In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

Should I Use Docker in Production Environment? Is It Safe? 
Tips

Should I Use Docker in Production Environment? Is It Safe? 

by RADU SIMILEANU on Aug 31 2018

“Should I use Docker in production?” 

Are you "torn” between:

Docker's superpower as a container platform and all the security concerns related to the Docker model?

“Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix —  who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?                    

Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:

 

  • whether Docker is right for your own unique project, as well
  • how a container infrastructure works (compared to a traditional environment) 
  • what it takes to use Docker in production
  • which are the common misconceptions and issues with Docker in production

     

And, most of all: based on your own use case, should you be running Docker in production environment or not?

 

1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?”

Before asking yourself:

 “Should I be using Docker in production? How safe is it?”

… you'd better answer one critical question:

“What will I do with Docker in production?”

And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:

 

  • How will you monitor Docker containers in production?
  • How will things be deployed?
  • How will backups be performed?
  • What about updates? How will they be handled?

     

Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:

 

  • What services will your Docker containers get access to?
  • Are you able to restrict their access to the host system?
  • And what kind of “privileges” will they get?

     

  

So many things to clarify before you can ask yourself:

“Should I use Docker in production?” 

 

2. Container Infrastructure vs Traditional Environments

How does a Docker container infrastructure work?

It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not.

Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements.

In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers.

Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.

 

3. 2 Most Common Misconceptions about Using Docker in Production

Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that:

"Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology."

Well, not quite...

Now, let's “bust some Docker-related myths” once and for all:

 

3.1. Running Docker in Multi-Host Production Environments Is (So) Simple

It's almost grown into a universal truth that:

Using Docker even in a multi-host production environment is... nothing but a child's play.

It is technically possible, indeed, yet, it's far from simple!

Before running Docker in a multi-host network —  in a robust and safe way, I mean —  you need to consider and to put in place the proper management of a whole lot of variables:

 

  • orchestrating container deploys with no downtime at all
  • managing container logs
  • ensuring that the private image repository's 100% secure
  • managing container logs
  • properly handling all container deploy roll-backs

     

And the list is almost a never-ending one...

See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.

 

3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure

Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”?

And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure.

That it's conveniently easy to use and it fits all use cases.

Wrong! 

You need to take a whole lot of aspects into account before using Docker in production:

It requires a robust, stable foundation/infrastructure!

In other words, if your current system does not have:

 

  • an automated system setup 
  • a fully secured least-privilege type of access
  • automated deploys
  • easy-to-be-restored and 100% secure database backups
  • and more

     

... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...

 

4. Choosing the Right Path From Test Environment to Production Environment

The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path.

This can be either:

 

  • predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter) 
  • DIY
  • a rented cloud service
  • a pre-made platform

     

Choose your path wisely!

 

5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker

 

5.1. The Docker Engine: Tweaking Its Default Settings Is a Must

As I've been trying to stress out here:

Running Docker in production does require certain preparations and considerations.

For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings.

They're not suitable for production usage!

Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment.

Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:

 

  • cleaning up containers
  • … volumes
  • … logs

     

these are all your configuration's responsibility.

And 2 more words of caution/pieces of advice:

 

  • keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using)
  • keep both your Docker engine and the kernel safely up-to-date 

     

5.2. A Well-Built CI/CD Pipeline Can Save Your Life

And it's just partly an exaggeration...

For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders.

In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts...

Tip: remember to script everything; also, to version control each and every script and configuration.

 

5.3. Security: Handle It Properly, Right from the Testing Environment

In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue.

Moreover, you should give it due consideration right from the testing environment...

Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.

 

6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient?

Back to our initial question:

“Is it safe to run Docker in production environment?”

My answer to you is:

It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production.

Meaning:

 

  • applying updates
  • running your CI tests
  • automating... everything
  • closely monitoring your Docker containers once in production
  • using the available tools
  • running only current versions
  • running only one process per container 
  • “supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.) 
  • etc.

     

In short: Docker is only as safe as its users' implemented safety measures.

Technically, it can be used in production. 

When it comes to safety, Docker's come a (really) long way since its early days. 

With:

 

... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage.

Yet, to your “Should I use Docker in production?” type of question I can only answer:

“You should, if you don't do it blindly and you commit yourself to following the best practices”

 

7. In Conclusion...

If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:

 

  1. don't jump blindly into Docker; take your time to think through all the involved aspects
  2. keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password
  3. Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

Tips
Website Security Best Practices

Website Security Best Practices

  Website security is an important consideration for any business or organization with an online presence. With the ever-increasing threats posed by cybercriminals, it is essential to ensure that your website is secure and protected from malicious attacks. Implementing best practices in website security can help protect your website from hackers, malware, and other malicious activities and security issues. This article will discuss some of the best practices for website security and how you can stay away from cybercriminals and improve your security posture.    "Cybersecurity is a shared responsibility, and it boils down to this: in cybersecurity, the more systems we secure, the more secure we all are." - Jeh Johnson Overview of Cybersecurity in 2023 The cybersecurity landscape heads towards a privacy-first approach to information security in 2023. Also, aligning regulations globally will allow businesses to gain more security and data protection.  There are growing voices that give their positive vote to passwordless authentication, which will presumably eliminate the risk of password breaches and amplify organizational security.  However, the rise of the Internet of Things (IoT) devices will likely increase security risks for organizations and expose more security vulnerabilities.  So how can websites cope and become more agile and accessible in this uncertain cyber landscape?   Best Website Security Practices in 2023 At the moment, the best website security practices involve a combination of proactive measures and reactive responses. Proactive measures include implementing strong authentication methods, encrypting data, and regularly patching software. Reactive responses include monitoring suspicious activity and responding quickly to identified security threats or security breaches. Strong Authentication Multi-factor authentication is one of the most important best practices for website security. It involves using two or more factors to verify a user’s identity, such as strong login credentials, and a biometric factor like a fingerprint or facial recognition. This ensures that only authorized users can access the website and its data, protecting it from unauthorized access. Additionally, strong authentication can help protect against phishing attacks, which are attempts to gain access to sensitive information by posing as a legitimate website. Encryption Encrypting data is another significant best practice for website security. Encryption scrambles data so that it can only be read by the intended recipient, making it more difficult for hackers to access sensitive information. It also helps protect against man-in-the-middle attacks, which occur when a hacker intercepts data as it is being transmitted between two parties. Software Patching Software updates are another important best practice for website security. Regularly patching software helps protect against vulnerabilities that can be exploited by hackers. It also ensures that the latest security features are in place, making it more difficult for attackers to access sensitive information. Monitoring and Response Reactive responses like monitoring suspicious activities or responding quickly to identified threats are two valuable tools for website security. Monitoring for suspicious activity can help identify potential threats before they become a problem. Responding quickly to identified threats can help minimize the damage caused by malicious code. Conclusion Keeping websites secure in 2023 involves a combination of proactive measures and reactive responses. These best practices are just some measures you can take to protect your digital assets. If you want to go more in-depth and opt for complex ways to secure your website, don't hesitate to contact Optasy.    Photo credit: Pixabay.... Read more
Raluca Olariu / Jan 25'2023
DrupalTips
Top Drupal Debugging Techniques

Top Drupal Debugging Techniques

  Debugging is an essential part of developing any website, and Drupal is no exception. Debugging in Drupal can be a complex process due to the complexity of the system and its many components. However, with the right techniques, it is possible to identify and resolve issues quickly. In this article, we will discuss some of the top debugging techniques for Drupal that can help you troubleshoot your website more efficiently. We will cover topics such as using the Devel module, using Xdebug, and other helpful tips and tricks. With these techniques in hand, you'll be able to recognize and repair any problems on your Drupal site quickly.     Using the Devel Module for Debugging The Devel module is a powerful tool for debugging Drupal websites. It provides a suite of tools to help you quickly identify and resolve issues. The Devel module includes features such as the ability to view database queries, generate dummy content, and debug PHP code. It also has an API that allows developers to create custom debugging tools. Using the Devel module can be helpful when trying to identify the source of an issue. It can also be used to generate dummy content for testing purposes.     Utilizing Xdebug for Troubleshooting Xdebug is a powerful debugging tool that can be used to troubleshoot issues on Drupal websites. It provides detailed information about the code execution, including stack traces and variable values. This can help developers quickly identify the source of an issue and resolve it more efficiently. Xdebug also has features such as breakpoints, which allow developers to pause the execution of code at certain points to inspect the application's state. This can be helpful when trying to identify and fix complex issues.     Leveraging Drupal's Logging System Drupal's logging system is a powerful tool for debugging websites. It provides detailed information about the events that occur on the website, including errors and warnings. This can be helpful when trying to identify the source of an issue. The logging system also allows developers to set up custom log levels, which can be used to filter out unnecessary information and focus on specific types of events. This can help developers quickly identify and resolve issues.   Using the Drupal Console for Debugging The Drupal Console is a command-line interface that can be used to debug Drupal websites. It provides commands for inspecting the database, generating dummy content, and running tests. This can be helpful when trying to identify and fix issues quickly. The Drupal Console also has an API that allows developers to create custom commands for debugging purposes.   Have You Completed Your Drupal 10 Migration? The release of Drupal 10 marks a major milestone for the platform, and it is important to ensure that your website is up-to-date with the latest version. Migrating to Drupal 10 can be a complex process, but it is essential for ensuring that your website remains secure and performs optimally. When migrating to Drupal 10, it is important to test the website thoroughly and use debugging techniques to identify and resolve any issues. The Devel module, Xdebug, and Drupal's logging system can all be used to troubleshoot any problems that may arise during the migration process. Don't forget to ensure that all of the modules and themes used on the website are compatible with Drupal 10. It is recommended to use the Update Status module to check for any available updates and apply them before migrating to Drupal 10. Additionally, it is a good idea to create a backup of your website before beginning the migration process in case something goes wrong. By taking these steps, you can ensure that your website is properly migrated and running smoothly on Drupal 10.     Conclusion Debugging in Drupal can be a complex process, but with the right techniques, it is possible to debug your website faster and easier. If you need more advice on your next web development project or on your Drupal 10 migration, our team of experts is here to help you. Contact us for more details.   Photo credit: Unpslash.... Read more
Raluca Olariu / Jan 16'2023
DrupalTips
Troubleshoot Your Website in 8 Easy Steps

Troubleshoot Your Website in 8 Easy Steps

  Having a website that runs smoothly is essential for any business. Unfortunately, website issues can arise from time to time and can be difficult to troubleshoot. The good news is that there are some simple steps you can take to identify and resolve common website problems. In this article, we'll discuss eight easy steps you can take to troubleshoot your website quickly and efficiently. With these tips, you'll be able to get your website back up and running in no time. 1. Check Your Server Status. The first step in troubleshooting your website is to check the status of your server. If your server is down or experiencing issues, it could be the cause of any problems you're having with your website. You can check the status of your server by accessing the control panel for your hosting provider. This will give you an overview of any issues that may be affecting your server and allow you to take the necessary steps to resolve them. 2. Review Your Website Logs. After checking your server status, your next step is to review your website logs. Logs are a great way to identify any errors or issues that may be occurring on your website. Reviewing the log files lets you pinpoint the exact source of the problem and take steps to resolve it quickly. Logs can also provide valuable insights into how visitors interact with your website, which can help you optimize your website for better performance. 3. Test Your Website Performance. The third step in troubleshooting your website is to test its performance. This can be done by using a tool such as Google PageSpeed Insights or WebPageTest. These tools will analyze your website and provide you with detailed information about its loading speed, page size, and other performance metrics. This will allow you to identify any areas of improvement that could help improve the overall performance of your website. 4. Inspect Your Code for Errors. If you've tested your website performance, your next step is to inspect your code for errors. This can be done by using a tool such as Firebug or Chrome DevTools. These tools will allow you to view your website's HTML, CSS, and JavaScript code and identify any errors that may be causing issues. Once you have identified the errors, you can take steps to fix them and ensure that your website is running smoothly. 5. Check for Broken Links. The fifth step in troubleshooting your website is to check for broken links. Broken links can cause a variety of issues, such as slow loading times and poor user experience. Various tools can help you identify any broken links on your website, such as Screaming Frog or Xenu Link Sleuth. Once you have identified the broken links, you can take steps to fix them and ensure that your website is running smoothly on all platforms, including mobile devices. 6. Ensure You Have the Latest Updates Installed. Ensuring that you have the latest updates installed is imperative if you want a highly performant website. Outdated software can cause a variety of issues, such as security vulnerabilities and compatibility problems. It's important to keep your website up-to-date with the latest versions of any software or plugins you may be using. You can check for updates by accessing the control panel for your hosting provider or by using a tool such as WP Updates Notifier. 7. Analyze Traffic Patterns to Identify Issues. You should also analyze traffic patterns to identify any issues that may be causing your website to perform poorly. Analyzing traffic patterns can help you identify any areas of your website that may be causing problems, such as slow loading times or high bounce rates. You can use tools such as Google Analytics or Hotjar to track and analyze user behavior on your website. This will allow you to identify any potential issues and take steps to resolve them. 8. Monitor Your Website Regularly. Finally, remember to monitor your website regularly, as it will allow you to identify any potential issues before they become serious problems. You can use tools such as Uptime Robot or Pingdom to monitor your website's uptime and performance. In this way, you can ensure that your website is running smoothly and that any potential issues are identified quickly so that they can be addressed promptly.   Drupal 10 for High Website Performance Drupal 10, launched last month, is the latest version of one of the most powerful content management systems that can help you achieve high website performance. Drupal 10 offers a range of features designed to improve the speed and efficiency of your website, such as caching, minification, and optimization.  Among the best features we can find: Symfony 6 compatibility. Site owners and module developers will benefit from as much Symfony 6 compatibility as possible, and Symfony 4 deprecations in Drupal 9 for Symfony 5 will be resolved. Supported solutions for rebuilding jQuery UI functionality by using either vanilla JavaScript or frameworks like React. jQuery UI components used by Drupal core will be removed. Best practices for deprecating modules. Users will be able to use a proper mechanism for naming, versioning, deprecating wrappers, etc. A 'lifecycle' - property can be used in info.yml files for themes and modules. Better decoupled developer and site builder experiences, especially for menu and URL handling. Introduction of CKEditor 5 with better authoring experience and more modern editing (replacing CKEditor 4). PHP 8.1 compatibility for Drupal 9 and Drupal 10. Theme Starterkit tools for bespoke theme creation. You can learn more about how Drupal 10 can take your website to the next level in this article. Drupal 10 Migration If you're considering migrating to Drupal 10, we can help. Optasy's team of highly skilled developers can help you migrate your website to Drupal 10 quickly and efficiently. We can also provide ongoing support and maintenance for your website, ensuring it runs smoothly and optimally. Contact us today to learn more about our Drupal 10 migration services.   Photo credit: Pixabay.... Read more
Raluca Olariu / Jan 11'2023

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York