What is a multistage build in Docker?

Key takeaways:

  • Multistage Docker builds reduce image size by keeping only necessary files.

  • They improve security by limiting access to build dependencies.

  • These builds simplify image management by grouping related steps.

  • A typical multistage Dockerfile builds and compiles in one stage, then copies only required files to a smaller runtime image.

Multistage build

To reduce the size of a Docker image, we have a feature enabling multistage build in Docker. This allows us to break down the build process of an image into multiple stages and only include the necessary files and dependencies in the final image.

In a multistage build, we define multiple stages in our Dockerfile. Each stage can have its build instructions, including installing dependencies, compiling code, and creating the application artifact. The final stage will then copy the application artifact from the previous stage and finalize the image with the files and configurations required for the Dockerfile—each for the application to run correctly. It’s more about setting up the runtime environment than installing new packages.

How does multistage build work?

A Dockerfile with multistage builds typically involves defining multiple FROM statements, each marking a new stage in the build process. Here’s how it works in detail:

  1. Build stage: The first stage involves setting up a temporary environment where the application’s dependencies are installed and the application is compiled or built. For example, you might use a full development environment with tools like compilers or package managers.

  2. Runtime stage: The second stage is focused on the runtime environment. It copies only the necessary files from the first stage, excluding build tools or temporary files that aren’t needed in the production environment. This significantly reduces the size of the final image.

  3. Final image: The final image contains only the minimal files required to run the application, such as the compiled binary or executable and configuration files, but it excludes development tools.

Advantages

There are a few advantages to using such docker files, which are as follows:

  • This technique is useful in reducing the size of the final image by eliminating the need to include all of the build dependencies in the image, ultimately saving space on our disk and improving our containers’ performance.

  • The dependencies can be installed in an intermediate stage and copied into the final image. This can also be used to improve the security of our images, as it can make it more difficult for attackers to find vulnerabilities in the build process.

  • Multistage builds can make it easier to manage our Docker images, as we can group related build steps. This can make it easier to track changes to our images and find the source of any problem.

Building multistage docker

Here is an example of a multistage Dockerfile which will build a simple web app:

// app.js
console.log('Hello from app.js!');
Multistage Docker build

  • Lines 1–7: This Dockerfile first creates a build image based on the Node.js v14 official image, where it copies the necessary application files (index.html and app.js) and compiles the application.

  • Lines 10–18: It creates a runtime image based on the Nginx web server image, where it copies the compiled application files from the build image and exposes port 80 for Nginx to serve the application.

Best practices for multistage builds

  • Minimize layers: Each RUN, COPY, and ADD command creates a new layer in your image. Try to combine commands where possible to reduce the total number of layers.

  • Use appropriate base images: In the build stage, use a larger image with all the tools needed for development (like node:14), and in the runtime stage, use a minimal image like nginx:alpine to reduce the size and increase security.

  • Label your stages: Naming each stage (e.g., AS builder) helps in clarity and ensures that the Dockerfile remains readable, especially as it grows in complexity.

Conclusion

Multistage Docker builds provide a powerful way to optimize the size, security, and manageability of Docker images. By separating the build process into different stages, unnecessary build dependencies are excluded from the final image, resulting in smaller, more secure containers. This method also streamlines the build process, improving the ease of tracking and managing Docker images. Overall, multistage builds are a valuable tool for efficient and secure containerization.

Frequently asked questions

Haven’t found what you were looking for? Contact Us

What is a multistage project?

A multistage project refers to a project that involves distinct phases or stages, each with its own set of tasks or objectives. In the context of Docker, a multistage build separates the image creation process into different stages, allowing for better management and optimization of resources, such as reducing image size and improving security by only including necessary components in the final image.

What does build mean in Docker?

In Docker, a build refers to the process of creating a Docker image from a Dockerfile. The Dockerfile contains a series of instructions to set up the environment, install dependencies, and copy necessary files, ultimately resulting in a self-contained image that can run on any system with Docker installed.

Which is better, Kubernetes or docker?

Docker is for containerizing applications, while Kubernetes is for orchestrating and managing containerized applications at scale. Docker is ideal for single-container setups or development, while Kubernetes is better for large-scale, distributed applications. Both tools work well together, so the choice depends on your needs.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved