The Inception project at 42 involves designing a secure and modular infrastructure using Docker and Docker Compose. You will containerize multiple services like NGINX, WordPress, and MariaDB, with NGINX acting as the secure entry point.
π Key Features:
-
Using Docker Compose for multi-container management.
-
Ensuring security with SSL/TLS encryption and isolated services.
-
Configuring services to communicate through Docker networks.
The project focuses on practical experience with containerization, networking, and secure infrastructure management.
- π What is Docker?
- π οΈ Docker Architecture
- π§° Core Docker Components
- π Dockerfile Overview
- Docker Commands
- Difference Between Docker Containers and Virtual Machines
- π¦ About the Services
- π Docs
Docker is an open platform that simplifies the development, shipping, and running of applications by isolating them from the underlying infrastructure, enabling faster and more consistent deployment.
Docker is written in the Go programming language and leverages several features of the Linux kernel. It uses namespaces to create isolated environments called containers. When you run a container, Docker creates a set of namespaces for that container to ensure isolation.
Docker operates using a client-server architecture. The Docker client communicates with the Docker daemon to build, run, and manage containers. The client and daemon can run on the same machine or communicate remotely via a REST API over UNIX sockets or a network. Docker Compose is another client that manages multi-container applications.
Docker is a platform that runs software applications inside containers, providing isolated environments that make applications more efficient and portable. Let's explore the core components of Docker in detail:
Docker Engine is the software that builds, runs, and manages Docker containers. It consists of two main components:
- Docker Daemon (
dockerd): The background process that manages Docker containers. - Docker CLI (Command Line Interface): Allows users to manage Docker via the command line.
Visual: Docker Engine acts as the interface between the CLI and Docker Daemon, managing the container lifecycle.
Docker containers are lightweight, portable, and isolated environments that contain everything required to run an application, including application code, libraries, and dependencies.
- Containers: Containers are isolated units running a specific application or service. Each container is derived from a Docker image, and multiple containers can run on the same host.
Visual: The portability of containers across different systems, ensuring they work the same everywhere.
Docker images are read-only templates that contain everything needed to run a container, such as application code, libraries, dependencies, and configuration files. Containers are created from images.
- Dockerfile: A script that defines how to build a Docker image, specifying the base operating system, software, and configuration details.
Visual: The process of building an image from a Dockerfile.
Docker Hub is a central repository for storing and sharing Docker images. Users can download and share images via Docker Hub.
- Public Repository: Public images that anyone can access and use.
- Private Repository: Private repositories where users store images that only specific users can access.
Docker Compose is a tool for defining and running multi-container applications. Compose allows you to define all the services of an application in a single YAML file and start them all at once with the docker-compose up command.
- docker-compose.yml: A configuration file that defines each serviceβs image, network connections, and other settings.
Visual: A structure where multiple services are run simultaneously using Docker Compose.
Containers are isolated, so persistent storage is required to prevent data loss. Docker Volumes ensure that data is stored persistently across containers.
- Data Sharing: Volumes allow data to persist and be shared between containers, even if a container is stopped.
Visual: How data is transferred between containers using Docker Volumes.
Docker networks define how containers communicate with each other and with the outside world. Docker provides a virtual network environment for containers.
- Bridge Network: The default network type where containers can communicate with each other only within the same network.
- Host Network: Containers use the host machineβs network.
- Overlay Network: Enables communication between containers on different hosts.
Visual: How Docker network enables data communication between containers.
Dockerfile is a text document containing all the commands needed to assemble a Docker image. It includes various instructions to automate the creation of Docker images.
| Instruction | Description |
|---|---|
| ADD | Add local or remote files and directories to the container. |
| ARG | Define build-time variables. |
| CMD | Specify default commands to run when the container starts. |
| COPY | Copy files and directories into the container. |
| ENTRYPOINT | Define the default executable to run. |
| ENV | Set environment variables inside the container. |
| EXPOSE | Indicate which ports the container listens on. |
| FROM | Define the base image for the build. |
| HEALTHCHECK | Specify a command to check the health of the container. |
| LABEL | Add metadata to an image. |
| MAINTAINER | Specify the author of the image. |
| ONBUILD | Define instructions to be executed when the image is used in a build. |
| RUN | Execute commands during the image build. |
| SHELL | Set the default shell for the container. |
| STOPSIGNAL | Define the signal to stop the container. |
| USER | Set the user and group ID for running commands. |
| VOLUME | Create mount points for volumes. |
| WORKDIR | Set the working directory for subsequent instructions. |
Docker is a powerful tool for managing containers. Here are some essential Docker commands to get you started:
Displays the installed Docker version.
docker --versionRuns a container from an image.
docker run -d -p 8080:80 nginx
Starts a container in detached mode and maps port 8080 on the host to port 80 inside the container.
Lists running containers.
docker ps
Executes a command inside a running container.
docker exec -it <container-id> /bin/bashBuilds an image from a Dockerfile.
docker build -t myapp .Lists all Docker images on your machine.
docker images
Stops a running container.
docker stop <container-id>Starts a stopped container.
docker start <container-id>
Removes a container.
docker rm <container-id>
Removes an image.
docker rmi <image-id>
| Feature | Docker Containers | Virtual Machines (VMs) |
|---|---|---|
| Operating System | Containers rely on the underlying OS kernel and do not have a separate guest OS. | VMs have their own operating system, which runs on top of a hypervisor. |
| Size and Resource Usage | Containers are lightweight because they donβt include an OS, just the application and necessary libraries. | VMs are significantly larger because they include the entire OS and application, requiring more resources. |
| Resource Sharing | Containers share resources like CPU, memory, and storage with other containers on the same host OS. | Each VM has its own resources like CPU, memory, and storage, which are isolated from other VMs. |
| Process Isolation | OS-level process isolation, sharing the kernel with other containers. | Hardware-level process isolation, which makes VMs slower to boot and more resource-intensive. |
| Boot Time | Containers boot up quickly as they share the underlying OS kernel. | VMs are slower to boot because they require starting up a full operating system. |
| Use Case | Ideal for microservices, lightweight applications, and environments that need fast scaling. | Best for running multiple different operating systems or applications that require full OS environments. |
NGINX is a high-performance, lightweight web server and reverse proxy. It excels at handling HTTPS traffic, load balancing, and caching, making it a staple in modern web architectures.
- Acts as the secure entry point for all external traffic.
- Manages TLS/SSL certificates to enable encrypted HTTPS connections.
- Forwards incoming requests to the internal WordPress container.
- Exposed Port:
443 (HTTPS) - Forward Target: WordPress container (via internal Docker network)
Provides a secure and centralized access point for external users, protecting and directing traffic to backend services.
MariaDB is a powerful, open-source relational database derived from MySQL. It offers excellent performance, stability, and MySQL compatibility.
- Serves as the database engine for WordPress.
- Stores:
- Posts and pages
- User credentials
- Comments and site settings
- Exposed Port:
3306(within the Docker network) - Accessible By: WordPress container only
Acts as a secure and structured data store for all dynamic content used by WordPress.
WordPress is the worldβs leading Content Management System (CMS). It enables users to create and manage websites easily using themes, plugins, and an intuitive admin interface.
- Hosts the web application users interact with.
- Written in PHP and connects to MariaDB for dynamic content.
- Exposed to the web only via the NGINX reverse proxy.
- Receives Requests From: NGINX (secured with HTTPS)
- Connects To: MariaDB for database operations
Provides the frontend and administrative interface for building and managing a dynamic website.
--