Chapter 12: Preparing for Production: Environment Config & Container Builds

Welcome to Chapter 12! As we move closer to deploying our Node.js application, it’s crucial to prepare it for various environments beyond our local development machine. This chapter focuses on two foundational aspects of production readiness: robust environment configuration and building optimized, secure Docker images using multi-stage builds.

In this chapter, you will learn how to manage application settings flexibly across different environments (development, test, production) using environment variables and a dedicated configuration module. We’ll then leverage Docker’s powerful multi-stage build feature to create lean, production-ready container images that exclude development dependencies and unnecessary files, significantly improving security and deployment efficiency. By the end of this chapter, your application will be packaged into an optimized Docker image, ready for deployment to any container orchestration platform.

Planning & Design

Preparing for production requires careful consideration of how our application behaves in different contexts. We need a reliable way to inject environment-specific settings without modifying code, and a secure, efficient method to package our application.

1. Environment Configuration Strategy

Our strategy for environment configuration will prioritize security, flexibility, and maintainability:

• Development & Testing: Utilize .env files for convenience. These files will hold default or local-specific values that can be easily changed without affecting the core codebase.
• Production: Directly inject environment variables into the container or deployment environment (e.g., AWS ECS Task Definitions, Kubernetes Secrets). This avoids committing sensitive information and provides a single source of truth for runtime configuration.
• Configuration Module: Create a central config module responsible for loading, validating, and exposing environment variables. This ensures all parts of the application access validated settings and provides a clear separation of concerns.
• Validation: Implement strict validation for all required environment variables at application startup. This prevents runtime errors due to missing or malformed configurations.

2. Docker Multi-Stage Build Strategy

A multi-stage Docker build is essential for creating production-grade images. Here’s why and how we’ll implement it:

• Smaller Image Size: Development tools, build dependencies (like TypeScript compilers), and test frameworks are not needed in the final runtime image. Multi-stage builds allow us to discard these, resulting in significantly smaller images.
• Improved Security: A smaller attack surface. Less code and fewer packages mean fewer potential vulnerabilities.
• Faster Deployments: Smaller images transfer faster, leading to quicker pull times on deployment targets.
• Clear Separation of Concerns: The “build” stage handles compilation and dependency installation, while the “production” stage only includes the necessary runtime artifacts.

Our Dockerfile will consist of at least two stages:

1. builder stage: Installs all devDependencies and dependencies, compiles TypeScript code, and prepares the application bundle.
2. production stage: Starts from a clean, smaller Node.js base image, copies only the compiled application code and dependencies (not devDependencies), and sets up the runtime environment.

3. File Structure

We’ll introduce new files and modify existing ones:

.
├── src/
│   ├── config/              # New directory for configuration logic
│   │   └── index.ts         # Central configuration module
│   └── ...                  # Existing application code
├── .env.development         # New: Local development environment variables
├── .env.test                # New: Test environment variables
├── .dockerignore            # New: Files/directories to ignore during Docker build
├── Dockerfile               # New: Multi-stage Docker build definition
└── package.json             # Modified: Add scripts and dependencies

Step-by-Step Implementation

Let’s begin by implementing our robust environment configuration system.

1. Robust Environment Configuration

We’ll use dotenv to load .env files and envalid for schema validation of environment variables. envalid provides a clean API for defining expected environment variables and their types, ensuring our application starts with valid settings.

a) Setup/Configuration

First, install the necessary packages:

npm install dotenv envalid
npm install -D @types/dotenv

Next, create the config directory and the index.ts file within it.

mkdir -p src/config
touch src/config/index.ts
touch .env.development
touch .env.test

b) Core Implementation

Now, let’s define our environment variables in .env.development and .env.test.

./.env.development

NODE_ENV=development
PORT=3000
DATABASE_URL="postgres://user:password@localhost:5432/mydatabase_dev"
JWT_SECRET="supersecretdevelopmentkey"
LOG_LEVEL="debug"
REDIS_URL="redis://localhost:6379"

./.env.test

NODE_ENV=test
PORT=3001
DATABASE_URL="postgres://user:password@localhost:5433/mydatabase_test" # Use a different port/DB for tests
JWT_SECRET="testsecretkey"
LOG_LEVEL="info"
REDIS_URL="redis://localhost:6380" # Use a different port for test redis

Next, implement the src/config/index.ts module. This module will load the appropriate .env file based on NODE_ENV and validate the variables using envalid.

src/config/index.ts

import 'dotenv/config'; // Loads .env variables
import { cleanEnv, str, port, url } from 'envalid';
import { Logger } from '../utils/logger'; // Assuming you have a logger utility from previous chapters

const logger = Logger.getLogger('Config');

const config = cleanEnv(process.env, {
  NODE_ENV: str({
    choices: ['development', 'test', 'production'],
    default: 'development',
  }),
  PORT: port({ default: 3000 }),
  DATABASE_URL: url(),
  JWT_SECRET: str(),
  LOG_LEVEL: str({
    choices: ['debug', 'info', 'warn', 'error'],
    default: 'info',
  }),
  REDIS_URL: url({ default: 'redis://localhost:6379' }),
  // Add other environment variables here as your application grows
  // For example, AWS S3 bucket names, external API keys, etc.
}, {
  dotEnvPath: process.env.NODE_ENV === 'test' ? '.env.test' : '.env.development',
  strict: true, // Throws error if any variable is missing or invalid
  reporter: ({ errors, env }) => {
    if (Object.keys(errors).length > 0) {
      logger.error('Invalid environment variables detected:', errors);
      process.exit(1); // Exit if critical environment variables are missing
    }
    logger.info(`Environment variables loaded for NODE_ENV: ${env.NODE_ENV}`);
  }
});

export default config;

Explanation:

• import 'dotenv/config';: This line automatically loads variables from the default .env file (or .env.development if specified in dotEnvPath as below) into process.env.
• cleanEnv(process.env, {...}, {...}): This envalid function takes process.env and an object defining the expected schema.
  • NODE_ENV: A string validated against specific choices.
  • PORT: A number validated as a valid port.
  • DATABASE_URL, JWT_SECRET, LOG_LEVEL, REDIS_URL: Other critical variables.
• dotEnvPath: We conditionally load .env.test if NODE_ENV is explicitly set to test, otherwise it defaults to .env.development (or just .env if no path is provided and it exists). This allows running tests with a separate configuration.
• strict: true: Ensures that all defined variables must be present and valid. If not, envalid will throw an error.
• reporter: A custom function to log errors and exit the process if validation fails. This is crucial for production readiness, as we want to fail fast if the environment is misconfigured.

Now, let’s update our src/app.ts (or src/server.ts if that’s your entry point) to use this configuration module.

src/server.ts (Modified)

import Fastify from 'fastify';
import config from './config'; // Import our new config module
import { Logger } from './utils/logger';
import { applyPlugins } from './plugins';
import { registerRoutes } from './routes';
import { errorHandler } from './middleware/errorHandler';
import { connectToDatabase } from './database/db'; // Assuming a DB connection utility
import { connectToRedis } from './database/redis'; // Assuming a Redis connection utility

const logger = Logger.getLogger('Server');

const buildApp = async () => {
  const fastify = Fastify({
    logger: Logger.getFastifyLogger(config.LOG_LEVEL), // Use config.LOG_LEVEL
  });

  // Register plugins
  await applyPlugins(fastify);

  // Register routes
  registerRoutes(fastify);

  // Register global error handler
  fastify.setErrorHandler(errorHandler);

  // Database and Redis connections
  await connectToDatabase(config.DATABASE_URL); // Use config.DATABASE_URL
  await connectToRedis(config.REDIS_URL); // Use config.REDIS_URL

  return fastify;
};

const start = async () => {
  try {
    const app = await buildApp();
    await app.listen({ port: config.PORT, host: '0.0.0.0' }); // Use config.PORT and listen on all interfaces
    logger.info(`Server listening on http://0.0.0.0:${config.PORT} in ${config.NODE_ENV} mode`);
  } catch (err) {
    logger.error('Server failed to start:', err);
    process.exit(1);
  }
};

if (require.main === module) {
  start();
}

export default buildApp; // Export for testing

Explanation:

• We import config from src/config.
• We now use config.PORT, config.DATABASE_URL, config.REDIS_URL, and config.LOG_LEVEL to initialize our application components. This makes our application truly environment-agnostic.
• Listening on 0.0.0.0 is important for Docker containers to be accessible from outside the container.

c) Testing This Component

To test the configuration, you can simply run your application in different modes.

1. Development Mode:

   npm run dev
   

   (This should pick up settings from .env.development and log NODE_ENV: development).

2. Test Mode (without running actual tests): You can simulate test mode by setting the NODE_ENV environment variable directly.

   NODE_ENV=test npm run dev
   

   (This should pick up settings from .env.test and log NODE_ENV: test. You might see database connection errors if your test DB/Redis isn’t running on specified ports, but the config loading itself should work.)

3. Missing Variable Test: Temporarily remove JWT_SECRET from .env.development and try to run npm run dev. The application should exit with an error message from envalid indicating the missing variable.

This approach ensures that your application’s configuration is always validated at startup, preventing subtle bugs in production environments.

2. Production-Ready Dockerfile (Multi-Stage Build)

Now that our application can handle environment-specific configurations, let’s create a lean and secure Docker image.

a) Setup/Configuration

Create a .dockerignore file at the root of your project. This file specifies which files and directories Docker should not copy into the build context, preventing unnecessary bloat and potential leakage of sensitive files.

./.dockerignore

node_modules
dist
.env*
.git
.gitignore
.vscode
npm-debug.log
yarn-debug.log
yarn-error.log
package-lock.json # If using yarn, add yarn.lock here as well
coverage
*.log

Explanation:

• node_modules: Will be installed inside the container, no need to copy local ones.
• dist: This is our build output, which will be generated inside the builder stage, so no need to copy existing local ones.
• .env*: Crucial for security; prevents sensitive environment files from being accidentally copied into the image.
• .git, .gitignore, .vscode: Development-specific files.
• package-lock.json: While needed for npm ci, we’ll copy it explicitly. Ignoring it here prevents accidental copying of local versions.
• coverage, *.log: Test reports and local logs.

Next, create the Dockerfile at the root of your project.

./Dockerfile

# Stage 1: Builder
# Use a Node.js LTS image for building, typically a full image with build tools
FROM node:20-alpine AS builder

# Set working directory
WORKDIR /app

# Copy package.json and package-lock.json first to leverage Docker cache
# This means npm ci won't rerun if only source code changes
COPY package.json package-lock.json ./

# Install all dependencies (including devDependencies for building/testing)
RUN npm ci --omit=optional

# Copy all source code
COPY . .

# Build the TypeScript application
# Ensure your package.json has a "build" script, e.g., "tsc" or "nest build"
RUN npm run build

# ---

# Stage 2: Production
# Use a smaller, production-optimized Node.js image
FROM node:20-alpine AS production

# Set working directory
WORKDIR /app

# Copy only production dependencies from the builder stage
COPY --from=builder /app/package.json /app/package-lock.json ./
RUN npm ci --omit=dev --omit=optional

# Copy only the compiled output from the builder stage
COPY --from=builder /app/dist ./dist

# Set Node.js environment to production
ENV NODE_ENV=production

# Expose the port your application listens on
EXPOSE 3000

# Run the application
# Ensure your package.json has a "start:prod" script, e.g., "node dist/server.js"
CMD ["npm", "run", "start:prod"]

# Optional: Create a non-root user for security
# RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
# USER appuser

Explanation:

• FROM node:20-alpine AS builder: Defines the first stage, named builder. We use node:20-alpine for its small size while still providing necessary tools.
• WORKDIR /app: Sets the working directory inside the container.
• COPY package.json package-lock.json ./: Copies only the package files. This is a caching optimization: if these files don’t change, Docker can reuse the npm ci layer.
• RUN npm ci --omit=optional: Installs all dependencies (dev and production). npm ci is preferred over npm install in CI/CD environments as it ensures exact versions from package-lock.json. We omit optional dependencies to keep the image smaller if they are not strictly needed.
• COPY . .: Copies the rest of the source code.
• RUN npm run build: Executes your build script (e.g., TypeScript compilation). This generates the dist folder.
• FROM node:20-alpine AS production: Defines the second stage, named production. It starts from a fresh node:20-alpine image.
• COPY --from=builder /app/package.json /app/package-lock.json ./: Copies only the package files from the builder stage.
• RUN npm ci --omit=dev --omit=optional: Installs only production dependencies. This is where the magic of multi-stage builds happens, dramatically reducing the final image size.
• COPY --from=builder /app/dist ./dist: Copies only the compiled JavaScript code (the dist folder) from the builder stage. No source TypeScript, no test files.
• ENV NODE_ENV=production: Explicitly sets the environment variable for production.
• EXPOSE 3000: Informs Docker that the container listens on port 3000.
• CMD ["npm", "run", "start:prod"]: The command to run when the container starts. We’ll need to define start:prod in package.json.
• Optional Security (USER appuser): Running as a non-root user is a security best practice. We’ve commented it out for now to simplify, but it’s highly recommended for production.

Before building, ensure your package.json has the build and start:prod scripts.

./package.json (Modified - scripts section)

{
  "name": "my-fastify-app",
  "version": "1.0.0",
  "description": "A production-ready Node.js Fastify API",
  "main": "dist/server.js",
  "scripts": {
    "build": "tsc",
    "start": "node dist/server.js",
    "start:prod": "NODE_ENV=production node dist/server.js",
    "dev": "NODE_ENV=development ts-node-dev --respawn --transpile-only src/server.ts",
    "test": "NODE_ENV=test jest --detectOpenHandles --forceExit",
    "lint": "eslint . --ext .ts",
    "lint:fix": "eslint . --ext .ts --fix",
    "format": "prettier --write \"**/*.ts\"",
    "db:migrate": "knex migrate:latest --knexfile ./src/database/knexfile.ts",
    "db:seed": "knex seed:run --knexfile ./src/database/knexfile.ts"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@fastify/cookie": "^9.3.1",
    "@fastify/cors": "^9.0.1",
    "@fastify/rate-limit": "^9.1.0",
    "@fastify/swagger": "^8.14.0",
    "@fastify/swagger-ui": "^3.0.0",
    "bcryptjs": "^2.4.3",
    "dotenv": "^16.4.5",
    "envalid": "^8.0.0",
    "fastify": "^4.26.1",
    "jsonwebtoken": "^9.0.2",
    "knex": "^3.1.0",
    "moment": "^2.30.1",
    "pino": "^8.19.0",
    "pino-pretty": "^10.3.1",
    "pg": "^8.11.3",
    "redis": "^4.6.13",
    "ulid": "^2.3.0",
    "zod": "^3.22.4"
  },
  "devDependencies": {
    "@types/bcryptjs": "^2.4.6",
    "@types/jest": "^29.5.12",
    "@types/jsonwebtoken": "^9.0.6",
    "@types/node": "^20.11.24",
    "@types/pino": "^7.0.5",
    "@types/pg": "^8.11.2",
    "@types/redis": "^4.0.11",
    "@types/supertest": "^6.0.2",
    "@typescript-eslint/eslint-plugin": "^7.1.1",
    "@typescript-eslint/parser": "^7.1.1",
    "eslint": "^8.57.0",
    "eslint-config-prettier": "^9.1.0",
    "eslint-plugin-prettier": "^5.1.3",
    "jest": "^29.7.0",
    "prettier": "^3.2.5",
    "supertest": "^6.3.4",
    "ts-jest": "^29.1.2",
    "ts-node-dev": "^2.0.0",
    "typescript": "^5.3.3"
  }
}

Explanation:

• "build": "tsc": This script compiles your TypeScript code into JavaScript in the dist directory.
• "start:prod": "NODE_ENV=production node dist/server.js": This script explicitly sets NODE_ENV to production and then runs the compiled application. This ensures that our config/index.ts loads correctly for production.

c) Testing This Component

Now, let’s build and run our Docker image.

1. Build the Docker Image: Navigate to your project root (where Dockerfile is located) and run:

   docker build -t my-fastify-app:prod .
   

   • -t my-fastify-app:prod: Tags the image with a name (my-fastify-app) and version (prod).
   • .: Specifies the build context (current directory).

   Observe the output. You’ll see Docker executing each step of both the builder and production stages. Pay attention to the size difference between stages.

2. Run the Docker Container:

   docker run -p 3000:3000 \
              -e DATABASE_URL="postgres://user:[email protected]:5432/mydatabase_prod" \
              -e JWT_SECRET="yourproductionsecretkey" \
              -e REDIS_URL="redis://host.docker.internal:6379" \
              --name fastify-prod-container \
              my-fastify-app:prod
   

   • -p 3000:3000: Maps port 3000 from the host to port 3000 inside the container.
   • -e ...: This is how you pass environment variables to the container in production. Crucially, never hardcode these in Dockerfile or commit them. For local testing with Docker, we provide them here. In real production, these would come from AWS ECS Task Definitions, Kubernetes Secrets, etc.
     • host.docker.internal is a special DNS name that resolves to the host machine’s IP address from within a Docker container. This is useful if your database or Redis is running directly on your host machine. Adjust these URLs to your actual production database/Redis endpoints.
   • --name fastify-prod-container: Assigns a name to the running container.

3. Verify Application:

   • Open your browser or use curl to access an endpoint, e.g., http://localhost:3000/api/health.
   • Check the container logs: docker logs fastify-prod-container. You should see Server listening on http://0.0.0.0:3000 in production mode and other logs indicating successful startup and operations.
   • You can also inspect the image size: docker images | grep my-fastify-app. You’ll notice a significantly smaller image size compared to if you had installed dev dependencies in the final image.

   To stop and remove the container:

   docker stop fastify-prod-container
   docker rm fastify-prod-container
   

Production Considerations

Now that we have robust configuration and a production-ready Docker image, let’s re-emphasize some key production considerations.

Error Handling for Configuration

• Our envalid setup with strict: true and a custom reporter ensures that the application will fail fast if critical environment variables are missing or invalid. This is a best practice for production, as it prevents the application from starting in a misconfigured state, which could lead to unpredictable behavior or security vulnerabilities.

Performance Optimization

• Multi-stage Builds: The primary performance gain here is the drastically reduced Docker image size. Smaller images mean faster downloads, quicker deployments, and less storage overhead.
• npm ci: Using npm ci ensures reproducible builds and generally faster dependency installation compared to npm install in a clean environment.
• Caching Layers: The Dockerfile is structured to leverage Docker’s build cache by copying package.json and package-lock.json first. Changes to source code won’t invalidate the dependency installation layer, speeding up subsequent builds.

Security Considerations

• No Dev Dependencies: The production Docker image contains only essential runtime dependencies, minimizing the attack surface by excluding development tools, linters, and test frameworks.
• .dockerignore: Prevents accidental inclusion of sensitive files (like .env files, .git directories, local logs) into the Docker image.
• Environment Variables for Secrets: Never hardcode sensitive information (like JWT_SECRET, database credentials, API keys) directly in your Dockerfile or commit them to your repository. Always pass them as environment variables at runtime. In production, use dedicated secrets management services like AWS Secrets Manager, AWS Parameter Store, or Kubernetes Secrets.
• Non-Root User (Optional but Recommended): While commented out in our Dockerfile for simplicity, running your application inside the container as a non-root user (USER appuser) is a critical security practice. If a vulnerability allows an attacker to break out of the application process, they won’t have root privileges on the host system.

Logging and Monitoring

• Our config.LOG_LEVEL allows dynamic adjustment of logging verbosity. In production, info or warn is often preferred to reduce log volume, while debug is useful for troubleshooting specific issues.
• Ensure your logging utility (pino in our case) is configured for JSON output in production, which is easily consumable by centralized log aggregation systems (e.g., AWS CloudWatch Logs, Splunk, ELK stack).

Code Review Checkpoint

At this point, you’ve made significant strides towards production readiness.

Files Created/Modified:

• New:
  • src/config/index.ts: Centralized environment configuration.
  • .env.development: Development environment variables.
  • .env.test: Test environment variables.
  • .dockerignore: Defines files to exclude from Docker build context.
  • Dockerfile: Multi-stage Docker build definition.
• Modified:
  • src/server.ts: Uses the new config module.
  • package.json: Added build and start:prod scripts, and dotenv, envalid dependencies.

What We’ve Achieved:

• Implemented a robust environment variable loading and validation system using dotenv and envalid.
• Configured our Fastify application to consume settings from this central config module.
• Created a secure and optimized multi-stage Dockerfile to package our application for production.
• Defined .dockerignore to keep our Docker images lean and secure.
• Updated package.json with necessary build and production start scripts.

This setup provides a flexible and secure foundation for deploying our application to various environments.

Common Issues & Solutions

1. Issue: Environment variables not loading inside the Docker container.

   • Problem: You’ve set .env.development on your host, but the container isn’t picking them up, or it’s using default values.
   • Explanation: Docker containers are isolated. They don’t automatically read .env files from your host machine unless explicitly told to.
   • Solution:
     • For local development with Docker Compose, define environment variables in your docker-compose.yml or use an .env file specified by Docker Compose.
     • For docker run, use the -e KEY=VALUE flag for each environment variable.
     • Crucially for production: Environment variables should be managed by your orchestration platform (e.g., AWS ECS Task Definitions, Kubernetes Secrets/ConfigMaps).
   • Debugging: Use docker exec -it <container_id> env to inspect the environment variables visible inside a running container.

2. Issue: Docker image size is still large despite using multi-stage builds.

   • Problem: Your final image size is unexpectedly large.
   • Explanation: This often happens if the COPY --from=builder commands are not precise enough, or if the .dockerignore file isn’t comprehensive.
   • Solution:
     • Review COPY commands: Ensure you are only copying the absolutely necessary files (dist folder, package.json, package-lock.json) from the builder stage to the production stage. Avoid COPY . . in the final stage.
     • Check .dockerignore: Make sure all development-related files, caches, and unwanted artifacts are listed (e.g., node_modules, src folder if not needed, test files, coverage reports).
     • Inspect image layers: Use docker history my-fastify-app:prod to see what each layer adds to the image size and identify potential culprits.
   • Prevention: Be surgical with COPY commands and keep .dockerignore up-to-date.

3. Issue: Application fails to start in Docker with “command not found” or “missing module” errors.

   • Problem: The container starts, but the application immediately crashes with errors like Error: Cannot find module '...' or npm: command not found.
   • Explanation: This indicates that either the CMD instruction is incorrect, or required files/dependencies are missing in the production stage.
   • Solution:
     • Verify CMD: Ensure the CMD in your Dockerfile correctly points to your compiled entry file (e.g., node dist/server.js) and that npm is available if you’re using npm run start:prod.
     • Check COPY for dist: Ensure COPY --from=builder /app/dist ./dist is correctly copying your compiled JavaScript.
     • Check npm ci --omit=dev: Verify that all production dependencies are correctly installed in the production stage. If you moved a dependency from dependencies to devDependencies but it’s still needed at runtime, it will be missing.
     • Inspect container filesystem: Run docker exec -it <container_id> sh (or bash) to get a shell inside the running container. Navigate to /app and verify that dist/server.js, node_modules, package.json are all present and correctly structured.
   • Debugging: Use docker logs <container_id> to see the application’s stdout/stderr. If the container exits immediately, docker ps -a will show it.

Testing & Verification

To ensure everything is correctly configured and our Docker image is production-ready:

1. Clean Up Previous Runs:

   docker stop fastify-prod-container || true
   docker rm fastify-prod-container || true
   docker rmi my-fastify-app:prod || true
   

2. Rebuild the Docker Image:

   docker build -t my-fastify-app:prod .
   

   Verify that the build completes without errors and that the final image size is reasonable (e.g., under 200MB for a typical Node.js app).

3. Run the Container in Production Mode: Ensure you provide all necessary environment variables for your application to function correctly.

   docker run -p 3000:3000 \
              -e DATABASE_URL="postgres://user:[email protected]:5432/mydatabase_prod" \
              -e JWT_SECRET="yourproductionsecretkey" \
              -e REDIS_URL="redis://host.docker.internal:6379" \
              --name fastify-prod-container \
              my-fastify-app:prod
   

   Remember to replace host.docker.internal with actual IP addresses or service names if your database/Redis are not on the Docker host.

4. Verify Application Functionality:

   • Check the container logs: docker logs fastify-prod-container. Look for Server listening... in production mode and no critical errors.
   • Access various API endpoints (e.g., health check, user registration, login, data retrieval) using curl or a tool like Postman/Insomnia.
   • Ensure authentication and authorization still work as expected with the production JWT_SECRET.
   • Verify database and Redis connections by performing operations that interact with them.

Everything should now be working seamlessly within the Docker container, configured for a production environment.

Summary & Next Steps

In this chapter, you’ve taken crucial steps towards making your Node.js application production-ready. We established a robust environment configuration system using dotenv and envalid, allowing us to manage settings dynamically across different deployment stages. More importantly, we crafted a multi-stage Dockerfile that produces lean, secure, and efficient Docker images, eliminating development dependencies and unnecessary files.

This optimized Docker image is the cornerstone for modern cloud deployments. With our application containerized and its configuration externalized, we are perfectly positioned for scalable and resilient deployments.

In the next chapter, Chapter 13: Deploying to AWS ECS with Fargate, we will take this production-ready Docker image and deploy it to a real-world cloud environment using Amazon Elastic Container Service (ECS) with Fargate, leveraging AWS’s serverless container capabilities for scalable and managed deployments.