The Complete Guide to Docker Compose in Production (2025)

Docker Compose in Production: Yes, It Works

There's a persistent myth that Docker Compose is "only for development." At TechSaaS, we run 50+ production containers using a single Docker Compose file — including databases, web applications, monitoring stacks, and AI services — all on a server with 14GB RAM.

Here's everything we've learned.

Essential Production Patterns

1. Health Checks for Everything

Every container must have a health check. Without them, Docker has no way to know if your service is actually working:

healthcheck:
  test: ["CMD-SHELL", "curl -sf http://127.0.0.1:8080/health || exit 1"]
  interval: 30s
  timeout: 5s
  retries: 3
  start_period: 10s

For containers without curl, use alternatives:

• PostgreSQL: pg_isready -U postgres
• Redis: redis-cli ping
• Node.js: wget -q --spider http://localhost:3000/health

2. Resource Limits

Never run production containers without resource limits:

services:
  my-app:
    mem_limit: 512m
    cpus: 1.0

This prevents a single runaway container from taking down your entire server.

3. Restart Policies

Use unless-stopped for most services:

restart: unless-stopped

This restarts crashed containers automatically but respects manual stops.

4. Named Networks

Create explicit networks instead of relying on the default:

networks:
  app-net:
    driver: bridge

This gives you DNS resolution between containers by service name.

Real-World Architecture

Here's our production stack architecture at TechSaaS:

Infrastructure Layer:

• Traefik (reverse proxy, SSL termination)
• Authelia (SSO, forward-auth)
• Cloudflared (tunnel to Cloudflare)
• CrowdSec (intrusion prevention)

Data Layer:

• PostgreSQL 16 (shared, multiple databases)
• Redis 7 (shared, database isolation)
• MongoDB 7 (for specific apps)

Application Layer:

• 30+ web applications, each on their own subdomain
• All routed through Traefik via Docker labels
• All protected by Authelia SSO

Monitoring Layer:

• Grafana + Loki + Promtail (logs)
• Uptime Kuma (availability monitoring)
• Dozzle (real-time log viewer)

Deployment Strategy

We use Gitea + CI/CD runners for automated deployments:

1. Push code to Gitea
2. CI runner builds Docker image
3. Runner copies compose changes
4. docker compose up -d --build service-name
5. Health check passes → deployment complete
6. Health check fails → automatic rollback

Security Best Practices

• Never expose ports directly: Use a reverse proxy (Traefik)
• Use Docker secrets or .env files: Never hardcode credentials
• Limit Docker socket access: Only admin containers need it
• Run as non-root: Use user: "1000:1000" where possible
• Scan images: Trivy CI/CD pipeline for vulnerability scanning

The 50-Container Compose File

Yes, a single compose file with 50 services works fine. Docker Compose handles dependency resolution, networking, and lifecycle management efficiently. The key is:

• Alphabetical service ordering for readability
• Consistent label patterns (Traefik routing)
• Shared infrastructure (one PostgreSQL, one Redis)
• Resource limits on every container

Need help setting up production Docker Compose? TechSaaS specializes in containerized infrastructure. Contact [email protected].