What is .dockerignore? | DevOps Dictionary

.dockerignore — Keeping Your Build Context Fast and Safe

What Is .dockerignore in Simple Terms?

When you run docker build ., Docker sends your entire project directory to the Docker daemon before executing a single Dockerfile instruction. Without .dockerignore, that includes your 500MB node_modules folder, your .git history, your .env secrets file, and every test fixture and build artifact you have ever created. All of it gets sent over the network before the build even starts.

.dockerignore tells Docker which files to exclude. It uses the same syntax as .gitignore.

TEXT

Without .dockerignore:
  Sending build context to Docker daemon  890.5MB
  (890MB sent before build starts)
 
With .dockerignore:
  Sending build context to Docker daemon  2.3MB
  (386x reduction — build starts immediately)

Production .dockerignore Template

Bash

# .dockerignore
 
# Dependencies — always install inside container, never copy from host
node_modules/
npm-debug.log
.npm/
.yarn/
__pycache__/
*.pyc
venv/
.venv/
 
# Build output — built inside container via multi-stage
dist/
build/
.next/
out/
target/
 
# Version control
.git/
.gitignore
.gitattributes
 
# Environment and secrets — NEVER in images
.env
.env.*
!.env.example
*.pem
*.key
*.crt
 
# Development tools
.vscode/
.idea/
*.swp
*.swo
 
# Tests
coverage/
.nyc_output/
__tests__/
*.test.ts
*.spec.ts
*.test.js
*.spec.js
 
# Docker files themselves
Dockerfile
Dockerfile.*
docker-compose.yml
docker-compose.*.yml
 
# Documentation
docs/
*.md
!README.md
 
# macOS
.DS_Store
 
# Logs
*.log
logs/

Measuring the Impact

Bash

# Check build context size before adding .dockerignore
docker build .
# Sending build context to Docker daemon  890.5MB
 
# Add .dockerignore, rebuild
docker build .
# Sending build context to Docker daemon  2.3MB
 
# 386x reduction — instant improvement with zero other changes

Important Distinction

TEXT

.dockerignore controls what is SENT TO THE DAEMON
Dockerfile COPY controls what goes INTO THE IMAGE
 
You need both:
  .dockerignore: excludes node_modules from context (build speed)
  COPY src/ /app/src/: copies only src, not everything (image cleanliness)
 
If a file is in .dockerignore:
  It is NOT sent to daemon
  COPY instructions cannot access it
  It cannot end up in the image

PLACEMENT PRO TIP
**Tip:** Create `.dockerignore` as the very first file in every new project — before writing any Dockerfile. It is much easier to add it at the start than to discover 6 months later that your API keys are in every image you have ever pushed to your registry.

COMMON MISTAKE / WARNING
**Common Mistake:** Not adding `.env` to `.dockerignore`. Your `.env` file contains real credentials. If it gets sent to the daemon and a `COPY . .` instruction runs, it ends up baked into an image layer permanently — visible to anyone who runs `docker history` on the image.