Next.js (Vercel-style) app
Keeps Docker builds fast, lean, and free of development files.
############################################################
Dependencies (installed inside Docker, never copied)
node_modules/
.pnpm-store/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
Next.js build outputs (always generated during next build)
.next/
out/
dist/
build/
.vercel/
Tests and testing output (not needed in production images)
coverage/
.nyc_output/
tests/
mocks/
jest/
cypress/
cypress/screenshots/
cypress/videos/
playwright-report/
test-results/
.vitest/
vitest.config.*
jest.config.*
cypress.config.*
playwright.config.*
.test.
.spec.
Local development and editor files
.git/
.gitignore
.gitattributes
.vscode/
.idea/
*.swp
*.swo
*~
*.log
Environment variables (only commit template files)
.env
.env*.local
.env.development
.env.test
.env.production.local
Docker configuration files (not needed inside build context)
Dockerfile*
.dockerignore
compose.yaml
compose.yml
docker-compose*.yaml
docker-compose*.yml
Documentation
*.md
docs/
CI/CD configuration files
.github/
.gitlab-ci.yml
.travis.yml
.circleci/
Jenkinsfile
Cache directories and temporary data
.cache/
.parcel-cache/
.eslintcache
.stylelintcache
.swc/
.turbo/
.tmp/
.temp/
TypeScript build metadata
*.tsbuildinfo
Sensitive or unnecessary configuration files
.pem
.editorconfig
.prettierrc
prettier.config.*
.eslintrc*
eslint.config.*
.stylelintrc*
stylelint.config.*
.babelrc*
*.iml
*.ipr
*.iws
OS-specific junk
.DS_Store
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
Desktop.ini
### 3. Multi-Stage Dockerfile (Bun Runtime)
Leverages Docker layer caching, isolated build stages, and non-root execution:
============================================
Stage 1: Dependencies Installation Stage
============================================
This Dockerfile.bun is specifically configured for projects using Bun
For npm/pnpm or yarn, refer to the Dockerfile instead
FROM oven/bun:1 AS dependencies
Set working directory
WORKDIR /app
Copy package-related files first to leverage Docker's caching mechanism
COPY package.json bun.lock* ./
Install project dependencies with frozen lockfile for reproducible builds
RUN --mount=type=cache,target=/root/.bun/install/cache
bun install --no-save --frozen-lockfile
============================================
Stage 2: Build Next.js application in standalone mode
============================================
FROM oven/bun:1 AS builder
Set working directory
WORKDIR /app
Copy project dependencies from dependencies stage
COPY --from=dependencies /app/node_modules ./node_modules
Copy application source code
COPY . .
ENV NODE_ENV=production
Next.js collects completely anonymous telemetry data about general usage.
Uncomment the following line in case you want to disable telemetry during the build.
ENV NEXT_TELEMETRY_DISABLED=1
Build Next.js application
RUN bun run build
============================================
Stage 3: Run Next.js application
============================================
FROM oven/bun:1 AS runner
Set working directory
WORKDIR /app
Set production environment variables
ENV NODE_ENV=production
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
Next.js collects completely anonymous telemetry data about general usage.
Uncomment the following line in case you want to disable telemetry during the run time.
ENV NEXT_TELEMETRY_DISABLED=1
Copy production assets
COPY --from=builder --chown=bun:bun /app/public ./public
Set the correct permission for prerender cache
RUN mkdir .next
RUN chown bun:bun .next
Automatically leverage output traces to reduce image size
COPY --from=builder --chown=bun:bun /app/.next/standalone ./
COPY --from=builder --chown=bun:bun /app/.next/static ./.next/static
If you want to persist the fetch cache generated during the build so that
cached responses are available immediately on startup, uncomment this line:
COPY --from=builder --chown=bun:bun /app/.next/cache ./.next/cache
Switch to non-root user for security best practices
USER bun
Expose port 3000 to allow HTTP traffic
EXPOSE 3000
Start Next.js standalone server with Bun
CMD ["bun", "server.js"]
### 4. Docker Compose Orchestration
Includes Nginx reverse proxy, Certbot SSL automation, and network isolation:
Bun service (use with: docker compose up nextjs-standalone-with-bun --build)
services:
app:
build:
context: .
dockerfile: Dockerfile
image: nextjs-standalone-bun-image
container_name: nextjs-app
environment:
NODE_ENV: production
PORT: "3000"
HOSTNAME: "0.0.0.0"
expose:
- "3000"
restart: unless-stopped
networks:
- app-network
nginx:
image: nginx:stable-alpine
container_name: nginx-proxy
depends_on:
- app
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/nginx.conf:ro
- certbot_www:/var/www/certbot
- certbot_conf:/etc/letsencrypt
restart: unless-stopped
networks:
- app-network
certbot:
image: certbot/certbot:latest
container_name: certbot
volumes:
- certbot_www:/var/www/certbot
- certbot_conf:/etc/letsencrypt
entrypoint: >
sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot --quiet; sleep 12h; done'
restart: unless-stopped
volumes:
certbot_www:
certbot_conf:
networks:
app-network:
driver: bridge
### 5. Nginx Reverse Proxy Configuration
Handles HTTP/HTTPS routing, WebSocket upgrades, and ACME challenge validation:
server {
listen 80;
server_name seudominio.com www.seudominio.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://app:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
### 6. Build & Deployment Commands
**Automated**:
make build && make up
**Manual**:
docker compose build
docker compose up -d
### 7. Automation Makefile
Standardizes lifecycle commands for CI/CD and local development:
Makefile - App Nextjs + Docker + VPS Example
PROJECT_NAME=App Nextjs
DOCKER_IMAGE_NAME=app-next-js
DOCKER_CONTAINER_NAME=app-next-js
COMPOSE_FILE=docker-compose.yaml
build:
docker compose -f $(COMPOSE_FILE) build
up:
docker compose -f $(COMPOSE_FILE) up -d
stop:
docker compose -f $(COMPOSE_FILE) stop
clean: stop
docker compose -f $(COMPOSE_FILE) down --remove-orphans
docker rmi -f $(DOCKER_IMAGE_NAME) >/dev/null 2>&1 || true
rm -rf node_modules .next >/dev/null 2>&1 || true
## Pitfall Guide
1. **Copying `node_modules` directly**: Bypasses Docker's layer caching and introduces platform-specific binaries. Always install dependencies inside the build stage using a frozen lockfile.
2. **Omitting `output: "standalone"`**: Next.js defaults to bundling the entire compiler and dev toolchain. Standalone output tracing is mandatory for production image minimization.
3. **Leaking `.env` or IDE metadata**: Failing to exclude `.env*`, `.git/`, `.vscode/`, and cache directories in `.dockerignore` exposes secrets and inflates context size.
4. **Running containers as `root`**: Violates container security best practices and increases blast radius during CVE exploitation. Always switch to a dedicated non-root user (`USER bun`) and set correct file ownership.
5. **Breaking Docker layer cache**: Copying source code before `package.json` and lockfiles invalidates dependency installation cache on every commit. Maintain strict copy order: lockfiles β install β source.
6. **Missing Nginx proxy headers**: Omitting `X-Forwarded-Proto`, `Upgrade`, or `Connection` breaks SSL detection, WebSocket support, and Next.js server-side routing logic.
7. **Skipping `--frozen-lockfile`**: Allows silent dependency resolution changes during CI builds, causing environment drift and non-reproducible deployments.
## Deliverables
- **π Architecture Blueprint**: Multi-stage Docker flow diagram detailing context isolation, layer caching strategy, and standalone output tracing.
- **β
Production Readiness Checklist**: Pre-deployment verification covering `output: "standalone"`, `.dockerignore` coverage, non-root execution, environment variable injection, healthcheck configuration, and SSL renewal automation.
- **π¦ Configuration Templates**: Ready-to-use `Dockerfile`, `.dockerignore`, `docker-compose.yaml`, `nginx.conf`, and `Makefile` optimized for Vercel-style standalone deployments with Bun runtime.