0

I am running a CENTOS Server and will be installing the Docker Engine on top of that where needless to say, I will be setting up my containers. I'll initially be setting up two containers: (1) serve my web pages (2) run my database.

My thought process was that I would install FirewallD on the CentOS. My questions are the following:

  1. Do I need to install some sort of firewall within the containers itself? If so, can someone at a high-level tell me how this is done and what firewall I would be installing at the container level?

  2. Do I need to open some ports within FirewallD running on CENTOS to access the Docker Engine / Containers?

  3. As you can tell, this will be my first developing with containers, so do I need to create the containers first on the server and then on from my development machine push the containers to the identified container?

I would appreciate it if I could get some guidance here as I'm tasked to do this, but not sure of the correct path.

Thanks again.

I really have not tried much as I'm not sure where to begin. Currently I have just been doing some research on my use case.

user2613126
  • 55
  • 1
  • 1
  • 5

1 Answers1

0

Q) Do I need to install some sort of firewall within the containers itself?

A) No, not really. Containers can only communicate via the ports the configuration specify to open.

Q) Do I need to open some ports within FirewallD running on CENTOS to access the Docker Engine / Containers?

A) TCP/IP port 443 if you want to access the daemon via the REST API. Other wise, and probably more secure, leave remote access off. SSH into the machine and interact with the daemon locally.

Q) ...do I need to create the containers first on the server and then on from my development machine push the containers to the identified container?

A) Create the containers on development, push the image to a repository (Docker Hub is one, AWS ECR is another, you can also host your own). Access the server, then finally pull the images from the repository onto the server.

As for where to begin; At the beginning :D. But really, https://docs.docker.com/get-started/ has a 'getting starting' to start you off. Linux Academy, A Cloud Guru, Lyda, Udemy, and other similar learning resource are all solid starting points.

Hope this helps you on your journey.

David J Eddy
  • 1,999
  • 1
  • 19
  • 37
  • Thank you David for getting back to me so promptly. David if I use Docker Hub, does that mean my container will be made available? I am doing some work for a private client and I do not think they would want me to share their containers publicly. You mentioned that about pulling from the Docker Hub, so correct me if I am wrong, what you are saying is from my development server I would push to the Docker Hub and then from my production server I would pull from the docker hub, is that correct? Thanks once again buddy for your feedback. – user2613126 Mar 29 '19 at 17:41
  • "... if I use Docker Hub, does that mean my container will be made available..." Yes. BUT, Docker Hub offers privates repos as well. "...development server..." I am not familiar with your configuration, development to me is your local desktop. But a 'development' server != production server. Then yes. Push from dev to repo, pull on prod from hub. Also not, you can host your own (private / secured) 'Docker Hub' as well. – David J Eddy Mar 29 '19 at 19:03
  • Thanks David, by development I mean my local machine, then we would want to post it to Docker Hub (private repo) and then from there pull it to our production server. In our case we also have a staging environment, so we would first pull it to our staging environment and once properly qa'd and etc... then pull it from production from docker hub. Does this sound about correct to you? David, again many thanks on your feedback. – user2613126 Mar 29 '19 at 20:43
  • That sounds exactly right. Since every image pushed to your repo. has a version, that person becomes immutable; a good practice. It sounds like you have the concept and process figured out now. Best of luck! – David J Eddy Mar 31 '19 at 01:12