Claude-skill-registry docker-stack-composer
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/docker-stack-composer" ~/.claude/skills/majiayu000-claude-skill-registry-docker-stack-composer && rm -rf "$T"
manifest:
skills/data/docker-stack-composer/SKILL.mdsource content
Docker Stack Composer
Purpose
A multi-service Docker deployment configuration generator that produces complete docker-compose configurations with support for development, staging, and production environments, including networking, volumes, health checks, and security best practices.
Problem Space:
- Manual Docker configuration is repetitive and error-prone
- Environment-specific configurations often diverge
- Security best practices frequently overlooked
- Service dependencies complex to manage
Solution Approach:
- Template-based generation with environment overrides
- Built-in security configurations (non-root users, read-only filesystems)
- Service dependency management with health checks
- Development/production configuration separation
When to Use
- New microservices architecture setup
- Containerizing existing applications
- Setting up development environments
- Production deployment configurations
- Multi-service local development
- Database + cache + app stack setup
When NOT to Use
- Kubernetes deployments (use Helm charts)
- Single-container applications without dependencies
- Serverless deployments
- When using managed container services (ECS task definitions)
Core Instructions
Stack Architecture Patterns
┌─────────────────────────────────────────────────────────────────┐ │ COMMON STACK PATTERNS │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ Pattern 1: Web Application Stack │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │ │ Nginx │──▶│ App │──▶│ Redis │ │ Postgres│ │ │ │ (proxy) │ │ (Flask) │ │ (cache) │ │ (db) │ │ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │ │ │ Pattern 2: Microservices │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │ │ Gateway │──▶│Service A│──▶│Service B│ │ │ └─────────┘ └─────────┘ └─────────┘ │ │ │ │ │ │ │ └─────────────┴─────────────┘ │ │ │ │ │ ┌─────────────┐ │ │ │ Message │ │ │ │ Queue │ │ │ └─────────────┘ │ │ │ │ Pattern 3: Data Pipeline │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │ │ Ingress │──▶│ Kafka │──▶│ Worker │──▶│TimescaleDB│ │ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │ │ └─────────────────────────────────────────────────────────────────┘
Service Configuration Schema
services: service_name: # Image configuration image: "image:tag" # Or build context build: context: ./path dockerfile: Dockerfile args: - ARG=value # Runtime configuration container_name: service_name restart: unless-stopped # always | on-failure | no user: "1000:1000" # Non-root user # Resource limits deploy: resources: limits: cpus: '0.5' memory: 512M reservations: memory: 256M # Networking ports: - "8080:80" # host:container networks: - frontend - backend expose: - "80" # Internal only # Environment environment: - KEY=value env_file: - .env # Storage volumes: - ./data:/app/data:ro # Read-only mount - cache:/app/cache # Named volume # Health check healthcheck: test: ["CMD", "curl", "-f", "http://localhost/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s # Dependencies depends_on: db: condition: service_healthy
Standard Procedures
1. Identify Services
Map application components to container services:
- Web servers (nginx, traefik)
- Application servers (python, node, go)
- Databases (postgres, mysql, mongo)
- Caches (redis, memcached)
- Message queues (rabbitmq, kafka)
- Monitoring (prometheus, grafana)
2. Configure Networks
networks: frontend: driver: bridge backend: driver: bridge internal: true # No external access
3. Define Volumes
volumes: postgres_data: driver: local redis_data: driver: local
4. Environment Separation
Create override files:
- Base configurationdocker-compose.yml
- Development defaultsdocker-compose.override.yml
- Production overridesdocker-compose.prod.yml
Security Best Practices
# Security-hardened service template services: app: image: app:latest user: "1000:1000" # Non-root user read_only: true # Read-only root filesystem tmpfs: - /tmp # Writable tmp - /var/run # Writable runtime security_opt: - no-new-privileges:true # Prevent privilege escalation cap_drop: - ALL # Drop all capabilities cap_add: - NET_BIND_SERVICE # Only add what's needed
Decision Framework
Database Selection:
| Use Case | Database | Why |
|---|---|---|
| General CRUD | PostgreSQL | Full-featured, reliable |
| Document store | MongoDB | Flexible schema |
| Time-series | TimescaleDB | Optimized for time data |
| Key-value | Redis | Speed, caching |
| Graph data | Neo4j | Relationship queries |
Cache Selection:
| Use Case | Cache | Why |
|---|---|---|
| Simple caching | Redis | Feature-rich, persistent |
| Session store | Redis | Built-in TTL |
| Distributed cache | Redis Cluster | Scalability |
Templates
Web Application Stack
# docker-compose.yml version: '3.8' services: nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./certs:/etc/nginx/certs:ro depends_on: app: condition: service_healthy networks: - frontend restart: unless-stopped app: build: context: . dockerfile: Dockerfile expose: - "8000" environment: - DATABASE_URL=postgresql://user:pass@db:5432/app - REDIS_URL=redis://redis:6379/0 depends_on: db: condition: service_healthy redis: condition: service_started healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 3 networks: - frontend - backend restart: unless-stopped db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data environment: - POSTGRES_USER=user - POSTGRES_PASSWORD=pass - POSTGRES_DB=app healthcheck: test: ["CMD-SHELL", "pg_isready -U user -d app"] interval: 10s timeout: 5s retries: 5 networks: - backend restart: unless-stopped redis: image: redis:7-alpine volumes: - redis_data:/data command: redis-server --appendonly yes networks: - backend restart: unless-stopped networks: frontend: backend: internal: true volumes: postgres_data: redis_data:
Development Override
# docker-compose.override.yml (auto-loaded in dev) version: '3.8' services: app: build: context: . target: development volumes: - .:/app - /app/__pycache__ environment: - DEBUG=true - LOG_LEVEL=DEBUG command: ["python", "-m", "flask", "run", "--reload", "--host=0.0.0.0"] db: ports: - "5432:5432" # Expose for local tools redis: ports: - "6379:6379"
Production Override
# docker-compose.prod.yml version: '3.8' services: nginx: deploy: resources: limits: cpus: '0.5' memory: 256M app: deploy: replicas: 3 resources: limits: cpus: '1' memory: 1G reservations: memory: 512M environment: - DEBUG=false - LOG_LEVEL=INFO user: "1000:1000" read_only: true tmpfs: - /tmp db: deploy: resources: limits: cpus: '2' memory: 4G
Multi-Stage Dockerfile
# Dockerfile # Build stage FROM python:3.11-slim as builder WORKDIR /app RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ && rm -rf /var/lib/apt/lists/* COPY requirements.txt . RUN pip wheel --no-cache-dir --no-deps --wheel-dir /app/wheels -r requirements.txt # Development stage FROM python:3.11-slim as development WORKDIR /app COPY --from=builder /app/wheels /wheels COPY --from=builder /app/requirements.txt . RUN pip install --no-cache /wheels/* COPY . . CMD ["python", "-m", "flask", "run", "--host=0.0.0.0"] # Production stage FROM python:3.11-slim as production RUN useradd --create-home --shell /bin/bash app WORKDIR /app COPY --from=builder /app/wheels /wheels COPY --from=builder /app/requirements.txt . RUN pip install --no-cache /wheels/* && rm -rf /wheels COPY --chown=app:app . . USER app CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "app:create_app()"]
Examples
Example 1: Flask + PostgreSQL + Redis
Input: "Create Docker setup for my Flask API with PostgreSQL and Redis"
Output: Complete docker-compose.yml with:
- Flask app service with health checks
- PostgreSQL with persistent volume
- Redis for caching
- Proper networking (backend isolated)
- Development override with hot reload
Example 2: Microservices Setup
Input: "Set up Docker for 3 microservices communicating via RabbitMQ"
Output: docker-compose.yml with:
- 3 service definitions
- RabbitMQ with management UI
- Service discovery via Docker DNS
- Health checks for all services
- Shared network configuration
Validation Checklist
Before finalizing Docker configuration:
- All services have health checks
- Volumes defined for persistent data
- Networks properly segmented
- Environment variables not hardcoded
- Resource limits set for production
- Non-root users where possible
- Dependencies use service_healthy condition
- Restart policies appropriate
- Secrets not in image or compose file
Related Resources
- Skill:
- Add Docker build to CI/CDcicd-pipeline-generator - Skill:
- Host securitysystem-hardening-toolkit - Docker Compose Documentation: https://docs.docker.com/compose/
- Docker Security Best Practices: https://docs.docker.com/develop/security-best-practices/
Changelog
1.0.0 (January 2026)
- Initial release
- Web application stack templates
- Microservices patterns
- Development/production separation
- Security hardening templates