krun.pro
 [ don’t_write_code_you_can’t_maintain ] [clean_code]
Premature optimization is the root of all evil. But so is a 10-second page load.

Docker Compose Configuration That Doesnt Fall Apart at Scale

Managing multi-container environments without a sane orchestration layer is a fast path to configuration drift, undocumented port conflicts, and late-night incidents. Getting your docker compose configuration right from the start isnt optional — its the difference between a reproducible environment and a snowflake server nobody dares touch. Most teams start with a single service, hit a wall at three containers, and end up with a YAML file that only one person understands. This article is for the engineer who wants to skip that phase entirely.

Well go through real, working examples — from a minimal single-service setup to a multi-container production-grade config — and cover the exact failure modes that show up in every project sooner or later. No padding, no what is Docker preamble.

Understanding the File Structure

The structure of docker compose file is deceptively simple until you have five services, three networks, and environment-specific overrides. At its core, a Compose file is a declarative map of your runtime: what containers run, how they talk to each other, and where their data lives. The top-level keys — services, volumes, networks — each own a distinct concern. Mixing those concerns is how configs become unmaintainable.

Before we look at a docker compose yaml example, one thing worth noting: the version: top-level key is deprecated in Compose v2 and later. Dont include it. It causes warnings, it means nothing to modern Compose, and its a cargo-cult leftover from the v1 era.

services:
  web:
    image: nginx:1.25-alpine
    ports:
      - "8080:80"
    restart: unless-stopped

This docker-compose.yml example is the baseline. It does one thing cleanly: runs Nginx, maps host port 8080 to container port 80, and restarts the container unless you explicitly stop it. No unnecessary keys, no placeholder comments.

Services: The Core Building Blocks

Every container in your stack is defined as a service. The way services in docker compose work is straightforward: each service gets its own isolated process, its own network identity, and optionally its own volume mounts. A service name is also its DNS hostname within the default network — which matters the moment two services need to talk to each other.

Volumes and Networks: Handling Data and Isolation

Understanding volumes and networks in docker compose is where most engineers make their first serious mistake. Anonymous volumes disappear on docker compose down. Named volumes persist. Custom networks give you isolation and predictable DNS — the default bridge network works, but it doesnt give you the same control over which services can see each other.

services:
  app:
    image: node:20-alpine
    volumes:
      - app_data:/var/app/data
    networks:
      - backend

  cache:
    image: redis:7-alpine
    volumes:
      - redis_data:/data
    networks:
      - backend

volumes:
  app_data:
  redis_data:

networks:
  backend:
    driver: bridge

Both services share the backend network, which means they can reach each other by service name — cache resolves to the Redis container from within app. Named volumes app_data and redis_data are declared at the top level, which means they survive docker compose down and get reattached on the next up. The driver: bridge is the default, but declaring it explicitly makes the intent clear and avoids confusion when you add a second network later.

If your team treats volume and network definitions as an afterthought, youll hit data loss and service discovery bugs before the project reaches staging.

Related materials
When LLMs Run Everything

The AI-Native Stack: Building a Workflow That Actually Scales Most developers didn't plan to become AI-native. It happened gradually — one Copilot suggestion accepted, one ChatGPT debugging session, one afternoon where the LLM wrote a...

[read more →]

Minimal Working Example

A good docker compose example isnt the simplest possible config — its the simplest config that reflects real production intent. Heres a single-service Nginx setup that serves static files, with explicit port mapping and a read-only volume mount.

services:
  web:
    image: nginx:1.25-alpine
    ports:
      - "8080:80"
    volumes:
      - ./static:/usr/share/nginx/html:ro
    restart: unless-stopped

The docker compose ports mapping 8080:80 means: bind host port 8080 to container port 80. The host side is always left, the container side is always right. If you swap them, youll get a confusing error — or worse, silently bind the wrong port. The docker compose volumes mount uses :ro, the read-only flag. This matters for static file serving: the container has zero reason to write to that directory, and allowing writes is an unnecessary attack surface. If the app tries to write and fails, thats a bug you want surfaced immediately, not hidden behind permissive mounts.

Read-only mounts arent paranoia — theyre the kind of constraint that makes debugging faster when something goes wrong.

Multi-Container Setup with Database

This is where Compose earns its keep. A docker compose multiple containers example needs to solve service discovery, startup ordering, secret management, and data persistence — all in a single file. Heres a realistic docker compose example with a Node.js API and PostgreSQL.

Connecting and Securing Services

Service communication in Compose uses the service name as the hostname. If your API service is named api and your database is named db, the connection string in your app is postgres://db:5432/myapp. Compose handles the DNS — you dont need IPs, you dont need host entries.

The docker compose depends_on key controls startup order, but with an important caveat: it only waits for the container to start, not for the process inside it to be ready. PostgreSQL takes a few seconds to initialize after the container is up. If your API tries to connect in that window, it fails — and depends_on alone wont prevent it. Use a health check or a retry loop in your application. The docker compose networks setup below isolates the database from anything that doesnt need to reach it.

services:
  api:
    image: node:20-alpine
    working_dir: /app
    volumes:
      - ./app:/app:ro
    ports:
      - "3000:3000"
    env_file:
      - .env
    depends_on:
      db:
        condition: service_healthy
    networks:
      - app_net

  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: myapp
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - pg_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - app_net

volumes:
  pg_data:

networks:
  app_net:
    driver: bridge

Using condition: service_healthy with a proper healthcheck on the database solves the race condition that depends_on alone doesnt. The API container wont start until Postgres passes pg_isready. Credentials come from environment variables, not hardcoded values — the ${DB_USER} syntax pulls from the shell or a .env file at runtime.

The classic depends_on trap catches every team at least once. Health checks are the fix — not retry logic spread across five files.

Best Practices for Clean Configs

The docker compose best practices that actually matter in production arent philosophical — theyre constraints that prevent real failure modes. Following one solid docker compose example architecture consistently beats having six different approaches across your services. The single most impactful habit: treat your Compose file like infrastructure code, not a dev convenience script.

Handling Environment Variables

The right way to handle docker compose env variables is through .env files, not inline environment: keys with hardcoded values. Using .env files in docker compose keeps secrets out of version control and makes environment-specific overrides trivial — you swap the file, not the YAML.

services:
  api:
    image: myapp/api:1.4.2
    env_file:
      - .env
    environment:
      NODE_ENV: production
      PORT: 3000
    restart: unless-stopped
    networks:
      - app_net

networks:
  app_net:
    driver: bridge

Key practices that belong in every production Compose config:

  • Never use :latest tags — they make deployments non-deterministic. Pin to a specific version like 1.4.2 or a digest.
  • Isolate environments — use separate Compose files or override files for dev, staging, and production. Dont toggle behavior with environment variables in a single file.
  • Always use named volumes for stateful data — anonymous volumes are a silent data loss risk on every docker compose down.

A Compose file that works identically on every machine and every environment is worth more than one with clever tricks that only one engineer understands.

Related materials
The No-Hype Tech Stack:...

Why Boring Technologies Win in 2026 If you spend ten minutes on tech social media, you’d think building a backend requires a distributed graph database, three different serverless providers, and an AI-driven orchestration layer. It’s...

[read more →]

Common Pitfalls and Troubleshooting

Most docker compose errors fall into a small set of predictable categories. The frustrating part is that many of them fail silently or with misleading error messages. Knowing the docker compose yaml mistakes that show up repeatedly saves hours of docker compose troubleshooting per incident.

Heres a broken config followed by the corrected version:

# BROKEN — wrong indentation, port conflict, missing network ref
services:
  web:
  image: nginx:1.25-alpine   # wrong: not indented under web
    ports:
      - "80:80"
      - "80:8080"            # conflict: host port 80 bound twice
    networks:
      - frontend             # not declared in top-level networks
# FIXED
services:
  web:
    image: nginx:1.25-alpine
    ports:
      - "80:80"
    networks:
      - frontend

networks:
  frontend:
    driver: bridge

The broken version has three distinct problems packed into six lines — which is typical of real incidents. Indentation is off by two spaces on image, host port 80 is bound twice causing an immediate bind failure, and the frontend network is referenced but never declared.

Real-world errors and their fixes:

  • YAML indentation errors — Compose is unforgiving about spaces. Use a linter (docker compose config validates syntax before you run anything).
  • Port binding failures (bind: address already in use) — Another process is using the host port. Run lsof -i :PORT or ss -tulpn to find it.
  • Data loss on restart — Using anonymous volumes or bind mounts without backups. Switch to named volumes for anything stateful.
  • Service cant reach database — Either the network isnt shared, or the DB isnt ready yet. Check network definitions and add health checks.
  • Environment variables not loading.env file must be in the same directory as docker-compose.yml. Verify with docker compose config — it prints the resolved config with all variables substituted.
  • Container exits immediately — The entrypoint process finished or crashed. Check logs with docker compose logs --tail=50 service_name before assuming its a Compose issue.

Running docker compose config before every docker compose up in CI eliminates an entire class of environment-specific failures.

Production Deployment Strategies

Using docker compose production setups is entirely legitimate for small to medium workloads — a few services, a single host, predictable traffic. The key is knowing where the ceiling is. For straightforward docker compose deployment scenarios — a web app, a database, a cache, maybe a background worker — Compose handles it cleanly. A proper docker compose restart policy (unless-stopped or always) gives you basic resilience against container crashes and host reboots.

Scaling and Monitoring Limitations

Compose doesnt do horizontal scaling across hosts. You can run docker compose up --scale api=3 to spin up multiple replicas of a service on a single machine, but the moment you need those replicas on different nodes, youve outgrown Compose. Theres no built-in load balancer, no cross-host networking, and no scheduling intelligence.

Monitoring is another gap. Compose gives you docker compose logs and docker compose ps. Thats roughly it out of the box. In production youll need to pipe logs to a centralized system and attach a metrics exporter — which is doable, but its glue you write yourself.

Related materials
Configuration vs Code

Where Configuration Breaks Systems Modern software rarely fails because of bad algorithms. It fails because behavior is defined outside the code, spread across layers no one fully understands. Configuration promises flexibility, but over time it...

[read more →]

The honest comparison: Compose is a great fit for a team of one to five engineers running a monolith or a small service mesh on a single VPS. Its the wrong tool when you need rolling deployments, automatic failover, multi-host scheduling, or fine-grained resource quotas. Thats what Kubernetes exists for. The mistake isnt using Compose in production — its using it past the point where its limitations become your incidents.

Choose Compose when simplicity is a feature. Switch to Kubernetes when simplicity stops being enough.

Reference Table

Key Purpose Notes
services Define containers Each service is an isolated runtime unit with its own image, ports, and config
volumes Persistent data Named volumes survive docker compose down; anonymous volumes do not
networks Container communication Custom networks provide DNS-based service discovery and traffic isolation

Quick Checklist

  • Remove version: from all Compose files — its deprecated in v2
  • Pin all image tags to specific versions, never :latest
  • Use named volumes for every stateful service
  • Declare all networks explicitly at the top level
  • Store secrets in .env files, never hardcoded in YAML
  • Add health checks to database and cache services
  • Run docker compose config to validate before deploying
  • Set restart: unless-stopped for all production services

FAQ

How does a docker compose file work in real projects?

A Compose file defines your entire application stack in one place. In practice, docker compose services map to individual containers — your API, database, cache — each with its own image, config, and runtime behavior. Compose reads the file and creates all the containers, networks, and volumes in a single docker compose up.

What is the difference between docker compose and docker run?

In the docker compose vs docker run comparison, docker run manages a single container imperatively — you specify everything on the command line. Compose is declarative and multi-container: the entire stack is defined in a file, versioned, and reproducible. For anything beyond one container, Compose wins on maintainability.

How to debug docker compose errors quickly?

Start with docker compose config to catch YAML and variable substitution errors before the stack runs. For runtime issues, docker compose troubleshooting usually means checking docker compose logs --tail=100 service_name and docker compose ps to see which containers exited and why.

Can docker compose be used in production environments?

Yes, with the right constraints. Docker compose production best practices include pinned image versions, named volumes, health checks, and a defined restart policy. It works well for single-host deployments; if you need multi-host scaling or rolling deployments, move to Kubernetes.

How to use environment variables in docker compose?

The cleanest approach is a .env file in the same directory as your Compose file. A real docker compose env example: add DB_PASSWORD=secret to .env, then reference it in your service as ${DB_PASSWORD}. Run docker compose config to verify the values are resolving correctly.

Why is docker compose not starting containers?

The most common docker compose common issues behind containers not starting: YAML indentation errors, a host port already in use, a missing network or volume declaration, or a healthcheck failure blocking a dependent service. Run docker compose config, then docker compose up --no-start followed by docker compose start with verbose logging to isolate where it breaks.

Written by: