LABEL → Add metadata to the image (e.g., version, description, maintainer)

ARG → Define build‑time variables (for image)

ENV → Set environment variables (for container)

SHELL → Set the default shell of the image

WORKDIR → Define the working directory for subsequent instructions

COPY → Copy files and directories into the image

ADD → Add local or remote files (use sparingly; prefer COPY)

RUN → Execute build commands (install dependencies, configure system)

USER → Set user and group ID for running processes

EXPOSE → Define which ports the application listens on

VOLUME → Create volume mounts for persistent data

ENTRYPOINT → Specify the default executable for the container

CMD → Provide default arguments/commands (works with ENTRYPOINT)

HEALTHCHECK → Define how Docker checks container health

STOPSIGNAL → Specify the system call signal for exiting the container

ONBUILD → Add instructions triggered when the image is used as a base (use cautiously in production)

📖 Minimal Production‑Grade Dockerfile (Best Practices)

# 1. Base image
FROM ubuntu:22.04

# 2. Metadata
LABEL version="1.0" description="Minimal Production Dockerfile example" \
      maintainer="Shubham Sihasane"

# 3. Build-time arguments
ARG APP_ENV=production

# 4. Environment variables
ENV LANG=C.UTF-8 APP_HOME=/usr/src/app

# 5. Default shell
SHELL ["/bin/bash", "-c"]

# 6. Working directory
WORKDIR $APP_HOME

# 7. Copy files
COPY requirements.txt ./
COPY src/ ./src

# 8. Run build commands
RUN apt-get update && apt-get install -y \
    python3 python3-pip curl \
    && pip3 install -r requirements.txt \
    && rm -rf /var/lib/apt/lists/*

# 9. User setup
USER appuser

# 10. Expose ports
EXPOSE 8080

# 11. Volumes
VOLUME ["/data"]

# 12. Entrypoint
ENTRYPOINT ["python3", "src/app.py"]

# 13. Default command
CMD ["--serve"]

# 14. Healthcheck
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1

# 15. Stop signal
STOPSIGNAL SIGTERM

Dockerfile Format

# Comment
INSTRUCTION arguments

Description:

  • Each line is either a comment (#) or an instruction with arguments.
  • Instructions are not case‑sensitive, but the convention is to write them in UPPERCASE.
  • Docker executes instructions in order, and every Dockerfile must start with a FROM (after optional ARG or comments).
  • Comments:
    • Lines starting with # are treated as comments (unless they’re parser directives).
    • Comments don’t support line continuation (\) and # inside arguments is just text, not a comment.
# Celebrating joy and learning together
RUN echo "Happy souls building magic with the Happywala Engineer✨"
  • Whitespaces:
    • Leading spaces before instructions or comments are ignored (but discouraged).
    • Whitespace inside arguments is preserved. Prints with leading spaces.
RUN echo "\
     Happywala\
     Engineer"

1. FROM

  • Usage: FROM <image>[:tag]
  • Description: Defines the base image for your build. Every Dockerfile must start with FROM (except optional ARG). Supports multi‑stage builds with AS. Each FROM creates a new stage.
  • Tip: You can use multiple FROM statements to create multi‑stage builds. Use official images, pin exact versions for reproducibility, prefer minimal images (alpineslim).
FROM ubuntu:22.04

2. MAINTAINER

  • Usage: MAINTAINER <name>
  • Description: Used to specify the author of the image. Deprecated in favor of LABEL.
  • Tip: Prefer LABEL maintainer="..." instead as getting deprecated.
MAINTAINER Shubham Sihasane <shubham@example.com>

3. LABEL

  • Usage: LABEL <key>=<value>
  • Description: Adds metadata to the image (author, version, description). upports multiple labels. Metadata is queryable via docker inspect.
LABEL version="1.0" description="Production app" maintainer="Shubham Sihasane"

4. ARG

  • Usage: ARG <name>[=<default>]
  • Description: Defines build‑time variables available only during the build, not runtime. Can be overridden with --build-arg.
ARG APP_ENV=production
RUN echo "Building for $APP_ENV"

5. ENV

  • Usage: ENV <key>=<value>
  • Description: Sets environment variables available at runtime. Persists across layers. Accessible via docker run -e overrides.
ENV LANG=C.UTF-8 APP_HOME=/usr/src/app

6. SHELL

  • Usage: SHELL ["executable", "parameters"]
  • Description: Sets the default shell for RUN commands. Default is /bin/sh -c. Useful for Windows containers or Bash‑specific syntax.
SHELL ["/bin/bash", "-c"]

7. WORKDIR

  • Usage: WORKDIR <path>
  • Description: Sets the working directory for subsequent instructions. Creates directory if missing. Multiple WORKDIR instructions are cumulative.
WORKDIR /usr/src/app

8. COPY

  • Usage: COPY <src> <dest>
  • Description: Copies files/directories from host to image. Supports wildcards and .dockerignore. Does not unpack archives.
COPY requirements.txt ./
COPY src/ ./src

9. ADD

  • Usage: ADD <src> <dest>
  • Description: Similar to COPY, but supports remote URLs and auto‑extracts archives.
  • Tip: Prefer COPY unless you need these extra features.
ADD https://example.com/config.tar.gz /tmp/config/

10. RUN

  • Usage: RUN <command>
  • Description: Executes commands during build (install packages, configure system). Each RUN creates a new image layer. Combine commands with && to reduce layers.
RUN apt-get update && apt-get install -y python3

11. USER

  • Usage: USER <username|UID>
  • Description: Sets the user for running processes inside the container. Improves security by avoiding root. Can be switched back with another USER.
USER appuser

12. EXPOSE

  • Usage: EXPOSE <port>
  • Description: Documents which ports the container listens on.
  • Does not publish ports automatically; use docker run -p.
EXPOSE 8080

13. VOLUME

  • Usage: VOLUME ["<path>"]
  • Description: Creates a mount point for persistent data. Volumes are managed outside the container lifecycle.
VOLUME ["/data"]

14. ENTRYPOINT

  • Usage: ENTRYPOINT ["executable", "param"]
  • Description: Defines the main executable for the container. Works with CMD for arguments. Two forms: exec (["cmd"]) and shell (cmd param).
ENTRYPOINT ["python3", "app.py"]

15. CMD

  • Usage: CMD ["param1", "param2"]
  • Description: Provides default arguments for ENTRYPOINT. Only one CMD allowed; last one wins.
CMD ["--serve"]

16. HEALTHCHECK

  • Usage: HEALTHCHECK [options] CMD <command>
  • Description: Defines how Docker checks container health.
  • Options: --interval--timeout--retries.
HEALTHCHECK --interval=30s CMD curl -f http://localhost:8080/health || exit 1

17. STOPSIGNAL

  • Usage: STOPSIGNAL <signal>
  • Description: Specifies the system call signal for stopping the container. Default is SIGTERM.
STOPSIGNAL SIGTERM

18. ONBUILD

  • Usage: ONBUILD <instruction>
  • Description: Adds instructions that trigger when the image is used as a base. Useful for builder images.
  • Tip: Use cautiously - can cause unexpected behaviour in production.
ONBUILD RUN echo "Triggered in child image"
Dockerfile reference
Find all the available commands you can use in a Dockerfile and learn how to use them, including COPY, ARG, ENTRYPOINT, and more.
Docker Documentation
Discover More on Instagram
CTA Image

Follow for Engineering and Tech - Tips, Tricks, Roadmaps, Resources, Networking, Motivation, Guidance, and Cool Stuff ♥

Hack Your Happiness!
Updated on Dec 10, 2025