loading...

Discussion on: Docker - Dev, Debug, Deploy

Collapse
patryktech profile image
Patryk

Thanks for sharing. A few (opinionated) things come to mind.

  • Always use git (or at least another CVS). Docker does not replace git.
  • Save your Dockerfiles, and docker-compose*.ymls inside your git repo.
  • Do use docker-compose. It makes everything easier. Seriously.
  • Why give everyone access to a shared container? Then if they make changes and push, you have no idea who to blame. Just let your team clone the repo, run docker-compose -f docker-compose.dev.yml up (or similar), and let them work on their own machines. The whole point of using git is so multiple people can work on their own copies at the same time.
  • Never run as root if not necessary, including inside containers. Docker has never cared much for security, and one of the things I do most often is override the USER inside my Dockerfiles.
  • Use ssh keys rather than a shared password, if you're going to be sharing an account. You should always use keys even if you don't share it, IMAO.
Collapse
eranelbaz profile image
eranelbaz Author

Hey!
I did not mean to replace git, as I said i'm using it to version control my code, not my environment

I know about docker-compose and ssh keys but I want to write this blog post for the average user, so I left it behind

And about using root I agree when it comes to "real" servers, when we talk about dockers you can in a single command restore it and so nothing bad can happen

Collapse
saws profile image
Info Comment marked as low quality/non-constructive by the community. View code of conduct
sg

I agree you should never blog how to do something insecurely by default just because it's easier. That's why the state of security is the way it is, and why all PHP coders suck.

Thread Thread
dorshinar profile image
Dor Shinar

All PHP codes suck? That's quite harsh. Most of the internet is written in PHP (including most of what Facebook makes). I think that's an offensive generalization. As eranelbaz said, he only uses it for local development. I think that as long as your shared environments (staging, production etc.) Are properly secured, setting up local unsecured docker is pretty much like running a local instance of your application with root. No harm, as no one has access to it but you.

Thread Thread
ibnux profile image
iBNu Maksum

Most of non PHP coders said PHP Coders are suck, because most of the job ask for PHP.

What's the most secure programming language?

It's all depend on Developer, not the programming language