Docker ISPConfig

Discussion in 'Tips/Tricks/Mods' started by Jerob, May 16, 2015.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    Not sure if this wont cause a lot of overhead, when you have hundreds of sites then you need hundreds of running docker containers.
     
  2. skylite

    skylite New Member

    They should not run all the time, plus if you run them from the same image, they will use a lot less storage space because of the way how docker handles images (via layers). I tried to use dockers for this purpose on ispconfig, my only problem was that each ssh container required a new port, so I ended up creating a "master" container which redirects requests to the inner containers in sshd_config (some call this ssh bastion host) But this kind of connection can only be used from winSCP at the moment (cyberduck has some plans to make the ssh connection work trough bastion host but it's not yet implemented. My only concert when it comes to jailkit is te amount of storage space needed each time you create a jail, and also docker is much more secure.
     
  3. fbarcenas

    fbarcenas Member

    yeah, I was thinking the same thing. Plus, if you have a dedicated MySQL instance container, how would that work with docker? Would you need a synced db container across all the docker swarm servers?
     
  4. skylite

    skylite New Member

    If the sites themselves are inside docker then yes, one site should require one unique container for each process so:
    - apache
    - php (or other running environment, ruby, python..)
    - mysql
    - ssh
    The siteroot could be on a separate volume.
    This can easily be done with docker-compose you just need a good template file from which you create your images.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The jails are used by cron as well, so you will have to run a docker container for each website which has cronjobs.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    This might be a nice setup for very small systems, but I have real doubts about how this performs when you need thousands of docker containers on a system to host the sites plus the memory overhead to run a separate apache and mysql instance. Let's say a typical medium-sized hosting node hosts 800 websites, then you have 800 docker containers for apache, 800 for php, 800 for mysql and 800 for ssh makes 3200 docker containers in total. How long does a reboot take when docker starts 3200 containers, the memory usage will probably a few hundred times higher with a setup that uses a docker instance for each service and each site. Thus said, docker has definately some advantages and it's nice for servers that host one site or max. a dozen sites, but I guess such a setup can not replace a normal shared hosting setup which.
     
    skylite likes this.
  7. skylite

    skylite New Member

    Maybe you're right I don't have that kind of setup with dockers. It could work for small setups or websites which are under development, but not suitable for mass hosting.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe I get the time in future to do some plugins for ispconfig to setup a docker based multi-container system, it is definitely fascination and would solve a bunch of problems like all the adaptions for the different Linux distributions. But as with most solutions, it also brings other problems :) Such a setup is so much different from the current one that it probably will require to write a complete set of new server-side ispconfig plugins for the web, ssh, ftp, cron, and mysql service. But it might be worth trying it. The most limiting factor is my time here :)
     
    Milly, ahrasis and biforme like this.
  9. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    In case anyone finds this post in the future, this is very bad advice for any normal server, do not include /etc/mysql/ in your jails! (For anyone who has (@cypriot ?), you should check what all you find in the files therein, and see if that's something you want every one of your clients (and by extensions, public websites) to have a copy of.)
     

Share This Page