So after docker instance is created and access via the terminal, how to control only certain people have access to root, sudo, …etc? e.g. you created user ‘bchan’ for me. do I do regular ssh and don’t need to know about there is a docker layer?

We normally setup the apache with virtual host, so that all clients deployed on same apache will all use port 443. My understanding being if I have 3 docker apache instances installed on the same physical server, I need to assign dedicated ports for each of those apache. They cannot share the port 443, right? That means you need additional external IP to house the port 443, and then internally route them to the ports? Or you do another layer of reverse proxy with virtual hosts??

How exactly does “instance replication” work in docker? Basically the benchmark of how AMI work in AWS. So far with the VM setup we have, we can take snapshots of VM, but the snapshots can be restored to the same physical server only. We end up still need to do lots of server (re)creation manually.