Dockerising a FastAPI App with Compose, Nginx & Redis
December 2025 · 7 min read
Running uvicorn main:app locally is easy. Running it in production with a database, cache layer, and reverse proxy — that's where Docker Compose earns its keep. Here's the setup I use for most of my FastAPI projects.
The Stack
A typical FastAPI project I deploy looks like this:
- FastAPI — the Python API (running on Uvicorn)
- PostgreSQL — primary database
- Redis — caching and rate limiting
- Nginx — reverse proxy, TLS termination, static files
All four services defined in one docker-compose.yml, with health checks and dependency ordering.
The Dockerfile (Multi-Stage)
Multi-stage builds keep the final image small by separating the build environment from the runtime:
# Stage 1: Install dependencies
FROM python:3.12-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
# Stage 2: Runtime
FROM python:3.12-slim
WORKDIR /app
COPY --from=builder /install /usr/local
COPY ./src .
# Non-root user for security
RUN adduser --disabled-password --no-create-home appuser
USER appuser
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Key details: the --no-cache-dir flag avoids bloating the image with pip cache. Running as a non-root user is a basic security practice that many tutorials skip.
Docker Compose
services:
app:
build: .
env_file: .env
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
networks:
- backend
db:
image: postgres:16-alpine
environment:
POSTGRES_DB: ${DB_NAME}
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASS}
volumes:
- pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
interval: 5s
retries: 5
networks:
- backend
redis:
image: redis:7-alpine
command: redis-server --requirepass ${REDIS_PASS}
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASS}", "ping"]
interval: 5s
retries: 5
networks:
- backend
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/certs:/etc/nginx/certs:ro
depends_on:
- app
networks:
- backend
volumes:
pgdata:
networks:
backend:Nginx Configuration
Nginx sits in front of Uvicorn and handles things the app server shouldn't:
upstream fastapi {
server app:8000;
}
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://fastapi;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static/ {
alias /var/www/static/;
expires 30d;
add_header Cache-Control "public, immutable";
}
}
The upstream block references the Docker service name app — Docker's internal DNS resolves it automatically. No IP addresses needed.
Using Redis for Caching
In FastAPI, I use Redis for caching expensive database queries:
import redis
import json, os
r = redis.Redis(
host="redis",
port=6379,
password=os.environ["REDIS_PASS"],
decode_responses=True
)
async def get_device_summary(device_id: str):
cache_key = f"device:{device_id}:summary"
cached = r.get(cache_key)
if cached:
return json.loads(cached)
# Expensive DB query
summary = await db.fetch_device_summary(device_id)
r.setex(cache_key, 300, json.dumps(summary)) # 5 min TTL
return summaryStuff That Bit Me
- Use health checks and
depends_onconditions. Without them, your app container starts before PostgreSQL is ready, and you get connection errors on startup. Theservice_healthycondition solves this cleanly. - Never put secrets in the Compose file. Use
env_file: .envand add.envto.gitignore. In CI, inject secrets from your pipeline's secret store. - Use named volumes for data persistence. Anonymous volumes get deleted on
docker compose down. Named volumes survive and can be backed up. - Pin your image versions.
postgres:latesttoday might be a different major version tomorrow. Always usepostgres:16-alpineor similar.