DEV Community

loading...

Discussion on: Deploy your NodeJS App to a server with Docker

Collapse
creekorful profile image
Aloïs Micard

This article is pretty good nice job!

Just a little suggestion, why install Nginx on the host where you can run it in a docker container and increase isolation? Since you've already containerize your app just add the reverse proxy as a container and all you'll need on your host is the docker runtime. :)

Another thing regarding firewalling: if you are using DigitalOcean like you wrote, I suggest using their cloud firewall directly. It's much easier to use and you can share firewall configuration for multiple hosts. Using UFW on a Docker host can by painful BTW and it won't works by default! Docker network isolation works by playing a LOT with iptables, and therefore UFW rules are bypassed.

If you still want to use ufw, I suggest taking a look at: github.com/chaifeng/ufw-docker wich fix this issue.

Other than that great article, keep going!

Collapse
mrwormhole profile image
Talha Altınel

Bad suggestion, web server/reverse proxy has to be outside of containers and only 1. Otherwise you will run into port issues with existing nginx containers when you deploy more web apps into a single VPS. Not to mention you will quickly reach ram's limit

Collapse
creekorful profile image
Aloïs Micard

RAM consumption for Nginx isn't that high, an HA instance may consumes <30MB RAM, see this link for more details.

For the port issue, what you can do is have a single Nginx instance running with privilege mode to bind in :80, :443. This way you still have process isolation and are covered in case someones exploit your web-server.

Thread Thread
mrwormhole profile image
Talha Altınel • Edited

That makes sense for a reverse proxy but for a server that can host static websites(monolith full stack applications) it can be a trouble to manage with volumes.

Collapse
arnu515 profile image