I haven't heard of using docker compose for production development, only local development. In production I normally see people building production images and spinning up them up in their cloud with Terraform and whatever other infrastructure they need, especially for databases where your local MySQL container isn't going to be configured or provisioned like an AWS RDS instance. What do you hand a docker-compose file off to in production? Swarm? When would you choose this path over a separate system to provision your production resources (like Terraform)?
A lot of my clients are happily using Docker Compose in production. Some even run a million dollar / year businesses on a single $40 / month server. It doesn't get handed off to Swarm or another service, it's literally docker-compose up --remove-orphans -d with a few lines of shell scripting to do things like pull the new image beforehand.
You can still use Terraform to set up your infrastructure, Docker Compose ends up being something you run on your server once it's been provisioned. Whether or not you decide to use a managed database service is up to you, both scenarios work. The blog post and video even cover how you can use a local DB in development but a managed DB in production using the same docker-compose.yml file, in the end all you have to do is configure 1 environment variable to configure your database at the app level with any web framework.
That's my preferred workflow for most internal services and things at home, and I got annoyed that there was nothing to automate them with, so I wrote Harbormaster:
It's not clear to me from the README whether harbormaster will keep up to date with docker images in docker repositories as well. How does this work? Meaning to say, when there is a change to the repository, where do the new docker images come from?
Use case is when a repository requires compilation to build the docker image, and I don't want that happening on the production server.
Ah yes, sorry, I should clarify this in the README: Docker images should be tagged in the repo (so you know what you're deploying), and Harbormaster will deploy the new image when you update the tag in the git repo.
It doesn't currently check upstream Docker registries for changes like Watchtower does, mainly because I think that's not a deterministic enough way to do deployments (but that can certainly change).
I take the few second downtime hit on each deploy. I know, it's iNsAniTy but it's really not. A 5 second blip a few times a week is no biggie for most SAAS apps or services.
To me that's well worth the trade offs of not having to deal with a load balancer, a container orchestrator tool, dealing with database migrations that need to be compatible for 2 versions of your app as it's being rolling restart and all of the other fun complexities of running a zero down time service.
You can still architect your app in a flexible way (env vars, keeping your web servers stateless, uploading user content to S3 or another object store, etc.) so that moving to something like Kubernetes is less painful if / when the time comes. It's just for me, that time has never come.
> how do you backup data?
A background job / cron job runs every few hours and does a pg_dump to a directory in a block storage device. Could easily change that to be S3 too. Just comes down to preference. Personally I found it easier to drop it into block storage since it's just copying the file to a directory.
I like this pragmatism and I teach it as well (https://deploymentfromscratch.com/). Just want to say that you can employ systemd socket activation for systemd services, and you can have zero-downtime deployment without load balancers.
This is a great response and refreshing to see things can just be simple, if one tries to cover 99% of usecases and not go crazy overboard trying to solve just 1% of edge cases with "container orchestration" :)
You don't always need "no downtime deployments", few minutes are tolerated in many environments (I work in enterprise software, where it could be days!).
Backups? You only need backups or the Db, and that have zero impact in the use of docker or not*
*ie: I know what very complex setups the micro-service crow use for serve their smalls-size disruptive app. I still think cron + pg_dump + rsync is more than enough...
well I'm asking because I have a docker-compose file and I use kustomize+kompose on it, because volume backup is a thing and the file comes from an upstream vendor and we can actually miss a few minutes/hours/days of uptime, but since the databases also use compose and sadly in a way that I can't remove it (migrate.sh script that makes use of compose commands), else I can use my kustomize+kompose setup which basically replaces the kustomize+kompose with a custom init container that I built, however everytime they change their shell scripts I need to fix my stuff...
but they say that I should just backup my whole volume/vm via lvm snapshots or via vmware whatever. which I find a little bit akward and I do not want to backup my data with disk snapshots. another way would be to natively backup stuff via compose, but they use many databases and it's way harder than just use velero.
I’m not the parent but I’ll pitch in on this as I have a few client projects using docker compose for production.
No downtime deployments: I don’t bother for these projects. A minute of downtime in off-peak hours for a restart is fine.
Data backup: just like you would backup any other local data: cron, rsync, pg_dump. And there isn’t much local data anyway as most services are stateless, using S3 or a database for long term storage.
I choose docker compose for production when I want to keep complexity to a minimum: All I need is a cloud vm, an ansible playbook to install docker and configure backups. Typically in these scenarios I run the database as an OS service and only use docker for nginx/redis and application services.
For local development I run the full environment including the database in docker compose.
For production some of these projects run alongside each other on the same host and share the database service. Sometimes the database is on another host.
A typical host like this would be a 50/month Hetzner dedicated machine with only docker daemon and postgres installed natively. And then multiple projects deployed with docker compose. Sometimes nginx is native as well with vhosts pointing to the docker projects.
We've been doing this because alternatives like k8s burned out time, $, and other team members, and our on-prem customers like it operationally vs k8s. SW teams ran high uptime stuff before k8s, and you can still do most of those tricks. We're revisiting, but selectively and only b/c we're now getting into trickier scenarios like multi-az and potentially elastic GPUs for our SaaS offering
Ex:
- blue/green stateless nodes
- DNS/load balancer pointer flips
- Do the DB as a managed saas in the cloud and only ^^^ for app servers
- Backups: We've been simply syncing (rsync, pg_dump, ..) w/ basic backup testing as part of our launch flow (stressed as part of blue/green flow), and cloud services automate blob backups. We're moving to DBaaS for doing that better, which involves taking the DB out of our app for our SaaS users
In practice, our service availability has been largely degraded by external infra factors, like Azure's DNS going down, than by not using k8s/swarms for internal infra. Likewise, our own logic bugs causing QoS issues that don't show up in our 9's reports.
> We've been doing this because alternatives like k8s burned out time, $, and other team members, and our on-prem customers like it operationally vs k8s.
It doesn't seem you bothered looking into alternatives.
Take for example docker swarm. It already uses docker compose files (well, there are some differences) , they support blue-green deployments of stacks, and they even support multi-node deployments and horizontal scaling.
Swarm was/is a bad bet due to looking like Docker gave up on it, esp. for deploying to our on-prem users where we can't just change our mind the next day, and wanting something we'd have some faith in for 2-3 years. Nomad was more appealing from the simplicity view, esp. as we'd need to do some rewriting either way.
> you'd rather use six complex things instead of one simple one?
By that measuring stick, using Docker Swarm instead of docker compose is even simpler as you only need to use docker alone instead of having to install a separate script.
Another one here! I use docker-compose, normal periodic DB backups to S3 and a twilio script that can use a lambda function to reload the entire system or parts of it by simple phone commands when necessary. Site does millions of views per day.
Nice. Reminds me fondly of many years ago when I sent commands via pager to long-running jobs running at work from the comfort of a nearby stool at the pub. Was eating dinner of course. ;-)
I've done zero-downtime deployments with the same Docker compose file running on multiple nodes. I just had a Python script (~100 lines) that would take instances off the load balancer in turn, update the docker-compose file, add them back, wait for a warm-up period and move on to the next ones.
It's common to have a load balancer, that routes traffic to nodes that are up.
That part is mostly straightforward. It could be the application's responsibility or the load balancer's. The tricky bit is maintenance on the load balancing parts.
How's it different than running things with pure docker or before docker? There were backups and no downtime deployments before docker became a thing... docker compose is already a layer above docker (but really just docker).
yeah but stuff like that is hard and not solved with compose, you can update your compose but that would result in downtime, so you can either do a/b (blue/green) deploys or you somehow reload the content inside the container?! everything that needs special tooling.
You can have a compose with multiple backend services and an nginx load balancer in it proxing back to it each one, then down/up each each backend service individually when upgrades for example..
Which may force you to handle two versions of databases schemes instead of a single migration. This adds complexity and sometimes 1min of down time is more acceptable than that additional work.
Yeah for sure, but I feel that's a software design problem and not directly related to using docker compose or not, you could have this same issue regardless of how you go about deploying it.
> You can have a compose with multiple backend services and an nginx load balancer in it proxing back to it each one, then down/up each each backend service individually when upgrades for example..
Things are way simpler with Docker Swarm. You just run a single ingress controller as a separate stack and route all traffic internally.
If you use Traefik as your ingress controller, all you need to do is set labels in your docker compose files and everything just works.
There is absolutely no reason or excuse to use docker compose in anything resembling production.
> There is absolutely no reason or excuse to use docker compose in anything resembling production.
I work at a university where I make an app meant for maybe a couple of concurrent researchers. Am I seriously supposed to set up Docker Swarm for this or is it OK with you if I run my little setup using Docker-compose on the tiny server that the university has provisioned for me?
Seriously, why do so many people on HN have to act like the entire world of software developers is busy making the next Facebook? I'm sure many (most?) people are making tiny things meant for tiny audiences.
> Seriously, why do so many people on HN have to act like the entire world of software developers is busy making the next Facebook? I'm sure many (most?) people are making tiny things meant for tiny audiences.
I agree generally, but playing devil's advocate for GP, what I think they meant is that swarm can be run on a single node with little downside/complexity and a lot of upside from docker compose.
Thanks for the links. I was not aware that it could be run on a single node. Still, the benefits are unclear to me. I guess I will research it some more.
Manage deployments as stacks, which support history and backtrack deployments.
Blue-green deployments.
Frankly, it boggles the mind how people put to production devtools that are barely managed to be secure when deployed locally, when alternatives are both simpler to deploy and more capable.
I am in charge of every single thing from devops to data modelling to backend web services to frontend apps to design and testing to responding to inquiries from users of a dozen web services. Does that boggle your mind too? That is the reality of my job. I don't have the time to be an expert in every single area when I am the one who has to do everything.
I'm sure you're great at setting up servers. That is probably the part of my job I dislike the most, but it's something I have to do, so I do it.
Docker has documentation on how to deploy compose apps to services like Azure Container Instances or Elastic Container Services. It's specifically for using compose in production.
As long as the docker daemon starts on startup, there's a `restart: always` option in the docker-compose.yml config file that takes care of it. Using `depends_on: [list]` takes care of startup order cleanly.
All of the example apps in the blog post use restart: "unless-stopped" which ensures they come up automatically after a reboot or if they crash but can be recovered.
Then in dev the restart policy is set to no. This is handled with an environment variable.
A single powerful host can run a quite large business; you might put two identical instances of that host behind a loadbalancer to reduce downtime due failures or upgrades/deployments, and for a single pair of hosts complex orchestration is IMHO overkill, you can just manually run the deploy on one host, wait for it to start working properly, and then upgrade the other.
Personal or small/medium business sites, research software, free web utilities
What's considered lean in startupland can get pretty beefy compared to the shoestring a lot of projects are compelled by necessity to get by on
Compose can be great if you just need a web server and maybe a database and background worker and you don't have anybody suing you or losing millions for the occasional maintenance hour
> In production I normally see people building production images and spinning up them up in their cloud with Terraform and whatever other infrastructure they need
I see a stark difference between infra management tool (like Terraform), and deploy tooling. Infra I prefer to describe "declarative", and Terraform helps a lot with that. Deplyments are "imperative" in nature to me: turn on maintenance page, remove cluster X, spin up cluster Y, run migrations, etc.
So I find Terraform a bad fit for deployment tooling (please explain if you disagree, I'd like to learn).
We use docker compose in production, but have our own custom tooling based around it.
K8s was a little too complex and docker swarm a little too simple. Rolling our own solution was a last resort, but it worked out well in the end - more control, deeper understanding and no nasty surprises in behaviour while scaling etc.
I found that Hashicorp Nomad fit really well in between k8s and swarm for power to complexity. I ended up not being able to use it because they hadn't implemented the networking stuff that they eventually got, but it's pretty cool stuff.
I second this. Nomad is a nice middle. Like the post above I've built tools to fill that gap. What I don't understand sometimes is why there aren't many more orchestration tools in the ecosystem. Some tools emerge; work and then somewhere along the line get kubernetes feature envy and never quite get there.
We deploy lots of small apps for internal usage, and we deploy those with docker compose.
If your app fits on a single VM, and you don't have k8s, this is incredibly straightforward.
It's even "easier" to just use kubernetes to deploy something - but that's if you already have kubernetes! As my org is adopting k8s we are favoring that over docker-compose where applicable, but there's a huge complexity gap between docker-compose and this isn't an overnight transition.
I guess you could view docker-compose as a much more accessible stopgap as your team learns how to run the more complex orchestration strategies, or a preferred solution if you have a small number of VMs you want to explicitly configure to run specific services on (where you don't need the scheduler etc).
The recent update to `docker-compose`, now called `docker compose`, has contexts that let you us the up command to deploy to services like Azure Container Instances or Elastic Container Services.
I have played around with docker compose + ECS and it works great for simple use cases.
However, I prefer (at least for my needs) AWS CDK because it also supports pushing of the image to remote registry, and spawning other AWS resources, such as databases.
Same here, docker compose is a great little tool for local development. You can get your apps up and running with their respective elasticsearches and localstacks etc, then attach to process if needed to debug
For anything more serious, Terraform makes much more sense IMHO
Terraform and docker-compose can work well together. Terraform to describe the AWS infrastructure, and docker-compose to say what's running on a given VM.
Why would you bother using terraform+docker compose in AWS if you already get containerized solutions out-of-the-box with ECS, which is supported as first class citizen with CloudFormation/CDK?
May be he doesn't want to use CloudFormation? It's easier to switch to any other platform and why switching Cloudformation when everything is doing well with Terraform>
I had remembered docker's own documentation in the past recommending against using compose at all in production, but that is apparently no longer the case: https://docs.docker.com/compose/production/
I'm fairly surprised by this. You can deploy a fairly similar compose file into a Docker swarm cluster, but if you're doing a single-server deployment of everything, that is awfully brittle for production, to say nothing of considerations brought up in other comments where you may be using managed services from a cloud provider for things like database and caching in production but you're probably just spinning up a local postgres server on your laptop for development.
Using the docker-compose.override.yml helps with that. In local you can just have those services/configurations added, and then the production environment doesn't even need to know they exist.
https://github.com/docker/compose-on-kubernetes looks dead now, maybe for misguided political reasons while they remain in denial that swarm might compete? But it's too bad, there's no reason some k8s api/operator thing can't make this frictionless.
Still, someone already mentioned docker-desktop having some tricks for deploying straight to aws and [there is definitely a way to do this with ecs](https://aws.amazon.com/blogs/containers/deploy-applications-...). There's also tools like kompose which translate configs automatically and are suitable for use in a pipeline, so the only thing you need is a compose file in version control.
So yes, you can still basically use compose in production, even on a non-swarm cluster, and it's fine. A lot of people that push back against this are perhaps just invested in their own mad kubectl'ing and endless wrangling with esoteric templates and want to push all this on their teammates. From what I've seen, that's often to the detriment of local development experience and budgeting, because if even your dev environment always requires EKS, that gets expensive. (Using external/managed databases is always a good idea, but beside the main point here I think. You can do that or not with or without docker-compose or helm packages or whatever, and you can even do that for otherwise totally local development on a shared db cluster if you design things for multi-tenant)
At this point I'll face facts that the simple myth here (docker-compose is merely a toy) is winning out over the reality (docker-compose is partly a tool but isn't a platform, and it's just a format/description language). But consider.. pure k8s, k8s-helm, ECS cloudformation, k8s-terraforming over EKS, and docker-compose all have pretty stable schemas that require almost all the same data and any one of them could pretty reasonably be considered as a lingua-franca that you could build the other specs from (even programmatically).
From this point of view there's an argument that for lots of simple yet serious projects, docker-compose should win by default because it is at the bottom of the complexity ladder. It's almost exactly the minimal usable subset of the abstract description language we're working with, and one that's easy to onboard with and requires the least dependencies to actually run. For example: even without kompose it's trivial to automate pulling data out of the canonical docker-compose yaml and injecting that into terraform as part of CD pipeline for your containers on EKS; then you keep options for local-developer experience open and you're maintaining a central source of truth for common config so that your config/platform is not diverging more than it has to.
I'm an architect who works closely with ops, and in many ways not a huge fan of docker-compose. But I like self-service and you-ship-it-you-run it kinds of things that are essential for scaling orgs. So for simple stuff I'd rather just use compose as the main single-source-of-truth than answer endless bootstrappy questions about k8s or ECS if I'm working with others who don't have my depth of knowledge. (Obviously compose has been popular for a reason, which is that kubernetes really is still too complicated for a lot of people and use-cases.) Don't like these ready-made options for compose-on-ECS, or compose-to-k8s via kompose? Ok, just give me your working docker-compose and I'll find a way to deploy it to any other new weird platform, and if I need some pull-values/place-values/render-template song and dance with one more weird DSL for one more weird target deployment platform, then so be it. I've often found the alternative here is a lot of junior devs deciding that deployment/dev-bootstrap is just too confusing, their team doesn't help them and pushes them to an external cloud-engineering team who doesn't want to explain this again because there's docs and 10 examples that went unfollowed, so then junior devs just code without testing it all until they have to when QA is broken. Sometimes the whole org is junior devs in the sense that they have zero existing familiarity with docker, much less kubernetes! Keep things as simple as possible, no simpler.
Seen this argument a million times, and no doubt platform choices are important but even pivoting on platforms is surprisingly easy these days. When you consider that compose is not itself a platform but just basically a subset of a wider description language, this all starts to seem a bit like a json vs yaml debate. If you need comments and anchors, then you want yaml. If you need serious packaging/dependencies of a bunch of related microservices, and a bunch of nontrivial JIT value lookup/rendering, then you want helm. But beyond org/situation specific considerations like this, the difference doesn't matter much. My main take-away lately is that leadership needs to actually decide/enforce where the org will stand on topics like "local development workflows"; it's crazy to have a team divided where half is saying "we develop on laptops with docker-compose" and half is saying "we expect to deploy to EKS in the dev environment". In that circumstance you just double your footprint of junk to support and because everyone wants to be perfectly pleased, everyone is annoyed.
docker has rootless now. Tried to set it up the other day on bog standard Debian. That's a deep ass rabbit hole with a whole lot of gotchas and I'm not entirely convinced the whole thing won't topple over at the slightest breeze. It took me an embarrassingly long time to figure out how to install the correct version of slirp4netns, which is not in the stable repo. Reassuring.
Similar experience. I used Docker rootless for a while 1-2 years ago. There were hiccups and upgrading was a pain, so I stopped using it. It's possible it has improved, though.
Podman is great! I was surprised to learn that the latest version is compatible with docker-compose (minus the Docker Swarm part). I have been playing around with it on my workstation (Arch/Podman/docker-compose) and it works really well, rootless and without any daemon.
....but then when you run it in production, your app fails, because it was designed against assumptions around the fake cluster and pod, or a different config file. I'm not saying there's a solution to this, but we should remind people that "we can pretend X is Y" is a reproducibility red flag.
Which then creates its own special snowflake environment which isn't either dev or prod, and duplicates resources, and can only test one change at a time (unless you have real ephemeral environments, and most people don't). It's better to have blue/green, or something like blue green, and use that as staging, than have an actual dedicated "staging cluster".
But like I say, dev still is far from close to that. So you end up doing a lot of development in dev, and then fixing a ton of things in staging because you weren't developing against staging. And your tests aren't fantastic, so some bugs make it through both staging and prod, and it turns out they're because your design was making assumptions based on dev. Hence, make dev and prod as close as possible, and then you don't need to have "staging", because you have confidence that what worked in dev will also work in prod.
Maybe I'm showing my length of tooth here, but what's wrong with systemd? I can run a decently sized API on an AWS nano instance that gracefully deploys/releases when creating a release on github. I've just backed off the docker-compose version of this that I was deploying left right and centre to save cost and reduce complexity - it's a breath of fresh air!
I suppose one benefit to docker compose over a strictly systemd setup (even one that runs units in containers) is on the dev side. If your dev team is working on macOS or windows the docker compose tooling will let them spin up the whole system just like on the AWS instance.
That's a fair point I did omit the fact that for local database - it's a docker compose file, with docker volumes. That way I can spin up a db per project super easily as can other devs.
It's been a few years since I tried using it, so take this with a grain of salt, but my biggest gripe with it was that it would grind my computer (a beefy Dell) to a halt.
Of course, this depends on what sort of environment you're trying to replicate. If it's 2 to 3 microservices and a database, I would imagine it's fine, but anything more, which is what I had to deal with at the time, it was a no-go. Especially so since this meant that running minikube and having a RAM-thirsty IDE, like Intellij IDEA, was practically impossible.
Ram usage is a lot better when using docker as a driver instead of a vm, which immediately reserves all memory you give it.
see https://minikube.sigs.k8s.io/docs/drivers/ for more info
For me, docker-compose (I suppose I should say docker compose these days) has the right balance of moving parts vs functionality to keep me inside the sanity bubble. I've worked with k8s in the past, but...that bubble sure feels good.
Using docker compose up to deploy a GraphQL API with ECS at Northvolt. Good experience so far, except for having to rely quite a lot on x-aws-cloudformation overlays to work around the tool limitations. In other words, it helps a lot, but you still need to know about AWS in general and CloudFormation in particular.
It’s widely accepted “best practice” to not run processes in docker containers as root but I think it does a disservice to not explain why. The top benefit in my mind is to be able to mark interpreted code (server side JS/python/ruby) as read only in case someone gains shell access in the container. It’s great to set up another user for execution, but you should also make sure to copy in code and build artifacts as read-only. I’m curious if people can name other direct benefits to a non-root user other than “I don’t trust docker/Linux process isolation”.
If you’re using a userns then power to you it’s all the same since you’re not really root.
If not then you’re playing a dangerous game because now your container is running as root on the host system which is almost certainly not what you want. The fundamental security boundary on Linux is users and containers are not a sandboxing solution. You can use seccomp, SELinux, gvisor, or honestly virtualization to get real sandboxing and docker can use those tools to create a sandbox but Linux namespaces alone “containers” aren’t that. You can use these tools without any namespacing and vice versa. It’s not a question of “not trusting” process isolation but defense in depth. If you wouldn’t be comfortable running every process on your host system as root and put full trust into SELinux, AppArmor, and seccomp then you shouldn’t start just because you added a high-tech chroot.
Because giving your app root even to the container could let it blow something up that’s important inside the container, and it means you don’t necessarily know what permissions it actually requires. Then when you get to a client site and they say “Docker isn’t on our approved software list” you won’t know what permissions it needs to install.
There’s a low chance of this scenario happening, but lord knows there’s a Unix greybeard somewhere that doesn’t want Docker on his precious pets, and will like to know what permissions your app actually needs.
I run my personal services (Web, db, mail, nextcloud, traefick) off a cheap hetzner vps using docker-compose and its a pleasure how simple is to manage it. Before that I ran a vps with manually configured services and, specially for mail, it was very hard to deploy and manage. Also if p0wned a service, the whole box was as good as gone.
Now, there are other alternatives with less downtime, more scalability and a lot more or complexity? Sure there are... but for my personal box I won't be touching any of that, thanks
Edit/Add: ... and also VPN, which I added later on in like, 10m or so. Adding OpenVPN in my previous box was not as trivial, I tell you that.
> I run my personal services (Web, db, mail, nextcloud, traefick) off a cheap hetzner vps using docker-compose and its a pleasure how simple is to manage it.
Me too. I have about half a dozen personal projects running in Docker Swarm on Hetzner. I have an Ansible script that gets a freshly created barebones VM to serve live traffic in less than a minute, and I am free to just delete all VMs and reinstall from scratch without any problem at all.
I even split the Ansible playbooks into stack-specific playbooks so that I can redeploy specific stacks if I feel like it.
I firmly believe that Docker Swarm is a killer application that is not given the attention it deserves because everyone is stuck in a mindset where they purposely want to make their own lives harder by doing CV-oriented development while running after the devops version of doing enterprise versions of hello world.
On the list of cool things, deploying postgresql from a phone is most likely pretty down the list. I think my partner would find more cool that I clean the kitchen for example.
yeah .... compose sits at a really sweet spot on the complexity-power tradeoff spectrum. Yes it doesn't do a bunch of stuff, but what you get for how simple it is to do that is really compelling.
Chaining app deps in a healthcheck (db, redis) is a great way to trigger a web node autoscaling catastrophe when your redis or db goes down for a few minutes for maintenance.
The health check should only include the health of the service it resides within, not its dependencies.
Have a question about the safety of using environment variables to store sensitive information.
e.g. suppose you have your postgres db url in an environment variable - with the password in the string - isn't that a big no-no? If someone found an exploit in your web app container then they would also in theory get access to valuable secret info - the db data is by far most valuable part of your app imo.
Is there a more managed way to handle this kind of secret?
> If someone found an exploit in your web app container [...]
A good pattern here is to reverse proxy all requests to the application through something like nginx. My applications tend to have a back-end application that is not accessible to the internet, with an nginx instance that proxies all API requests itself. Only port 80 is public facing. If someone can get console access to an nginx container and then use that to springboard to another container and get root access there (again, where the only open ports are ports 80, maybe 8000?) to get envvars, they should get access to it all.
If your web app container can query the database, and your web app container is compromised, then yes the attacker could query the database. This is an issue independent of how you conveyed that access to the web app container.
If you want to limit the blast radius, you will need to find ways to limit what parts of the database the web app has access to.
if the exploit is in your web app, then you're already too late. Security is about layering. Which is why postgres/mysql have users and permissions. One thing I typically do is prevent DELETE statements from the web app db user. You can also prevent access to tables or even columns. Or you can go in the opposite direction and YOLO-it by putting SQLite right in your web app process, following the recent craze.
Environment variables are typically how secrets are used. Anything else is going to add further complexity and have another set of caveats. Env vars are simple and all devs (and programming languages) know how they work.
I have really enjoyed working with docker compose for development. For production, there is a great guide by the creator of FastAPI on how to spin up a docker swarm cluster to use almost the same files here:
The idea is that you have a core structure that is used in both local/dev environment and the prod environment, with just the override applying changes. For example, your local override might have the "build" configuration, whereas the dev environment or production environment docker-compose should not have that configuration (assuming you are pulling from a private registry). That single core docker-compose.yml can be copied to any environment it needs and it should just run the app, but if you really, really need to override something for a specific reason, it's not hard to do it without modifying the core docker-compose.yml.
It's mentioned on video and briefly in the blog post. It's so you don't have to duplicate a bunch of services between 2 files while you slightly change a bit of configuring for those services depending on the environment you're in, or even running different containers all together (which is the problem the override file solves).
Probably so you don't have duplicate settings in docker-compose.prod.yml and docker-compose.dev.yml when the only difference is probably just 1 line specifying NODE_ENV etc.
This is always somewhat of a code smell to me. This makes me want to dig deeper and see if the two use cases shouldn't have been separated into separate Docker files or even separate apps.
It seems reasonable to me (for a compose-in-prod setup). The standard setup (at least for Rails, in my experience) is that the web server and background job processor will have the same dependencies and nearly identical configuration. Until the app has gone off the rails and I really do need to have the server and worker diverge, this approach seems like less to worry about than maintaining multiple images and duplicated but 98% identical container definitions.
Yeah, same with Django ... really try to keep these environments all in sync so you don't have different environments for no real gain. What do I gain when my worker doesn't have django-allauth installed other than possible development environment complexity.
Docker Compose now works natively with AWS ECS, so you could conceivably "scale" Docker Compose. Plus there's AWS's ecs-cli which can work, though IIRC you basically have to maintain two different configs, one for local development, one for remote.
And that's the general flaw in using Compose outside of local development. It's simply not designed as a general purpose (and thus large-scale) deployment orchestrator. If you get it working locally, you probably need a different setup for remote. That affects things like testing, which means it's not really the same in dev as in prod. And even if it were, Compose isn't persistent, meaning it's just a script to start jobs on some other thing.
Every time I've worked on a team that tried to do Compose in production (or even just for CI) it ended up a weird snowflake or with duplicate processes, and we replaced it with something more standard. My standard advice now is to model both production and local development to be as close as possible and then pick the simplest method to support that use case. In general this means going from "Compose on one host" to Swarm/Nomad/ECS on multiple hosts to K8s. And of course, try to make your CI use the same exact methods you use for dev and prod, so that using CI doesn't give you different results than in dev or prod.
Not for production, but used it for deployments to remote servers via SSH using GitHub Actions. Wrote a guide and video tutorial of how to as well, it uses nginx proxy and surprisingly updates were zero down time since the nginx proxy didn’t change and handles switching app ports seamlessly. For low traffic app could be used for production but I wouldn’t since it is a single server deployment setup. Good for dev/test environment, I use this pattern for 20+ live demo apps on a single server.
I have a Django+Vue app with Docker Compose and I mounted the whole project as a volume for both python and js containers and the venv (python packages are installed here) and node_modules are in the volume. My IDE (Pycharm) uses those dirs for code completion. If I move them within container, my IDE can't do code completion and I will have to rebuild image each time I install packages. Or is there a solution?
I'm not sure how PyCharm deals with Docker but VSCode has a "remote containers" feature. You can run your app in a container and volume mount your code so you don't need to rebuild it, but the remote container feature lets you get full editor support (code complete for everything, etc.) with only defining a few lines of JSON. Maybe check around to see if PyCharm has a similar feature?
Second this. I really like to simplify all things, so sometime it reasonable to use systemd and Makefile with start, stop and update commands. Works in production like a charm.
Running docker compose in production is not a good practice from what I understand. The persistence layers, like MySQL or Redis, shouldn’t be managed with local volumes. If you want to do something like this then kubernetes with persistent volume claims would be better, but running databases in k8s can be pretty tricky. Most of the time RDS is the best practice for your DB.
There’s no mention of kubernetes persistent volume claims.. it does mention that you can swap out a DATABASE_URL env var here:
> Or perhaps you want to use a managed PostgreSQL database in production but run PostgreSQL locally in a container for development.
It’s mentioned in passing with no discussion of why you should not run your database in docker compose - a very common use case - so the reasons I mentioned were not explicitly discussed.
