Building a Minimal Docker Image for Next.js Standalone Apps

By -

Building a Minimal Docker Image for Next.js Standalone Apps

This is Part 2 of the series: Self-Hosting Next.js in Kubernetes (Without Vercel).

In Part 1, we covered how to run a Next.js app in standalone mode. Now let’s improve the deployment by building a clean, minimal Docker image that works well in Kubernetes and OpenShift.



Why Multi-Stage Docker Builds Matter

A common mistake is shipping your entire source tree and development dependencies into production.

A multi-stage Docker build allows you to:

  • Keep build tools out of production
  • Reduce image size significantly
  • Improve security
  • Speed up CI and deployments

For Next.js standalone apps, this pattern works extremely well.

Stage 1: Builder Image

The builder stage installs dependencies and runs the normal Next.js build. Nothing special happens here. 

FROM node:22-alpine AS builder

WORKDIR /build

COPY package.json package-lock.json ./
RUN npm ci

COPY . .
RUN npm run build

At this point, Next.js produces:

  • .next/standalone
  • .next/static
  • public

Stage 2: Prepare Standalone Assets

Standalone mode does not automatically include static assets. We must copy them manually. 

RUN cp -R dist/apps/example-web/.next/static \
  dist/apps/example-web/.next/standalone/dist/apps/example-web/.next/static

RUN cp -R dist/apps/example-web/public \
  dist/apps/example-web/.next/standalone/apps/example-web/public

This ensures:

  • /_next/static is served correctly
  • /public assets work as expected

Stage 3: Runtime Image

Now we copy only what we need into a lightweight runtime image. 

FROM image-registry.openshift-image-registry.svc:5000/internal/nodejs-runtime:22

WORKDIR /app

ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1

USER root
COPY --from=builder /build/dist/apps/example-web/.next/standalone ./

RUN chown -R 1001:0 /app && chmod -R g+rwx /app

USER 1001

EXPOSE 3000
ENV PORT=3000

CMD NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
node apps/example-web/server.js

What This Image Contains (and What It Doesn’t)

Included:

  • Minimal Node.js runtime
  • Standalone Next.js server
  • Required dependencies only

Excluded:

  • Source code
  • Dev dependencies
  • Build tools
  • Unused node_modules

This is exactly what you want in production.

Why This Works Well in OpenShift

  • Runs as a non-root user
  • Compatible with restricted SCCs
  • No writable root filesystem required
  • Predictable startup behavior

It also works the same way in:

  • Vanilla Kubernetes
  • Private clusters
  • On-prem environments

Series Progress

Self-Hosting Next.js in Kubernetes (Without Vercel)

Final Thoughts

Standalone mode is only half the story. A clean Docker image is what makes Next.js production-ready in Kubernetes.

In the next post, we’ll wire this image into a real OpenShift deployment using Deployment, Service, and Route objects.

❤️ Support This Blog

If this post helped you, you can support my writing with a small donation. Thank you for reading.

Coffee ☕ Thanks 🙏 Extra Support ❤️

Comments

Post a Comment

Popular posts from this blog

fixed: embedded-redis: Unable to run on macOS Sonoma

By -
Image
Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.lang.RuntimeException: Can't start redis server. Check logs for details. Redis process log: at redis.embedded.AbstractRedisInstance.awaitRedisServerReady(AbstractRedisInstance.java:70) at redis.embedded.AbstractRedisInstance.start(AbstractRedisInstance.java:42) at redis.embedded.RedisServer.start(RedisServer.java:9) Solution use the latest one: https://mv   ...
Read more

Copying MDC Context Map in Web Clients: A Comprehensive Guide

By -
Image
Introduction In distributed systems, maintaining context across microservices is crucial for effective logging and tracing. The Mapped Diagnostic Context (MDC) in logging frameworks like Logback or Log4j allows developers to propagate contextual information such as request IDs, user IDs, or correlation IDs across threads and services. When using web clients to make outgoing requests, it's essential to propagate the MDC context map to ensure consistency and traceability. This guide will provide   ...
Read more

Reset user password for your own Ghost blog

By -
Image
If you do not config mail up for your ghost blog, it maybe a big problem once you lost your user password. however, methods are always more than problems. We can fix it up by reset it. 1. Find out your database name in your ghost config, it is maybe in config.production.json   "database": {     "client": "mysql",     "connection": {       "host": "localhost",       "user": "ghost-452",       "password": "dade1b0565f2585e07c7",       "database": "ghost_production_acm" 2. Use mysql to reset the password. mysql -u root -p Enter the password for root account. mysql> use ghost_production_acm; mysql> select * from users; ghost use bcrypthash for the password. You can get bcrypt hash string from http://bcrypthashgenerator.apphb.com/ mysql>update users set password=' $2b$10$PaL8tKcU4i0CsjRrM6BhROVQMwwLFw2HSx/kWlAUgja23fNllc2Fy' where ...
Read more