# Docker Reference

Quick reference for Docker, Compose, Swarm. Detailed patterns in `.kilo/skills/docker-*`.

## Checklist

- [ ] Multi-stage builds; order layers least→most frequently changing
- [ ] Run as non-root user; specific image versions (never `latest`)
- [ ] COPY package*.json before COPY . for cache; clean package manager caches
- [ ] Compose 3.8+; environment variables; resource limits; health checks
- [ ] .env for local secrets (gitignored); Docker secrets for Swarm
- [ ] Separated networks (frontend/backend); internal for DB
- [ ] Named volumes with labels; init scripts read-only
- [ ] Swarm: replicated services, rollback config, placement constraints
- [ ] Scan images: `trivy image` or `docker scout vulnerabilities`
- [ ] Logging: json-file driver, max-size/max-file limits

## Common Commands

```bash
docker-compose logs -f app       # View logs
docker exec -it app sh           # Shell into container
docker stats                     # Resource usage
docker system prune -a           # Clean unused
docker scout vulnerabilities img # Scan
```