05-28-2021, 05:25 AM
(05-21-2021, 02:59 PM)LightDestory Wrote: Your guide is awesome... but I have a question: why not use docker?
To avoid repeating myself, read the quote below:
(09-27-2020, 06:19 AM)fChk Wrote: @fitkoh
Yesterday, when I read your OP, I confess that I had at least 3 objections by the time I finished reading it. The most obvious (ie running Docker on an OVZ VPS) has been addressed in my previous post. But there are 2 others that I've left out because they relate to the use of Docker itself inside a VPS! Thus, it's more of a 'philosophical' thing than anything else.
I've been using Docker since it gained traction in 2015/16 and I've developed a practical sense of when it should be used from when it should not (mostly because it's more of a waste of resources, because of the overhead.)
When you deploy your services via Docker on your VPS you consume more resources than it's necessary for those same services to be deployed natively/directly on your VPS, and that only make sense if you're just experimenting with Docker and are willing to incur that penalty OR if you already stack your services as a set of docker images that you migrate from place to place for deployment, of course at the price of that said penalty.
It's for this latter reason -portability- why Docker make more sense in the Cloud environment than in a VPS; and this is why most PaaS (Platform-as-a-Service) make use of them via various Orchestration mechanisms.
The second objection is the use of a control panel for Docker!! but this is personal and has to do with my bigger objection to Control Panels (CP) in general.
(........)
Thus, it's cool to run containers but inside a VPS it's a waste of resources.
(05-21-2021, 02:59 PM)LightDestory Wrote: I think that nowadays due to code injection issue and WP security-level it is safer to run in inside a container to protect your machine from attacks. For example, lately a CVE on Laravel component allowed some idiots to inject a crypto miner into my friend machine. I had a very hard time tracking it down. It if were a container I could just destroy and re-create without losing data.... if you set up persistent volumes on your environment.Docker containers are not as safe as you think they are!.. Docker engine runs as root, Docker containers might have root privileges if security measures aren't enforced at the containers levels. You can use Podman which runs rootless containers instead...
I will review your thread next week to see how you're doing on that front!..