What is the purpose of running PHP-FPM in its own container instead in the same container as apache2/nginx?

I’m fairly new to Docker so excuse any obvious ignorance or misunderstandings. That said, I’ve been coding and configuring web applications for a long time now. I have recently been dabbling with some more sophisticated (Docker and “traditional”) web/application server setups and experimenting with performance enhancements and simplifying deployments.

My personal favorite configuration to use for most projects thus far is nginx as a (mostly) “static file” web server &&|| caching mechanism &&|| Load Balancer in a reverse proxy config with Apache v2.4+ as the “backend” which runs PHP (also Perl &&|| Python) in a “FastCGI” (PHP-FPM) configuration (with mod_php disabled) and mpm_events (instead of mpm_prefork). We can always add in something else also such as REDIS or memcached, where applicable (but I rarely see a significant performance gain when using Cloudflare caching).

I’ve been dabbling with a few different ways to keep my “favorite web server composition” flexible and “ephemeral” enough to accommodate any and all possible options for further performance gain or resource load management. What I keep seeing is that there seems to have been a shift towards using PHP-FPM in its own separate “stand-alone” Docker container sometimes around late 2019.

Why?

While I can appreciate keeping resources isolated and separate for an easier to debug/config/secure configuration(s), I don’t fully understand what the benefits are to having PHP-FPM in a separate Docker container that is implicitly REQUIRED by the application that the Docker containers are comprising.

If anything, having a separate PHP-FPM container seems like additional configuration, additional resource consumption and an even more complicated build/deploy consideration in a CI/CD pipeline.

I can even get onboard with “simple preference”, such as instead of using Apache2 and nginx on the same Ubuntu/Debian or RHEL/CentOS container, break off nginx into its own container(s) and simply config your hostname(s) &&|| IPs and ports appropriately.

But what is a practical use case and advantages for having PHP-FPM separated from Apache or nginx containers for any additional benefit beyond perhaps using more Dockerfile &&|| docker-compose.yaml and less ba.sh scripting to get the same job done? If any part of the application fails or falters, then functionality will suffer. The additional network &&|| docker-network communications and hostname resolutions seems like it would just be a performance penalty over combining certain aspects of the docker-composer-ed application together, rather than splitting them up simply for the sake of splitting them up.

Go to Source
Author: kanidrive

I am trying to set up security for KIbana in docker setup and facing some issues

Let me elaborate.
1.The set up is inside the Docker container.
2.We have this architecture filebeat->logstash>elasticsearch->Kibana
3.I have enabled security in kibana,set up the password authentication,given the username and password in elasticsearch.yml
4.I am getting the login page for kibana
5.Issue is that once I enter the elastic credentials it does not take login to kibana page,insated it comes back to the credential page again.

The credentials are correct,whenever I try to enter a wrong credential, it throws errors ,so confirming that it is the correct credential which I am entering.
I have done the configurations in windows and it is successful,however I am having issue in docker.

The version which I am using is compatible according to the metrix, I am using 7.9 kibana and elasticsearch
Logs shows authentication to elasticsearch failed.

Please advise.

Go to Source
Author: Sneha

docker run vs docker-compose – different results?

I have just started exploring Docker and am having trouble with docker commit/-compose.

I have copied a file into /root/.guacamole/lib (in the container) and then created an image using docker commit.

An ls of the relevant path in the container using

docker run -it --name="name" image bash

confirms that the file exists, but when the following docker-compose file sets up the container, the file is missing, even though it reports using the same image.

Any idea why that should be?

Thanks

$ cat docker-compose.yml
version: "2"
services:
  guacd:
    image: "guacamole/guacd"
    container_name: guacd
    hostname: guacd
    restart: always
    volumes:
      - "/data/shared/guacamole/guacd/data:/data"
      - "/data/shared/guacamole/guacd/conf:/conf:ro"
    expose:
      - "4822"
    ports:
      - "4822:4822"
    network_mode: bridge

  guac2:
    image: "guac2"
    container_name: guac2
    hostname: guac2
    restart: always
    volumes:
      - "/data/shared/guacamole/guacamole/guac-home:/data"
      - "/data/shared/guacamole/guacamole/conf:/conf:ro"
    expose:
      - "8080"
    ports:
      - "8084:8080"
    network_mode: bridge
    environment:
      - "GUACD_HOSTNAME=pc.lan"
      - "GUACD_PORT=4822"
      - "MYSQL_HOSTNAME=pc.lan"
      - "MYSQL_PORT=3306"
      - "MYSQL_DATABASE=guacamole_db"
      - "MYSQL_USER=guacamole_user"
      - "MYSQL_PASSWORD=password"
      - "GUACAMOLE_HOME=/data"

Here is the terminal text:

user@pc:~$ docker run -it --name="test" guac2 bash
root@b6dcd7dda985:/opt/guacamole# cd /root/.g*/lib
root@b6dcd7dda985:~/.guacamole/lib# ls
mariadb-java-client-2.6.2.jar  mysql-connector-java-5.1.46-bin.jar  mysql-connector-java-5.1.46.jar
***[NB 3 files listed above]***
root@b6dcd7dda985:~/.guacamole/lib# exit
exit
user@pc:~$ docker stop test
test
user@pc:~$ docker rm test
test
user@pc:~$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
ea92c2db77f6        guac2               "/opt/guacamole/bin/…"   51 minutes ago      Up 51 minutes       0.0.0.0:8084->8080/tcp   guac2
52aea98f7e2c        guacamole/guacd     "/bin/sh -c '/usr/lo…"   About an hour ago   Up 57 minutes       0.0.0.0:4822->4822/tcp   guacd
user@pc:~$ docker stop guacd
guacd
user@pc:~$ docker stop guac2
guac2
user@pc:~$ docker rm guacd
guacd
user@pc:~$ docker rm guac2
guac2
user@pc:~$ docker-compose up -d
Creating guac2 ... done
Creating guacd ... done
user@pc:~$ docker exec -it guac2 bash
root@guac2:/opt/guacamole# cd /root/.g*/lib
root@guac2:~/.guacamole/lib# ls
mysql-connector-java-5.1.46-bin.jar  mysql-connector-java-5.1.46.jar
***[NB only 2 files listed above]***
root@guac2:~/.guacamole/lib# exit

Go to Source
Author: Gareth

Minecraft docker-container refuses connection

So I have this Dockerfile:

FROM openjdk:8u212-jre-alpine

LABEL maintainer "cowboy_patrick"

RUN apk add --no-cache -U 
  openssl 
  imagemagick 
  lsof 
  su-exec 
  shadow 
  bash 
  curl iputils wget 
  git 
  jq 
  python 
  tzdata 
  rsync 
  nano 
  sudo 
  knock 
  ttf-dejavu
  
EXPOSE 25565 25565

COPY minecraft /root/minecraft
WORKDIR /root/minecraft


RUN chmod +x /root/minecraft/start_minecraft.sh

CMD /root/minecraft/start_minecraft.sh

This just copies an existing world into an alpine with java and executes some prewritten scripts, I had written for running it on a vps (doing automatic backups etc.)

When I execute it with

docker run –network host -p 25565:25565 –name mcs mcserver

I can see the following in the container-dashboard:
port forwarded

For good measures you can see my console-output here but it’s pretty standard. Just a minecraft-server that boots up.

The only thing I don’t understand is why the connection gets refused when I try to join localhost:25565:
connection refused

Does anyone have an idea on how I can allow this connection? And in extent allow connections from outside my machine (assuming that port-formwarding and everything works).

Go to Source
Author: Cowboy_Patrick

How to resize docker volume after creation?

I would like to limit my docker volumes in size, So I don’t have one container crashing my entire environment because of excessive writes depleting my storage space.

I found it is possible to limit volumes size at creation time using --opt o=size=100m
However Is it possible to change the size limit after I have created the volume?

Go to Source
Author: GKman

Flask applicatio HTML Code Not Accessing Images

I have written a basic application in flask (in a docker image) which has an HTML page that needs to show two images. Due to some strange problem, the server is getting 404 errors for both of the images even though the images are at the right path. Attached are the screenshots of the directory output, and the error. Following is the HTML tag calling that image file:

<img src="input1.jpg" alt="" width="130" height="100" />

The directory structure in the container leading to the image:

apptemplatesinput1.jpg

The directory structure in the container leading to the HTML page is:

apptemplatesresult.html

Error line:

17.0.1 - - [29/Aug/2020 13:54:47] "GET /templates/input1.jpg HTTP/1.1" 404 -

Thank you.

Go to Source
Author: Muhammad Usman

Difference between a buildpack and a dockerfile?

I understand a dockerfile to be a comprehensive set of instructions to completely build an application’s production (and development for that matter) environment from scratch (or at least from a bare linux distribution).

I understand a buildpack to be something responsible for retrieving and installing collections of dependencies and (similarly to docker) merging these to provide the app’s running environment. I also see from here:

Buildpacks were first conceived by Heroku in 2011. Since then, they have been adopted by Cloud Foundry and other PaaS such as Google App Engine, Gitlab, Knative, Deis, Dokku, and Drie.

But I wonder what are the differences then? E.g.

  • Are dockerfiles allowing more options than heroku buildpacks?
  • Do both have the same capabilities in terms of permissions and users?
  • Are they as versatile as eachother? (I know docker images can be run almost anywhere there is docker, is the same true of buildpacks?)
  • What other differences are there?

Go to Source
Author: stevec

Deployment of Docker containers on ECS(Tcp Server Java)

The given problem:

  • Created a Java Tcp Server with Eclipse vertx(Toolkit for building
    reactive,event driven)applications on JVM. The applicatino has two
    Tcp Servers which are running on port numbers:
    server1(port:5050);server2(5051)

  • I created a Docker image and was running the application inside a
    container and all works fine locally.

  • I want to deploy the docker container on ECS(Amazon Container
    Service) and to use Network Load balancer,the question is how can i
    assign different ports to different containers if in the Java code i
    was setting up explicity

//tcp server 1 listens on port 5050

server..listen(5050)
  • and how does ECS manages what ports to assign to what container?

    The tcp client is always targeting one ip adress and one port number
    it cannot be changed.

    Thanks!

Go to Source
Author: user581026

What is the best way to deploy a short living process when you have no machine?

I’m new to devops .

I created a converter and want to deploy it . The converter converts a 3D model from a format to another and then you’ll be able to visualize the outpout file on the platform and then you can download the file if you want to.

when bench-marking the process , i found out that for now it runs up to 1 minute when the files are really big , I’m using azure just moved to aws this week . For now the converter converts one file at a time and uses blender’s python library and a c++ library ( when trying to use docker i built these inside the container )

I started by creating a docker container that will read a heavy blob and then output the converted file but figured out that docker is not designed to read local files .

I’m searching for the right model to host this . Is docker a good solution ? If not , is there other ways to do this ?

Go to Source
Author: tawfikboujeh

Unable to build Image as it is asking some input

I am trying to create an Image which will run ftp server on centos. Dockerfile content is as below:

FROM centos
 
RUN 
  yum update -y && 
  yum install vsftpd -y 
 
EXPOSE 21
CMD vsftpd -DFOREGROUN

I am running below command :

docker build -f webserver .

which is asking me input as below:

Please select the geographic area in which you live. Subsequent configuration
questions will narrow this down by presenting a list of cities, representing
the time zones in which they are located.
 
  1. Africa      4. Australia  7. Atlantic  10. Pacific  13. Etc
  2. America     5. Arctic     8. Europe    11. SystemV
  3. Antarctica  6. Asia       9. Indian    12. US
Geographic area: 9

once I enter 9 and press enter button, it stuck at the same window. Can you please help me, how should I process this?

Go to Source
Author: Puneet Dixit

How to send user input as some text inside Dockerfile?

I have following Dockerfile:

FROM ubuntu
RUN apt-get -y update
RUN apt-get -y install ttf-dejavu
COPY ./soap.sh /
RUN chmod +x /soap.sh
ENTRYPOINT ["/soap.sh"]
CMD ["/script.sh", "arg1"]

I am trying to install SoapUI using above Dockerfile.

Using above Dockerfile, I am able to build the image Successfully as shown below:

root@test00-new:/home/sam/1_Docker# docker build -t balu1 .
Sending build context to Docker daemon  385.8MB
Step 1/8 : FROM ubuntu
 ---> 1e4467b07108
Step 2/8 : MAINTAINER Sample
 ---> Running in c6dc0992d25c
Removing intermediate container c6dc0992d25c
 ---> 7ecd8a4fcbfd
Step 3/8 : RUN apt-get -y update
 ---> Running in aa6467b0fc5c
 ---> cd3b7f8f5389
Step 4/8 : RUN apt-get -y install ttf-dejavu
 ---> Running in 8fcc7ce6ab9f
 ---> 55649115b86c
Step 5/8 : COPY ./soap.sh /
 ---> 2c236754e2d5
Step 6/8 : RUN chmod +x /soap.sh
 ---> Running in 408d72761df5
Removing intermediate container 408d72761df5
 ---> 17d2afb0bc43
Step 7/8 : ENTRYPOINT ["/soap.sh"]
 ---> Running in 0b10d8b91d65
Removing intermediate container 0b10d8b91d65
 ---> a7d0b50d4fdd
Step 8/8 : CMD ["/script.sh", "arg1"]
 ---> Running in a8ba5d134b5d
Removing intermediate container a8ba5d134b5d
 ---> d41cffedccda
Successfully built d41cffedccda
Successfully tagged balu1:latest
root@test00-new:/home/sam/1_Docker# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
balu1               latest              d41cffedccda        29 seconds ago      351MB
ubuntu              latest              1e4467b07108        3 weeks ago         73.9MB
root@test00-new:/home/sam/1_Docker#

But When I run the docker using above image, I am getting the following output:

root@test00-new:/home/sam/1_Docker# docker run balu1 OK
Unpacking JRE ...
Preparing JRE ...
Starting Installer ...
This will install SoapUI 5.2.1 on your computer.
OK [o, Enter], Cancel [c]
root@test00-new:/home/sam/1_Docker# 

In the above case how to handle user input in Dockerfile?

I need to send a letter o or ENTER as input inside Dockerfile

Please guide me on this.

Go to Source
Author: data123

docker-compose fail to maintain up centos build

Im building a basic centos image with only some packages but Im forgotting something because finish well but not maintain the container. What Im doing bad?

docker-compose:

version: '3'
services:
  config_server:
    build: ../common/docker/ansible/.
    stdin_open: true
    volumes:
      - ../../api:/var/www/api
      - ../../server:/var/www/server
      - ../server/provision/server:/tmp/ansible
    working_dir: /tmp/ansible
    networks:
      net:
        ipv4_address: 172.28.0.10
    command: ansible-playbook playbook.yml

networks:
  net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.28.0.0/24

Dockerfile:

FROM centos:7
RUN yum makecache && yum install -y epel-release wget
RUN yum install -y ansible

I would like to check If all tasks was well, and using:

docker logs 

I see logs from ansible script finishing well. But I don’t know why not maintains container with Exited (0) error

command used is

docker-compose up -d --build 

Suggestions?

Go to Source
Author: deconya

Combining Two Containers

I’m working on a Windows laptop and running Docker for Windows on it. I want to run an Ubuntu container with a specific version and a MySQL server on it. So the question is, do I have to download MySQL on the Ubuntu container or can I run 2 containers (Ubuntu and MySQL) and combine them? How do I combine these 2 containers?

Go to Source
Author: user19215

How to run Dockerfile agent on a Jenkins Slave Node?

I have an issue with Running Dockerfile in Jenkins Pipeline on a Slave Node server.
Have posted in main StackOverflow portal. happy to see this DevOps Stackexachange portal.

just linking the ticket here : https://stackoverflow.com/questions/63364558/how-to-run-dockerfile-agent-on-a-jenkins-slave-node/63366121

It would be really helpful if someone can share their thoughts.
Thanks in advance.

Go to Source
Author: Venkatesha K