Skip to main content

Production-Ready Dockerfiles for NestJS: Caching, Multi-Stage Builds & Security

· 7 min read
Mohamed El Amine Meghni
Mohamed El Amine Meghni
Software & DevOps Engineer

For developers at Sadeem informatique

NestJS Docker setup illustration

Image source: NestJS official assets.

Getting Docker working with NestJS is easy. Getting it right with proper layer caching, deterministic installs, Prisma client generation, and a secure runtime image takes a bit more structure. This guide walks through each Dockerfile decision so you can adapt it safely to your own services.

By the end, you'll have a Dockerfile that:

  • Maximises Docker layer caching so rebuilds are fast
  • Never reinstalls node_modules when only application code changes
  • Generates Prisma client in the build stage
  • Uses multi-stage builds to keep the final image lean
  • Runs as a non-root user in production
Shared responsibility

Even if Dockerfile ownership sits mostly with DevOps, backend developers should still understand container build fundamentals. It makes debugging CI/CD issues faster and keeps deployment constraints visible during feature work.

Local development note

This guide targets a production Dockerfile. For day-to-day local development and testing, use a separate Dockerfile.local tailored for fast iteration (for example, bind mounts, hot reload, and dev dependencies).

HTTP Response Status Codes — Practical Guide for Modern Web & API Development

· 5 min read
Mezaache Akram
Mezaache Akram
Developer & Frontend team lead

For developers at Sadeem Informatique

Most developers know what the codes mean — very few consistently use them correctly in real applications. This guide shows practical usage patterns you will actually encounter in production React/Next.js apps + Node.js/Express/Laravel/whatever backend.

Laptop screen showing HTTP response codes and network tab

Photo by ThisIsEngineering on Unsplash

Production-Ready Dockerfiles for Next.js: Caching, Multi-Stage Builds & Security

· 12 min read
Mohamed El Amine Meghni
Mohamed El Amine Meghni
Software & DevOps Engineer

For developers at Sadeem informatique

Software engineer coding on a computer

Photo by ThisIsEngineering on Pexels.

Getting Docker working with Next.js is easy. Getting it right — with proper layer caching, no hardcoded values, and a secure production image — takes a bit more thought. This guide walks you through every decision in a production-grade Dockerfile, explaining the why behind each choice so you can adapt it confidently to your own project.

By the end, you'll have a Dockerfile that:

  • Maximises Docker layer caching so rebuilds are fast
  • Never invalidates your node_modules cache when only application code changes
  • Passes all configurable values as build arguments (no hardcoded ports or URLs)
  • Uses multi-stage builds to keep the final image lean
  • Runs as a non-root user in production
Shared responsibility

Even if Dockerfile maintenance is primarily a DevOps responsibility in your team, developers should still understand Docker fundamentals. This helps them debug build/runtime issues faster, collaborate better across teams, and ship production-ready features with fewer deployment surprises.

Secure Bearer Token Storage in Practice

· 10 min read
Mohamed El Amine Meghni
Mohamed El Amine Meghni
Software & DevOps Engineer

For developers at Sadeem informatique

Most articles explain where to store tokens. This guide shows you exactly how to implement a secure setup in a real web application.

We'll build the modern recommended pattern:

TokenStorageLifetime
Access tokenIn-memory only (encrypted JWT)15 minutes
Refresh tokenHTTP-only encrypted cookie7 days

This approach aligns with OWASP security guidance and is widely used in production SaaS applications.

Laptop displaying a lock icon representing secure token and authentication practices

Photo by Dan Nelson on Pexels.

Guidelines for Effective Use of Free AI Coding Tools

· 7 min read
Mohamed El Amine Meghni
Mohamed El Amine Meghni
Software & DevOps Engineer

For developers at Sadeem informatique

This guide defines best practices for using free-tier AI tools to support development work.
The goal is to improve productivity, learning, and code quality while keeping developers in control of architecture, logic, and security decisions.

Source Priority

Official framework and programming language documentation are the primary sources of truth. AI tools can be useful assistants, but responses may be outdated or incomplete and must be validated before use.

Quick Navigation
Principles1. Knowledge Assistant, 2. Focused Questions, 3. Understanding First
Execution4. Debugging Strategy, 5. Validate Output, 6. Internal Knowledge
Governance7. Sensitive Data, 8. Learning Mindset, 9. Boilerplate Usage

Software engineer using an AI assistant on a laptop

Photo by Matheus Bertelli on Pexels.