Docker understanding

Can someone please try help my brain work out the docker process a little better.

Currently I have a dedicated server, this server has CentOs 7 installed and WHM Root.
If I wanted a brand new domain today, I would go to my domain registrar and buy one, and point the NS records at my hosting providers name servers.
Next I would go to my WHM and add a new account, this simple step adds:

cPanel access, a mail server, an FTP server, a DNS Server, MySQL (multiple versions), PHP (multiple versions), Auto SSL, an Apache Server, also in the background to this are many other tools like firewall protection tools, email spam tools, GUIs to edit DNS records, and much much more.
If I want I can add node.js support too.

Now I am trying to adjust my brain to using Docker
If I wanted a brand new domain today, I still go to the domain registrar and buy one, and I still point the NS records at my hosting providers name servers.

Then I go to someone like digital ocean and get a container/droplet.
In Wappler I create either:
PHP, MySQL, Apache project and Wappler puts all 3 into that container along with my website files.
OR
Node.js and Wappler puts the Node.js server into that container along with my website files.

So I suppose my confusion here is.

1. Do the containers created by Wappler include an operating system like CentOS7 to run the Apache, PHP, MySQL or Node.js servers inside?
2. If the client wants email on the domain do I still have to use my dedicated server for that.
3. If the client wants FTP access to their website files, is that possible.
4. My clients often have access to their cPanel where they can create mail accounts mostly, however the file manager stuff would look quite odd as empty because the Docker will hold all the web files, so I assume I just turn off the display modules for things they can no longer access, or if accessed would have no impact, like PHP ini file editing options, would be for the servers internal PHP and have no impact on the docker version of PHP.

Basically it sounds like the docker container is only the web services portion and I am going to have to still use my web server and point out the services via DNS, so website stuff goes to Digital Ocean, Email stays internal or points out to something like Google for Business, which means my internal server does not really need its internal Apache, PHP, MySQL, Node.js etc.

Am I thinking about all this correctly at all, or am I quite confused by how this would work.

Yes You can see docker as a bare bone server running just your site and maybe database. All accessible by just an IP

All the other stuff like domains, dns, mail server etc are somewhere else usually with your hosting provider

I will share an unpopular opinion, Docker is great but only if you fully understand what it does and how it functions.

Docker will not be for everyone or every use case and will still require you to have your base infrastructure in place and secured.

For a lot of developers, server administration is something they do not want to get involved with. Yes, Docker could help but I believe a managed hosting solution or GUI/control panel would be more user friendly. Autoscaling is possible with docker but it’s complicated, unless of course you building on something like Amazon ECS.

I must admit containerisation is perfect for learning new tech or software as you can have something up and running with a single command line. Docker Hub is useful too as it has pre-made images available. It’s also a useful way to isolate multiple services or sites on a single server.

There will be a slight performance decrease by using Docker than installing directly on to the host but in cases this may be negligible.

I’m afraid to say I do not think Docker is the solution for a proportion of the Wappler user base.
But hey, that’s just my opinion and others may say the opposite.

Docker is a good match for PAAS and CAAS in Wappler’s context. Where most of the hard/ugly work is taken care of. Specially infrastructure.

Commercial solutions like Heroku and Jelastic or Open Sourced like Flynn and Dokku are good matches when you want to start deploying dockerized apps and forget about infrastructure.

It is a previous step before becoming a sysadmin

Very easy to spend hours learning something new to you, very enjoyable, very rewarding. It is also very easy to waste time in this manner. Stick with what you know and learn in the background without being too quick to adopt something because it is now accessible to you. It is a common mistake to make and we have all done it. Docker is great for its purpose but you could waste a hell of a lot of time discovering these positives and then coming to the conclusion its not actually what you need… There is a lot of life left in the traditional hosting infrastructure and its worth spending more time learning this area and then moving on to understanding Docker and its principles.

Yes and no, Docker needs to live somewhere. I agree with you if you’re using Heroku, ECS or another service but for installing on to a VPS for example then yes, some Sysadmin knowledge will be very useful.

I should clarify: I don’t have issues using any of the examples in this thread, I’m just thinking out loud for the inevitable wave of questions that will appear on the forum that surrounds Docker and server configs when maybe there’s an easier solution. I see there’s a need perhaps for more hosting and infrastructure tutorials.

Thanks everyone, keep the answers coming, it’s very informative, unfortunately much of the internet information is just not wappler centric so it changes things a little.

I tried giving video tutorials on Wappler with the cPanel, WHM, and phpMyAdmin stuff included in the tutorial and after the third script kiddie kept hitting my server trying to get in I kind of just stopped showing it, as it is more painful obfuscating an entire video than it’s worth.
Always some youtuber who ruins it for everyone else sadly.

To be honest with the information above I am contemplating if Docker is what I need right now, the idea of having a container without the bloat of Apache, PHP, cPanel etc. sounds great in theory, also deploying load sharing containers sounds great in theory if I had the type of traffic Adobe is having, but with my current workflow and client base I think I would be making a rod for by own back by supporting it just yet.
In the background though I will continue testing and playing with it to see where I can benefit from using it.

We would highly recommend subscribing to and implementing Cloud Linux Imunify360

Along with CSF and ModSecurity it offers a great extra layer of protection. Example below of a typical months stats on one of our WHM servers (CentOS):

2020-05-30_17-06-061920×1080 243 KB

What I meant was that first you start using Wordpress with CPanel, then someone tells you should use GIT, then you meet Heroku, then you start using server pilot on DO, after that you ditch Server Pilot, later you move to EC2…the next thing you know is that you are applying for a job at Amazon AWS.

Baby steps for everything.

I am FANG!

I found a baby photo of you Dave / FANG

NINTCHDBPICT000443198464640×1315 49.1 KB

I can only read Identity and Access Management FANG

My hosting provider added this to my setup for me, I am beating you @Dave, I almost doubled all your figures in your screenshot in 2 days, so proud my server gets attacked so much, hahaha.

Hahaha… Around 90% of attacks are not personal they are automated. Bots in search of weak passwords, mail server settings, mis-configured poorly managed databases, Wordpress installs, etc. You will see those numbers decrease rapidly as they are black-listed. We run strict servers with a lot more on top of Imunify, and in some circumstances our own VPNs for clients with dedicated IP’s and strict white-listing of those allowed to connect. We block first ask questions later

I must add the Cloud Linux team, including the Imunify team, are second only to Wappler for support. They are just as dedicated and well worth speaking with if you have any questions. Can’t praise them highly enough!

Good to know, thanks Dave, I was feeling like I must have said something to upset someone, but if most are automated then I feel better.

Yeah man its all junk and predominately shite being run by skiddies, amateur nonsense. Imunify also has a great AV/Malware scanner, Hardened PHP, and reCAPTCHA capabilities. Worth enabling everything you can. A nice feature is Pro-Active defense. All in all a great suite of tools for the price!

Unfortunately I have turned down security because I have some domain names that have users all over the world, some of those users are in China, Zambia, Brazil and those users get blocked every 2 days from accessing email or webmail from the server, so i have had to reduce security for everyone because of that one crowd.
I actually chatted to them yesterday about moving their email to Google For Business because I am so tired of unblocking 2-3 IPs a day, and the Brazil CIDR ranges are so massive I may as well just whitelist the world.

I’ll add it is also worth considering signing up to CloudFlares basic tier of service. Combined with the above its not bad value for the money and can save a fortune in the long run. Sometimes a little debugging is needed to get everything running but generally its click, click, click, accept. Be careful not to expose your mail server I.P with CloudFlare though, kind of misses the point if can locate your server via an exposed mail server IP

Yeah man those CIDRs can be huge and eat up resources. That is why we went with our own Open VPN’s hosted on another box (all key based). Only allowing those specific IP’s to connect. Plenty of guides on that available, oh and the missus gets to watch UK TV here in Portugal too, so there is another bonus!

Thanks I will lok into that too, I did run CloudFlare for a time and then switched to MaxCDN/StackPath now.

I would honestly imagine by now, with email clients having SSL TLS and every other acronym that if they have it all in place their IP address would be let through more easily, I understand if they are trying to send/receive with plaintext or something, but with all that security, they are still blocked.

I think once i move that domains services somewhere else life will be more secure.

If you want to learn about Docker, this is a good resource with labs. https://training.play-with-docker.com/