5 Dockerfile Misconfigurations You Should Avoid

Source: Dev.to

When I started learning Docker and optimizing my containers, most of my issues weren’t about missing tools—they were about how I wrote my Dockerfiles. Over time I identified a few recurring mistakes and want to share them so others can avoid the same pitfalls.

1. Forgetting to Start Docker Desktop (or the Docker daemon)

If you’re building images locally, always make sure the Docker daemon is running before you start. It can save you hours of frustration.

2. Running Containers as Root

By default Docker runs as the root user, which is convenient but risky. Use a non‑root user inside the container.

# Dockerfile
FROM python:3.12-slim

# Create a non‑root user
RUN useradd -m appuser
USER appuser

WORKDIR /app
COPY . .
CMD ["python", "app.py"]

A small change like this adds a huge layer of security.

3. Using Unpinned or Bloated Base Images

Relying on tags like python:latest or large base images leads to bloated, unpredictable containers. Prefer versioned tags and multistage builds.

# Build Stage
FROM maven:3.9.6-eclipse-temurin-21 AS builder
WORKDIR /app
COPY . .
RUN mvn clean package

# Runtime Stage
FROM eclipse-temurin:21-jre-alpine
WORKDIR /app
COPY --from=builder /app/target/app.jar /app/
CMD ["java", "-jar", "app.jar"]

This approach keeps the final image smaller and more predictable.

4. Copying Everything (COPY . .)

Using COPY . . indiscriminately drags in build artifacts, configuration files, and secrets. Be explicit about what you copy.

# Only copy the built artifact
COPY target/app.jar /app/

A little extra effort here avoids heavier and riskier images later.

5. Splitting Package Installation into Multiple RUN Commands

Running apt-get update and apt-get install in separate RUN statements creates unnecessary layers and can break the cache.

# Single‑layer install with cleanup
RUN apt-get update && \
    apt-get install -y curl vim && \
    rm -rf /var/lib/apt/lists/*

Fewer layers = cleaner cache = smaller images.

6. Installing Unnecessary Packages

Installing packages with all their recommended extras inflates image size and widens the attack surface. Install only what you need and clean up afterward.

# Install only required packages
RUN apt-get update && \
    apt-get install -y --no-install-recommends curl && \
    rm -rf /var/lib/apt/lists/*

Less clutter, more control.

Conclusion

Building Dockerfiles the right way revolves around:

• Least privilege – run as a non‑root user
• Minimal base images – use versioned tags and multistage builds
• Explicit COPY instructions – avoid pulling in unwanted files
• Single‑layer installs – keep the image lean and cache‑friendly
• Trimmed dependencies – install only what’s necessary

Applying these lessons makes containers smaller, safer, and more predictable—exactly how modern DevOps should be.