docker run --user limited_user ...
or
RUN groupadd appuser && useradd -g appuser appuser
USER appuser
docker run --user limited_user ...
or
RUN groupadd appuser && useradd -g appuser appuser
USER appuser
second
/thread
buying a new physical server per app
yes hello sir. in india we useing docker. very good kind sir.
I am still failing to understand what is real advantage of docker and mainly what are disadvantages
Advantage is not having to fiddle the OS installs and be able to redeploy on a clean environment at will.
Disadvantage is its yet one more tool that increases cognitive load.
>advantages
turns Works on my Machine™ into Works on Every Machine with zero configuration
>disadvantages
Some mind-bogglingly stupid design decisions (e.g. layers) that cannot be reversed now. And its main developers seem to actually find joy in introducing security vulnerabilities.
Neither. Docker-compose with uid and gid.
how can I run two docker containers with website both listening on port 80
Neither.
nix-shell -p ...
> Some mind-bogglingly stupid design decisions (e.g. layers) that cannot be reversed now
You can always make rkt better or whatever and then use that.
What’s wrong with layers though? It’s a safe and sound way to save build steps
podman
The only way that I know is to have a server on the front end (Apache,nginx,etc...) that forwards the traffic to the container. Then the docker containers can listen on any port and the webserver listens on port 80 and directs traffic via virtual hosts
I see well I already have fabric scripts which deploy my websites on clean debian install. Learning docker would not bring me anything good then
i'm new to that devops shit but i investigated the pipeline of the product i work on in my internship and does docker seriously set up a vm and compile all the dependencies and shit every time you want to test your shit? that's awfully inefficient.
podman
/debate
None. Use Jails.
Yea, for a simple website docker probably isn't the best. The benefit would be offloading the setup from the startup script to the docker scripts. But it's probably not necessary.
That being said, docker is still a great tool to have knowledge in, and more and more companies are moving to it, so I can't say that learning it for personal development is a waste.
This
no, read the docs
>using docker whixh is sponsored by NSA and FBI and has known unfixable vulns over VMs that boot in under 5 seconds