The great debate

docker run --user limited_user ...

or

RUN groupadd appuser && useradd -g appuser appuser
USER appuser

Attached: baleen boi.png (538x402, 31K)

second
/thread

buying a new physical server per app

yes hello sir. in india we useing docker. very good kind sir.

I am still failing to understand what is real advantage of docker and mainly what are disadvantages

Advantage is not having to fiddle the OS installs and be able to redeploy on a clean environment at will.

Disadvantage is its yet one more tool that increases cognitive load.

>advantages
turns Works on my Machine™ into Works on Every Machine with zero configuration
>disadvantages
Some mind-bogglingly stupid design decisions (e.g. layers) that cannot be reversed now. And its main developers seem to actually find joy in introducing security vulnerabilities.

Neither. Docker-compose with uid and gid.

how can I run two docker containers with website both listening on port 80

Neither.
nix-shell -p ...

> Some mind-bogglingly stupid design decisions (e.g. layers) that cannot be reversed now
You can always make rkt better or whatever and then use that.

What’s wrong with layers though? It’s a safe and sound way to save build steps

podman

The only way that I know is to have a server on the front end (Apache,nginx,etc...) that forwards the traffic to the container. Then the docker containers can listen on any port and the webserver listens on port 80 and directs traffic via virtual hosts

I see well I already have fabric scripts which deploy my websites on clean debian install. Learning docker would not bring me anything good then

i'm new to that devops shit but i investigated the pipeline of the product i work on in my internship and does docker seriously set up a vm and compile all the dependencies and shit every time you want to test your shit? that's awfully inefficient.

podman
/debate

None. Use Jails.

Yea, for a simple website docker probably isn't the best. The benefit would be offloading the setup from the startup script to the docker scripts. But it's probably not necessary.
That being said, docker is still a great tool to have knowledge in, and more and more companies are moving to it, so I can't say that learning it for personal development is a waste.

This

no, read the docs

>using docker whixh is sponsored by NSA and FBI and has known unfixable vulns over VMs that boot in under 5 seconds