Developer Tools

Dockerfile Generator

Generate a production Dockerfile and .dockerignore for Node, Python, Go, Ruby, PHP, Java, Rust, .NET, Bun, or static sites. Multi-stage, non-root.

Stack

Pick the language or runtime

Each preset ships defaults that work for a typical project. Tweak any of them below.

Node 20 LTS on Alpine or Debian slim with npm, pnpm, or yarn.

Base image

Pick the runtime image

Small (~50 MB). Uses musl libc. Most production-friendly.

Package manager

How dependencies install

Uses package-lock.json with npm ci for reproducible installs.

Runtime

Port and command

Container port

Used in EXPOSE and the optional HEALTHCHECK URL.

Working directory

Absolute path. The image will start the process from here.

Start command (CMD)

Written in the JSON exec form to avoid invoking /bin/sh.

Best practices

Hardening toggles

Multi-stage buildKeep build tooling out of the final image. Strongly recommended for compiled languages.Run as non-root userDrop root privileges in the final stage. Required by most security policies.HEALTHCHECKEmit a HEALTHCHECK so Docker, Compose, and Kubernetes can probe the app.BuildKit cache mountsUse RUN --mount=type=cache to keep package caches warm across builds.EXPOSE portEmit EXPOSE so Docker and tooling can document and detect the port.Pin tag commentAdd a comment suggesting an image digest pin for reproducible builds.Include .dockerignoreGenerate a matching .dockerignore tuned to this stack.

Healthcheck path

The HEALTHCHECK probes http://localhost:3000/health.

Build args

ARG declarations

Passed at build time via --build-arg. Do not put secrets in ARGs; use --secret instead.

No ARGs yet. The Dockerfile is generated without an ARG block.

Environment variables

ENV declarations

Baked into the image. Never use ENV for secrets, runtime injection is safer (docker run -e, Kubernetes secrets).

No custom ENV entries yet. Standard ones (NODE_ENV, PYTHONUNBUFFERED, etc.) are still added by the template.

Output

Dockerfile

Save to a file named Dockerfile in the root of your project.

# Syntax directive enables BuildKit features like RUN --mount.
# syntax=docker/dockerfile:1.7
FROM node:20-alpine AS builder
WORKDIR /app
COPY package.json package-lock.json* ./
RUN --mount=type=cache,target=/root/.npm npm ci --omit=dev || (test -f package-lock.json && false || npm install --omit=dev)
# Copy the rest of the source and build any assets the app needs.
COPY . .
RUN npm run build --if-present
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
# Copy only what the runtime needs from the builder.
COPY --from=builder --chown=node:node /app/node_modules ./node_modules
COPY --from=builder --chown=node:node /app ./
USER node
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
  CMD wget --quiet --tries=1 --spider http://localhost:3000/health || exit 1
CMD ["node", "server.js"]

Output

.dockerignore

Drop in the same folder as the Dockerfile.

# Build context exclusions. Smaller context means faster builds.
.git
.gitignore
.dockerignore
Dockerfile
docker-compose*.yml
README.md
LICENSE
.env
.env.*
!.env.example
*.log
*.pid
*.swp
.DS_Store
Thumbs.db
.vscode
.idea
*.code-workspace
coverage
.nyc_output
.cache

# Node
node_modules
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*
.npm
dist
build
.next
out
.turbo

Review

Looks good

Defaults applied: multi-stage build, non-root user, healthcheck, BuildKit cache. Ready to commit.

Build and run

Quick commands

# Build with BuildKit (default in modern Docker)
docker build -t my-app .

# Run the image locally
docker run --rm -p 3000:3000 my-app

# Inspect the image size
docker images my-app

Why these defaults

A short tour of the choices baked in

Multi-stage builds
The compiler, package manager, and dev tooling stay in a builder stage. The final image only contains the runtime and your artifact, often 5x to 20x smaller.
Non-root user
Most container escapes lean on a root-owned process. Dropping to an unprivileged UID gives you defense in depth at zero runtime cost.
Cache-friendly layer order
Lockfiles are copied and installed before the rest of the source, so a single line change in your app does not invalidate the dependency layer.
BuildKit cache mounts
RUN --mount=type=cache keeps npm, pip, cargo, and Maven caches warm across builds without shipping them in the image.
HEALTHCHECK
Docker, Compose, Swarm, and Kubernetes can all read HEALTHCHECK results. Without one, the orchestrator only knows the process is running, not that it is ready.
.dockerignore
Trims the build context so node_modules, .git, build outputs, and local secrets never enter the daemon. Faster builds and smaller cache layers.

How to use

Pick the stack you are containerizing (Node, Python, Go, Ruby, PHP, Java, Rust, .NET, Bun, or static).
Pick a base image variant. Alpine images are smallest, distroless is most locked-down, and slim Debian is the safest default for many apps.
Pick the package manager (npm, pnpm, yarn, pip, Poetry, uv, Composer, Maven, Gradle, etc.). Defaults are sensible.
Set the container port and the start command. The HEALTHCHECK path defaults to /health.
Toggle the best-practice options if you need to deviate (multi-stage build, non-root user, BuildKit cache mounts, pinned tag comment, .dockerignore output).
Add ARG and ENV entries if your build needs them. Do not put secrets in ARG or ENV.
Copy the Dockerfile into a file named Dockerfile in your project root. Copy the .dockerignore alongside it. Then run docker build -t my-app .

About this tool

Dockerfile Generator builds a production-leaning Dockerfile and matching .dockerignore for a typical Node.js, Python, Go, Ruby, PHP, Java, Rust, .NET, Bun, or static-site project, with the layout and best practices most container teams converge on. Pick a stack, pick a base image variant (Alpine, Debian slim, distroless, scratch), pick a package manager, and the tool emits a complete Dockerfile that uses a multi-stage build, copies lockfiles before source code to maximize layer caching, runs the final stage as a non-root user, emits an EXPOSE line, optionally adds a HEALTHCHECK that probes a localhost URL, and uses BuildKit RUN --mount=type=cache to keep package caches warm across builds. Custom ARG and ENV entries are templated into the right stage. A review panel calls out common pitfalls (running as root, no .dockerignore, rolling latest tags, missing healthcheck, suspicious secret-shaped ENV names) so you do not ship the configuration mistakes that show up in real audits. The matching .dockerignore is tuned to the chosen stack, so node_modules, target, vendor, __pycache__, build outputs, .git, and local .env files never enter the daemon. Build is pure string templating in your browser, no upload, no external API, no tracking. Paste the output into a file called Dockerfile in your project root, then run docker build and docker run.

Free to use. Works in your browser. No signup, no login.

Related tools

Dockerfile Generator

How to use

About this tool

You may also like

Gitignore Generator

YAML Formatter

JSON to TOML Converter

Redirect Rule Generator

Cron Expression Generator

Env to JSON Converter